Defense Secretary Chuck Hagel says instead of selling missiles to Syria, Russia should work with the U.S. to prevent the Syrian Civil War from erupting into a wider, regional war. – The Pentagon Channel

Ali-Reza Anghaie (Right) is a Consulting Security Engineer and Senior Analyst with Wikistrat. His varied work in engineering and security has taken him to numerous universities and Fortune 500 companies in the Defense, Energy, Entertainment, and Medical fields. You can follow Ali-Reza on Twitter and Quora. Scot Terban (Left), AKA the gonzo INFOSEC blogger Krypt3ia, blogs at http://krypt3ia.wordpress.com. You can also find him on Twitter. Both host the weekly Cloak & Swagger: Security Unhinged podcast.

John Little: Let’s start off with a Skyfall-esque word association game. Ready? “Cyber Pearl Harbor”

Ali-Reza Anghaie: Geraldo. (Yes, that’s my answer. Say `Cyber Pearl Harbor` in his voice and you’ll want to strangle yourself too.)

Scot Terban: Expletive.

John Little: Alright, so what is it about “Cyber Pearl Harbor” that sets you two, and many other infosec professionals, off? What are Panetta, Lieberman, and other Beltway types getting wrong about the legitimate threats we face in the digital domain?

Ali-Reza Anghaie: Lets clarify “getting wrong” – as professionals we encounter `wrong` all the time. ~Intentionally~ exaggerating and obfuscating threats is what has been happening in DC. However, it’s also politics – you never hear a politician talk about any issue in a way that satisfies the wider professional community of that issue. That’s quite intentional – as the people who really know are absolutely the people that politicians need to play ~against~ to centralize and pull power toward their own spheres of influence.

And that’s really the part that burns me – the echo chamber they’ve built is designed to accomodate just those that will work within the confines of the existing DC dynamic. And so much energy is exhausted in just that posturing that by the time you get to actual technical working groups – you’re already on the tail end of resource availability. So, if you’re lucky, you’ll get through one or two iterations of actual policy driven work before the next manufactured crises hoovers priority elsewhere.

Since this is the inevitable cycle, I suggest we move straight to the end – private industry needs to step to the plate as a competitive matter because Government, as Government always does, will punish you using whatever laws do or don’t exist as soon as it’s politically tenable. And won’t provide any solutions along the way. Why not just get it over with?

You know – I’d probably be less cynical and in a better mood if you stopped saying “Cyber Pearl Harbor”..

Scot Terban: It’s jingoism at its best. It is propaganda and a tool to get people to react in a knee jerk way.

What are Panetta, Lieberman, and other Beltway types getting wrong about the legitimate threats we face in the digital domain? Everything. They do not comprehend the technologies involved nor the complexities of what they are advocating as the end of the world. They need to let the professionals who deal with this technology and space give the answers. It’s akin to telling a five year old to go on to Meet The Press and explain quantum mechanics.

John Little: There are countless layers to this problem and many of them are not “technical”. There are human factors and physical security issues for example. In most cases there are no paths to 100% security. So where, from a national security perspective, should we focus or efforts and dollars? What would get us the most bang for the buck?

Scot Terban: Well, contrary to what a Dave Aitel or lately Schneier might posit, more security awareness for the general populace to start I think. This is more so for companies that are within the sights of an APT adversary but also look at what goes on with crimeware to start right? How much of this could be stopped just with making sure people understand the technology that they own and should be managing? We are all supposed to have training to drive a car and a license so why not at least have a better grasp on the PC and how things work right?

*wait’s for Ali’s head to explode*

But really, knowledge is power and unfortunately I don’t think this will happen either really. The money will all go into offensive campaigns within the CyberComm and we will lag behind on defense. Look at the EO and how the corps responded to it. “hey yeah, we would like to do less” I know Ali thinks that is all about letting the gubment take over and that is what they want but I disagree here. I think they do not want the government dictating to them nor do they want to be responsible for the security of their environments at the level of mandate because they would be held to it by assessment.

I think in the end your question is moot because nothing will be done that will help us.

Ali-Reza Anghaie: The pounding of the `do the basics` drums needs to be louder than the `sexy` drums..

However, I think the biggest things we can do at a national security lever are:

1) Admit defeat at the Government level. Make it clear – CLEAR – that if you’re waiting for Government to combat your hacking problem, you’re going to die.

2) You. Must. Compete. There is a concept called “Intellectual Property Obesity” that has ravaged the American innovators for some time. They spent too much time on Copyright, Patent, and IP theft and not enough on risk analysis, business development, existing means of competition.. concentrate on ~everything else~ that has made America less competitive on a global scale.

In the end, if we’re to suffer a `death by a thousand cuts`, it’s not because of cyber espionage from the Chinese or anyone else. That’s but a small part of the bigger picture.

