“reputation system”

From the Enterprise Resilience Management Blog:

Anyone who believes he knows of information relating to these proposed
patents will be able to post this online and solicit comments from
others. But this will suddenly make available reams of information,
which could be from suspect sources, and so the program includes a
‘reputation system’ for ranking the material and evaluating the
expertise of those submitting it.

“reputation system” – how the wiki-fied, blogosphered IC can sort the wheat from the chaff and cast off the last vestiges of the old way of doing things.

Now, to find out the status of that reform book draft . . .

An XGW-cyber intel lab?

Beltway Bandits offering up expensive and cumbersome gaming solutions to Uncle Sam: look out!

I was sitting at a picnic table Thursday afternoon talking with a revolutionary who last year bombed an American Apparel store.

I didn’t think she was all that dangerous. As far as I could tell, she was just a big-time radical in the Second Life virtual world.

My Second Life alter ego, Caro Zohari (an avatar who has much
nicer hair than I do), was interviewing a spokeswoman for the Second
Life Liberation Army (SLLA), an “avatar rights” group that has sprung
up in the Linden Lab-created virtual world with the objective of
fomenting a “democratic revolution” to oppose Linden’s supposedly
authoritarian rule.

Couple of things strike me:

  • Assuming SL doesn’t but the kibosh on madness like this, it would be an interesting way to test out a variety of pol-mil-legal responses to terrorist, insurgent, or radical activist activity; not just the sticks but the carrots too. A live political and military science lab if you will.
  • People who are going to dismiss this as just game play are ignoring the potential to radicalize otherwise “normal” people via this medium. There are some people who can’t separate fantasy from reality and the consequences can be grave.
  • Do the normal rules of HUMINT and SIGINT apply in SL? Do we assume everyone in SL is a “US Person” or do we take advantage of the fact that no one online knows you’re a dog and maximize the medium for both the actual take and the lessons learned?

If Linden let’s the activity continue, I could see the need for a weapons toolkit that allows for real-world flexibility but does not impact the underlying system; you want targets to suffer losses for the sake of realism, you don’t want rouge external malcode shutting down the system. Maybe its artificial (ahem) but you want to keep the experiment going as long as possible I would think.

Maybe this is where you get some preliminary answers to questions about the effectiveness of generational warfare.

underrattelser – US style

Ralph Peters’ latest report on improvements in MI. Money graph:

Appropriate technologies can help us – but no database or collection
system is a substitute for seasoned human judgment. The key task in
intelligence is understanding the enemy. Machines do many things, but they still don’t register flesh-and-blood relationships, self-sacrifice or fanaticism.

Underrattelser: Improvement from below (how Swedes describe MI) covered at John Robb’s site.

 

Goldwater-Nichols for suits

From Inside the Pentagon (subscription required):

Bush administration officials are preparing an executive order for the president’s signature that calls for sweeping changes in educational programs and career development for the federal workforce so professionals in each agency with a national security mission can learn how to better work across organizational lines when tackling 21st-century threats, according to sources and documents.

The gist is they’re trying to create of a uniform set of standards that will allow for the migration/rotation of  practitioners across the various national security-related agencies.

The original seed for this effort was to be the NDU, but apparently that idea has been (wisely) scratched in order to create a “consortium” of government institutions from which aspiring national security advisors and undersecretaries can gain the requisite knowledge. A smarter move: develop and promulgate a core curriculum and take the NSA Center of Academic Excellence approach. You’re never going to have enough slots at any single institution to fill the demand (it is cut-throat enough already trying to get a civilian slot to a service school), so spread the effort out as widely as you can.  Besides, who would you prefer: someone educated at MIT or someone subjected to the military education system?

Even if supply and demand issues are sorted out, the planners and implementers of this effort need to take a long hard look at similar efforts and what makes them fail. I’m speaking of the Intelligence Community Officer Program, which has gone through a couple of iterations and still isn’t what is could/should be.

