February 2007 Archives

The Internet home for government information has been stripped of Voice of America content and other international news after federal lawyers determined that the material should not be on a domestic news site.

VOA, which began airing in radio format in 1942, is a multimedia, international broadcasting service funded by the U.S. government. Both it and the Radio Free programs are part of the Broadcasting Board of Governors, an independent agency responsible for all U.S. government-sponsored, non-military, global broadcasting.

A 1948 law known as the Smith-Mundt Act bars domestic dissemination of official American information aimed at foreign audiences, according to VOA's Web site.

The "watchdogs" are pleased that it's 1948 all over again . . .

"In light of the administration's other ventures into domestic propaganda," said Patrice McDermott, executive director of OpenTheGovernment.org, "it was a matter of real concern that such information was on USA.gov, which is linked to by the states and by educational institutions around the country."

 . . . but they've seem to have forgotten one tiny little thing:

"VOA has had a Web site for many years, now," [VOA spokesman Joe O'Connell] said Wednesday. "In fact, all 45 of our broadcast languages have Web sites. The nature of the Web is that it doesn't respect boundaries."

The impact of Smith-Mundt is another in a long series of data points that lays out the case for the futility of thinking that you can have multiple messages. Back in the day you could get away with talking smack on AFP (or al-Jazeera) and not having to worry about being embarrassed by it back home, not so anymore, even if it is only available in French (or Arabic) - can anyone say 'free online translation software?'

The flip side of that coin is that your foreign offensive info-campaign is eventually going to reach the eyes and ears of those for whom it is not intended. To the quick to offend you are "lying," to dim you are just confusing. Basically,in IO, you can't win for losing (need to develop this further when time allows).

I have mixed feelings about leaks. There are "leaks" - guys in the apparatus chatting over beers - there are leaks - spooks playing at being political operatives - and there are leaks - guys who meet with foreign intelligence agents and pass them classified documents. Secrecy News focuses on leaks:

A legislative proposal by Senator Jon Kyl (R-AZ) that would criminalize the unauthorized disclosure or publication of classified information "concerning efforts by the United States to identify, investigate, or prevent terrorist activity" is drawing strong opposition even before it has been formally introduced.

The thrust of these efforts tends to be on the reporters, which is promptly deflected by that first amendment shield. I'm not against reporters (the more courts lump bloggers in with journalists the more I tend to feel that way) uncovering waste, fraud or abuse or helping whistleblowers tell their stories; I am against the gratuitous publication of secrets for no or purely political reasons. That is a judgment that is usually (and wrongly) made by the leaker(s) themselves, consequently I think that is where legal action should be focused. Anything worth leaking should be worth risking your liberty over.

Appropriate technologies can help us - but no database or collection system is a substitute for seasoned human judgment. The key task in intelligence is understanding the enemy. Machines do many things, but they still don't register flesh-and-blood relationships, self-sacrifice or fanaticism.

Republican senators are girding for a fight this week over a provision of the Sept. 11 security reform bill that would give union rights to aviation security screeners employed by the Transportation Security Administration, or TSA.

They want language giving the screeners collective bargaining rights taken out of the bill the Senate will debate this week -- and will call on President Bush to veto the law if they fail.

Another data point for those analyzing our government's seriousness about homeland security.

Granted, TSA screener isn't a glamorous or rewarding job, and based on a totally unscientific review those manning airport security checkpoints they reflect the nature of the job; most would not be out of place handling your lunch or ringing up your Slurpee and Pop-Tart fix. This is not skilled labor, as they used to say before robots started welding cars together, nor is it a field that should be given extraordinary protections (if someone doesn't salt the fries it means I have to get up and grab a package of salt, if someone drops the ball at the x-ray machine, me and 200-odd other people might fall out of the sky).

Union means additional bureaucracy and additional expense - money that could be going to hiring more or better screeners or providing better training. Unions mean quibbling over nonsense that artificially reinforces the need for a union, while serious problems go unsolved. Unions also mean a much slower pace of change, which stands in stark contrast to the dynamic nature of the threats we face (in Toffler-speak the threat is moving at 90 MPH, Unions at 30 MPH).

If DHS's recent loss to the unions is any indication, TSA screeners should be able to buy their Teamsters jackets shortly.

Jack Bauer, the fictional federal agent in the hit American TV show "24," gets what he wants—and does whatever it takes to get it. Whether he must beat, suffocate, electrocute, drug or engage in psychological abuse, he will unravel whatever terror plot imperils the United States. ...

According to the New York-based group Human Rights First, the vivid depiction of these tactics in primetime shows like "24" are influencing U.S. troops abroad—and presenting a major challenge for military training academies. "It's become clear that this show has unintended consequences in that it informs young soldiers about these techniques, and it gives the false impression that they work," says David Danzig, a torture expert at the nonprofit organization . . .

The Pentagon told NEWSWEEK last week that it didn't know anything about the tactics used on "24," nor had it heard the allegations of their impact. "Humane treatment of detainees is and always has been the [U.S. Department of Defense] standard," said Lt. Col. Mark Ballesteros. But former U.S. Army specialist Tony Lagouranis, who left the military with an honorable discharge in 2005 and has since spoken out about the abuse of Iraqi prisoners there, says the use of tactics like those featured on TV was common during his 2004-2005 Iraqi tour. According to Lagouranis, his unit tried out similar tactics after watching torture scenes on television and DVD.  He has since teamed up with Human Rights First, and recently met with the producers of "24" as part of an effort to have them be more "responsible" in their portrayal of torture scenes.

Jeff Stein's SpyTalk. A great collection of national security good, bad and ugly.

Step one in crafting a security strategy: Know what it is you are protecting. I think this headline says it all:

FBI unsure if missing notebook PCs contain sensitive data

This from the people who want to argue they're in the best position to defend the nation from infiltration.

Finally carved out the time to get through the first episode of The State Within. Think 24 only from a UK point of view. Very subtle (except for the romance scenes . . . not that there is anything wrong with that). The gist so far: PMCs are bad, one more attack and American's become xenophobes, and MI6 is amazingly shorthanded.

• Advice about innovation from the world's richest man.
  
  
• Evidence that breaking a slump need not be expensive or painful (just unusual).

