Archive for the ‘NSA’ Category

Should NSA and CYBERCOM Split? The Legal and Policy Hurdles as They Developed Over the Past Year – Lawfare (blog)

In light of Michael Sulmeyers excellent recent piece on splitting NSA and CYBERCOM, which ran at War on the Rocks last week, I want to pull together some of the key legal and policy developments of the past year in a single narrative. My aim is to put them in context with each other in a way that will provide useful background for those new to this issue, while also putting a spotlight on the deconfliction-of-equities issue that the split proposal raises. My apologies that this is a longer-than-normal post (I did not have time to be shorter!).

1. July 2016 Reports of DOD frustration over pace of anti-ISIS cyber operations

In July 2016, the Washington Post (Ellen Nakashima & Missy Ryan) reported on CYBERCOMs efforts to disrupt the Islamic States online activities (internal communications, external propaganda, financing, etc.), emphasizing the view of DOD leadership that CYBERCOM was underperforming:

An unprecedented Pentagon cyber-offensive against the Islamic State has gotten off to a slow start, officials said, frustrating Pentagon leaders and threatening to undermine efforts to counter the militant groups sophisticated use of technology for recruiting, operations and propaganda.

But defense officials said the command is still working to put the right staff in place and has not yet developed a full suite of malware and other tools tailored to attack an adversary dramatically different from the nation-states Cybercom was created to fight.

Although officials declined to detail current operations, they said that cyberattacks occurring under the new task force might, for instance, disrupt a payment system, identify a communications platform used by Islamic State members and knock it out, or bring down Dabiq, the Islamic States online magazine.

The report is an excellent snapshot of several distinct challenges the military use of computer network operations can pose.

One such challenge is operational capacity. The story suggests that CYBERCOM simply did not have the right personnel and the right exploits on hand for this particular mission, at least at the start. Thats a problem that can be fixed, and the report details the steps DOD began taking in 2016 to do just that.

Another challenge is the need to have an effective process for deconfliction between intelligence-collection and operational-effect equities. As the article summarized the issue:

Whenever the military undertakes a cyber-operation to disrupt a network, the intelligence community may risk losing an opportunity to monitor communications on that network. So military cybersecurity officials have worked to better coordinate their target selection and operations with intelligence officials.

This is not a novel tension, in the abstract. For as long as there has been signals intelligence, there have been tensions of this kind. When one side has access to the others communications, there will always be tension between the temptation to exploit that access for operational effect (with the opportunity cost of risking loss of that access going forward as the enemy realizes it has been monitored) and the temptation to instead exploit it for indirect intelligence advantage (with the opportunity cost of forgoing direct operational advantage in at least some cases). World War II provides famous examples. And so one might fairly ask: is there anything really different about computer network operations, warranting special attention to the topic in this setting?

Perhaps. In this domain there is much more overlap between the means of collection and the means of carrying out a disruptive operations. Indeed, those means often will be the exact same: a particular exploit providing access to an enemy device, network, etc. It seems to me that this ensures that the tension between collection and operational equities will arise with greater frequency, and less room for workarounds, than in more familiar settings.

Having mentioned both the operational capacity concern and the competing-equities concern, now is a good time to emphasize the significance of the status-quo for NSA and CYBERCOM: the dual-hatted commander. Whereas more familiar, traditional scenarios involving tension between collection and operational equities usually involve distinct underlying institutions and commanders, the status quo with respect to computer network operations has always (well, the past seven years) involved the dual-hatting of NSAs director and CYBERCOMs commander.

This model in theory ensures that neither institution has a home-field advantage, and maximizes the chance that the key decisionmaker (yes, there can be important decisions both below and above the dual-hat, but the dual-hat is obviously in the key position) fully buys into and fully grasps the importance of each institutions mission.

Of course, it is possible that the dual-hat might tilt one direction to an unfair or undesirable degree. And it is possible that some might perceive such a tilt even when there isnt one. As 2016 wore on, questions of this kind began to appear in public, and by September the media was reporting that DNI Clapper and SecDef Carter both were in favor of splitting up the dual-hat. It was not the first time this topic had come up, to be sure; President Obama had considered ordering a split in 2013 (during the aftermath of the Snowden controversy), but had not taken that step at least in part out of concern about CYBERCOMs independent operational capacity. Now the idea appeared to have momentum.

