Monday, August 27, 2012

Intel Brief

(FYI, I'm just passing this on to the smart guys around here. My sum total of military intelligence wisdom was looking at the order of battle for our potential DPRKA enemies and remarking "That's a whole fecking assload of yellow Reds up there, hunh?"

Help from more intelligent intel types would be greatly appreciated.)
Looking for some help and advice from the crowd in the Pub (I think the new term for this is targeted Crowd-sourcing).

I am starting a Masters Program at DIA this week (National Intelligence University, formerly known as National Defense Intelligence College) for a Masters in Science and Technology Intelligence with a concentration in Information Operations and Cyber. I have to write a thesis, and the topic needs to somehow touch on Cyber, preferably with a foreign focus (meaning that the topic of study isn't the US infrastructure, but instead focused on the infrastructure or capabilities or a foreign entity). It can be classified, but I am fighting hard to keep my topic unclass so I can work it at home and for other obvious reasons of convenience.

There are plenty of topics out there that I can write some lengthy information papers about, but the purpose of this drill is to come up with a thesis question, make an argument, have a theory, etc. That is where I am struggling, I am used to identifying problems, analyzing them and proposing solutions. My professors want something that is "academically interesting" and they want me to posit a theory about something. Not the way I am wired to think. I don't care much for theories, I am used to focusing on solutions.

My original plan got shot down, so I am looking for some good ideas. I wanted to look at how Cyber Command and NSA are recruiting computer hackers, and compare that to that actual threat (for example, if Chinese will be the dominant language on the internet in 5 years, how many Chinese linguists are working computers at NSA). I still haven't gotten this sold to my professors because they consider this more of a Human Resources problem with some intelligence supporting the argument, and not truly an intelligence problem. I am arguing that resourcing intelligence operations is an "intel problem," but I haven't found a professor yet who agrees with me. Again, the difference in how I think as a senior leader in tactical intelligence, and how academics at the strategic level of intel think.

So, I need help, and need it quick. I am leaning towards something in regards to social networks and their future role. But I am open to any ideas at this point.




  1. * deception as defensive tactic against cyber attacks

    * exploitation of psychological/neurological insights for cyber defence

    * a model for covering tracks of cyber attacks with help of manipulated commercial strawmen

    * the value of using unusual programming languages / standards to enhance safety against malware and intrusive cyber attacks

    * study of hacker profiles (FBI), thesis about the effect of select cultures on suitability for creative hacking

    * potential of single use codes for cryptography and thus cyber defence in the age of ultra-cheap terabyte data storages

    * potential of using fake identities/accounts to influence foreign politics and public discussions

    (Too tired for better ideas, good night.)

    1. Sven,

      Thanks for the ideas, I really like the idea of deception as a defensive tool. Funny, a couple of your ideas I've heard floating around with some more technical guys, so your ideas are solid.

    2. Beware of ...

  2. My first thought is that maybe you should think of the problem you'd like to do in terms of capabilities and not personnel. In other words, you could consider what capabilities would be needed for a specific future scenario (say, a proxy war with China with a major cyber component), and then contrast that future intelligence need with today's capabilities. Once you identify the difference, then that could be your "in" to come up with a plant/strategy to meet the future intelligence requirements. That way the resource picture is still there, but it supports a bigger narrative provided by a scenario.

    Alternatively, since you are a tactical intel guy, consider how cyber capabilities could help the future you provide better intel support for the next war. Of course, this might be a bit of a challenge because the line between cyber intel and cyber operations is pretty blurry. For example, you could use stuxnet as a model to examine what bespoke tools might do against more tactical targets. You could work the resource angle into that as well.

    Finally, there is always the integration of cyber into intelligence, which is still pretty vague IMO, but then you'd lack a foreign focus.

    Anyway, it's bedtime for me, I'll see if I can come up with anything more in the morning.

    1. Andy, I think you are seeing my issue. Anything that is focused on "us" or resourcing "us" isn't working. For a second when you mentioned STUXNET, I thought about the idea of discussing the ethical implications and risks associated with releasing such a dangerous code into the world, but then I ran into the "us" problem again.

      Perhaps I can look at Chinese methods to integrate cyber warfare with tactical units, that might be an idea if I can find any related resource, might be tough to find 70-100 pages on it.

