Tag Archives: Intelligence

Canadian Intelligence Accountability

This article originally featured at the Conference of Defense Associations Institute. It can be read in its original form here

CDA Institute guest contributor Kurt Jensen, retired as Deputy Director of Foreign Intelligence, explores the question of accountability in intelligence activities.

We have nothing to fear but fear itself,” said US President Franklin Roosevelt many years ago. This is no longer true. In the grip of an undefined terrorist threat, we should be very fearful about diminishing our freedoms through unlimited ‘security measures.’

Vague and statistically insignificant fears of terrorism have made us surrender privacy and other rights. But are we any safer? The recent ‘terrorist’ threats and incidents in Canada are unlikely to have been impeded by the enhanced intrusion in our lives to which we are all now subject. To ‘protect’ us, intrusive powers have been given to security agencies with little or no objective accountability. In this, Canadians are largely alone among developed nations. Canadian security and intelligence accountability has withered over the past decade, and is inadequate.

Intelligence staffs are honourable and scrupulous about adhering to the laws. But scrutiny of actions is a necessary tool of democracy. Great power and great secrecy make accountability reasonable and imperative in protecting the rights of citizens. The means employed are less important than how robust and uncompromising the instruments are. As it stands, Canada’s intelligence accountability régime is deficient.

Administrative oversight by bureaucrats and ministers is good – and necessary. But it is not a solution. Remember the old adage of ‘Who will watch the watchers.’ In Canada the answer is no one. The response to public concerns can no longer be ‘Trust us, we’re the good guys.’

We are at a democratic cross-​roads. We cannot rationalize intrusive acts which are against the basic principles of what this country stands for by accepting that the actions taken are legal and sanctioned by Parliament. Nor should we assume that intelligence accountability, which is not at arms-​length, is a solution to concerns about transgressions. Many of the intelligence intrusions into our democratic entitlements are likely here to stay but nothing precludes that citizens be protected by a robust accountability infrastructure.

The new Canadian government has announced that it will review the egregious Bill C-​51 and has proposed the creation of a parliamentary oversight body under MP David McGuinty. This is a good first step but it is not enough.

Parliamentary accountability of intelligence is vital, and now seems inevitable. Canada may follow the British model which has, itself, evolved over time. The British model began as a Committee of Parliamentarians reporting to the Prime Minister. This changed in 2013 when it evolved into the Intelligence and Security Committee of Parliament (ISC), with members appointed by Parliament after considerations of nominations from the Prime Minister. A parliamentary accountability architecture would not conflict with the existing mandates of either the Security Intelligence Review Committee (SIRC) or the Communications Security Establishment Canada (CSEC) Commissioner.

A parliamentary committee should include an active mandate to oversee all authority warranted to infringe the rights of individuals or involve potentially aggressive collection strategies beyond our borders. We cannot afford unwarranted transgressions of the rights of potentially innocent individuals. But we need more than tinkering at the edges to protect rights and freedoms.

Canada does not have adequate accountability of its intelligence activities. The Office of the Canadian Security Intelligence Service (CSIS) Inspector General, a modest but important part of the oversight architecture, was disbanded by the previous government to save a budgetary pittance. Only two organizations, CSIS and CSEC, are subject to any form of arms-​length accountability. While these are Canada’s two major intelligence organizations, quite a few other smaller departments and agencies have niche responsibilities (Global Affairs Canada, National Defence, Canadian Border Security Agency, Transport, Finance, etc.). These are not subject to any arms-​length accountability. A more robust accountability architecture would contribute to public trust.

Equally important is the need for accountability structures to have resources adequate to address realistic challenges. Neither SIRC (for CSIS) nor the small staff of the CSEC Inspector General are adequately resourced. Arms-​length accountability must be credible if public confidence is to exist.

