Features
Hagel’s no maverick today
If former Sen. Chuck Hagel would be a change agent at the Pentagon, he's giving no hint of that in the live broadcast I'm watching of his confirmation hearing.
Chuck Hagel in front of the Senate Armed Services Committee. Credit: C-SPAN
Right out of the box, Hagel appeared to dash speculation that he might be the guy to talk the administration out of its reliance on drones to track and kill suspected insurgents and terrorists.
He said the U.S. would “keep up the pressures” against Al-Qaida’s offshoots in North Africa, Somalia and Yemen. “At the Pentagon, that means continuing to invest in and build the tools to assist in that fight, such as special operations forces and new intelligence, surveillance and reconnaissance technologies,” Hagel said.
He didn’t use the word drone or any of its synonyms, so it's hard to know exactly what he meant by intelligence, surveillance and reconnaissance. These days, everything from F-35s to Virginia-class subs are routinely cast as ISR tools. However, camera and missile-equipped unmanned planes have figured large in the very places Hagel mentioned.
If Hagel turns out to be a drone war convert, maybe it's not surprising that a Vietnam veteran would see the value of robotic planes over boots on the grounds -- if indeed that's the choice the U.S. is facing.
Hagel also raised the specter of cyber attacks, and he elaborated later at the invitation of Sen. Mark Udall (D-Colo.), who is working to bring more cyber jobs to his state:
“It’s an insidious, quiet kind of threat that we’ve never quite seen before,” Hagel said. “It can paralyze a nation in a second,” he added, by “knocking out satellites.”
For us to find out for sure what Hagel would do as defense secretary, he'll have to overcome Republican criticism that he's an anti-Israel flip-flopper who blew the call on the Iraq surge and would risk unilateral nuclear disarmament.
John O. Brennan
Director, Central Intelligence Agency
Since: March 2013.
You might not know: A fluent Arabic speaker, Brennan was CIA station chief in Riyadh, Saudi Arabia, in 1996, when the Khobar Towers bombing killed 19 U.S. servicemen.
Quotable: "Unfortunately, sometimes you have to take life to save lives, and that's what we've been able to do to prevent these individual terrorists from carrying out their murderous attacks."1
It could be said that Brennan has been groomed for running the CIA since his earliest days in intelligence. Joining the CIA in 1980, he has worked his way through the ranks, from analyst and administrative work to overseas assignments. These days he is most closely identified with the Obama administration’s controversial drone campaign against Al-Qaida and affiliated militants across the Middle East and Southwest Asia.
For the past four years, Brennan has been President Obama’s chief counterterrorism adviser. It was in this role that he was involved with the intelligence team coordinating the raid that killed Osama Bin Laden on May 2, 2011. He is also the first Obama administration official to publicly admit to ongoing CIA drone attacks across the Middle East and Southwest Asia.
Obama nominated Brennan on Jan. 7, 2013, to be CIA director.
The administration considered Brennan for the role in 2008, but Brennan withdrew his name. Lawmakers questioned statements he made as a CIA official during the Bush administration in support of “enhanced interrogation“ techniques and the rendition of terror suspects to nations with more flexible interrogation standards. However, Brennan is on record as criticizing some Bush-era practices, such as waterboarding.
Brennan became the CIA’s deputy executive director in March 2001, and from 2003 through 2004, he directed the agency’s new Terrorist Threat Integration Center. His last posting in the intelligence community was as director of the National Counterterrorism Center in 2004 and 2005.
Brennan then left the government for several years, but stayed close to his contacts in the intelligence world as chairman of the Intelligence and National Security Alliance (INSA) and CEO of The Analysis Corporation, a contracting firm supporting the intelligence community, now known as Sotera Defense Solutions.
1. Interview on ABC's "This Week" 2012.
Last days for GeoEye
DigitalGlobe and GeoEye have received antitrust approval from the Justice Department to merge under the DigitalGlobe name, the satellite imaging companies announced today on their web sites.
