The Snowden Storm Persists As The SCMR Offers Capacity or Capability?

Sorry this is late, but I have been on vacation and I am a semi-retired Navy pensioner who is becoming increasingly slack as I age gracelessly.

Anyway, since we last joined up at the “Browser Bar” Bradley Manning has been convicted by a military judge of double digit counts of mishandling classified material while Edward Snowden has been granted refugee status by Russian President Vladimir Putin.  Despite my comments in this venue last month, nobody in officialdom seems exercised that the IC has been had by two insiders with clearances.  Isn’t that alone enough to ask if the time consuming/expensive personal clearance vetting process being used should be changed?  Oh that’s right; we already know we need to do that!  At least The Atlantic magazine has mused about why NSA did not have a contingency for dealing with the impact of a leak revealing it was collecting metadata on all phone calls in the US.  More pedestrianly, the guys I drink with want to know when somebody further up the chain of command is going to be held accountable for these security breaches happening on their watch.

More importantly though, Snowden’s revelations about NSA bulk collection of US persons telephone metadata has sparked the deferred debate about what the balance between security and civil liberties should be in a post 9/11 America.  This debate seems to be ordained to last until the Congressional mid-term elections in 2014 with less than meritorious affects for the IC such as:

  • The IC leadership will be doing more explaining than proposing to Congress over the next two years as to why the Congress should believe that the IC is being full and open with the Legislative Branch – – – even in closed sessions
  • The narrow defeat of the Amash Amendment shows that Congress will be bi-partisanly interested for different reasons in knowing about how much funding is focused on collection that involves US person information
  • The Amash Amendment, which the congressional leadership of both parties opposed, also points to members of the House and Senate being less willing to accept the advice of the HPSCI and SSCI that intelligence programs are necessary, cost effective, and constitutional
  • The FISA Court being hypersensitive to charges of being a “rubber stamp” secret venue where only the government’s case for surveillance is heard, will raise the standards required to authorize intrusive collection involving US persons

Then there is the assessment that Putin granting Snowden refugee status is the proximate cause for President Obama cancelling a Post G-20 August summit meeting with the Russian leader.  While this is probably true, I would like to believe the real reason for the cancellation is Putin’s continuing support for Syria’s Basher al Assad as that civil war continues and Egypt remains in political turmoil.

Ironically in the midst of all this the US closed over 20 embassies in the Muslim world during the weekend of 3/4 August as Ramadan was ending and issued a month long travel alert to American citizens based on NSA intercepts of an Al Qaeda conference call green lighting a major attack against US interests (most likely a truck bomb aimed at the US Embassy in Aden) proposed by Yemen based “general manager” of Al Qaeda in the Arabian Peninsula Nassir al Wahyushi.  Obviously this attack did not occur (though others did, killing scores aimed at government security forces in Iraq, Pakistan, and Afghanistan) raising the question of whether the alert was more about using non-specific intelligence to demonstrate the importance of NSA collection to national security or whether the alert was based on creditable intelligence and actually thwarted the attack.  Here is where the IC is between a rock and a hard place:  if its warning disrupts the attack and nothing happens then the IC is “wrong”; but if it fails to warn effectively and an attack occurs then the IC is incompetent.  Reminds me of the birthday my mom gave me two expensive neckties; when I immediately put one on to show my appreciation she crestfallenly asked “so you don’t like the other tie?”  As an intelligence officer who has had to make some warning calls alone in the middle of the night while actively in the game, log me as accepting that the warning stopped a dangerous attack that was well planned but dependent on surprise.

As the Congress recessed for August and the President headed for a family vacation on Martha’s Vineyard there was consensus across the elected members of the government that FY 14 will begin under a Continuing Resolution (CR) and with Sequestration in effect.  In round numbers that means DoD absorbing another $50 billion in cuts while the National Intelligence Program (NIP) gets a $5 billion haircut. With his announcement on 31 July of the DoD Strategic Choices and Management Review (SCMR) Secretary Hagel laid out the stark choice the country is facing in terms of investing in maintaining military capacity (i.e. numbers) or investing in enhanced capabilities operated by a smaller force.  This zero sum reality is a direct result of the nation’s need to reduce its national debt as a matter of national security if not a threat to our standard of living.