Technophiles will undoubtedly joke about the first item but that is beside the point . . .

The IC is always trying to bring on the smartest folks it can find, though it constantly errs by equating top-tier academic quals with actual smarts (we've lost more clever folks because they lack a piece of paper).

Appreciating a diversity (not the fake kind) of outlook and opinion is something the IC works very hard at squashing. Note that we're only now moving dissenting opinions from footnotes to full-sized text in NIEs.

And it isn't that outsiders can't offer a fresh perspective or new idea, its just that the people in the business should be the first people you go to when you want to know what in the business needs fixing. This doesn't mean town halls where your executives can practice their Toastmaster skills and only the kooks raise their hands because everyone just wants to keep quiet so the pain will stop.

Scooped by Shloky:

The U.S. Department of Defense's lead intelligence agency is using wikis, blogs, RSS feeds and enterprise "mashups" to help its analysts collaborate better when sifting through data used to support military operations.

The Defense Intelligence Agency (DIA) is seeing "mushrooming" use of these various Web 2.0 technologies that are becoming critical to accomplishing missions that require intelligence sharing among analysts, said Lewis Shepherd, chief of DIA's Requirements and Research Group at the Pentagon.

Elaborating tomorrow. Got a Jet Li fix to satisfy tonight.

Update: 

If there is one thing I enjoy more than slamming my last employer its patting it on the back. At least in this case it is deserved.

As a recent report confirmed, DIA has not been the most technically astute (among other things) place around at the working level. This is the place that thought that slapping a really crappy HTML front end to a really antiquated database was pushing the bleeding edge.

Indications that they were taking technology seriously came just a few years ago when they hired a CTO that didn't need a dictionary to know what XML stood for (unlike some senior staff with "information" or "technology" attached to their titles). If anyone was going to make something happen on the tech front, it was going to be Bob.

Still, things are not what they could be as reports on the ground suggest. It is the government, so nothing is going to be perfect, but with advances in technology have to come changes in procedure and a scrubbing of policy (insert Dilbert-esque cartoon of PHB printing off email here).  Simple stuff like that that makes doing things the modern way almost twice the work of doing it the old fashioned way.

Prudent and timely:

The White House is staging a high-level exercise Saturday to test responses to the prospect of a massive domestic terrorist attack involving IEDs (improvised explosive devices)—the same deadly roadside bombs that have been used by insurgents against the U.S. military in Iraq.

White House homeland security adviser Fran Townsend will preside over a group of senior officials—including Homeland Security Secretary Michael Chertoff, FBI Director Robert Mueller and Director of National Intelligence John (Mike) McConnell—as they attempt to deal with the latest nightmarish scenario cooked up by government counterterrorism planners.

As part of the exercise, the officials will be handed a thick binder which lays out a scenario involving simultaneous terror attacks by “sleeper cells” of 20 to 25 individuals each dispersed in five cities across the country: New York, Washington, Chicago, Houston and Los Angeles. The officials will then be tested on how they direct their respective agencies to respond. “We’ve designed this to overtax the system, to push the system beyond the breaking point,” said one senior administration official familiar with planning for the event, who declined to be identified talking about it before it takes place.

While planning for domestic terror attacks is not new, the focus on IEDs in this weekend’s exercise seems at least tacit recognition that the wave of such attacks that have been killing soldiers and civilians in Iraq and to a lesser extent Afghanistan could spread to the United States.

Man, can I call it or what?

In a staggering display of ignorance and narrow-mindedness:

“Sometimes I have a sense they’re watching too many reruns of ’24',” said Rep. Jim Moran, a Virginia Democrat who serves on the House Appropriations Defense Subcommittee. “They need to get a grip. We don’t have IEDs here. They’re creating a state of fear beyond what is helpful.”

Really? Rep. Moran and those about to jump on his bandwagon might want to avail himself of a newspaper and note the relative ease with which terrorists can cause death and destruction with common household items or for a modest investment at the local Home Depot. If he does not want to believe the press or care what happens in furrin' lands he can talk to the homeland security and law enforcement contacts and read up on the mounds of reporting related to the acquisition of IED building blocks right here in the US. If he doesn't want to do the homework he can always tap the CRS and they'll do the heavy lifting for him (with a corresponding leak to FAS/Secrecy News for the benefit of those who paid for the work, hopefully).

What is probably not covered in the exercise and needs to be addressed: the psychological/sociological impact on the population when their home towns start to resemble - even if for the briefest moment - the urban environment of Iraq.

A long but worthwhile article about the state of our small arms and those responsible for putting them into actual arms (none of whom are likely to have to fire a shot in anger the rest of their careers).

From Inside the Pentagon (subscription required):

The head of the Defense Intelligence Agency is on the cusp of deciding how best to integrate two largely separate worlds of military intelligence: tips collected from people on the ground, dubbed “human intelligence” and electronic-based information -- the kinds of images, sounds and data collected by spy satellites, unmanned reconnaissance aircraft and piloted surveillance planes.

Lack of coordination between these two different intelligence realms has frustrated military personnel at all levels of command -- from top commanders to lowly grunts -- and some leaders say the chasm has hampered U.S. effectiveness in Iraq and the war on terrorism generally.

I don't know how many times this idea has been brought up, but it would appear that it is finally sinking in (into the ear of an artilleryman, who would have guessed?).

The real problem of course is that they're going to try and use the fancy Ikea-decorated sixth-floor holo-deck to carry this out. I understand the need to get your money's worth out of Jacoby's Folly but spending six to nine months studying and testing and drafting after-action reports is going to result in going no-where fast. Yes, it is "how things are done" but it is retro and wasteful and in the mean time we're still coming up short.

I predict a pilot effort for some piddling country shop that’ll have full-spectrum capabilities under a single roof down to the division level. It’ll annoy the heck out of everyone because it’ll mean longer commutes, crappy working conditions, and serve as a detriment career-wise since once you are out of sight of the respective mothership, you are out of mind. Processes out side the pilot won’t change, which means twice the level of effort for the same amount of output.

General, please, it’s simple: you have computers, wikis and blogs – use them. Everyone else in the information business is working this way (some are getting ready to go beyond it). If you can’t grasp it, if your office chiefs can’t grasp it, I guarantee the kids you hired since ’02 do (as well as the mid-career folks who now wear yellow badges). It’ll work. It works millions of times every day. Make that your pilot and save yourself the grief, time and expense.