    2. bg,

      Ok, so it looks like you are being forced to look at this in terms of assessing enemy capabilities and cannot consider how we might use cyber/IO to improve our own intel, is that right?

      If so, you're left with a descriptive analysis of current or future adversary capabilities and not much else except for Seydlitz's focus on strategy and theory.

      I think integration of cyber into Chinese tactical units is an interesting and relevant topic, but you're right it might be tough to find information and you'd probably have to use classified sources. You might expand it beyond China to look at trends in this area more generally. Israel is another country you could potentially focus on.

      Or you could come at it by looking at capabilities that aren't exclusive to states. That's an interesting aspect of cyber in that it doesn't necessarily require the resources available only to nation-states. Just one example I ran across this week a site called Basically it tracks aircraft in real time and provides all sorts of information. They publish a phone app with an augmented reality feature - point your phone's camera at an aircraft in the sky and the app will overlay information about the aircraft onto the image. Extrapolate this out ten or 20 years and this tech could go to some pretty cool and scary places.

      Just as an aside regarding social media, there is more to it than it's potential role in organizing or enabling revolution. It's also a great source of information for an intel guy or interested civilians. I follow several blogs that, for instance, compile and analyze cell phone video and images coming out of Syria and, previously, Libya. In Libya rebels were sending out coordinates for Gaddafi forces on twitter to @Nato hoping for an airstrike. This kind of thing brings up a lot of interesting possibilities but it doesn't look like your professors will let you look at them because that would be about "us." Too bad!

      There are also some interesting issues as civilian tech increasingly becomes valuable in conducting military operations. If an enemy's internet, for example, is simultaneously used to support military forces, provide civilian comms, and maintain essential civilian services (things like virtual medicine), how does one go about attacking only the military portion? Traditionally we simply bombed comm nodes to bring down the military comm network, but that's not so easy with an integrated system.

      Anyway, given your limfacs, I think what Seydlitz proposes is a really good option. It would be relevant, it would let you do something a bit outside of your tactical comfort zone, you should be able to keep it unclassified, there is already a lot of literature on strategic theory, and you'd have an expert here at the pub to consult!

  3. Great ideas from Svenn. I also favor your leanings towards social networking. Go with what you are comfortable with doing the research on. At 70 I'm not smart regarding twitter, facebook, and even youtube or some of their foreign equivalents. But it seems obvious that their present use and future is certainly ripe for data mining, forensic profiling, deception ops, and their use in revolutionary movements although that one may be on everybody's list after their use in the Arab Spring. Or become the expert on a foreign based social networking site like 'Orkut' or 'renren' or maybe not unless you are familiar with the language.

  4. bg-

    Thanks for sharing this with us. I look at your task from a strategic theory perspective, so keep that in mind. First off, you need theory and theory you've got. Clausewitz's General Theory of war would cover cyber operations: that is military means to a military aim in support of a political purpose. Not to mention the distinctions between strategy, operations and tactics, escalation and deescalation, interaction between opposing sides, fog and friction, destruction and coercion, it's all there in the abstract, you just need to apply it to your approach/area of operations. My article in IJ might be of help, but there is plenty of stuff around. Let me know if I can help on this.

    Have you heard of David Lonsdale? I met him at the Clausewitz conference in 2005 and he's the guy for Clausewitz and information warfare. He's got a chapter in the book, "Clausewitz in the 21st Century" about that very subject and another book out as well. Here's his contact . . .

    Now, you're a practical guy right, a practitioner, which should work fine with strategic theory because strategic theory is BASED on praxis, without praxis there would be no strategic theory . . . That is actual history provides the basis for this theory which is retrospective and theory then explains/makes clearer what praxis achieved and why (to some extent). That means in order to expand on the general theory and apply it to information operations we need case studies. For instance Russian cyber warfare against Estonia . . . from the perspective of the general theory what fits and what specific principles can we abstract based on what happened, that is expand on the general theory and start on a Clausewitzian theory of information warfare (Lonsdale can help you with this).

    Finally, apply all this to a specific future scenario. China for instance is a good bet, or even Russia or Iran. Think in terms of the specific sources of tension/rivalry between the US and this target country and apply what you've come up with . . . how would information warfare aide the US and achieving specific goals?

    Good luck!