Signing up for the program is easy; getting into the requisite classes and then convincing your respective hierarchy to cut you loose for the necessary rotation assignment is another thing entirely. Even if everything works out like a charm, there is precious little chance that your home agency will put your newfound skills and experience to good use (which is why so many participants opt to stay with their adopted agency).

All in all a good idea, but there are lot of potholes on the road they’re about to travel down.

Codifying the obvious

Secrecy News points out an important new IC Directive:

Intelligence analysis “must be objective and independent of political considerations,” …

“The IC will seldom have the requisite depth and breadth of
expertise to provide all of the insights and detailed answers demanded
by our customers. To satisfy their needs, the IC must tap outside
expertise and build and expand relationships with non-intelligence
government agencies, academic, business, non-governmental organizations
(NGOs), and think tank communities, both domestically and
internationally, while addressing the counterintelligence and security
obligations that are inherent to such initiatives.”

Developments like Intellipedia are a single step on the path to reform in these areas, but it is still insiders talking to insiders. Anyone who has tracked these issues for longer than a day knows how well that can turn out. A really bold and significant step? Open up the (U)-version to the public through the Open Source Center (and the OSC itself for that matter). You want deep and broad expertise, diverse opinions, and 24/7 production? I don’t care how many universities and think tanks you line up and cloister behind a firewall, it isn’t going to match the output of a global Army of Analysts.

Indefatigable

Charlie Allen on following the conventional wisdom:

“Don’t listen too much to what others are telling you,” Mr. Allen said. “Constantly re-examine your assumptions.”

There was a time not that long ago when he backed the ideas of a few obscure folks who thought there was intel gold in what others said was a mountain of garbage: He/We were right and they were wrong, again.

If would also like to say that if anyone is going to make DHS intel work – and it has been broken from the get-go – it’ll be Charlie, but then I thought that about Gen Hughes too, and it’s not like the latter was some kind of slouch.

At a time when most of his peers are pretending they can still golf or contemplating the fine print in their long-term care plans, he’s still slugging it out for 15-hours a day. He could have sold out long ago and lived off the fat of his Rolodex, but there is a different beat playing on his mental iPod.

I still think a purge is in order, but if you had to make exceptions . . .

It Takes a Marine

STRATCOM’s Cartwright points out imperial nudity:

Under [the current cyberwar] approach, Net Warfare is responsible
for attack and reconnaissance, the Joint Task Force for Global Network
Operations manages network defense and operations, and the Joint
Information Operations Warfare Center oversees electronic warfare,
Cartwright explained. These groups operate independently and don‘t
effectively share information on their activities, he said.

This isn’t news to those who have been working this for a while, but it is refreshing to actually hear someone in a position to influence things voice it. If the necessary consolidation and focus is not undertaken (rarely a popular option even in a growingly purple world) then we need the digital version of Air-Land Battle Doctrine to take us to the next level.

On top of that is the pressing need to push intel to the virtual world (search Kent’s Imperative for many applicable posts) so that we can avoid the kind of surprise that regularly plagues us there now (roots of the current approach date back to the late 90s, which is what, 50 digital years?). This is particularly important in cyberspace where blitzkrieg really moves as the speed of light. The impact of failure? Consider the ghost of Dick Clarke:

If the United States found itself under a major
cyberattack aimed at undermining the nation’s critical information
infrastructure, the Department of Defense is prepared, based on the
authority of the president, to launch a cyber counterattack or an
actual bombing of an attack source
.

That’s a  policy that aims to make carpet bombing seem like a humane approach to warfare. The recent DDoS against TLD servers is given as an example, but the last-hop – S. Korea – is a well known platform for all sorts of attacks thanks to its deep broadband penetration and generally sloppy security posture. There are hints that a source in Europe is more likely the technical origin but the motivation very likely lies somewhere else (everyone who remembers Solar Sunrise raise your hand). Tracing the origin? Possible but is that sufficient “evidence” to merit a kinetic response?

We’re not where we need to be, and recycling IT news and calling it intel isn’t going to get us there.