A report from Ellen Nakashima in the Washington Post that same month suggested that this momentum was in part a product of CYBERCOMs operational maturation, but also in significant part driven by the perception that Admiral Rogers, the current dual-hat, favored collection equities to an undue extent:

Whether or not its true, the perception with Secretary Carter and [top aides] has become that the intelligence agency has been winning out at the expense of [cyber] war efforts, said one senior military official.

(See also this report by the New York Times, stating that frustration along these same lines contributed to the effort to get President Obama to remove Admiral Rogers in late 2016.)

The Washington Post report also highlighted concerns that splitting NSA and CYBERCOM at the leadership level might actually weaken rather than empower CYBERCOM, as NSA inevitably would become free to withhold from CYBERCOM at least some exploits or other forms of access so that sources would not be lost:

Cyber Commands mission, their primary focus, is to degrade or destroy, the former official said. NSAs is exploit [to gather intelligence] only. So without having one person as the leader for both, the bureaucratic walls will go up and youll find NSA not cooperating with Cyber Command to give them the information theyll need to be successful.

2. December 2016 Congress puts on the brakes

Against this backdrop, Congress intervened in late 2016 to slow down the Obama administrations move to split the dual-hat. Section 1642 of the NDAA FY17, enacted in late December, provides that NSA and CYBERCOM must continue to share a dual-hatted director/commander unless and until the Secretary of Defense and the Chairman of the Joint Chiefs of Staff jointly certify to certain Congressional committees (SASC & HASC; SSCI & HPSCI; and the Appropriations Committees) that separation will not pose unacceptable risks to CYBERCOMs effectiveness, and that the following six conditions are met:

(i) Robust operational infrastructure has been deployed that is sufficient to meet the unique cyber mission needs of the United States Cyber Command and the National Security Agency, respectively.

(ii) Robust command and control systems and processes have been established for planning, deconflicting, and executing military cyber operations.

(iii) The tools and weapons used in cyber operations are sufficient for achieving required effects.

(iv) Capabilities have been established to enable intelligence collection and operational preparation of the environment for cyber operations.

(v) Capabilities have been established to train cyber operations personnel, test cyber capabilities, and rehearse cyber missions.

(vi) The cyber mission force has achieved full operational capability.

Section 1642(b)(2)(C) (emphasis added). President Obamas signing statement criticized Congress for imposing this requirement, but did not include a claim that it was unconstitutional. It remains the law at this time.

3. Early 2017 Complications in the War Against the Islamic State

While lawmakers and policymakers wrestled with the pros and cons of splitting NSA and CYBERCOM, computer network operations against the Islamic State continued to accelerate.

Along the way, however, new problems emerged.

As Ellen Nakashima of the Washington Post reported in May 2017, CYBERCOM by late 2016 had encountered a new set of challenges in its enhanced effort to shut down ISIS sites and platforms: third-country effects.

A secret global operation by the Pentagon late last year to sabotage the Islamic States online videos and propaganda sparked fierce debate inside the government over whether it was necessary to notify countries that are home to computer hosting services used by the extremist group, including U.S. allies in Europe. Cybercom developed the campaign under pressure from then-Defense Secretary Ashton B. Carter, who wanted the command to raise its game against the Islamic State. But when the CIA, State Department and FBI got wind of the plan to conduct operations inside the borders of other countries without telling them, officials at the agencies immediately became concerned that the campaign could undermine cooperation with those countries on law enforcement, intelligence and counterterrorism. The issue took the Obama National Security Council weeks to address

This article highlights a third significant challenge associated with computer network operations: attacking the enemys online presence often requires, or at least risks, some degree of impact on servers located in other countries. Third-country impact involves both legal and policy challenges, and as the quote above illustrates it also brings into play otherwise-unrelated equities of other agencies. Thus, the competing-equities tension is not just a clash between collection and operational equities, but in some cases many others as well. The dual-hat command structure is primarily an answer only to the former, not the latter.

Meanwhile, a sobering reality about the utility of cyberattacks on Islamic State communications began to become clear: the effects often did not last. This was the thrust of an important piece by David Sanger and Eric Schmitt in the New York Times in June 2017:

[S]ince they began training their arsenal of cyberweapons on internet use by the Islamic State, the results have been a consistent disappointment, American officials say. [It] has become clear that recruitment efforts and communications hubs reappear almost as quickly as they are torn down. In general, there was some sense of disappointment in the overall ability for cyberoperations to land a major blow against ISIS," or the Islamic State, said Joshua Geltzer, who was the senior director for counterterrorism at the National Security Council until March. "This is just much harder in practice than people think..."