    1. Seydlitz, just a side comment... IMHO one of the real problems in the cyber world right now is that the idiom seems so modern due to its connection with tech that many fail to recognize how it is simply an evolution of the same principles that Sunzi, Clausewitz, Wylie, Gray and others articulated.

    2. Jeremy-

      Agree, there's always the tendency to think, "here's something completely new!" when it's simply a new tool, approach, method to doing that same old thing . . . I think Wylie might he very useful here . . .

    3. seydlitz, I really like this idea. I am not into the nuts and bolts of the cyber world enough to be able to go into dolphin speak, I need to be able to stay at about 10,000 feet. I can see what is going on, but please don't ask me how it works.

      I like the idea of looking at past cyber attacks, applying it to basic warfare strategic theory (just to prove it is valid) and then apply it to a future conflict as a model. Is that what you are getting at?

    4. Yes, that is what I'm getting at. But you need to be clear on the general theory first so that you can apply and possibly expand on it . . .

    5. Seydlitz,

      I'm thinking Wylie's discussion of sequential/cumulative strategies could be interesting here, but it would bog down the thread. I'm PM?

  5. OK, had to throw .02 into this because it is TOO close to home (I just matriculated that fine institution). I was very interested in the use of Twitter/FB/Youtube and its effects on the Tunisian Rev. I got excited because, before I knew about IRB and the 7 ring circus they put you through to actually talk to a foreigner, I was chatting with some of the leaders of one of the groups that had a pretty big role in the Tunisian Rev.[1] These guys were sharing TTPs for attacking the gov't freely and it seemed to check with actual results. When I discussed it with DIA, I thought there was just too much red-tape. In retrospect, with the right chair, it was dooable with some initial pain. (BTW, it seems I can now write to my hearts content about it because my association to anything "E.O. 12333" is ended and I am not even tangentially an "intelligence" professional because of student status at N-DIC). I could go on about this, but I'd prefer to take it off-line.

    Bottom line, something like this desperately needs to be written in light of the fact that the TTPs for successful social media unrest (I would stop well short of saying social media enabled a revolution--but it did help organize social unrest at a faster pace then the forces of control could keep up) are being refined at a heady pace and understanding them may inform us about what to expect WRT the next "green revolution" movement in Iran (for instance).

    If this floats your boat, I can PM with you and atleast try to make the effort slightly easier. I'm in the NCR, so I can just meet with you at DIA and discuss the ins and outs in the right setting.


    [1] For reference see and

    1. Jeremy, I will take you up on that offer, we will have to come up with a link up plan.

  6. bg,
    I'm not intel type, but everybody here seems to be pointed at potential adversaries.
    Why not write about our friends and major allies and how we as an integrated command would fight a cyber war.
    We are notoriously weak in intel sharing and this must affect our cyber capabilities.
    How do we , or how would we solve this problem.
    Again i'm not intel, but this is my reaction to your requst. I also find it strange that a major professor would not assign a topic in which he is interested. This helps him/her to get further published. Have you suggested this approach?

    1. jim, like minds. I was thinking the exact same thing today, how do we counter the Chinese threat, well, we outsource it. But that is a solution, not a theory. I have to figure out a way to turn that into a theory or a thesis statement of some sort. I am thinking about some way to establish an scheme to evaluate foreign services to determine who would be our best parter, and maybe the thesis is "country x" would be our best partner for reasons x,y,z.

  7. * extraction of promising lessons or principles from historical precedents to modern "cyber" ops

    * investigate which methods of information ops have become impractical because of the information age (such as propaganda facing the troubles caused by internet comm)

    * look at the key nodes of the internet, such as
    - who provides and authenticates crucial security certificates (see their role in stuxnet affair)
    - location of the DNS servers, some geopolitical/geostrategic blather about it

    * "cyber" ops blowback potential, comparison to bio warfare, possible consequences for global acceptance thereof

    * cyber ops and pareto principle as well as other socio-economic insights (rule of thumbs) of relevance

  8. Mike and Jeremy, IRT to Social Networks:

    I brought up the idea of social networks today and associated them with Arab Spring. My theory is that social networks, while an important tool, wasn't the primary driving force of change, it was just a catalyst (or maybe a medium for a catalyst to flow). I thought that would get some interest, but instead I got head nods of agreement. And also comments that it was "US involvement" that was the real bringer of change. That one kind of floored me as being a bit egocentric. But is also showed my idea that social media's impact wasn't as important as the media built it up to be was already an accepted concept, and therefore won't make an "interesting" thesis.