The Justice Department's Antitrust Division confirmed the approval in a statement:
“The Division analyzed the potential competitive effects of DigitalGlobe’s proposed acquisition of GeoEye. Given DoD’s decision not to exercise its full-year option for GeoEye’s EnhancedView imagery contract, the Division focused on the merger’s potential effects on the commercial customers and concluded that the merger was not anticompetitive,” the agency said.
Earthquake damage to the National Cathedral in Port-au-Prince. Credit: GeoEye
The companies expect to close the deal by Jan. 31.
The nod from the Justice Department's Antitrust Division all but seals the Longmont, Colo. Company’s purchase of its onetime rival GeoEye of Herndon, Va. The Federal Communications Commission and National Oceanic and Atmospheric Administration must also chime in, but the companies do not expect those agencies to stand in the way of the closing.
Justice approval was a potential hurdle because the combination would leave one commercial satellite company to sell imagery to Google and other mapping services, and to the National Geospatial-Intelligence Agency.
The merger dance, which will impact hundreds of GeoEye employees in the Washington, D.C., suburbs, was triggered earlier this year when the Obama administration announced it would scale back a 10-year imagery program called Enhanced View. The National Geospatial-Intelligence Agency was paying for imagery from the companies, and in GeoEye’s case, contributing funds for construction of the firm's next satellite. NGA announced earlier this year it would stop buying services from GeoEye as of Nov. 30, 2012 and keep a $70 million contribution to the new satellite.
Interview: Homeland at risk
Paul Benda must not sleep well. As director of the Homeland Security Advanced Research Projects Agency, his job is to wring everything he can from a science and technology budget that took a 50 percent whacking in 2012. Benda is hopeful his budget will bounce back to $485 million in 2013. Even if it does, his bottom line remains this: U.S. spending on homeland security technologies is inadequate for the long list of terrible ways the country could be targeted. The list includes biological attacks; agricultural sabotage; loose nukes; cyber attacks on banks or other infrastructure. Benda discussed his strategies for making progress despite a tight budget. Excerpts>>
Director Paul Benda, Homeland Security Advanced Research Projects Agency
Why do we need HSARPA?>> It’s statutory law as part of the Homeland Security Act. There's an answer for you. It turns out that the challenges that DoD and the intel community face are completely and utterly different than the homeland security challenges we’ve got. If you look at counter IED tools that JIEDDO (the Joint Improvised Explosive Device Defeat Organization) develops, and that DARPA develops, they work great in theater. They can blank out any radio waves as they roll down the street. If I blanked out the rf frequencies rolling down Pennsylvania Avenue, do you think that would go over very well? No it wouldn’t. What we want to do at HSARPA is leverage those investments that DoD and the intel community make, and translate them to a homeland Security application.
Out of sync>> I think our investments are tied to (intel analysis). I don’t think our budget numbers are tied to that.
Competing interests>> Is the $485 million for S and T sufficient? I have to detect submersible, semi-submersible vehicles; I have to do bio terrorism; I have to do cyber security; I have to do search and rescue missions; I have to do FEMA disaster response; I have to support U.S. Secret Service operations; I have to do data analytics for ICE (Immigration and Customs Enforcement); do counter-proliferation missions. My job really is trying to leverage what is out there either with our DoD partners or with our national lab partners and trying to make them cheaper and accessible to my homeland security operators.
'Existential threat' >> BioWatch was a program that was stood up back in 2002, 2003. We still fundamentally use the same technologies that we did 10 years ago. Even Gen 3 (sensor technology) that's coming out, while it’ll reduce the time it takes for us to detect an attack, it still detects it after the fact. If you’ve got a terrorist who can produce three kilograms of anthrax and can attack one city at a time, what technologies exist today that allow us to detect that attack in real time? There are none. If I can’t detect it in real time, my odds of interdicting them and stopping them from doing future attacks are pretty low. Our investment in that area, while not insubstantial, isn’t where it needs to be...that (bio attack scenario) is an existential threat to the nation, quite frankly.
Cyber insurance >> If you look at a significant cyber attack that could take down part of the financial industry, the economic impact of that attack could easily reach into the billions. So, do you think $60 million dollars as an insurance policy for that makes sense?