It’s unclear to me how the SCMR will impact the eight DoD agencies that are also in the IC, but if military size is cut it’s hard to foresee how service intelligence along with NSA, NGA, NRO, and DIA would not also be cut in size and budget proportionately with the rest of the force.  Reports are surfacing that DoD is already considering the elimination of SouthCom and AfriCom by consolidating them with NorthCom and EuCom respectively.  I believe this is the tip of the iceberg with consolidation/elimination also in the offing for major defense agencies (DLA, DISA, DIA, etc?) and related functional commands/organizations within the military services.  If service size and billet funding are key issues (Duh!) then there is a case for centralizing functional capabilities such as logistics, comms, training, medicine, personnel/pay, intelligence, etc  at the DoD level to save money by reducing redundant infrastructure.  Some will recall Admiral Bill Owens advocated strongly for this as VCJS in the mid 90s as the way to absorb the “Peace Dividend” with minimal impact on operational military capabilities.  Specifically with regard to military intelligence as money gets even scarcer in FY 14 with no relief in sight it is not a leap to envision:

  • Significant cuts to ONI, NASIC, NGIC, and MCIA with missions like support to acquisition, collection management, HUMINT, etc. being consolidated and assumed by DIA with little additional plus up in its budget or personnel end strength.  An alternative is reducing DIA to a policy and oversight agency and devolving missions to the services to provide directly to the CoComs
  • Consolidation of service unique DCGS programs into a single Defense Intelligence Information Enterprise (DI2E) Program
  • All military intel related IT controlled and managed by NSA, DIA, or DISA

That’s what I think; what do you think?

Ever Heard of Executive Order 13587?

As the 4 of July weekend winds to close, the Edward Snowden “Freedom Tour” – after being held over in the Moscow Airport’s International holding area for two weeks due travel document irregularities (how Soviet!) related to less than rave reviews for the show’s impact on Russian/American relations – appears to have long-term booking opportunities in Venezuela, Bolivia, and Nicaragua that the “hacker headliner” is considering.  Ed’s 15 minutes of fame has lasted a month now, and as far as I am concerned regular updates on his plight are becoming increasingly tedious.  While extradition doesn’t seem likely, Ed should never stop watching “Argo” or “Zero Dark Thirty” so he doesn’t forget the long reach of the US Intelligence Community (IC) that he has been actively warning about to anybody who will listen.

Beyond where Snowden is and where he might be going, the media also has been full of arguments about whether the scale and scope of the NSA surveillance of American phone and email externals is appropriate, necessary or constitutional.  There has also been considerable public discourse about whether contractors should be granted sensitive (aren’t they all?) security clearances and the broad access that usually goes with them.  NSA and the IC would generate more confidence regarding their surveillance programs with transparency about what they are doing and why instead of telling the American people (and themselves) how these secret programs are necessary for protecting us.  The premise that government employees are more trust worthy than contractors is as dangerous as it is false!  What do Walker, Whitworth, Pendleton, Pollard, Ames, Hansen, Montes and Manning have in common?  Correct, all were government employees with security clearances and broad access to intelligence products and/or capabilities.

Most disturbing to me, however, is what nobody in the media, the Congress, the West Wing, or the greater IC punditry is talking about:  How could Snowden exfiltrate from a secure area enough classified data to fill up four laptops in a post Wiki Leaks environment?  Private 1st Class Bradley Manning is currently being court martialed at Fort Meade for releasing gigabits of classified information he downloaded from the SIPRNET onto thumb drives while he was assigned to the Joint Intelligence Operational Center (JIOC) in Iraq.  He actions resulted in Executive Order 13587 titled “Structural Reforms to Improve the Security of Classified Networks and the Responsible Sharing and Safeguarding of Classified Information.

EO 13587 issued on October 7, 2011 directs:

…structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties.  Agencies bear the primary responsibility for meeting these twin goals. These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government.  These policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks. [emphasis added]

Snowden’s success indicates that NSA failed in its own environment in terms of Section 5 of EO 13587, which designates the Secretary of Defense and the Director, National Security Agency, to act jointly as the Executive Agent for Safeguarding Classified Information on Computer Networks.  Section 6 of this EO charges the Attorney General and the Director of National Intelligence with establishing an “Insider Threat Task Force” that is to be administratively supported by the Office of the National Counterintelligence Executive (ONCIX).  I can’t be the only one wondering what the minutes of this Insider Threat Task Force tells us about what could have been done to deter or detect Edward Snowden before he acted.  The Wiki Leaks Task Force also recommended standardized procedures for using removable media in classified areas, increased attention on access controls, and robust employment of enterprise monitoring and auditing software.  Progress in any of these areas surely would have raised Snowden’s threat profile if not actually working to deter or detect his unauthorized downloading of classified information from NSA networks.

With Manning on trial for leaking classified information downloaded from a secure network and EO-13587 being issued over 18 months ago to prevent a reoccurrence, the serious damage the IC says Snowden has done to national security appears to have been enabled by its own negligence.

That’s what I think; what do you think?