Former Defense Intelligence Agency (DIA) analyst Ronald Montaperto, convicted last year on espionage-related charges that involved passing secrets to China, is scheduled to get out of federal prison Sunday. Prosecutors say he will be barred from meeting any Chinese intelligence personnel as a condition of his release.

Montaperto claimed the passing of intelligence to China was unintentional and the result of being tricked by two Chinese officers.

From Inside the Pentagon (subscription required):

Bush administration officials are preparing an executive order for the president's signature that calls for sweeping changes in educational programs and career development for the federal workforce so professionals in each agency with a national security mission can learn how to better work across organizational lines when tackling 21st-century threats, according to sources and documents.

The gist is they're trying to create of a uniform set of standards that will allow for the migration/rotation of  practitioners across the various national security-related agencies.

The original seed for this effort was to be the NDU, but apparently that idea has been (wisely) scratched in order to create a "consortium" of government institutions from which aspiring national security advisors and undersecretaries can gain the requisite knowledge. A smarter move: develop and promulgate a core curriculum and take the NSA Center of Academic Excellence approach. You're never going to have enough slots at any single institution to fill the demand (it is cut-throat enough already trying to get a civilian slot to a service school), so spread the effort out as widely as you can.  Besides, who would you prefer: someone educated at MIT or someone subjected to the military education system?

Even if supply and demand issues are sorted out, the planners and implementers of this effort need to take a long hard look at similar efforts and what makes them fail. I'm speaking of the Intelligence Community Officer Program, which has gone through a couple of iterations and still isn't what is could/should be.

Signing up for the program is easy; getting into the requisite classes and then convincing your respective hierarchy to cut you loose for the necessary rotation assignment is another thing entirely. Even if everything works out like a charm, there is precious little chance that your home agency will put your newfound skills and experience to good use (which is why so many participants opt to stay with their adopted agency).

All in all a good idea, but there are lot of potholes on the road they're about to travel down.

The language problem in the IC is well known, and at first glance it seems like the Bureau has finally gotten their act together, but what is really going on here?

First of all, the numbers are almost certainly gamed. All those recordings may have been gisted or someone might have listened to them, but I wouldn't put money on anyone applying any serious analytical horsepower to the effort. It's the same "exploitation" vs. "analysis" problem that I have written about previously. Triage is what it is, but it isn't always that good.

There is no clear indication that the Bureau has addressed the security and competency issues raised (and substantiated) by a former linguist. Unavoidably, contract linguists are still a part of the equation.

The involvement of "allied intelligence agencies" is a potentially a good sign, though there is no lack of security-related issues there either. Still it shows that the Bureau - notorious for hoarding - is less averse to sharing the pain, or more precisely our allies are still willing to lend a hand quietly and behind the scenes.

I am doubly enthusiastic about Bruce's latest security critique because the primary premise is unsound. That doesn't seem to make sense until you realize that no one in the national security establishment is ever sacked.

There was plenty of justification for firing or relieving any number of people after 9/11 - if for no other reason than the MFIC always bears the ultimate responsibility - yet no one was. Whether the Captain of a naval vessel is at the helm or not, if his ship runs aground he's gone. In the Army soldiers pay the price for their misdeeds but their Commander gets his fair share of the heat.

What do we do with the people who were at the top of the food chain in the agencies who were charged with preventing and warning us? They get medal, they get to retire, they get recycled into the DNI's staff.

Generally speaking if you mention "Swedes" and "intelligence " in the same sentence you ought to pay attention. Their skill with a pot of Lingenberries not withstanding, they've been quick to recognize the flaws in old - or perhaps "our" - way of doing things and acted accordingly. This article gives you a taste (H/T John Robb).

I'll update this post once I get some additional input from a buddy in the field, but for now I think it is safe to extract and paraphrase earlier discussions we have had along these same lines:

The main reason this doesn't work here is that intel shops at echelons-above are black holes. We gather a lot of data and dutifully feed it up, but never get anything back. I have a little insight into the next higher echelon's work, but above that, who knows?

This from a guy at the pointy end of the spear; the kind of guy who needs the best the haft can provide. Is he getting it? Not a chance. Would the Underrattelser concept work in the US military intelligence community? Not with the current crop of leadership.

I was lucky in a sense that I got to work at division-level when I was in Iraq (the first time we kicked Republican Guard tail), so that sense of "is anyone reading this stuff?" wasn't there. I really felt it back in DC, where under the old paradigm you could spend a career filling filing cabinets full of assessments that five people worldwide might read (and none of them would fill out the form to say "thanks" or "are you retarded?").

Inter-agency email and Intelink made it easier for consumers to provide feedback and colleagues to share ideas, but it was still time-consuming and clunky. What we needed was Digg and an Ebay-like ranking system (for collectors and analysts), but they hadn't been invented yet. With Intellipedia and IC blogs now in play, let's hope that quality feedback agents are adopted too.

From Inside the Army (subscription required):

The top civilian and uniformed leaders of the Army told a House committee last week that recent war games have proved the effectiveness of the Future Combat System as a counterinsurgency tool, and pushed for the continued development of the multibillion dollar program.

The committee was told the service is running modeling simulation exercises involving pre-insurgent and insurgent operations that compare actual events in battle to the likely outcome if the service had tapped a future force harnessing the latest technologies such as FCS.

The Army¹s recent exercise looked at an event called Black Sunday in which a platoon providing convoy security in Sadr City, Iraq in April 2004, was attacked by insurgents. Two soldiers were killed. Several humvees were destroyed. A battalion then embarked on a rescue mission.

“It took [the battalion] three hours and three attempts because they couldn¹t find them,” [Army Secretary] Harvey explained. “They didn¹t know where they were. They didn¹t know what streets were blocked. Six more soldiers were killed and 50 more were wounded.”

The modeling simulation involving an FCS-capable unit, however, resulted in “zero soldiers killed, zero wounded. It took one hour, not three hours.”

Wow, we ought to be increasing and not cutting the budget of a program like that, eh?

Not so fast . . .

