We’ve been deluged lately by a lot of intelligence community plans, assessments, and reorgs. I managed to catch up on this material over the Presidents Day holiday. Here are a few things that stuck out to me. I’m being a bit critical below, but overall this material shows that the intelligence community is aggressively trying to adapt to the modern challenges it faces. That’s a good thing.
- NSA’s recently announced reorganization, sickness which will merge its Signals Intelligence and Information Assurance Directorates, has engendered considerable debate regarding whether the merger will strengthen or undermine the information assurance mission. Susan Hennessey at Lawfare defends the merger. Her analysis is excellent but ultimately unconvincing. I agree with Nicolas Weaver, who argues that, “the problem with the NSA reorganization is one of trust and perception. And merging offensive and defensive capacities does nothing to help—and plenty to hurt—public trust.” And I strongly disagree with John Schindler, who argues we should be weary of sweeping intel agency reorganizations.
- The Obama administration is taking a throw it against the wall and see what sticks approach with its new Cybersecurity National Action Plan. That might be a smart approach for an issue as sprawling as cybersecurity. I wish the administration was a bit more focused on where the federal government can have real value added, and I expect half of the initiatives in this plan to fail in short order, but the country will still be better off when the other half succeed. The Commission on Enhancing National Cybersecurity, Information Technology Modernization Fund, and new Federal Chief Information Security Officer, along with the overall 35% increase in cybersecurity funding, are all positive steps.
- DNI Clapper’s Worldwide Threat Assessment continues in the tradition of being a document that provides unique insights into the IC’s thinking while at the same time being a trivial laundry list of problems. It begins with a discussion of the Internet of Things, Artificial Intelligence, Data Science, and Augmented Reality. Really? It also includes a brief, intriguing reference to the recent Juniper vulnerability (“A major US network equipment manufacturer acknowledged last December that someone repeatedly gained access to its network to change source code in order to make its products’ default encryption breakable. The intruders also introduced a default password to enable undetected access to some target networks worldwide.”)
- I’m somewhat disappointed in the ODNI’s Principles of Intelligence Transparency Implementation Plan. There are a number of solid initiatives in the plan and it’s good to see intelligence officials taking the issue seriously, rather than treating transparency simply as a means to address fallout from the Snowden disclosures. However, the plan ducks some tough issues, like the classification system and prepublication review process, and at times confuses public relations with real transparency reforms.
- The IC has made impressive progress implementing the PCLOB’s Section 215 and Section 702 recommendations, according to the PCLOB’s recent assessment. “All of the PCLOB’s 22 recommendations have been implemented in full or in part, or the relevant government agency has taken significant steps toward adoption and implementation.” While many people will focus on the PCLOB’s most narrow surveillance-related recommendations, I think the progress against its very last Section 702 recommendation may be the most significant:
The ODNI has advised the Board that it has been working to develop a comprehensive methodology for assessing efficacy, including a range of quantitative and qualitative metrics. The ODNI also advises that it will soon provide the Board with a report outlining this methodology. The Board looks forward to reviewing the report and working with the ODNI on this critical initiative.