ICITE for Breakfast

It seems everything old is new again.  This May Day weekend supporters of Shia cleric Moqtada Sadr were engaged in mass anti-government demonstrations in the Green Zone of Baghdad making me wonder if I was in a time machine taking us back to 2006.  I am not sure, but it does seem as though this time Iraq is about to balkanize itself into Shia, Sunni, and Kurdish cantonments.  Meanwhile in the Baltic, Soviet – – – excuse me Russian – – –  SU-24 Fencers have been buzzing a US Navy destroyer while SU-27 Flankers have been doing barrel rolls around US Air Force RC-135 electronic surveillance aircraft as Vladimir Putin marks his area of influence. How Cold War retro is this! In Syria the sham of a month old ceasefire ended violently as Assad forces bombed Aleppo’s al Quds pediatrics hospital supported by both Doctors Without Borders and the International Committee of the Red Cross killing 50 on 29 April.  While it didn’t have far to go, Syria is back to the level of violence it experienced prior to the February 27 ceasefire.

Speaking of Syria I was surprised by what I heard on 26 April at an INSA/Defense One panel discussing ICITE.  At this breakfast event, ICITE was being touted for contributing to the Intelligence Community’s (IC) ability in August 2013 to assess in less than nine days that the government of Syrian President Bashar al-Assad’ was responsible for 1,500 being killed in chemical weapons attack on Damascus. (http://www.defenseone.com/technology/2016/04/future-intelligence-sharing-coming-together-syrian-war/127907/?oref=d-channelriver).  My surprise with this assertion was twofold.  First, that there were no more current IC successes that could be linked to ICITE than one that is over two years old.  Second, that anybody would be impressed with the IC (with or without ICITE) taking nine days to determine who was responsible for a heinous act that had already occurred.  More importantly, it seemed lost on the IC panelists discussing “the progress, challenges, and opportunities” associate with ICITE that the IC exists primarily to provide indications and warning (I&W) in advance of attacks like this so they can be deterred or prevented.  As we know in this case, the IC’s assessment about Assad’s use of chemical weapons resulted in the Obama Administration having to walk back from the “red line” it established with regard to the Syrian president’s use of these weapons.  I am still having trouble seeing the intelligence success here.

The panel of ICITE seniors also tacitly accepted Defense One’s survey data (https://fcw.com/Articles/2016/04/26/icite-metadata-nsa.aspx?s=fcwdaily_270416&p=1)

showing that ICITE (which is into its fourth year) is at least two to five years away (best case!) from being close to fully capable.  In terms of the Syrian Chemical Weapons attack example,  it is worth remembering that ICITE being fully capable means secure enterprise cloud connectivity for the big five IC agencies (CIA, NSA, NGA, NRO, and DIA) in the DC area and does not include State Department, DHS or the COCOMs.  With ICITE projected to be as much as five years away from being near full operational capability (FOC), I was discouraged to hear the panelists say that there is no formal technical road map for insuring ICITE’s currency or future direction, but rather by affirmative choice the ICITE Steering Group is relying on the commercial companies supporting the various ICITE Service Providers to keep ICITE technically up to date.  To me this means ICITE will never outpace the IT used by our adversaries to inform their decision making about us because they will be able buy state of the art IT quicker in the open market than the IC can through the federal acquisition process.

In his opening comments one of the panelist said he would grade ICITE to date as deserving a “B” with lots accomplished but more to do, particularly in terms of implementation and adoption.  He observed that governance in the areas of establishing data standards across the IC to maximize ICITE utility is still being worked as is developing the backroom processes for charge-back of ICITE services consumed.  Throughout the discussion about ICITE’s recent achievements (e.g., 50,000 DTE’s deployed over the past two years; the availability of AWS Market Place in Commercial Cloud Services, which lets developers and users to “pay by the drink” while they’re evaluating various software tools, development platforms and even entire operating systems), I did not discern any references to context, metrics, or impacts of these milestone accomplishments.  Throughout the panel discussion I thought I was in a time warp back to 2012 listening to ICITE seniors talking about the power of information integration that ICITE would enable with no specifics about schedules, funding, or metrics.