First of all exercises &  simulations are cr@p. The math/logic behind them is fine, I’m not deriding game theory and related fields, but as they are practiced such events are worth less than nothing because the good guys never lose. The "blue" side always ends up saying that the tactics of the "red" side are just not realistic; tactics like going insurgent or acting like a terrorist network. You don’t have to take my word for it, ask Lt. General Van Riper, USMC (Ret.)

Playing the bad guy in an exercise called Millennium Challenge Van Riper showed what Saddam a simulated Mid-East military power could do if they had had their act together. Unwilling to accept real defeat in a fake setting, the game was rebooted; the US won and everyone lived happily ever after. Van Riper blew the whistle.

The Army touting FCS – or any technology-heavy solution - as some kind of miracle system that will send US casualties to the basement and make every mission a flawless display of military prowess is something akin to irresponsible. Even if the Black Sunday simulation was an accurate reflection of how FCS might perform, it would not have stopped the ambush from occurring in the first place. Even without FCS we are the most technically advanced fighting force in the world, yet our soldiers are still being killed by weapons bought in a dime store and cooked up in a kitchen.

It is not that advanced technologies are bad, but look at what sort of technology works on the battlefield: UAVs and night vision devices. These are advancements of basic concepts that were put into use during Napoleon’s day (balloons) and Viet Nam (NVGs). The other great technology that works is GPS, which is a space-based way to do what people used to do with a compass and range finder. The defense against all this technology? “Moving through the people like fish through water.”

Enhancing our ability to fight and win against terrorists and insurgents – the more common battles of the future –  should be focused less on ridiculously expensive technological programs (which inevitably fall short of expectations and exceed cost and time estimates) and more on a well-executed communications strategy, multi-disciplined programs aimed and eroding popular support for subversive movements, and the tactile tools that smart men on the ground can use to kill.

DNI McConnell starts his second full day on the job today, and the former intelligence experts interviewed in the Baltimore Sun say that he must “restore faith, unite agencies.” I agree on both points, though I’d like to respectfully suggest that he follow different tacks than the other old hands suggest.

Restore Faith

This is actually a two pronged effort: restore faith in the intelligence services and restore the faith of those working in the services.

The first part of the remedy involves setting new expectations across the board. People on the job need to be allowed to take more risks, challenge the status quo, and come up with new ways of operating; our legislative overseers need to realize that intelligence work can be messy, dangerous, and inadequate. Oversight should be a check-and-balance not a check-and-burden. When people know they won’t be hung out to dry for coming up short, they’re more apt to shine; when decision-makers understand that intelligence isn’t a silver bullet they should be less likely to abuse it.

As you craft your introductory speech to the workforce let me say that they don’t need reminding of why they are on the job or the consequences of failure. They need to see your words backed up by action. You ran NSA so you know how it works; DIRNSAs come and go, but the staff is forever. Bold moves now will set the tone for the future and do more to revitalize the workforce than any pep talk. Otherwise you’re just another guy they have to survive.

Unite Agencies

The goal here should focus less on centralizing management – span of control is already far too wide - and more on centralizing functions. That there is a great deal of duplication of effort in the IC is well known, but to date no one has done anything about it. With a scrub of the budget should come a scrub of missions and functions. Dealing with current and future threats requires minds as well as money and continuing to allow individual agencies to perpetuate mini-me versions of rival programs saps our ability to provide both. Everyone has “equities” but some are more relevant than others. Agencies are going to have to take some lumps in some areas so that they can get a boost in others. It’s the price we have to pay for the intelligence community we want to have. If consolidation is not a path you want to go down, this is the next best thing.

Clean House

I covered this issue recently and will not abuse a dead equine in your presence; suffice it to say that you’re not going to blaze a path to the future with the people who are stuck in the past. Everyone knows who the leaders are and who the functionaries are, but if you insist on conducting a survey or some such thing, don’t talk to anyone over GS-14. Have them “vote” for their own dream leadership team and when the survey results don’t match up to the current org chart you’ll know who needs to go. You’ll also have a much better handle on what sort of folks (and requisite skills) it is going to take to lead your workforce of the future.

That’s all I’m giving away for free, Mr. Director. Good luck. ;-)

The CIA, Homeland Security Department and National Security Agency are the least trusted federal agencies when it comes to protecting Americans' privacy, according to a new study by the Ponemon Institute.

The annual survey, which will be released Wednesday, asked more than 7,000 citizens whether they believe the government takes appropriate steps to safeguard personal information. Answers were mixed, but the overall trend suggested a decline in public trust since the think tank first studied the issue in 2004.

The NSA has suffered a substantial flogging by lawmakers and privacy advocates amid questions in the past year over its domestic spying in search of terrorists. It also was revealed recently that the CIA has been utilizing a special subpoena power of the 2001 anti-terrorism law known as the USA PATRIOT Act to comb bank and credit-card records. […]

"There's a clear correlation between bad publicity and poor privacy trust performance," survey author Larry Ponemon said. Previous studies "lacked a big headline negative event," whereas this time, there were several.

People don’t trust government agencies to protect their privacy, but read between the lines and notice that the government searches your data; private companies lose your data. The VA lost (and later recovered) 27 million personal records (and another loss event occurred just the other day) but private credit card processor CardSystems let 40 million records out the door. The difference: people have stolen the identities of or otherwise exploited the data lost by private firms (e.g. credit card fraud, mortgage fraud, phishing, pharming, etc.). I’m not aware of any identity theft incidents associated with government data mining efforts.

Perception is apparently reality; the perception that in the information age you have any real privacy to begin with, and the perception that the government is the greater of two evils.

Secrecy News points out an important new IC Directive:

Intelligence analysis "must be objective and independent of political considerations," ...

"The IC will seldom have the requisite depth and breadth of expertise to provide all of the insights and detailed answers demanded by our customers. To satisfy their needs, the IC must tap outside expertise and build and expand relationships with non-intelligence government agencies, academic, business, non-governmental organizations (NGOs), and think tank communities, both domestically and internationally, while addressing the counterintelligence and security obligations that are inherent to such initiatives."

Developments like Intellipedia are a single step on the path to reform in these areas, but it is still insiders talking to insiders. Anyone who has tracked these issues for longer than a day knows how well that can turn out. A really bold and significant step? Open up the (U)-version to the public through the Open Source Center (and the OSC itself for that matter). You want deep and broad expertise, diverse opinions, and 24/7 production? I don't care how many universities and think tanks you line up and cloister behind a firewall, it isn't going to match the output of a global Army of Analysts.