This suggested that the military equities that some felt had been undervalued by Admiral Rogers in the past were less weighty than proponents had assumed. Nonetheless, momentum towards separationand concern that the dual-hat unduly favors collection equitiescontinues.

In mid-July, reports emerged that the Pentagon had submitted to the Trump administration a plan for effectuating the split, with some of the accompanying commentary continuing to advance the argument that NSA holds CYBERCOM back to an improper extent:

The goal, [unnamed U.S. officials] said, is to give U.S. Cyber Command more autonomy, freeing it from any constraints that stem from working alongside the NSA, which is responsible for monitoring and collecting telephone, internet and other intelligence data from around the world a responsibility that can sometimes clash with military operations against enemy forces.

Meanwhile, however, Congress is in the midst of producing the next NDAA, and it may impose a further hurdleone that wont prevent the split, but may well slow it down considerably.

4. Congress reengages

In mid-July, the House passed H.R. 2810, which includes a section addressing the potential NSA/CYBERCOM split. Section 1655 requires the SecDef to provide SASC, HASC, SSCI, and HPSCI with a report on DODs progress in addressing the issues that must be certified to Congress before NSA and CYBERCOM may be split (under the terms of section 1642 of NDAA FY17). That report must address:

(1) Metrics and milestones for meeting the conditions described in subsection (b)(2)(C) of such section 1642.

(2) Identification of any challenges to meeting such conditions.

(3) Identification of entities or persons requiring additional resources as a result of any decision to terminate the dual-hat arrangement.

(4) Identification of any updates to statutory authorities needed as a result of any decision to terminate the dual-hat arrangement.

Meanwhile, the Senates NDAAFY18 draft (S.1519) has begun its trek through that chamber, and it includes a requirement (section 1627) that the commander of CYBERCOM report to SASC and HASC on the costs associated with meeting the conditions needed to enable NSA and CYBERCOM to split. As the SASC Committee Report accompanying the bill explains:

The committee believes any decision to separate Cyber Command and the National Security Agency should be conditions-based. The committee also believes that the funding associated with separating the dual-hat arrangement will be a multiyear sustained effort. The committee notes that the fiscal year 2018 budget request failed to include the funding necessary to resource the separation of the dual-hat arrangement. The committee looks to Cyber Command to estimate the funding required to meet the conditions identified in section 1642(b) of the National Defense Authorization Act for Fiscal Year 2017 (Public Law 114328) and intends to closely monitor future budget submissions and the cost, schedule, and performance of key cyber programs to ensure that Cyber Command is appropriately resourced prior to any decision to end the dual-hat arrangement.

5. What is the bottom line in light of all this?

* The statutory obstacles to a split of the dual-hat, from the current NDAA, are not onerous. The certifications required by section 1642 of NDAA FY17 can be dealt with easily enough given the high level of generality with which they are framed, once the political will is there to carry out the separation. It sounds as if the will is there, and that the only real hurdle is specifying something realistic in terms of the requirement that the cyber mission force reach full operational capacity.

* Deconfliction and Competing-Equities Tensions remain a significant issue that needs to be addressed very carefully. Yes, section 1642 of NDAA FY17 requires a certification on deconfliction, but as just noted the requirement is framed at a high-level of generality. People need to focus on the fact that a main driver of the effort to split NSA and CYBERCOM has been the perception that Admiral Rogers gives collection equities too much weightbut that he may well have been quite right to do so. And people also need to focus on the converse risk: that NSA might pull back on cooperation with CYBERCOM to an undesirable degree, post-split, in order to preserve the means of its collection. All of this can be managed, and its not obvious that the current dual-hat solution is the only way to do it. But there needs to be a credible process of some kind, if not the dual-hat. Its not clear that the certification requirement under section 1642 actually will compel sufficient consideration of this issue.

* Section 1627 of NDAA FY18, if it is enacted as SASC has proposed, will be a more serious hurdle. Budgets matter, and it is likely that the correct answer to the budget question posed by that section will involve a substantial need. That money then needs to be found and appropriated. Probably it should be and no doubt it will be. But it will take time for all this to grind out. Possibly this delay would track the time needed in any event to produce a credible claim that the cyber mission force has reached full operational capacity.

