The Intelligence-Security Disconnect: Wider the Higher You Go

A consultant you probably should not be writing checks to:

Some opponents of the directive, which include several former Office of Management and Budget officials, say that National Security Presidential Directive 54/Homeland Security Presidential Directive 23 authorizing intelligence monitoring of all federal agency network will create a new set of information technology security problems and raise privacy and civil liberties concerns that had been avoided until now.

Continue reading

it’s not about panic

Everynerds favorite crypto-guru uses both well-worn barrels:

Cyber-extortion is certainly on the rise; we see it at Counterpane. Primarily it’s against fringe industries — online gambling, online gaming, online porn — operating offshore in countries like Bermuda and the Cayman Islands. It is going mainstream, but this is the first I’ve heard of it targeting power companies. Certainly possible, but is that part of the CIA rumor or was it tacked on afterwards?

And here’s list of power outages. Which ones were hacker caused? Some details would be nice.

I’d like a little bit more information before I start panicking.

He joins the voices of other professional contrarians (keep waiting for “Dick Destiny” to sound off) about how this is all rumor, fear-mongering, lies, or worse.

Continue reading

“reputation system”

From the Enterprise Resilience Management Blog:

Anyone who believes he knows of information relating to these proposed
patents will be able to post this online and solicit comments from
others. But this will suddenly make available reams of information,
which could be from suspect sources, and so the program includes a
‘reputation system’ for ranking the material and evaluating the
expertise of those submitting it.

“reputation system” – how the wiki-fied, blogosphered IC can sort the wheat from the chaff and cast off the last vestiges of the old way of doing things.

Now, to find out the status of that reform book draft . . .

Better Government Cyber Security: don’t hold your breath

It is one thing to plan, something else entirely to turn it into reality:

The DHS plans to collocate private-sector employees from the
communications and IT industries with government workers at the U.S.
Computer Emergency Readiness Team (US-CERT) facility here, said Gregory
Garcia, assistant secretary of cybersecurity and telecommunications at
the DHS. The teams will work jointly on improving US-CERT’s information
hub for cybersecurity, Garcia said. The agency didn’t specify a
starting date for the program but said it will begin soon.

Every corporation willing to give up a top-notch employee to a rotation to the government (out of the goodness of your heart, because you’ll have to eat their salary) raise your hand.

Every highly-skilled private sector employee willing to support two households for a year on your current salary and who is prepared to subject yourself to the grinding bureaucracy of DHS, line up over here.

That’s what I thought.

Mr. Assistant Secretary, you can’t do this on the cheap because you are going to get what you pay for. The money Uncle Sam paid your predecessor could comp industry for 3-4 great folks. A little COLA adjustment wouldn’t hurt either, but that’s icing. I’m assuming that since you came from a private-sector lobbying gig you understand how the economics works, so I’m also assuming that you are wed to this course of action because of circumstances that are out of your control. When this effort comes up short, you might want to begin a lobbying effort to change those circumstances.

$.02

underrattelser – US style

Ralph Peters’ latest report on improvements in MI. Money graph:

Appropriate technologies can help us – but no database or collection
system is a substitute for seasoned human judgment. The key task in
intelligence is understanding the enemy. Machines do many things, but they still don’t register flesh-and-blood relationships, self-sacrifice or fanaticism.

Underrattelser: Improvement from below (how Swedes describe MI) covered at John Robb’s site.

 

Indefatigable

Charlie Allen on following the conventional wisdom:

“Don’t listen too much to what others are telling you,” Mr. Allen said. “Constantly re-examine your assumptions.”

There was a time not that long ago when he backed the ideas of a few obscure folks who thought there was intel gold in what others said was a mountain of garbage: He/We were right and they were wrong, again.

If would also like to say that if anyone is going to make DHS intel work – and it has been broken from the get-go – it’ll be Charlie, but then I thought that about Gen Hughes too, and it’s not like the latter was some kind of slouch.

At a time when most of his peers are pretending they can still golf or contemplating the fine print in their long-term care plans, he’s still slugging it out for 15-hours a day. He could have sold out long ago and lived off the fat of his Rolodex, but there is a different beat playing on his mental iPod.

I still think a purge is in order, but if you had to make exceptions . . .

Inside Dope

Don’t know this particular person, but I know his brothers and sisters and their song remains the same (courtesy of Small Wars Journal):

Morale has become bad enough in the Iraq office that DIA has
had to drop the requirement for analysts who deploy to Iraq work in the
office after they return. In the last several months, the office has
experienced an exodus of many of its veteran analysts. The office
remains critically undermanned and short of computers. Analysts have
begun to apply for jobs with local county police departments.

You need to read the whole thing.

I’ve said it before but it is always nice to have corroboration: The longer we tolerate industrial-age processes and cold-war mindsets in the IC, the faster it slides towards irrelevance.

Very Un-Serious

You know, I was perfectly willing to believe that there was something skewed about this story – much ado about nothing – but then I got to this bit:

… One Arabic-speaking junior officer with experience in the Middle East said he volunteered to go to Iraq when he first joined the Foreign Service last year, but he was rejected.
He recently bid again but was told that he first had to do a consular tour, which is mandatory for all officers before they get tenured. Now he is considering leaving the service.

and

    Several officers pointed out that there are still many diplomats who have no interest in serving in Iraq. A former ambassador said some of his ex-colleagues are considering early retirement because they do not want to be forced to serve in Iraq at the end of their careers.

. . . and I knew it was just standard issue gov’t BS after all.

There is no more clear sign that you are not serious about your war-time obligation as an organization if you are prepared to risk losing someone with critical skills because they haven’t punched some arbitrary ticket. Is there some reason why he can’t perform some “consular tour” duties while he’s employing his in-demand skills in Iraq? Of course not, but ‘that’s just not how we do things ’round here.’ He’s got a skill that the majority of people at the embassy now don’t have and he can’t go because they’ve processed more passports than he has?

And of course why would people who have mastered their trade want to go and practice it in one of the most challenging assignments of their careers? I mean, you could literally go out with a bang, but then you didn’t expect to spend 30 years in Switzerland, did you? I am reminded of the surprised look on the face of soem foreign colleagues when I showed up at an allied assignment. Most of those who had preceeded me were geezers who refused to go out on meets because of “health” reasons, but they had no qualms about collecting the overtime and hazard pay for all the extra “work” they did around the team house (the IC’s most expensive cooks). But hey, don’t criticize them, they pulled a “war” tour at 55. All gelt and glory, no guts.

DOE Security Lapse Update

The latest compromise of nuclear weapons secrets occurred at the Los Alamos National Laboratory after a worker stole design information she downloaded onto a removable computer flash drive, U.S. officials said.

The secrets were discovered during a drug raid last month.

I know of no national security organization that allows users to introduce removable media to “secure” systems . . . except for the one that controls nuclear weapons . . .