A Super-​SIRC has been discussed to oversee the entire intelligence community. This is not the answer. The intelligence units employ different tradecraft, different operational spheres (domestic and foreign), and face a host of other challenges. However, a Super-​SIRC administrative structure or secretariat might work if it contained separate entities tasked with looking at different intelligence units since the necessary skills to carry out oversight functions would not easily shift from Transport Intelligence to FINTRAC (Financial Transactions and Reports Analysis Centre of Canada), for example. A Super-​SIRC secretariat could oversee common functions such as the protocols involved when review agencies had to connect, share, or consult with each other when appropriate – in a sense, to ‘follow the investigate thread’ when it flows from one agency to another, as has happened between CSIS and CSEC. A second area of commonality would be for a Super-​SIRC secretariat to oversee what data is provided to Canada’s intelligence partners.

An intelligence ombudsman, possibly a sitting or retired federal judge, is required to act as a court of last resort for those perceiving themselves to be penalized by the negative, illegal, or incorrect application of intelligence to their situations. People falling between the ‘intelligence cracks’ have no recourse to justice now. The media regularly reports on violations and injustices, but the media is no solution to insufficient intelligence oversight architecture.

Protecting sources and methods is imperative in the intelligence world but has become an excuse for unnecessary secrecy. Many historical intelligence files can and should be released to Library and Archives Canada for objective and arms-​length evaluation by the public (i.e., mostly academics and the media). Most historical material now being held under restricted access would not compromise security. Indeed, many intelligence files are already available in Library and Archives Canada – including World War II ENIGMA material released decades ago. Releasing historical files is a confidence building measure.

Bad things happen to people who surrender freedoms without accountability. This can’t be sanctioned in a Canadian democracy. Accountability is not to be feared by those engaged in intelligence matters. Its architecture must be balanced, objective and at arms-​length, and must provide an equilibrium between the rights and entitlements of citizens and the needs of national security. We’re not there now.

Dr. Kurt F. Jensen spent his career in the Canadian diplomatic service. He retired as Deputy Director of Foreign Intelligence. He is now an Adjunct Professor at Carleton University teaching courses relating to intelligence matters. (Image courtesy of Jeremy Board/​Flickr.)

Airborne Over The Horizon Targeting Options to Enable Distributed Lethality

This article was submitted by guest author Michael Glynn for CIMSEC’s Distributed Lethality week. 

The Navy’s surface warfare community is committed to remedying its lack of anti-surface warfare (ASuW) punch with the concept of Distributed Lethality. “If it floats, it fights,” is the rallying cry.[1] Dispersed forces operating together pose challenges for an adversary, but also create targeting difficulties we must solve.

The detection range of shipboard sensors is limited by their height above the waterline and the curvature of the earth. Since it appears doubtful leaders would call on a ship to steam into visual range of adversaries, airborne assets are most likely to provide over the horizon (OTH) targeting.

In a January 2015 article in Proceedings, Vice Admiral Rowden, Rear Admiral Gumataotao, and Rear Admiral Fanta reference “persistent organic” air assets as key enablers of Distributed Lethality.[2] While a completely organic targeting solution offers opportunities in some scenarios, it has limits in high-end contingencies. In empowering the surface force, let us not ignore inorganic air assets. Distributed Lethality is far more effective with them.

TASM: A Cautionary Tale

During a January 2015 test, a Tomahawk Block IV test missile received in-flight updates from an aircraft and impacted its target, a mock cargo ship near the Channel Islands of California.[3] “This is potentially a game changing capability for not a lot of cost,” said Deputy Secretary of defense Bob Work. “It’s a 1000 mile anti-ship cruise missile.”[4]

But this test did not solve the fleet’s ASuW problem. Nor was it the first time the service had used Tomahawk in an anti-shipping role. To understand the difficulty of OTH targeting, we have to examine the final days of the Cold War.

In the late 1980’s, various ships and submarines carried the radar guided Tomahawk Anti-Ship Missile, or TASM. The TASM boasted a range of over 200 nm. But because TASM was subsonic, it took as long as 30 minutes to reach its target. In this time, a fast warship could steam as far as 15 miles from its initial location. Additionally, neutral shipping could inadvertently become the target of the seeker if the enemy vessel was not the closest to the missile when the radar activated.

Therefore, TASM could only reliably be used when there was no neutral shipping around, or in a massive conflict where collateral damage considerations were minimal. The Navy sought to remedy this by developing OTH targeting systems known as Outlaw Hunter and Outlaw Viking on the P-3 and S-3 aircraft. But with the demise of the Soviet Union, massive defense cuts and the evaporation of any blue water surface threat led to the retirement of TASM.