2012 budget cut>> I’m hopeful in the discussions that we’ve had with Hill staff and with others that they view that cut as a mistake. They felt that that was too draconian of a cut for S and T. Where they want to take the department in terms of efficiencies, they recognize the need to have investments in technologies to get there.
Tough calls>> All of our R and D investments go through a portfolio review process where we have set up this assessment framework. We bring in outside experts as well as our internal customers, and we grade the programs after a briefing by our program managers. How well is that program aligned with this assessment framework? How well is it meeting goals? When we received a cut like that (50 percent cut in 2012), having this portfolio review process allowed us to really scale back to those highest performing programs. But in the end, we ended up cutting good work as well, because when you cut 50 percent you’re getting down to the bone at that point.
Re-starting programs>> In terms of our border security programs, we really cut back on tunnel detection and activity monitoring. Even though those were good programs and necessary, DoD has a fairly significant investment in that. We were trying to maintain forward progress with zero money by leveraging DoD’s work in that area. That’s one where we’ll probably put some money back in so we can pilot some of those technologies specific to DHS missions and DHS needs.
Tunnel challenge>> You’ve got a border town on the U.S. side and the Mexican side, and they share storm sewers. People always wonder, 'Well why don’t you just put bars on the front ends of them?' Well, if someone gets in that tunnel, and gets trapped and the water’s coming, they drown. Even if you put bars on them, they can cut them. So, how do we measure if there’s people in those tunnels or not? And then how do we give (border patrol officers) situational awareness and maintain officer safety if someone goes in there.
Secure Border Initiative lessons>> I was part of the team that did the follow-on analysis of alternatives that resulted in the recommendation to the secretary of killing that program (SBInet). Lesson one is to make sure we don’t presuppose a technology solution. People thought these integrated fixed towers with the radars and the cameras would work across the entire border. I think that CBP (Customs and Border Protection) vastly underestimated the amount of effort required to create a fully integrated system that could do that in terms of the comms challenges.
HSARPA's role on SBInet>> It didn't actually (go through HSARPA). The Science and Technology Directorate has the statutory authority to coordinate all R and D in the department. Would you call SBInet an R and D program, or would you call it a technology integration program? It turned out that there was a lot more R and D needed than anyone expected, but I think they (CBP) originally thought it was a commodity buy kind of thing – at least Boeing certainly sold it that way.
New approach>> Look at border security between points of entry – the SBInet problem. How do border patrol agents do their work today? Well, they’ve got patrols, they’ve got dispatch, they might have underground sensors. We map that out in the operational context: 'This is how you do your work today. How can technology help you do your job better?' It’s a subtle shift but we’re not asking the border patrol guys, 'Hey do you guys need a better underground sensor or camera?' We’re actually saying, 'So this is how you do your work today, right?' Hey, I was talking with my DARPA friends over there, they got this high tech sensor. What if we replaced this sensor with that sensor?' We go through that kind of systems analysis.
Tensions with component agencies>> The story’s much different than it was six years ago. The components (Customs and Border Protection; Immigration and Customs Enforcement; Transportation Security Administration, etc.) are very interested in working with us in terms of actually providing us funding to help us do our jobs. Whereas in the past, they were okay going off on their own.
New 'R and D strategies'>> We’re interviewing (component managers) one level below the component head. We want to do the systems analysis that says, 'How do you do your work?' and then pick where we can have the most impact with the littlest R and D investment. Then we propose technologies we think can help them solve those priorities. We’re doing this for every component within DHS.
Smartphones>> Our communications infrastructure can be spotty, especially on the border. Border patrol officers will use radios, and where they don’t have radio comms, they’ll use a personal cell phone. You can’t let the lack of comms completely degrade your mission effectiveness. We have to be aware of where to use smartphones. It would be great for them to have a smartphone that knows where the sensors are and they can have better situational awareness. You’d love to see as these integrated fixed towers go up so that the officers have access to that video feed. If we ever get to the point of having tactical UAVs flying along the border, you’d want these guys to have access.
Citizens as sensors
Emergency 911 upgrades suggest the possibility
Computer browsers inside the 911 call center for Virginia’s York-Poquoson-Williamsburg region are now equipped to display emergency text messages from Verizon customers. Thankfully, only a few messages have been received so far.