    I have been looking everywhere for source material of studies of what we can expect in the next 10 years in terms of social networking services, and I am not finding much out there. No one predicted that Facebook and Twitter would take off (while others failed), no one predicted that any would use SMS (texting), so it seems like futurists are a big gun shy now to make predictions about the future of these forms of communications. I would love to talk about the future of social networking, but I just don't see any sources out there for me to build a paper around.

    I also considered taking a deep dive look at social networks in other countries, particularly in countries of interest to us, but the common denominator seems to be government control. So I am not sure what there is to see, I think that those countries that were vulnerable to social media have already fallen into chaos, and those who have maintained tight control of the social networks (i.e. China, Iran), have been able to hold on and will continue to maintain their grip. After the Arab Spring, I think some countries learned some valuable lessons on population control. I suppose that is a thesis, of sorts, but not a great one.

    As much as I am interested in it, Social networks may be dead in the water as well unless I can come up with a different angle.

    1. BG

      There's a lot there, but Jim At Ranger is right, you need to focus down. Manageability is key. WRT your concerns that the ground has somehow already been ploughed, I don't think its true. Frankly, the IC seemed pretty content to assume they knew what was happening and leave it at that.

      I agree that social media didn't enable Twitter to crowd source a revolution, but it did allow an avowed anti-government group to orchestrate in a virtual domain IOT bring forth coordinated actions in the real-world. That's a big deal.

      How's next week?

    2. Next week works. Let me know when you will be in the building.



  10. bg,
    you need to focus-are u doing a war or a crime or general scenario?
    they're all different.

    1. jim, I am not sure about that. How do you define war? If a nation state sponsors the hacker to take down a power grid to cause economic damage because it helps the national interests of the attacking country, is that a form of covert action. I say yes. Is covert action a "war?" I think covert action can be a form of warfare, what did we used to call that, LIC?

      I think if we look at it through a lens of realism, it's all about self (or national) interests, than whether a cyber attack is done by a nation state as a act of war, or a criminal enterprise to seek economic profit, or even a lonely hacker looking to get some props in the underground hacking community, it is all the same from a defense perspective. Vulnerabilities must be protected against all the threats simultaneously.

  11. Note: I tried replying directly to threads above. Maybe not the best technique, since you would have to look through all the old posts to see new ones, so I think I will stop doing that. (it seemed like a neat idea at first). So please look back at original posts.

  12. This isn't really my area but Marcus Ranum had a good series of general posts over at a few days back that may give you some good ideas.

  13. How about "There's an App for that: Exploiting Foreign Intelligence Targets with Smart Devices"

    Creating apps and resources focused on intel users. When someone downloads your paper from the NIU, a pdf exploit checks for geo and goes to town. Agencies with all those mathematicians start writing apps - obscure dictionaries, translation tools, big data filtering tools...

  14. "I still haven't gotten this sold to my professors because they consider this more of a Human Resources problem with some intelligence supporting the argument, and not truly an intelligence problem. "

    If I were in charge, they'd be assigned to Marines in Afghanistan on mine 'detection' detail.

    Not understanding the language(s) being used is a fundamental intelligence problem.

    1. Barry, Master's Thesises and similar works are not really meant to push mankind forward with research. They're exercises to train the student in scientific methods, thought and independent work.
      Professors keep that in mind and they like topics that either interest them personally or that they're already familiar with (less work for them).

    2. Barry,

      I hear your pain. How's next Tues to chat. I was able to get a pretty out-there topic approved. It was not a self-licking IC thesis. (A thesis by the IC, for the IC, about the IC.) I figured intelligence is meant to serve operators and policy makers, so it should inform policy and operations.

    3. Jeremy, if you are talking to me about Tuesday, that is fine, but it will have to be at 2. That is my long day, 2 x 3 hour classes.

    4. The long day sucks. You tell me what afternoon works for you. I'll just meet you in the student lounge.

    5. BG, still waiting on an updated date. I'd prefer to not do a hit-and-run chat between classes.

  15. FDChief,

    I think your instructors are being somewhat shortsighted in their desire to flush out the whole 'cyber' topic.