Given all this, plus the slow pace of deployment, I would probably grade ICITE at no better than a “C,” but I also understand that this 90 minute panel is just an incomplete snapshot of ICITE’s current state as well as its march toward creating a secure cloud enabled enterprise for integrating intelligence in a timely manner.  I suppose a case could be made for a grade of “incomplete,” but this would be unfair to the ICITE services (Commercial Cloud, GovCloud, DTE, Apps Mall, and Messaging) that have made it to initial operating capability (IOC), though more needs to be said about what these services mean for IC performance.

Subjective grades aside, with ICITE approaching its 5th anniversary as a new presidential administration comes to office with its own Director of National Intelligence (DNI), it doesn’t seem  inaccurate to say “ICITE is on the Clock” to show that it can enable the delivery of meaningful intelligence inside of our adversaries’ decision cycle.  If I am correct here, then I believe this summer is the right time for the IC to do a zero based review of ICITE aimed at keeping what is working, killing what is not, and accelerating so that ICITE FOC is closer to two years out rather than five.  ICITE needs a new sense of urgency!

That’s what I think; what do you think?

 

 

 

 

Advertisements

How Would You Like Your Intel Prepared Sir?

The year 2015 has certainly been a stressful one for those involved with national security so I for one am happy to see it coming to close.  That’s the good news, but as we all understand there has been no resolution to Russian adventurism, Chinese expansionism, North Korean unpredictability, Iraqi politics, Afghani violence, Iranian mischief, the Syrian civil war, the Islamic State’s wonton cruelty, or Jihadi inspired terrorism so barring some unforeseen epiphany 2016 looks like another year where the threats we have been suffering through will grow more dire rather than abate.

Despite, or perhaps because of, this panoply of national security threats the American people seemed to be war weary and increasingly isolationist until the ISIS Paris and San Bernardino attacks in November and December, respectively.  Through Labor Day both the Democratic and Republican presidential primary debates were mostly “national security free zones” focusing on the economy, wealth inequality, policing, health care, and the domestic impacts of immigration.  In the debates since 13 November, the discussion has shifted markedly to how candidates for president will protect Americans from threats generated abroad.  Unfortunately, the discourse has lacked both specifics and substance as the candidates talk in soundbites about complex subjects such as responding to Russia and China’s use of military power, controlling the US border, bringing security to Afghanistan, achieving stability in Iraq, ending  the Syrian Civil War, and defeating ISIS.  From presidential candidates to pundits, though, there is rough general agreement that intelligence has never been more vital to insuring our national security.

This reality makes the gathering cloud of allegations that intelligence is being selectively tailored to meet different agendas in the White House and the Joint Chiefs of Staff even more disconcerting. Here’s what has been reported in the media so far:

  • Since August the DoD Inspector General (IG) has been investigating charges from CENTCOM intelligence analysts that the command J2 was altering their products so they would align with the President’s position that progress is being made against ISIS. Subsequently these allegations of misconduct have extended to a possible cover-up with some analysts accusing the senior intelligence officials at CENTCOM of deleting emails and files from computer systems before the IG could examine them.
  • On 13 November before the Paris Attacks President Obama with an ill-timed comment observed that “ISIS is contained.” Eight days later at press conference in Malaysia the President said he was expecting the DOD IG to provide him with a full and thorough investigation regarding the allegations about whether intelligence at CENTCOM was significantly altered as it moved up the chain of command. He went on to say that he has insisted since taking office that intelligence not be shaded by politics, adding “I have made it repeatedly clear to all my top national security advisers that I never want them to hold back, even if the intelligence, or their opinions about the intelligence, their analysis or interpretations of the data, contradict current policy.”
  • Contemporaneously with the President’s comments in Kuala Lumpur, House Permanent Select Committee on Intelligence Chairman Devin Nunes, House Armed Services Committee Chairman Mac Thornberry, and House Appropriations Committee Defense Subcommittee Chairman Rodney Frelinghuysen announced on 20 November the formation of  a Joint Task Force “to investigate allegations that senior U.S. Central Command (CENTCOM) officials manipulated intelligence products.  In addition to looking into the specific allegations, the Joint Task Force will examine whether these allegations reflect systemic problems across the intelligence enterprise in CENTCOM or any other pertinent intelligence organizations.”