Originally posted here:
Should NSA and CYBERCOM Split? The Legal and Policy Hurdles as They Developed Over the Past Year - Lawfare (blog)

NSA Ajit Doval in Beijing amid standoff as China demands Indian troop withdrawal – Hindustan Times

Indias National Security Adviser Ajit Doval arrived in Beijing on Wednesday afternoon for a multilateral security meet but the focus will be on his bilateral interactions with the Chinese leadership against the backdrop of the military standoff near the Sikkim border.

Doval will meet President Xi Jinping with his counterparts from BRICS (Brazil, Russia, India, China, South Africa) countries on Friday. Security officials from BRICS states are meeting to discuss issues such as counter-terrorism and cyber-security in the run-up to the groupings summit to be held in Chinas Xiamen city in September.

But the focus will be on whether Dovals meetings with Chinese officials, including state councillor Yang Jiechi, will help to resolve or at least ease - the tensions in Donglang, where the standoff is now into its second month.

The BRICS-related meetings, including the meeting with Xi, are slated for Friday but Chinese and Indian officials here were tight-lipped about Dovals schedule.

Beijing on Wednesday repeated its precondition for any dialogue with India to resolve the standoff: New Delhi has to withdraw its troops from Donglang, which is under Beijings control but claimed by Thimphu.

Chinese foreign minister Wang Yi has blamed India for the face-off and importantly chose a foreign country, Thailand, to air his strong views on the situation. Wang told reporters in Bangkok this week the problem was very straightforward and even Indian officials publicly said that Chinese soldiers didnt enter the Indian territory.

This meant, he indicated, the Indian side admitted (crossing) into Chinese territory. The resolution of the problem is very simple, he said: Indian troops have to go out.

India has said it acted in coordination with Bhutan to block the construction of a road by Chinese troops at Donglang as it would alter the status quo and have serious implications for national security.

On Monday, Chinas foreign ministry spokesperson Lu Kang indicated Doval is likely to meet Yang in Beijing but ruled out a discussion on the Donglang standoff.

As far as we know, in previous meetings, usually it is arranged for the heads of delegations to hold (bilateral) meetings to exchange views on bilateral relations and other international issues, Lu had said.

He had added: The crux now is Indian border troops illegally stayed on Chinas territory. Once again, we urge India to pull back to the Indian side of the boundary. I want to stress that this is the precondition for any meaningful talks between the two sides.

Dovals visit is part of the build-up for the BRICS Summit to be held in Xiamen city in the first week of September, which will be attended by Prime Minister Narendra Modi.

If the standoff between India and China isnt resolved by then, it will cast a shadow of uncertainty over the summit and might put a question mark on the idea of BRICS.

For now, the multilateral element of the BRICS security summit will be on display this week.

On Friday, the five heads of security delegations from the BRICS states will meet to discuss global governance, counter-terrorism, cyber security, energy security, international and regional hotspots, and national security and development.

Besides Doval and Yang, minister of state security David Mahlobo of South Africa, Minister Sergio Etchegoyen of the Office of Institutional Security of the Presidency of Brazil and Russias Security Council Secretary Nikolai Patrushev will attend the meeting.

See the original post here:
NSA Ajit Doval in Beijing amid standoff as China demands Indian troop withdrawal - Hindustan Times

NSA World Series expected to bring 10000 visitors to the Region – nwitimes.com

MUNSTER -- More than 10,000 visitors are expected to be in Northest Indiana this week.

The National Softball Association Northern World Series comes to the Region for the third time in the past decade. More than 190 teams will compete in multiple age groups hoping to be crowned champions Friday.

Munster, Crown Point, Highland, Hobart, Michigan City and LaPorte will host games, with tonight's opening ceremony being held in downtown Crown Point.

Munster parks director Greg Vitale has known about this honor to host for several months. But he got some icing on the softball cake when he learned his daughter's team, the Munster Mayhem 10-and-under All-Stars, were invited to see what they could do against the best in the midwest.

"It takes a lot of coordination," Vitale said on Saturday at Community Park. "With 10,000 people coming to the area that's going to be an economic boom for the businesses around here. Finding out our all-star team was invited was awesome. I knew we would be hosting it and we've done a lot of work to get our fields ready.

"But I didn't know my daughter and her team would get to play, too. The kids are very excited for this opportunity."

The Mayhem is coached by Brandon Siurek. Two weeks ago, his team competed in a travel tournament in Michigan City and finished second against teams that had been playing at a higher level for much of the summer. And last week in Highland, in a traditional all-star tournament, his team won it all.