OTH targeting is not a new problem. To solve it, airborne platforms are critical. Let’s examine the organic and inorganic assets that can fill these roles. We will then discuss how inorganic assets offer the most promise.

Organic Assets: Benefits and Limitations

The surface force is equipped with rotary and fixed wing assets to enable OTH targeting. From a sensors standpoint, the MH-60R is most capable. Its inverse synthetic aperture radar (ISAR) can identify ships from long range, but it is limited in altitude and radar horizon. MQ-8 UAV’s offer increased endurance over manned assets. Their maximum altitudes are higher, but still constrain sensor range. The RQ-21 fixed wing UAV rounds out this group. It has solid endurance, but very limited speed.

The limited speed and altitude capabilities of these aircraft mean that the area they can search is small. Also, they must operate well within the weapons engagement zone of their targets to identify their prey. If these sensors platforms are radiating, a capable adversary will hunt them down or lure them into missile traps and destroy them in an effort to deny our forces a clear targeting picture.

Large Fixed Wing Assets: Increased Capability

While not organic to a surface action group, fixed wing aircraft bring speed, altitude, and persistence to the fight. P-8 and P-3 patrol aircraft offer standoff targeting and C5I capabilities. So too do the MQ-4 UAV and the E-8 JSTARS aircraft.

The carrier air wing brings blended detection and OTH targeting capabilities. The E-2 lacks ISAR identification capability, but does boast a passive electronic warfare (EW) suite and the ability to coordinate with the powerful EW system onboard EA-18G aircraft.  Additionally, the latest E-2 model can pass targeting quality data to surface ships to allow them to engage from the aircraft’s track, significantly increasing the ship’s effective missile envelope.

These platforms are expensive and limited in number, but their altitude capability and resulting sensor range allows them to standoff further from the enemy, radiating at will. Additionally, their high dash speed allows them to better escape targeting by enemy fighter aircraft. Their speed, persistence, sensor coverage, and survivability make them logical targeting platforms. They are far more capable and enable better effects than shipboard rotary assets and UAV’s.

Stand-in Stealthy Aircraft: The Ultimate Targeting Asset

The ultimate platform to provide targeting updates to long-range ASCM’s would be a stealthy UAV similar to the RQ-170.[5] Such an aircraft could receive cueing from other platforms, an onboard EW suite, or its own low probability of intercept (LPI) radar.[6] Able to stand in, it could provide visual identification, satisfying rules of engagement. It could provide target updates via a LPI datalink to inbound weapons. These technologies have their roots in the “Assault Breaker” initiative that led to the creation of the Tacit Blue test aircraft and the rise of modern stealth technology.[7],[8] Similar radars, datalinks, and low observable platforms have been proven and are flying today in various forms.[9]

Cost of a new platform is high, but their ability to get close and persist while unobserved is very useful and provides high confidence visual identification to commanders. Their survivability removes the need to provide airborne early warning (AEW) and high value airborne asset protection. Their stealth frees AEW aircraft and fighters to focus their energies elsewhere.

Conclusion

The concept of Distributed Lethality offers promise, but will be limited if its scope is confined to only utilizing capabilities resident in the surface fleet. It is best to pursue organic capabilities while also integrating inorganic assets when planning how the fleet will fight the conflicts of tomorrow. Let us pursue solutions that incorporate forces from many communities to best meet future warfare challenges.

Lieutenant Glynn is a Naval Aviator and a graduate of the University of Pennsylvania. He most recently served as a P-8 instructor pilot and mission commander with Patrol Squadron (VP) 16. He currently flies the T-45 with Training Squadron (VT) 21. He is a member of the CNO’s Rapid Innovation Cell. The views expressed in this article are entirely his own.  

Recommended photos illustrations:

[1] Sydney J. Freedberg Jr., “’If it Floats, it Fights’: Navy Seeks ‘Distributed Lethality’,” Breaking Defense, January 14, 2015, http://breakingdefense.com/2015/01/if-it-floats-it-fights-navy-seeks-distributed-lethality/.