I spent years sitting across from a guy who played a major role in making this case.  I'm looking forward to Hollywood's treatment (the Latin Breach) perhaps with Elizabeth Pena or Sonia Braga (no one would believe Salma).

Fellow national security-issue blogger William Arkin is troubled:

The White House announcement last week that it was nominating Dell L. Dailey of South Dakota to be the State Department Coordinator for Counterterrorism immediately caught my attention.

Dailey, who is hardly a household figure, is famous in the world of "black" ops. He has been at the forefront of the "war" against terrorism since Sept. 11, commanding the special operations effort from Oman during the Afghanistan war and shepherding through the creation of the current global counter-terrorism war plan while in charge of operations at Special Operations Command (SOCOM) in Tampa.

[…]

Dailey at the State Department, Admiral Mike McConnell as the Director for National Intelligence, General Michael Hayden in charge of the CIA, General James R. Clapper Jr. as Under Secretary of Defense for Intelligence, Lt. Gen. William J. (Jerry) Boykin as Deputy Under Secretary for Intelligence, Marine Corps Maj. Gen. Michael Ennis as Deputy Director for Human Intelligence at the CIA: All of these men have replaced civilians or sit is normally civilian billets.

… After Feith and Cambone, Rumsfeld and Goss, Wolfowitz and Perle, Libby and Addington, Michael Brown and other horse traders, I understand the yearning for the clear thinking and lack of ideology that is assumed to be resident in those who have worn the uniform of the United States for over 30 years.

It is not that I worry about a military coup, or that I think these men will be too compliant, or will blindly follow orders to war against Iran or undertake some other misadventure. It is more that what America needs is a few more civilians involved in national security, and a few more civilian minds applied to the problem.

Let me see if I’ve got this right:

• Civilian appointees got us into this mess
• Appointees tend to be cronies or political ideologues of varying levels of competence that only serve as the President’s yes-men.
• Military officers tend to be martial ideologues – competent in their respective fields - that will serve as the President’s yes-men.

Soooo . . . we need the President to appoint more people who will work against him?

Frankly, I’d prefer that individuals in key national security positions have a military background (more than a single enlistment or minimum service obligation) for one primary reason: discipline.

All things being equal the one advantage someone with a strong military background has over his civilian competition is the ability to instill a sense of discipline in their subordinates and the willingness to enforce it. Appointees of all stripes have their problems, but if their primary job is advancing an administration’s policies through their respective agencies you want someone who knows how to set objectives, lay down the law and when necessary drop the hammer. Anyone think that Alberto Fernandez wouldn’t have at least been given a lateral arabesque (no pun intended) if someone with 30-years in uniform was at the helm of State when he “misspoke?”

Whether anyone else believes it or not, the President believes we’re at war, and with the passage of time I suspect he is recognizing the value of having people in key positions who recognize that sometimes a wall-to-wall counseling session (figuratively speaking) is the only way to get through to some people.

Charlie Allen on following the conventional wisdom:

“Don’t listen too much to what others are telling you,” Mr. Allen said. “Constantly re-examine your assumptions.”

I would say he was both a literal and figurative grandfather of the IC, but I don't know him that well. I do know that there was a time not that long ago when he backed the ideas of a few obscure folks who thought there was intel gold in what others said was a mountain of garbage: He/We were right and they were wrong, again.

If would also like to say that if anyone is going to make DHS intel work - and it has been broken from the get-go - it'll be Charlie, but then I thought that about Gen Hughes too, and it's not like the latter was some kind of slouch.

At a time when most of his peers are pretending they can still golf or contemplating the fine print in their long-term care plans, he's still slugging it out for 15-hours a day. He could have sold out long ago and lived off the fat of his Rolodex, but there is a different beat playing on his mental iPod.

I still think a purge is in order, but if you had to make exceptions . . .

Shloky points out an interesting case that slipped my daily search:

In the spring of 2005, Guy Enright, an accountant at KPMG Financial Advisory Services Ltd. in Bermuda, got a call from a man identifying himself in a crisp British accent as Nick Hamilton. Hamilton said he needed to see Enright about matters of utmost importance.

Over the course of two meetings, Hamilton led Enright to believe he was a British intelligence officer, ... But Nick Hamilton was not an agent of Her Majesty's secret service... Nick Hamilton was in fact Nick Day, now 38, a onetime British agent and co-founder of Diligence Inc., a Washington private intelligence firm . . .

Loathe to touch this item for a number of reasons, but overall it is a pretty good tale of how things may be done. The tradecraft bit was a nice touch and probably one of the aspects of the job that pushed Mr. Enright into believing he was doing the patriotic thing (that and the bloody background check paperwork, I mean what doesn't scream "I must be dealing with the government" like a government form?). Pre-texting the secretaries for inside dope on prospective targets was smart (if I can say that) in the sense that it beats the old method of hanging out where the lads go after work, buying them drinks and then pumping them for information.

Some (many?) are going to highlight the illegalities of a private concern while failing to appreciate that espionage of any type is against the law outside of your own nation (at home you're an intelligence officer and civil servant, abroad you're a spy and subject to all sorts of nastiness). The fact that the methods have gone private (have been for some time, now just brought under larger corporate folds) makes the business no less shaddy.  In this case the victims couldn't (K)PNG (sorry I couldn't resist)  Day out of  Bermuda, so they did the next best thing: sued.

Remember: being Muslim has nothing to do with it, so best to just ignore it.

West to East: still thinking big.

East to West? I’m thinking small.

Easy to get caught up in the hysteria, especially with school age kids, but the means are readily available, the motives clear and this time of year there is ample opportunity.

Unlike the national security apparatus, when things go wrong in some places they have no problem doing what is necessary to turn things around.

What? National security is not business? True, that. In the case of the latter continuing to do what got you into trouble merely results in bankruptcy and unemployment.

The SSCI: They were against external examination of IC findings before they were for it.