Stopping Leaks—A Good First Step

When we left off in June, we were discussing the implications of the New York Times’ [not so] Secret Kill List article of 29 May about how the President singularly decides who will be targeted for termination by CIA launched drone strikes and how he alone can give the execute order.  What I offered for your consideration was a discussion about whether these drone strikes could be justified under generally accepted Laws of War and even more importantly whether or not they were effective in making the United States safer.  After almost a month long barrage of media reporting only staunched by the Supreme Court Decision upholding the Affordable Care Act on June 28th, I now understand the real interest in this story is the debate about whether it was leaked to affect presidential electoral politics or not.  Wow did I miss that! 

Since I have no facts one way or the other I will steer clear of offering my opinions about how this Kill List story was developed, but you don’t need me to tell you stopping national security leaks came to dominate national news stories in June when the New York Times subsequently ran a story on cyberweapons linking the U.S. to the development of the Stuxnet malware used to impede the operation of Iranian nuclear enrichment centrifuges.  Then a June 14 front page above the fold Washington Post headline announcing “US EXPANDS SECRET INTELLIGENCE OPERATIONS IN AFRICA” pushed official Washington from the White House to the Capitol to Liberty Crossing into expressing outrage about the leaking of classified information and proposing policies and legislation to punish current leakers with the goal of deterring future unauthorized disclosures of classified material. 

Moving proactively to firewall the Intelligence Community (IC) from being singled out as the source of these damaging disclosures, Director of National Intelligence (DNI) James Clapper announced two significant policy actions on June 25 that will in his words “. . . reinforce our professional values by sending a strong message that intelligence personnel always have, and always will, hold ourselves to the highest standard of professionalism.”

  • ·         A specific question related to the unauthorized disclosure of classified information will be added to the counterintelligence (CI) polygraph administered to all IC members with high security clearances
  • ·         The IC Inspector General will conduct independent investigations of selected unauthorized disclosure cases when prosecution is declined by the Department of Justice (DOJ)

In a challenge to the rest of the government with access to sensitive classified information the DNI said “it is my sincere hope that others across the government will follow our [the IC’s] lead.” (

House Permanent Select Committee on Intelligence (HPSCI) Chairman Mike Rogers immediately called these two DNI policies “a good first step” for dealing with the leaking of classified information while Congress pursues drafting legislative language  for the FY 13 Intelligence Authorization Bill for cracking down on the disclosure of classified information to reporters  (

I support and applaud DNI Clapper’s forthright position that if leaks of classified information are coming from the IC, perpetrators will be searched out and when found held accountable through administrative means when prosecution is not an appropriate or viable option.  As the DNI recommends, it is prudent that such a self policing/self regulating approach be adopted by other department and agency heads across the national security landscape of the federal government.  Conversely, I am concerned about what legislative remedies Chairman Rogers would add to the DNI’s “good first step” since there is a delicate balance in the information age between protecting secrets for security reasons and sharing secrets to create decision superiority for officials at all levels of government.  Speaking at the Center for Strategic and International Studies (CSIS) event during the last week of June, Director of the National Counterterrorism Center (NCTC) Matt Olsen observed that the challenge for the federal government is to find a way to prosecute the leaks and prevent future ones but also to “guard against a reaction that would limit [authorized mission driven] information sharing. 

I’ve got to believe, however, that if preventing the disclosure of classified information to the press was easy there wouldn’t be many if any leaks for us to worry about.  As a matter of principal there will always be those in a democracy like ours that will contend with some justification that what the government keeps secret from its citizens should be severely limited.  Others will question when does reporting potentially inappropriate or illegal government activities that are classified morph from “whistle blowing” to “leaking?”  What are the chances people will be wrongly suspected for leaking media reporting about classified matters that are actually sourced by foreign security services or developed by investigative journalism from a myriad of information now available in the public domain? Then there is the authorized leak to test reaction to a particular course of action or to mislead an adversary.  What is the right balance between “need to know” and “need to share?”  Can closed session testimony to Congress be construed as unauthorized disclosure of classified information?  Finally there is the muddled case law about when the media can be held to task for publishing classified information or if it can be forced to reveal its sources for classified information.

Each of these situations could be expanded into lengthy dissertations as to why (in my view) the Congress going beyond the DNI’s use of polygraph questions and administrative investigations to deter leaking to the press would result in law that would be both inconsistent and ineffective.  While it is emotionally gratifying to demand leakers be prosecuted and sentenced to prison, proof beyond a reasonable doubt in these types of cases has been historically elusive.  Ergo it is more beneficial for national security to focus on remedies that actually stop leaks rather than seeking punishment for the leakers.

That’s what I think; what do you think?