They will be competing in Munster in the C division again local teams from St. John, C.P. and Hobart, along with some teams from Wisconsin, Missouri and Michigan.

"This is going to give our girls some great memories," Siurek said. "When they heard this was a 'World Series' to them it doesn't get much bigger than that.

"We have a talented team. We work to have the girls lift and back each other up. We want them all to have a positive mentality about the game."

The Mayhem team was competing in a tournament in Munster on Saturday and a smile came to the faces of all the girls when the subject of the NSA World Series came up.

Emily Siurek is a pitcher for the Mayhem. While the parades and gift exchanges are going to be fun, she is looking forward to one thing.

"The competition," she said. "There's going to be a lot of good teams. I can't wait to compete against them."

Kara Vitale has spent a lot of time at softball fields watching her dad work. And, of course, play the game. Vitale is a catcher and pumped to be a part of this.

"Its going to be exciting to see teams from other states," Kara Vitale said. "And also to see players from other states. When I heard we got to play in this I was very excited. Everyone on the team was, too."

Cece Mason is one of five pitchers on the Mayhem. She expressed emotions surely shared by all of these youngsters competing in the NSA World Series.

"I was nervous and excited when I heard," Mason said. "We all can't wait to see how we do against all these teams."

Read the rest here:
NSA World Series expected to bring 10000 visitors to the Region - nwitimes.com

In midst of Russia probe, NSA chief vows: ‘I will not violate’ my oath to Americans – ABC News

In unusually passionate and stark terms, the head of the nations top spy agency made clear on Saturday in Colorado that he will stand up to anyone -- even the president of the United States -- who asks him to use the U.S. intelligence community as a political prop.

We are not about particular viewpoints. We are not about particular parties. We just cant work that way, National Security Agency Director Mike Rogers said at the Aspen Security Forum in Aspen, Colorado.

Rogers added that the U.S. intelligence community owes U.S. citizens honesty and integrity.

Saturdays remarks come only months after Rogers and at least two other senior U.S. officials were personally asked by President Trump to publicly rebut news reports laying out details of the federal governments probe into Russias alleged efforts to influence the 2016 presidential election.

Although Rogers has refused to publicly discuss his private conversations with Trump, he has previously vowed to keep politics out of his agencys work. But his remarks today at the annual gathering of senior officials, reporters and others tied to the U.S. intelligence community were noteworthy in their intensity and passion.

Punctuating each word -- one by one -- the U.S. Navy admiral said, I will not violate the oath that I have taken in the 36 years as a commission officer.

Rogers face hardened and his voice cracked as he added: I wont do that.

He went on to say that he often relays this message to his workforce: We are intelligence professionals. We raise our right hand and we take an oath to defend the citizens of this nation and the values that are embodied in the Constitution he said. Your integrity isnt worth the price of me or anybody else. You stand up and you remember that oath that we take.

Rogers comments drew a round of applause inside the room.

Nevertheless, Rogers added he has never been directed to do anything that I felt was illegal, immoral, unethical or inappropriate. Nor have I felt pressured to do so. Nor would I do so.

Rogers also said hes more than willing to offer Trump his assessment even when he knows the president disagrees.

He has never shut me down, Rogers said. He gives me good, direct feedback, sometimes, Mike I dont agree with that. Mike Im in a different place than you are.

Thats exactly the way this is supposed to work, Rogers insisted.

Rogers joined other senior officials at the Aspen Security Forum in affirming the U.S. governments conclusion that Russia is to blame for a cyber assault on the 2016 election.

No doubt at all, Rogers said.

Read more:
In midst of Russia probe, NSA chief vows: 'I will not violate' my oath to Americans - ABC News

China media set much store by NSA visit – The Hindu


The Hindu
China media set much store by NSA visit
The Hindu
The NSA's visit will be key to solving the current dispute and if the two sides failed to reach some agreement on the issue, the China-India ties would be severely damaged, Mr. Ma observed. The daily prefaced the anticipation of Mr. Doval's visit by ...
Doklam standoff: India-China row may continue till November, says former NSAHindustan Times
'NSA Ajit Doval's Beijing visit key to ease Sikkim standoff'Daily News & Analysis
China banking on Indian NSA Ajit Doval's visit to ease current border tensionsIndia Samvad

all 182 news articles »

See the original post here:
China media set much store by NSA visit - The Hindu