The 911 call center in York County, Va. Credit: TCS
The text-to-911 rollout in York County is just one example of the Federal Communications Commission's push to modernize locally-controlled 911 call centers.
AT&T, Sprint, T-Mobile and Verizon pledged earlier this month to finish the text-messaging upgrades by May 15, 2014, and the FCC has proposed making that date a requirement.
Once the text messaging is ready, the FCC expects pictures and video to follow quickly, which is where the intelligence issues come in:
If every soldier is a sensor, soon every citizen with a smartphone will be a potential sensor too.
The upgrades will be a huge endeavor. The country has approximately 7,600 911 call centers, known officially as public safety answering points. The prospect of upgrading them has sparked a fierce competition between networking specialists Intrado of Longmont, Colo., and TeleCommunication Sytems of Annapolis, Md. Each is vying to work work with the cellular carriers and local authorities. Intrado has projects underway in Iowa, Minnesota, Vermont and Washington.
When the work is done, a wireless phone user who witnesses a terrorist attack or sees something suspicious will have the power to send SMS texts and also Multimedia Messaging Service photos to 911 operators. What happens to the information after that remains unclear.
Because Next Generation 911 is being rolled out primarily to aid first responders and the deaf, little attention has been given to whether or how pictures or video would be fed to the intelligence community. In theory, an intelligence community that's just beginning to comb through Twitter feeds and social media would also have the ability to receive clues directly from citizen witnesses.
That raises lots of questions. When asked if Intrado’s database of texts and images will be compatible with the intelligence community’s networks, Intrado Vice President Michael Lee offered a simple answer: “Unless the military or CIA is using some proprietary format, I don’t think we’ve got a problem with that.”
Terry Hall, chief of emergency communications for the York-Poquoson-Willamsburg region, said any unknowns should be looked at as opportunities.
“What’s great about Next Generation 911 is it’s going to do things that you and I haven’t thought about yet. Just by the nature of it being Internet Protocol, we can do device-to device. We can do [comms from] one [device] to many,” he said.
As for intelligence applications, Hall said the likely route to analysts would be via the Virginia Criminal Information Network and the FBI’s National Crime Information Center.
For now, much of the work has to do with making sure 911 operators and dispatchers have the right policies and training to handle the data feeds.
“When we looked at being an early adopter of this, I had to sit down with my staff and look at pre-launch fears and concerns,” Hall said. “Dispatchers are going to have to learn a new language. Slang and abbreviations. How are they going to multitask between live voice and text calls? How are they going to deal with crank callers? Do they treat text as a live 911 call? Are we going to become overwhelmed and not be able to handle it? How do we handle Freedom of Information Act? Do we give medical instructions?”
Hall said about 95 percent of those issues have been worked out.
How McAfee unraveled Blitzkrieg
McAfee Labs turned to old fashioned human intelligence to blow the cover off an online-banking scam hatched by a shadowy cyber criminal with a bad nickname.
Cyber criminals targeted 300 to 500 bank accounts in the U.S., says McAfee. Credit: McAfee
Network security watchers learned about Project Blitzkrieg on October 4, when the security firm RSA posted a blog entry saying a cyber gang was seeking to recruit “botmasters” to share the proceeds of a fraud offensive against major U.S. banks and their customers.
McAfee says that before its Dec. 13 white paper, security watchers weren’t sure if the threat was serious or a hoax.
There was good reason to wonder. The head of the gang used the Harry Potteresque nickname, vorVzakone, in his posts on a shadowy cyber criminal forum. He wrote in Russian, and even posted a grainy video of himself on YouTube.
Brian Krebs of krebsonsecurity.com reported these facts in October, and his blog was widely circulated in the security community.
It looked like it could be a bad joke or a ruse to distract experts from actual threats. On the other hand, maybe vorVzakone really was growing a criminal gang and testing Trojan software capable of stealing banking log-ins and answers to security challenge questions. RSA identified the gang's malware as a form of the previously known Gozi Trojan, and named it Gozi Prinimalka after a folder in the malware.