What all this tells me is that the DoD IG investigation of the CENTCOM allegations is not a happy story and may be just the flashing beacon for more serious issues about intelligence being used inappropriately by a variety of actors.  Here is why I say this:

  • The President’s remarks at the end of his Asia trip appear to be designed to distance and insulate him from potentially embarrassing intelligence practices.
  • The House Joint Task Force indicates growing Congressional concerns about the creditability of intelligence being used to inform national policy and that the Congress is not willing to rely on the executive branch for information regarding IC performance.
  • If there is substance to what Hersh is reporting, then the allegations of the CENTCOM J2 manipulating intelligence so that it would align with the Obama Administration’s views of the situation in the Middle East becomes a subset of a large issue:
  • Is the IC responding to White House signals about the nature of the intelligence reporting the President would prefer to see and are CIA and JCS using intelligence to advance their own conflicting policy agendas with regard to Assad and ISIS?

Unless all this is quickly and plausibly debunked we are not far from the state of the IC becoming fodder for presidential and Congressional campaigns in 2016.  This means more soundbites about what’s wrong with Intelligence and less than well thought-out ideas on how the IC should be reformed.

That’s what I think; what do think?

The Road to War is Littered with Miscalculations

Obama Administration nemesis Senate Armed Services Committee Chairman Senator John McCain and Secretary of Defense Ashton Carter are in agreement that Russia, China, and Iran are all taking actions to assert their influence and demonstrate their ability to confront the United States.   At the Reagan Defense Forum on 7 November the Sec Def observed that “Some actors appear intent on eroding these principles and undercutting the international order that helps enforce them.”   Secretary Carter went on to warn that while the US does not seek confrontation it remains resolved to “…defend our interests, our allies, the principled international order, and the positive future it affords us all.” (http://www.militarytimes.com/story/military/pentagon/2015/11/08/defense-secretary-ash-carter-says-russia-china-potentially-threaten-global-order/75412284/).  This current environment of confrontation creates a tinder box from Syria, to the South China Sea, to any venue for physical terror, to cyberspace where potential shows of strength by Washington, Moscow, Beijing, Tehran, Damascus or Raqqa will increase the probabilities for a miscalculation that could lead to devastating unforeseen and unintended consequences.

Though not yet confirmed, “intelligence chatter” is indicating that ISIS is probably responsible for the 31 October bombing of Metrojet flight 9268 over the Sinai as it was returning 224 Russian vacationers to Saint Petersburg from the Egyptian sea-side resort of Sharm-el-Sheihk.  Apparently this “intel chatter” was not specific enough to be actionable.  The intelligence imperative here is the difficult task of penetrating ISIS with human sources who can provide more granular insights about potential actions both on the battlefield and those directed against the international community.  The quickest way to rectify this lack of HUMINT would be to gain access through Assad’ security forces to members of ISIS that Syria has captured, but that would mean a deal with the devil brokered by Vladimir Putin.

Last month when I was opining about how things could get worse in terms of Syria and ISIS, I didn’t contemplate an act of airline terrorism aimed at Russia when I obviously should have.   If ISIS is responsible for bringing down Metrojet Flight 9268 (as they claim they are) then there is good chance this could lead to Russia and the US tacitly joining together in an “ISIS First Campaign” enabling Bashar al-Assad’s regime to remain in control of Syria until the Islamic State (IS) is neutralized.  With or without US support it seems a reasonable conclusion based on current behavior that Putin will double down on military pressure against ISIS.  Of course, the demise of ISIS works to the benefit of Iran in creating a Shite satellite in southern Iraq that would be a menace to Saudi Arabia.  The alternative is Saudi Arabia funneling money to ISIS to buy them off from bringing their brand Islamic Revolution to the “Kingdom” while keeping Iran and its Shite proxies on the defensive.