    Just consider this latest example of a 'cyber attack'

    You read this fairly elaborate 'hack' and at the end you discover that there was almost zero coding required. This is almost entirely possible through knowledge of systems and that, I think, is where the true danger of cyber exists. It bleeds really quickly into a physical realm and vice versa. When a box tells us something, we believe it and when you go through the rules and procedures, you feel like you did your job, but cyber can and do manipulate those realities.

    Understanding the supporting systems surrounding a computer network is critical to securing or compromising it.

    Another idea that I think should (hopefully will) take on greater emphasis is second-strike capacity in the cyber realm. As of right now, it is very unclear (AFAIK) if a country could retaliate against a broad and effective cyber attack against both systems and infrastructure. In theory when combined with a physical attack, you could possibly setup a scenario where a war would be won even before it was started.

    This would essentially negate the entire MAD world that had been in effect since the 50s. Use-it-or-lose-it might become the strategy that world leaders take to heart rather than deterrence. Imagine how much messier Pakistan-India relations get. Just consider the Cuban Missile Crisis if Russia and the US had possessed the ability to so completely cripple one another's C2 that someone could have theoretically launched a nuclear war and won.

    The cyber pandora's box has no upside whatsoever except perhaps to call attention to the fact that China is stealing so much information and digital 'wealth' that a Senator called it "the greatest transfer of wealth in the history of the world." That also is in an interesting topic.

    PF Khans

    PS Good to see you at the pub, Jeremy.

  16. PFK, thanks for the invite.

    I think FD Chief was forwarding us Barry's info, rather than pursuing another Master's lambskin.

  17. bg-

    You commented: "My theory is that social networks, while an important tool, wasn't the primary driving force of change, it was just a catalyst (or maybe a medium for a catalyst to flow). I thought that would get some interest, but instead I got head nods of agreement. And also comments that it was "US involvement" that was the real bringer of change. That one kind of floored me as being a bit egocentric. But is also showed my idea that social media's impact wasn't as important as the media built it up to be was already an accepted concept, and therefore won't make an "interesting" thesis. "

    Reminds me of the "SMS Revolution" in Spain in March 2004. We had a Spanish exchange student staying with us. We all went out to eat in a local restaurant and she was receiving text msgs the whole time. We knew more about what was going on in Madrid than the BBC! Later, especially those of more authoritarian orientation were convinced the whole thing had been orchestrated by the Spanish Socialist Party . . . there had to be a "leader", people don't just "organize"! How even better when one's own side can take credit for orchestrating a coup! . . . of course how all this benefits the US is another matter . . . Anyway just a taste of the mindsets you're up against. Still room for a lot of maneuver from a strategic theory perspective though . . .

  18. Thanks all, keep the ideas coming, if you see something, throw it out there. Right now, I am leaning in a couple of directions:

    1.(my least preferred COA) Anything to do with India is a hot topic right now, I have no idea what specific question I will work, but something to do with India's cyber capability is interesting, especially if I can somehow tie it to a recommendation of how we can partner with them against a common foe (China).

    2. (my preferred COA, but not sure where to go with it) I am not confined to Cyber, I can work anything in the Information Operations realm. I've been reading a lot about Mexican drug cartels lately, and their use of I/O (psych-ops) is extensive. There are a couple of claims of hackers getting kidnapped for use by the Cartels (mostly for cybercrime, but I suspect for some Computer Network Defense as well after the Anonymous run in). It would be easy to talk about the Mexican Cartels' use of I/O to include exploitation of social media (both the cartels' and Mexicans fighting the cartels are using social media against each other), but I just don't know what angle I can take, what theory I can propose.

    3. (Best Plan B I got, should be easy to sell) Iranian activities in Mexico. DNI Clapper made statements that Iran is working in Mexico, specifically with the cartels. I am considering doing a study of other Iranian proxy groups (Hezbollah, for example), and using these historical examples as a model to predict how the Iranians might use the Mexican cartels. This might be easiest to sell, I could take a position of whether or not this interaction will be successful and pose a threat to the US, and in what way.

    1. " There are a couple of claims of hackers getting kidnapped for use by the Cartels (mostly for cybercrime, but I suspect for some Computer Network Defense as well after the Anonymous run in)."

      Or hire.

  19. You might like this BG:

    1. I tried the link, but the video on the link didn't work. I will try to find another link to the video somewhere, looks interesting.