McAfee threat researcher Ryan Sherstobitoff knew a good mystery when he saw one. He dug into the evidence and reported his findings in the paper, “Analyzing Project Blitzkrieg, A Credible Threat.”
The paper warned that 30 major banks might indeed face massive fraud attempts, not in the fall as initially predicted by RSA, but by next spring. CNN and other media leaped on the report, and McAfee gave briefings to the FBI, Department of Homeland Security and the National Cyber Security Partnership, a private sector group working to establish voluntary security strategies.
Sherstobitoff’s first step toward decloaking blitzkrieg was a low-tech one. He needed to see the postings that vorVzakone made Sept. 9 on a cyber criminal forum. The details might steer him to relevant evidence in McAfee’s vast trove of malware samples. He could then connect the dots, if there were any, and assess the seriousness of the threat.
“I went to a source that I knew might have this connection, and he provided all of the screen shots and all of the 16 pages of chatter in Russian, and that’s where we began the investigation,” Sherstobitoff said.
VorVzakone, it turns out, was sloppy. He posted screenshots of his handy work – possibly to convince recruits that he was serious and that they should join. He redacted the IP address of a command and control server panel but forgot to redact the six-digit campaign identification number criminals rely on to stay organized.
“We were able to look up that campaign ID out of the subset of malware samples that we had and were able to find out which one was used in that particular instance,” Sherstobitoff said.
McAfee traced the hosting to servers in Des Moines, Iowa; the Netherlands and Moscow, and concluded that the gang has had an active Trojan system since April 2012. McAfee believes this was a pilot project toward a larger offensive planned for the spring of 2013. The gang began using a Romania server in August, and has compromised 300 to 500 accounts in the U.S., probably as a test.
McAfee suspects money was stolen but can’t say for sure.
“VorVzakone said that 5 million has been lost. It is quite plausible that this has already earned money, but we don’t have direct log files to actually support that yet,” Sherstobitoff said.
For now, vorVzakone has gone quiet but McAfee says the financial industry should get ready.
Mapping agency ends work with GeoEye
The divorce is now final between the National Geospatial-Intelligence Agency and GeoEye, the Herndon, Va., satellite imaging company that once envisioned a lucrative long-term partnership with the mapping agency.
Earthquake damage to the Port au Prince National Cathedral. Credit: GeoEye
On Dec. 5, NGA notified GeoEye that “effective immediately” it will end its cost-sharing agreement with the company and keep $70 million in payments toward GeoEye's next satellite, GeoEye-2, whose 2013 launch is now a question mark.
“The parties were unable to agree on mutually acceptable terms” during talks over how much control NGA should have over the new satellite, GeoEye reported in a Dec. 7 filing to the U.S. Securities and Exchange Commission.
The backdrop to the talks was NGA’s June decision to stop buying imagery services from GeoEye after Nov. 30, while continuing to do business with GeoEye’s rival, DigitalGlobe of Longmont, Colo. NGA faced a dilemma after the Obama administration announced it would dramatically scale back Enhanced View, a 10-year program to buy imagery services and, in GeoEye’s case, invest in satellite construction.
With the pie shrinking fast, GeoEye quickly agreed to be purchased by DigitalGlobe in a proposal that is now under review by the monopoly-wary Justice Department.
For GeoEye, the loss of the $70 million “is yet another reason this deal has to happen,” said consultant Andrew Koch of Scribe Strategies and Advisors. “At this point, GeoEye is pretty much flying without a safety net,” he said.
GeoEye continues providing imagery commercially, including for mapping services such as Google’s.
In the filing, GeoEye said it sought “changes” to NGA’s rights to GeoEye-2, given the mapping agency’s decision to contribute nothing beyond the $70 million. GeoEye-2 is expected to cost about $850 million including launch vehicle, insurance and ground equipment.
GeoEye did not elaborate on the changes it sought. In the past, control of a satellite’s joystick – meaning where to point it and under what conditions – has been a sensitive issue. In 2008, the intelligence community and Pentagon launched what turned out to be a short-lived effort to build a government-owned constellation of mapping satellites, called the Broad Area Space-based Imagery Collector, or BASIC.