I got a short boost of joy reading about (yet another) move by the government to reduce the waiting time for security clearances. The demand for clearances has gone well past the roof but the approach to granting them is still stuck in the mud. The bulk of the wait comes from the long background interview process in which not only are the people you put down as references interviewed about your character, etc., but a much larger network of interviewees is built (and subjected to the same process) by asking your references to supply references (ad nauseum). The idea is that you’re probably only going to put down as references people who will say very nice things about you. By expanding the network the investigators improve the chances that they will find someone who might say things that are not so nice, until someone gives up that – oh yeah, you spent that one summer between Jr. and Sr. year in Pakistan “visiting historical landmarks.” 

The process has many flaws, but none as severe as the one pointed out in the story of an Iraqi (?) immigrant who held a TS clearance while working as a translator in Iraq. How bad is it? The government isn’t even sure of the guy’s name.

Security and counterintelligence folks will go apoplectic if you start talking about improving the clearance process, and they will point to stories like the one just mentioned as evidence. There is a flip side to that coin: if the process is so great HTF did Mr. X get through? I mean, read the statements of the FBI and ICE agents in the translator story ask yourself how they can utter those words with a straight face?

If security is just a matter of checking off boxes on a form then this is one of the few problems that can actually be “solved” by our Uncle’s favorite approach: throwing bodies at it. That is in essence the government’s solution today, with every under-employed liberal arts grad and retired FBI/IRS/SS agent working as a contract background investigator by the various firms employed by DSS and OPM to conduct interviews and perform records checks. The young woman who interviewed me for my last five-year update had only voted in one Presidential election and unlike her I could recite the interview questions from memory; the retired Bureau man who did the previous check-up didn’t need a cheat-sheet but he did forget his ‘Creds at my house. Impressed?

Jabs aside, the current system needs an overhaul that goes beyond a more-of-the-same methodology.

For starters we need to dig deep and figure out just what ought to be classified and at what level. The problem of over-classification is well known, and if corrected would reduce both the volume of material that needed protection and the need for highly cleared people.

That’s step two: cutting back on clearance holders. If you get a job at an intelligence agency processing payroll you will be given a clearance. Same goes for a lot of administrative and support jobs. Having the badge makes life a lot more convenient, but it doesn’t improve security. Back-office stuff that doesn’t involve classified? Outsource it or detach it from the HQ and send your newly uncleared workforce to a telework center.

Step three is injecting automation into the process. Much of your clearance file is an actual physical file; what is this, the 50s? Some automation is already in the works, but as usual a lot of money has been wizzed away. VCF redux? God, I hope not.

Automating the process speeds up the back-end but you also need to look at automating as much of the investigation as you can. Your full name and SSN run through the credit bureaus and other major data brokers should produce plenty of material from which to launch a really focused background investigation. Where you get and how you spend your money, where you have traveled to and when, etc., etc. Stop wasting time asking broad-spectrum questions of people who might remember this or that and focus on facts. Kick the in-person interviews off after you’ve gathered all your ducks in a row.

Plenty of other ideas but it is time to pay the mortgage. Bottom line: this is a problem that is eminently fixable but it requires breaking china. In the words of Miracle Max, “Have fun storming the castle.”

My latest Standard piece is up here. Mr. Feith's rebuttal to the IG report was in the WaPo on Wednesday.

And no, we don't call each other to find out what the other is going to wear to school.

If memory serves this is not a totally accurate portrayal of related events; I believe the Bureau backed him after the Lab did not, but then pulled the rug out from under him; and Titan Rain is the name of a series of related break-ins not an actual group, but you get the picture.

This and other national lab-related stories should have been linked in my recent commentary on cleaning house in the national security system. There is some fantastic work being done there (some you know, some you don’t want to) and some of the sharpest minds on the planet are on the job there, but the brainpower of those who push paper for a living is clearly lacking. If they’re not ignoring and then sacking people who point out problems, they’re persecuting and firing people for exercising their rights on their own time.

These are the figurative captains of the USS Defense and Intelligence folks.

GG's don't need NGA or NRO.

Update: Apparently, neither does Uncle Sam (if he wants to do it on the cheap - of course he won't he'll pay someone seven-figures to do the same thing).

SWJ post earlier this week on business as usual inside DIA spawned this ThreatsWatch commentary. Hope I don't sound too angry.

Money quote from the Author's Note:

The unavoidable conclusion is that the U.S. government cannot continue to allow a collecting agency to make unilateral originator control determinations regarding the intelligence it collects. ... I hope to explain why they are not in position to make the best “need to know” determinations – that decision must be made by an independent body.

I argue that collection agencies should have their analytic capabilities removed for similar reasons. Restrictive classification or handling caveats are more often than not tools to minimize the ability of others to steal your thunder. Of course by seeking institutional glory in this fashion agencies are hindering effective exploitation and analysis of collected data; the agency best suited to use a given piece of information could very well be an agency that doesn't have "permission" to use it.

PS: Just finished. Very well done. Research into the security aspects of this problem are instructive for both pros and laymen alike. Reading the many "what could have been" moments in the piece will alternately make you weep or pound the table in fury. There are of course legitimate concerns on this front, but by and large it is pure selfishness. The idea of having a honest broker and not collectors determine NTK is interesting, though care would have to be taken as far as who is chosen for the job (ideally, cleared outsiders who don't have misguided loyalties to a home office).

My own piece on these issues tackles things from a different angle, which makes the embargo terribly frustrating. Gotta get me a think-tank job. In the mean time, Col Putbrese, drop me a line.

The United States Military Academy at West Point yesterday confirmed that Brigadier General Patrick Finnegan recently travelled to California to meet producers of the show, broadcast on the Fox channel. He told them that promoting illegal behaviour in the series - apparently hugely popular among the US military - was having a damaging effect on young troops.

Are you kidding me? ITS A TV SHOW! At the risk of painting with too broad a brush, if this is the state of military training today, we need to be worried.

I reject the idea that even the rawest recruit cannot separate the fantasy world of 24 and reality. This might be the Playstation generation, but I would bet any amount of money that every troop regardless of Service or MOS gets a block of instruction or twelve on the laws of war and the Geneva Conventions, with particular attention paid to this disgrace called Abu Garhib and what is and is not acceptable behavior towards prisoners or detainees.