[2] Thomas Rowden, Peter Gumataotao, Peter Fanta, “Distributed Lethality,” Proceedings Magazine, January 2015, Vol. 141, http://www.usni.org/magazines/proceedings/2015-01/distributed-lethality.

[3] “Tomahawk Hits Moving Target at Sea,” Raytheon Company, February 10, 2015, http://www.raytheon.com/news/feature/tomahawk_moving_target_sea.html.

[4] Sam LaGrone, “WEST: Bob Work Calls Navy’s Anti-Surface Tomahawk Test ‘Game Changing’,” USNI News, February 10, 2015, http://news.usni.org/2015/02/10/west-bob-work-calls-navys-anti-surface-tomahawk-test-game-changing.

[5] “RQ-170,” U.S. Air Force Fact File, December 10, 2009, http://www.af.mil/AboutUs/FactSheets/Display/tabid/224/Article/104547/rq-170-sentinel.aspx.

[6] Aytug Denk, “Detecting and Jamming Low Probability of Intercept (LPI) Radars,” Naval Post Graduate School, September 2006, http://dtic.mil/dtic/tr/fulltext/u2/a456960.pdf.

[7] Robert Tomes, “The Cold War Offset Strategy: Assault Breaker and the Beginning of the RSTA Revolution,” War on the Rocks, November 20, 2014, http://warontherocks.com/2014/11/the-cold-war-offset-strategy-assault-breaker-and-the-beginning-of-the-rsta-revolution/.

[8] “Northrop Tacit Blue,” National Museum of the U.S. Air Force, March 9, 2015, http://www.nationalmuseum.af.mil/factsheets/factsheet.asp?id=353.

[9] Kelley Sayler, “Talk Stealthy to Me,” War on the Rocks, December 4, 2014, http://warontherocks.com/2014/12/talk-stealthy-to-me/.

CIMSEC content is and always will be free; consider a voluntary monthly donation to offset our operational costs. As always, it is your support and patronage that have allowed us to build this community – and we are incredibly grateful.

Select a Donation Option (USD)

Enter Donation Amount (USD)

For a Good Time Hack OPM

Guest article by Brian Scopa, USN.

“Once is happenstance. Twice is coincidence. Three times, it’s enemy action.”

-Ian Fleming

 

M looking for W? W looking for M? PRC looking for Intel?

The revelation that the Office of Personnel Management has been hacked, allegedly by the Chinese, has profound implications for the safeguarding of classified US information. Beyond the typical identity theft problems associated with any breach of Personally Identifiable Information (PII) from a government or private database, the fact that the data on 4.1 million military and  government personnel contained  information on their security clearances is extremely grave. This is not only an egregious breach of individual privacy, but when combined with two other hacks of private websites make for a counterintelligence nightmare.

Allowing ourselves to go briefly down the conspiracy theory rabbit hole, two additional hacks of private websites are worth considering in conjunction with the OPM hack:

Linkedin in 2012. 

“LinkedIn Security professionals suspected that the business-focused social network LinkedIn suffered a major breach of its password database. Recently, a file containing 6.5 million unique hashed passwords appeared in an online forum based in Russia. More than 200,000 of these passwords have reportedly been cracked so far.”

The consensual aggregation of personal and employment information online has greatly simplified the task of finding targets for intelligence gathering. The technology that makes finding a project manager with an MBA and five years of experience fast and convenient also makes it easy to track down missile and radar engineers on LinkedIn. The publicly available information on LinkedIn is a trove of intelligence in itself regarding military, government, and contract employees that work in defense related industries. Having the private email addresses and passwords of LinkedIn members has staggering spearfishing implications ala STUXNET.

Adult Friend Finder (AFF) in May 2015 

Andrew Auernheimer, a controversial computer hacker who looked through the files, used Twitter to publicly identify Adult FriendFinder customers, including a Washington police academy commander, an FAA employee, a California state tax worker and a naval intelligence officer who supposedly tried to cheat on his wife.” (emphasis mine)

Catching Flies

Developing intelligence sources costs time, money, and effort, regardless of the method employed, and intelligence agencies are constantly searching for ways to more efficiently target and recruit intelligence sources. The OPM and LinkedIn hack simplify the targeting, but it’s the AFF hack that helps with recruitment.