NGA stands by its plan
The National Geospatial-Intelligence Agency’s online apps initiative has raised eyebrows in the intelligence community for lots of reasons. There are the technical challenges of installing and maintaining an apps store on unclassified, secret and top-secret networks. There's the business challenge of convincing software developers they won't go broke in a world of online apps.
Eyebrows have raised the highest, though, over this point: NGA has set a goal of approving the new apps within two weeks of submission to the agency, a la Apple’s apps store.
NGA officials announced the two-week goal during an industry day in September at its Campus East facility in Springfield, Va. Ever since, executives have quietly wondered about the feasibility of a government agency doing anything quite so fast, especially when lawyers are involved.
In an interview with Deep Dive, Applications Services Director Mark Riccio said NGA stands by its plan.
True, he said, app reviewers face lots of security and legal considerations, including software licensing, trademark and copyrights issues. Achieving a thumbs-up or down in two weeks will require spelling out in advance the precise information NGA would need.
“That should allow for a rapid approval of these apps. It’s a goal that we’ve laid out. It’s a goal that we’re confident we can meet. And we’re challenging ourselves to meet that,” Riccio said.
The agency is aiming for user friendliness in the submission paperwork. The forms must be “as simple and as straight forward as possible” so that “a lot of the pre-coordination activity will already have taken place,” he said.
The next major milestone in the apps initiative will come sometime between January and March. That’s when NGA plans to release a document spelling out “the mechanism by which the development community out there -- large businesses, small businesses, academia -- will be able to provide us apps and then be compensated in turn for those applications should they be chosen for hosting within our apps store,” Riccio said.
NGA has apps today but they were made by NGA or submitted by other agencies or government organizations. There are about 150, Director Letitia Long said in October at the annual GEOINT Symposium. NGA wants up to thousands of apps to be available for analysts at NGA and elsewhere in the community. To get there, it’s trying to light a fire in the software industry. Companies would be paid based on the performance of the apps and their popularity among analysts. The apps would be used by analysts equipped with iPhones, iPads and Android devices approved for use in secure facilities.
The GEOINT Apps Store is up and running on the intelligence community’s unclassified network and on the top secret Joint Worldwide Intelligence Communications System called JWICS.
Riccio said the store should be available shortly where most analysts work -- on the Secret Internet Protocol Router Network, or SIPRNET. “As in any development, we’re just going through the final checks on our end to make sure that it’s going to provide the best user experience possible,” he said.
OPINION: Outraged? Look at the Bastion attack
Hopefully all the loud congressional posturing over the Benghazi attack is being matched by quieter oversight of the decisions that preceded the Taliban raid three days later at Camp Bastion, Afghanistan.
Sgt. Bradley Atwell, 27, and Lt. Col. Christopher Raible, 40, died Sept. 14 in the Taliban's raid on Camp Bastion. Credit: Marine Corps
Insurgents crept up to the base in three groups and used old-fashioned wire cutters to penetrate the fencing. They destroyed six American Harrier jets and seriously damaged two others. Two U.S. Marines were killed in the fight to keep the insurgents from reaching their main objective, the base’s flight line.
Bastion has received less public attention than Benghazi because it lacks political spoils. That’s fine, so long as the oversight is happening. Congress should be piqued after appropriating billions of dollars for equipment and people to prevent exactly this kind of spectacular attack. Lawmakers can help by pushing for public release of the investigative report on the raid, which is the subject of Freedom of Information Act requests.
So far, the military’s public narrative would have us believe this was more of a Taliban success than a force protection and intelligence failure.
The only on-the-record description of the protections in place that night comes from an October press briefing in Afghanistan by Marine Corps Maj. Gen. Charles M. Gurganus. His regional command includes the Bastion-Camp Leatherneck-Shorabak complex and flight line. This hub of aircraft, trucking, training and management activities was supposed to be as safe as any place in Afghanistan. Afghan recruits learn basic warfighting skills at Shorabak. British, American and coalition troops use the complex as a haven on their way to and from more dangerous locations in Helmand Province.
Gurganus said insurgents chose a “night when there was absolutely zero illumination” from the moon. He said there were “guard towers with guards in ’em” but that the attackers “came up in an area that was pretty much obscured from a lot of the towers.” The base also had sophisticated surveillance systems, but these “can’t see everywhere all the time,” he said in a video of the briefing. He said the fence wasn't alarmed.