And if that is not the case then I am aghast that an institution with as long and historic a reputation for forging honorable warriors out of myriad malcontents considers itself so ineffectual that it has to ask the producers of a TV show to dial down the gore because they cannot exert the kind of control and demonstrate the kind of leadership necessary to prevent imaginations from getting carried away.

Somewhere my drill instructors are weeping.

My TW colleague Steve points out this money shot: from Austria, through Iran, into Iraq - nothing but net.

Good enough for your Mr. Froomkin?

PS: Captain Ed also makes the connection.

Tom wipes the sleep out MSM eyes.

Way too early to call this or this terrorism, but however things work out, the aftermath will be instructive.

You can't beat Siobhan Gorman for NSA stories:

An expensive National Security Agency initiative to search the world's communication networks for security threats is hitting early but significant snags, prompting intelligence officials and lawmakers to raise questions about its funding and its future.

Read it all and weep.

I'm not going to belabor the points I have made in past posts about the broke-d!ck state of IT up that way. It has been that way for ages and as you can see there seems to be no hope of reform. I would go so far as to say that no objective observer would slap the label of "successful" on any major IT project there for the past twenty years. In this case "success" being defined as within 10% of budget, within one year of IOC and within 80% of capability. Someone prove me wrong.

The congressional response is probably the saddest part of all. Both Rockefeller and Hoekstra hit their respective nails on the head, but Ruppersberger - who represents the area - punts. You want to exercise oversight? Shut off funding for everything but power and water until they cough up hard numbers and performance stats. Worried about the passage of time and the possibility of missing something? Like the performance to date is anything to brag about?

I know how this game is played: nominal success justifies pouring money down a black hole. We cannot afford this sort of business as usual.   

My own search will begin shortly, but wanted poll you all to see if anyone could provide some quick links to bloggers covering: Southeast Asia, East Asia, Africa, Central America, South America, & the Sub-Continent. Ideally looking for sites built along the lines of IraqSlogger, but at this point I'm not choosy.

Hugh calls for a nat'l security blogger in the MSM that isn't locked in a tight right-ward spiral:

But after the smoke from all the apologies clears, Arkin is still employed by the Post, and the Post still lacks any center-right bloggers on politics, and any serious military/national security blogger dedicated to writing about the war from the perspective of the necessity of victory.

My offer is still open.

Don't know this particular person, but I know his brothers and sisters and their song remains the same (courtesy of Small Wars Journal):

Morale has become bad enough in the Iraq office that DIA has had to drop the requirement for analysts who deploy to Iraq work in the office after they return. In the last several months, the office has experienced an exodus of many of its veteran analysts. The office remains critically undermanned and short of computers. Analysts have begun to apply for jobs with local county police departments.

You need to read the whole thing.

I've said it before but it is always nice to have corroboration: The longer we tolerate industrial-age processes and cold-war mindsets in the IC, the faster it slides towards irrelevance.

STRATCOM's Cartwright points out imperial nudity:

Under [the current cyberwar] approach, Net Warfare is responsible for attack and reconnaissance, the Joint Task Force for Global Network Operations manages network defense and operations, and the Joint Information Operations Warfare Center oversees electronic warfare, Cartwright explained. These groups operate independently and don‘t effectively share information on their activities, he said.

This isn't news to those who have been working this for a while, but it is refreshing to actually hear someone in a position to influence things voice it. If the necessary consolidation and focus is not undertaken (rarely a popular option even in a growingly purple world) then we need the digital version of Air-Land Battle Doctrine to take us to the next level.

On top of that is the pressing need to push intel to the virtual world (search Kent's Imperative for many applicable posts) so that we can avoid the kind of surprise that regularly plagues us there now (roots of the current approach date back to the late 90s, which is what, 50 digital years?). This is particularly important in cyberspace where blitzkrieg really moves as the speed of light. The impact of failure? Consider the ghost of Dick Clarke:

If the United States found itself under a major cyberattack aimed at undermining the nation’s critical information infrastructure, the Department of Defense is prepared, based on the authority of the president, to launch a cyber counterattack or an actual bombing of an attack source.

That's a  policy that aims to make carpet bombing seem like a humane approach to warfare. The recent DDoS against TLD servers is given as an example, but the last-hop - S. Korea - is a well known platform for all sorts of attacks thanks to its deep broadband penetration and generally sloppy security posture. There are hints that a source in Europe is more likely the technical origin but the motivation very likely lies somewhere else (everyone who remembers Solar Sunrise raise your hand). Tracing the origin? Possible but is that sufficient "evidence" to merit a kinetic response?

We're not where we need to be, and recycling IT news and calling it intel isn't going to get us there.

We have committees for a reason:

To the surprise of the Bush administration, the House Intelligence Committee voted unanimously Wednesday night to allow all 435 House members to see the classified version of the National Intelligence Estimate on Iraq sent to the White House last week. The report is classified in part because it contains information about sources and methods used in intelligence-gathering.

It would be nice to think that committee chair Reyes was following the Army of Analysts approach to help get through the full Iraq NIE, especially since it is fairly clear that elements in the committee lack a certain level of expertise, but that would be wishful thinking.

No, more likely this is both side of the aisle throwing an irreplaceable vase into a rugby scrum to substitute as a ball. The obvious result is going to be a broken vase, but give it a second and everyone will soon realize that there is blood on their hands.

The Bush administration may withhold technology dollars from federal agencies that are lagging on cybersecurity, a top IT official said Wednesday.

The philosophy goes something like this: The government shouldn't be spending money on agencies that want to build new systems when their overall management processes remain flawed.

"This year we're really focused on making sure agencies are delivering results, investing the taxpayers' dollars wisely, and are really executing now on the activities they said they are going to do," ... That means agencies must address known security flaws, particularly when it comes to protecting personal information . . .

There are only two ways to make things happen in the gov't: make what you want done a ratable performance review item or fiddle with the cash flow.

While the larger bandits and their FFRDC overlords pi$$ away $7.5 billion, motivated men in a garage (my metaphor, not reality) are getting it done.

Tip-off: Bill Roggio

Retired Navy Vice Admiral J. Michael McConnell, the man President Bush has tapped to be the next director of national intelligence, told senators at his confirmation hearing he will focus on reforming the intelligence community to counter a growing terrorist threat from inside the United States.