One of the most useful tools intelligence agencies have for recruiting sources is blackmail, and a ‘Honey Trap’ is the practice of luring a potential intelligence source into a compromising position with a romantic partner that’s working for an intelligence agency, and either gaining their cooperation in the name of love, or blackmailing the source into compliance.

The Chinese are apparently particularly fond of this specific type of intelligence gathering operation:

“MI5 is worried about sex. In a 14-page document distributed last year to hundreds of British banks, businesses, and financial institutions, titled “The Threat from Chinese Espionage,” the famed British security service described a wide-ranging Chinese effort to blackmail Western businesspeople over sexual relationships.”

The AFF hack is probably the first Massive Multiplayer Online Honey Trap (MMOHT).  Even better for foreign intelligence agencies (FIAs), it was self-baiting and required zero investment of resources.

How bad is it?

Perverting the Drake Equation for this exercise, we can conduct a thought experiment about the number of potential intelligence sources created by the confluence of the three hacks mentioned above, expressed mathematically as P = O * W * N * Y, where:

P = Total number of useful possible US government employee intelligence sources that could be exploited.

O  = All government employees with security clearances whose personally identifiable information has been compromised, reported to be 4.1 million.

W = Fraction of O that are AFF members. This number has not been made public by the DoD, if it’s known, but the reported number of member profiles compromised was 3.5 million.

N = Fraction of W that desperately want their activities on AFF to remain undisclosed and could be effectively blackmailed. Not everyone will be embarrassed by their activities on AFF.

Y = Fraction of O that has been or is currently employed in a position that a FIA would find useful to turn into a source of intelligence.

Since I don’t have any insight into the any of the variables with the exception of O, I won’t speculate on what P might be, but I have no doubt that it’s an actionable, non-zero number that FIAs must be rushing to exploit.

AdultFriendFinderIntel

 

Lessons Re-identified, Still Unlearned

Any information that’s online can be accessed online- full stop. We should all assume that any device connected to the public internet is hackable, and act accordingly. While there are many good precautions and security features that individuals, companies, institutions, and governments can take to better protect online dealings and information, such as two-factor authentication, tokens, and salted password hashing, it has been demonstrated time and again that the advantage in the cyber security arms race is with the attacker. You cannot count on technical means alone to protect your information.  If individuals with security clearances have used the internet to facilitate behavior that the knowledge of by a third party could lead to blackmail, the individuals should assume the information will be made public.

Security through obscurity is always a loser, but anonymity is still worthwhile. The critical information that makes blackmail possible in this instance is being able to identify government employees that were also members of AFF. If AFF members had taken care to remain anonymous by making their member profiles non-attributional, using email addresses and phone numbers not otherwise linked to them, using non-identifiable pictures, and keeping locations ambiguous, they may yet have some measure of protection from identification.

What’s next?

This is only the beginning of this particular saga. In the coming months I have no doubt we’ll hear about the hacks of other popular dating, hook-up, and porn sites. The hacking itself has probably already happened; it’ll just take time for the discoveries to be made.

The news is grim, but there is opportunity here. While FIA see openings, our own counterintelligence organizations have an unprecedented opportunity to identify potential targets before they can be contacted by FIAs and possibly prepare them to act as double-agents, turning the honey traps on the attackers. If nothing else, the act of sharing the blackmail information with the security services helps to inoculate the individuals against blackmail, since it’s typically (but not always) the fear of disclosure that makes the information useful, not the specific behavior that’s problematic.

In any case, it’s time for a DoD-wide effort to review the list of AFF members and check it against current and past employees with security clearances. Then, command security officers can start having the difficult, closed-door conversations necessary to learn the scope of the possible vulnerability. Doing so will limit the damage from this hack, and it’ll be a useful exercise in preparing for the next episode.

Which has already happened.