This admission of vulnerability to a night-time attack ought to shock members of Congress. The U.S.-led coalition is supposed to rule the night – not fear it. Billions of dollars were appropriated for wide area surveillance cameras, night-vision goggles, drones and aerostats. Laser-equipped planes were flown over Afghanistan to create precise digital elevation models of the terrain.
In terms of force protection, aerostats were supposed to be a big breakthrough with their ability to look down for days at a time. The 24/7 bird’s eye view was meant to address exactly the vulnerability to terrain described by Gurganus.
One question is why the aerostat at Bastion wasn’t able to stop the attack, if it was airborne and operating. For some reason, Bastion's aerostat wasn't selected to receive one of the $5 million day-night wide area surveillance cameras the Pentagon began sending to Afghanistan in February.
Could a Kestrel wide-area system have made a difference?
Each uses multiple cameras to snap pictures of city-sized areas during the day or night. When movement is detected, force protection specialists are supposed to zoom in to identify the object using the finer resolution full motion video cameras on the aerostats.
“There are only so many to go around,” a U.S. military official said of the Kestrels. The coalition has about 100 aerostats in Afghanistan, and the first batch of Kestrels went to eight sites.
Military officials cautioned against reading too much into the decision not to send a Kestrel to Bastion. Classified wide-surveillance options might have been available, one official said. If so, why didn’t those help?
The bottom line is we don’t yet know what mistakes precipitated the attack. It could have been human error, a lack of human intelligence, a shortage of technology, or some combination of those factors.
Lawmakers should demand answers with the same fervor they’re pursuing Benghazi. Releasing the investigative documents would provide the intelligence community with an unclassified case study to improve training and decision making. With American troops expected to remain in Afghanistan after 2014, there is no time to waste.
Shamoon’s fatal flaw
Here’s something to be thankful for -- Malware authors are only human. The designers of Shamoon, the data-wiping malware that hit Saudi Aramco in August, made a big goof.
Shamoon erases the very file necessary to keep the Windows operating system up and running, which means an infected computer shuts down and reboots before Shamoon can completely wipe out its host's data.
“I would look at that as a design flaw,” said Will Irace, vice president of threat research at General Dynamics Fidelis Cybersecurity Solutions, a business unit formed in August when General Dynamics completed its purchase of Fidelis, a 70-person company based in Waltham, Ma.
After the August attack, General Dynamics obtained a sample of the Shamoon code -- the company won't say how -- and ran it through a series of tests. They discovered they could “make a complete recovery of Shamoon-infected file systems,” according to a threat advisory released on Fidelis’ Threat Geek blog.
Even so, Shamoon was a big inconvenience for oil producer Saudi Aramco, not to mention a wakeup call for anyone who assumed malware designers were always more interested in stealing than destroying.
Thirty thousand of Aramco’s work stations were impacted by the malware, according to the Saudi Arabia-based Al Arabiya news service. On Sept. 12, the news service quoted Aramco as saying its networks were functioning normally again and that oil production was never threatened.
Shamoon's goal could turn out to be more notable than its impact: “The level of malice that you see in Shamoon is a little unusual. It phones home for command and control to find out what its mission is, and its mission generally is to destroy,” Irace said.
Irace doesn’t expect Shamoon to race around the world. Why? “Its propagation technique is through a channel that doesn’t usually penetrate Internet access points,” he explained.
Once Shamoon is injected into an organization, it “looks around for other Windows machines on the network for which it has the necessary privileges to write a copy of itself,” Irace said.
As much as anything, the Shamoon aftermath was a chance for Fidelis to test its marriage with General Dynamics. Fidelis specializes in malware detection; General Dynamics is best known for helping agencies and businesses recover from attacks. Executives want to bring the two skills together, which is why they set out to see if they could recover data from a computer infected with Shamoon.
Shamoon was “the first exercise of what I expect to be a regular series of these sorts of collaborations and advisories that help customers attack problems from both directions: detection and recovery,” Irace said.
Endit