"We know that terrorist organizations today are making plans for attacks on our citizens inside our borders," McConnell testified.  Previously, the intelligence community "focused almost exclusively on foreign threats outside our borders.  What is new is the need to focus on these threats inside our borders."

To counter that security challenge, McConnell said he would use his new job as overall director of most U.S. intelligence operations, including the CIA, to push reforms aimed at improving "collecting and processing information ... consistent with our Constitution, our laws and our values to respect the rights and privacy of our citizens."

Asked if he would be willing to reform some of the rules regarding information gathering and analysis, McConnell indicated he would, saying, "We live today with security rules that literally were established in World War II and served us well – World War II and the Cold War."

This will of course be seen by some as more evidence that Big Brother is back on the job. “He’s going to dust off COINTELPRO!” Lost in all the hyperbole is the focus of all these efforts: “[foreign] threats inside our borders.”

Why focus the IC writ-large against domestic problems? Despite the dysfunction at the national level, getting a handful of agencies to deal with the problem beats trying to get several thousand (50 state police forces, plus county and smaller jurisdictions). It’s a best-of-the-worst possible solutions because our Uncle still can’t get his act together WRT decentralized/P2P operations, but I’ll take crappy over non-existent.

Recognition that antiquated security rules are hampering efforts on this front is also important, though how much success he’ll have is questionable. Operating effectively in the info-age means knocking down some hard-and-buried targets (read: rice bowls) but a robust CI effort can help mitigate risks . . . what’s that? They gutted the national CI effort? Well then never mind.

When attempting to defraud the government and put the information infrastructure at risk, have wife use maiden name on all paperwork.

Desperately short of soldiers who speak Arabic and understand Islam, the U.S. military is quietly courting American Muslims. But they show little enthusiasm for an institution many say is prejudiced against them.

At the peak of violence in the Balkans no one thought that the PFC named Milosevic in our unit, with his Serb nationalist t-shirts and bluster about ETSing and going back home to join the freedom fighters, was anything but a 19-year-old blowing smoke. He was a bit of a freak, but not because we thought he was down with cleansing an ethnic population. No one questioned his loyalty or capability to do the job he was assigned. Same goes for all those in the unit we didn't ask (we didn't really have to) and who themselves didn't tell. There was no purge of latinos (hispanics?) in the IC after Ana Montes was sent up the river. In the military its capability, not ethnocentricity, that counts. That has to be communicated to the target population, along with hard numbers about who is really abused because of their religion in this country. If the foiled kidnap plot against a Muslim soldier in the UK is any indication, eligible and willing Muslims are probably better off joining the fight than sticking with their ostensible friends.

Finally:

Senior military officers, including members of the Joint Chiefs of Staff, have told President Bush and Defense Secretary Robert M. Gates that the new Iraq strategy could fail unless more civilian agencies step forward quickly to carry out plans for reconstruction and political development.

The complaints reflect fresh tensions between the Pentagon and the State Department over personnel demands that have fallen most heavily on the military. But they also draw on a deeper reservoir of concerns among officers who have warned that a military buildup alone cannot solve Iraq's problems, and who now fear that the military will bear a disproportionate burden if Mr. Bush's strategy falls short.

Among particular complaints, the officers cited a request from the office of Secretary of State Condoleezza Rice that military personnel temporarily fill more than one-third of 350 new State Department jobs in Iraq that are to be created under the new strategy.

At a Senate hearing on Tuesday, Mr. Gates made clear that he shared the officers' concerns, telling senators, "If you were troubled by the memo, that was mild compared to my reaction when I saw it."

To back up his point, Mr. Gates also told senators that Mr. Bush himself had addressed his cabinet at the White House on Monday about the need for civilian agencies to "step up to the task."

Dept. of Everything Else, Civilian Reserve, whatever. It has to be done if we're really on a war footing. If not . . .

I’m on a cyber-roll today:

Computer hackers tapped into a Web site at the Centers for Disease Control and Prevention last week, planting a virus that has possibly infected computers used by people who visited the site, agency officials said.

CDC's podcast site, www.cdc.gov/podcasts, which contains audio and video on a variety of public health topics, has been taken off the agency's Web site and is expected to be down for at least a few days.

"At this time, CDC does not have any evidence that sensitive information has been compromised in any way. However, it is possible that computers used by visitors to CDC's site may have been infected with a computer virus," the agency said in a news item posted Saturday evening at www.cdc.gov.

"Users that visited the site Thursday morning should ensure their computer has been scanned for viruses."

Ah, no, users that visited the site should ensure that they’re not following bogus medical advice. The danger is not malcode but semantic attack. You can clean/wipe/rebuild an infected system; you’d be hard pressed to recover from libel, injury or death caused by diddled data. No one remembers Lamo the homeless hacker and his foray into AP/Yahoo news or if they do they’ve forgotten the impact a successful attack can have.

CDC’s kung fu may be weak, but they’re just plain lucky their adversary was only a yellow-belt.

I feel like I'm taking crazy pills here . . .

The Homeland Security Department finally named an assistant secretary for cybersecurity last year, and the Senate ratified the first international treaty on cybercrime.

The Computer Security Industry Alliance had lobbied for these achievements for more than two years and counts them as big wins, said acting executive director Liz Gasster. But the nation still lacks a comprehensive data security law, and DHS needs to develop response and recovery plans for disruptions of our critical infrastructure.

[…]

CSIA has set out a cybersecurity agenda for government for the last two years, with only indifferent results. In its Federal Progress Report for 2006, it gave the administration an overall grade of D because of failures to pass privacy legislation and to set clear priorities for future work.

It seems like just yesterday that RTM shut down the inter-tubes with his Sendmail experiment. In the aftermath CERT/CC was born (gov’t sponsored by run by the academy – a foreshadowing) and annual projections of a) the death of the Internet, b) the need for more cooperation, and c) the need for more legislation followed. In the mean time we’ve had a few Digital Battle of Wake Islands, the .com boom and bust (and .com bust-boom), too many parallels to Snow Crash to count and version .9 of Hari Seldon’s Encyclopedia Galactica.

Every year the same discussions, every year the same problems, every year more threats, every year we expose ourselves more and every year no forward progress. Why?

I have some theories, but I’m angling for yours . . .