A Beginner’s Naval Intelligence Reading List

By Mark Munson

While the very topic of naval intelligence may seem to imply secrecy, there is a substantial literature on the topic available to the general reader. While many of the books below may be well known to many in the field, they remain a useful start for the uninitiated:

Patrick Beesley’s two books about British efforts to collect, analyze, and use intelligence, particularly in support of the fight against German submarine warfare, are the best places to start for anyone interested in the practical application of intelligence at sea. Very Special Intelligence: The Story of the Admiralty’s Operational Intelligence Centre, 1939-1945 discusses the Second World War, while Room 40: British Naval Intelligence 1914-1918 covers the First World War. In both books Beesley contrasts the performance of these organizations during the two wars (the sharing and use of intelligence was much better during the Second World War). The discussion of British Naval Intelligence’s involvement in the famous Zimmermann Telegram and the subsequent U.S. entry into the First World War is fascinating.

The recommendation of John Keegan’s Intelligence in War may seem a little too obvious and on the nose, but his chapters on intelligence during the age of sail, the First World War, and the Battles of the Atlantic and Midway during the Second World War are one of the best summations of how wireless communications largely created what naval intelligence practitioners call OPINTEL (operational intelligence). Before wireless communications navies conducted “scouting” and “reconnaissance,” but intelligence as we understand it today largely results from the wireless revolution.

Christopher Ford and David Rosenberg’s The Admiral’s Advantage: U.S. Navy Operational Intelligence in World War II and the Cold War is a flawed book, in large part because this slim volume uses the excuse of many of its sources still being classified to justify the general lack of detail and substance devoted to its subject. Having said that, it’s virtually the only source available to a general audience that explains the post-Second World War history of U.S. Navy intelligence. Among the more interesting claims it makes is that the U.S. Navy’s famous Maritime Strategy of the 1980s was directly informed by a detailed understanding of Soviet naval doctrine by American intelligence analysts.

Colonel John Hughes-Wilson’s Military Intelligence Blunders and Cover-Ups features regularly in military and academic courses on intelligence. Discussion of Indications and Warning failures include chapters on Pearl Harbor, the 1973 October/Yom Kippur/Ramadan War, and the Falklands.

“Eddie” Layton and “Joe” Rochefort are two figures considered among the founding heroes of the U.S. Navy’s Intelligence and Information Warfare communities, respectively. Layton (he retired as a Rear Admiral) was the Pacific Fleet’s intelligence officer during the Second World War (both during the Pearl Harbor disaster and the later American victories in the Pacific) while Rochefort led the codebreaking effort that enabled the American victory at Midway. Layton’s autobiography And I was There as well as the recently published biography, Joe Rochefort’s War, offer insight into how a few surface line officers in the inter-war period began to specialize in intelligence-related duties. Of note, both Layton and Rochefort participated in a program that sent them to Japan for several years to learn the language and culture first-hand, an investment that seems to have paid off.

U.S. Naval Intelligence has been one of the many elements of the intelligence community supporting the various aspects of what used to be called the Global War on Terrorism. Mark Bowden is probably the most well-known author covering the special operations world over the fifteen years. While Black Hawk Down is his most famous book, Killing Pablo: The Hunt for the World’s Greatest Outlaw offers another look at the formative years of the current U.S. Special Operations complex and how intelligence is collected and used to target individuals. He’s also written articles for the Atlantic on the 2006 killing of Abu Musab Zarqawi in Iraq, American Special Operations in the Philippines, and counter-drug operations in Colombia.

For those interested in film treatments of intelligence in support of counter-terrorism the obvious choice is probably Zero Dark Thirty. My choice, however, is John Malkovich’s adaptation of Nicholas Shakespeare’s the Dancer Upstairs, a fictionalized depiction of the hunt for Abimael Guzmán, the leader of Peru’s Marxist Sendoro Luminoso Maoist guerrillas in the 1980s and 90s (both the book and film are excellent).

Lieutenant Commander Mark Munson is a Naval Intelligence officer currently serving on the OPNAV staff. He has previously served at Naval Special Warfare Group FOUR, the Office of Naval Intelligence, and onboard USS Essex (LHD 2). The views expressed are solely those of the author and do not reflect the official viewpoints or policies of the Department of Defense or the US Government.