Concurrently on the other side of the world USS Lassen conducted on 27 October a Freedom of Navigation Operation (FONOp) in the South China Sea sailing within 12 nautical miles of China’s claimed and militarily fortified Subi Reef.  This was quickly followed on 05 November by US Secretary of Defense Ash Carter and his Malaysian counter-part flying out to the nuclear aircraft carrier USS Theodore Roosevelt (aka “The Big Stick) as this carrier strike group transited the South China Sea enroute its new home port of San Diego after a deployment to the Persian Gulf where its air wing conducted strikes against ISIS in Iraq and Syria. China’s reaction was public but muted with a stern warning given to the US Ambassador in Beijing’s by China’s Deputy Minister of Foreign Affairs for LASSEN’s violation of Chinese territorial waters.  The Chinese also deployed additional military aircraft and missiles to the Spratly Islands.  The US response was to announce its intentions to continue to conduct regular FONOps in the South China Sea and for Secretary Carter to visit the “TR.”  While there has been no overt Chinese military reaction to USS Theodore Roosevelt’s transit of the South China Sea, a Chinese Diesel Electric Submarine was reportedly tracking USS Ronald Reagan in late October as it conducted a naval exercise in the Sea of Japan with the Japanese Maritime Self Defense Force. And in return to a common Cold War practice, two Russian TU-142 Bear aircraft conducted close in surveillance of Reagan under escort by the carrier’s F/A-18’s during this same period.

The daily cyber intrusions against the U.S. private sector by Chinese and Russian state sponsored organizations are well documented and now Check Point Software Technologies on 09 November published a 38-page report identifying specific details and broad analysis on cyber-espionage activity conducted by the group Rocket Kitten, with possible ties to the Iranian Revolutionary Guard Corps (http://blog.checkpoint.com/2015/11/09/rocket-kitten-a-campaign-with-9-lives/).  As result of these menacing cyber assaults, the American private sector is becoming increasingly frustrated with the government’s inability to protect US industries from state sponsored cyber intrusions.

This is generating debate between the private sector and NSA/CYBERCOM about whether and when those in the private sector can engage in “active cyber defense” against those doing harm to them.  Proponents of active cyber defense contend that cyber space is not exclusively a government domain and if the government can’t or won’t protect the private sector from cyber harm then U.S. private entities should not be denied the right of self-defense.  Those opposed to active cyber defense by the private sector contend that the Constitution reserves to the federal government the responsibility for the conduct of foreign affairs.

In its wisdom, Article 1 Section 8 of The United States Constitution states that “The Congress shall have Power to … grant Letters of marque and reprisal.”  This power was used to some effect in the early days of our republic to allow for commercial shipping to make up for our lack of naval power.  At both SAP N2S Solution Summit and the Reagan Defense forum, NSA Director/CyberCom Commander Admiral Mike Rogers said he thought issuing letters of Marque and Reprisal is a reasonable means for the government to authorize selected private companies and individuals to take active cyber defensive measures against those perpetrating harmful cyber actions upon them.  Adm Rogers, however, went on to express his deep concern about the unintended and unforeseen results of private entities taking cyber self-defense/retribution action against foreign state sponsored cyber actions.

I am not sure what is the best way to deal with this cyber constitutional conundrum, but I am reasonably certain that if the US does not develop a coherent policy, organization, and rules of engagement for private sector cyber active defense (and a well-regulated  private sector cyber militia – – – with or without Letters of Marque and Reprisal — sounds like the right approach to me) then U.S. commerce will remain vulnerable to foreign cyber intrusions, while all the unintended/unforeseen events Admiral Rogers is rightly concerned about will be at greater likelihood of happening anyway.

No good options with regard to Syria and ISIS, a return to Cold War like military tensions with Russia and China, and the US private sector looking to take cyber defense into their own      hands create continuing opportunities for miscalculations. The only thing worse than miscalculation is a blunder!

That’s what I think; what do you think?