Now – that speaks to national security at the economic level, which I think is most important – but some conflate this as all purely defense/military in nature. The solutions to that problem set as a bit different and, in part, require actually letting people fail. Not retroactively but put a pretty solid post in the ground that says: `Hey, if you get hacked and all the IP is stolen. Your program funding is going to take a BIG hit. We don’t want to tell you how to fix it – we (Government) doesn’t know how. Likewise, if the data gets stolen while with us (again, Government), you’re going to get a bit of automatica business helping us or influencing our direct means of securing it`.. something along those lines without the tin-foil gaps.

John Little: Although I know and respect many security professionals the ones that I encounter professionally seem to be bureaucrats rather than technical professionals. They are just lords of a massive fixed documentation process that must be completed whether I’m building a simple web page with public data or a massive mission critical enterprise system. The problem is that I can answer 500 questions about my application and get it approved but at the end of the day there’s nothing about the process that really enhances security. What are your thoughts about how the private sector utilizes InfoSec professionals?

Ali-Reza Anghaie: Firstly – I’m sorry. Really really sorry. You’ll have to file a RC269B exception to ask me this question. It’ll be rejected of course because everyone knows of the `Great RC268T Debacle` of 2012. I have my big red stamp ready to reject your request because email isn’t secure enough and the ColdFusion workflow app we had developed in Bangalore was, of course, developed by non-US Citizens so we can’t really use it. I have spoken.

There is this inherit fear of InfoSec that comes with the noise around incidents right now – similar to how auditors were perceived just after SOX went into effect. Nobody knows what to do with InfoSec except to not piss InfoSec off. Along with that come a lot of non-technical professionals or entry-level professionals enabled with copious amounts of authority and confidence over – well – nothing in particular. So, much like politics, you do exactly what you can get away with without punishment.

This is a cynical view – as my answers have trended so far – but it’s quite normal and recent trends leave me very optimistic.

We’re at the tail end of this trend and, as an industry, we’re going through it a fair bit quicker than many of our predecessors. Somewhat due to economic constraints but I sincerely believe the best of the best in InfoSec have taken more responsibility recently for knocking down their own echo chambers. They’ve seen the charlatans flourish and they know “we” created room for them with ambiguity and hand-waiving. “We” want our industry back..

So – to answer your question – I think a huge majority of the private sector is very confused in how to apply InfoSec. And it’s our fault…for now.

Scot Terban: I think we need to differentiate between the INFOSEC folks like an archaeological dig here to start. First off, not all INFOSEC’ers are built the same. I come from the pentesting side AND the policy as well. I performed many assessments that had a combination of both and understand them both well enough to see where the rubber meets the road to so speak. Unfortunately not everyone has the skill sets to see both sides of coin and to work efficiently in the space. So we have people who get into INFOSEC primarily from a “legislative or paper” side of the issue. They understand that security is necessary and there are rules that need to be in place and that is about it. They follow their checklists and once they have checked the boxes they are good. This is bad but all too often the real aegis of many folks in corporations who perform audit from SOX to other government audit standpoints.

Then there are the people who perform just pentest and who many often think that rules are just useless. Why? Because the hackers/adversary does not follow the rules and all too often rules get mired in minutiae that doesn’t matter to their attacks. I have heard way too many times, and rightly so, that SOX and other check box security measures are useless. I too have felt the same thing but, too often the pentest crowd is just dismissive of it because they are broken and not workable in their present state much of the time. So you can develop an app as you say, the “Bob’s” can come in with their checklists but in the end they have not made the product more secure because they lack the dimension of the attacker perspective.

So we have two camps.. Both out to secure things and neither really can because of a third camp.. Let’s call this camp the “Corporation” The corp all too often is motivated not by an innate desire to protect their data, their clients etc.. Their driver is to make as much money as possible and in doing so security spend is even today, not what it should be because it is a cost center. When looking at the options and the legal drivers we can see how it is so easy for a company to go for the check box security approach mainly because that is what the government and the laws are mandating. It is the “due diligence” mentality and in that, the only due diligence we have primarily is to have the boxes checked to insure that they can say that once they get sued or after an incident. THIS is to minimize the legal remunerations that they may incur to law suits and that’s the extent of it. Rarely have I seen a company throughout my career that was proactive about their security enough to engage true red teaming and effective policies, procedures, and audit to insure a modicum of security.

It’s mostly set and forget as well as get drones who check SOX boxes every year. Aye, there’s the rub huh? This is where you have the paper CISSP’s and others who really do not have a grasp of adversarial INFOSEC that needs to be in place to protect yourselves and this is where the engine of popularity and money have made a glut of people who don’t really have the chops to be in the business doing business. So yeah, you could create an application and the SOX types come along and ask questions but they really aren’t coders nor understand application code security right? They do their bit but they don’t see the whole picture and you, you could totally hoodwink them that your application is up to standard because this is the only appsec that they are carrying out.. Asking questions and not validating code?

To me, that says that the system is broken. What we need is a middle road where true application security people are involved in your case. In other cases I would like to see people who have a good grasp of security (defense as well as offense) in the roles of audit. Will this happen? Probably not and that is because as was lamented recently “Defense isn’t sexy” add to that the corp’s aren’t looking to do anything but be “risk averse” and you have a broken system.

John Little: So we have a system that is broken and seems bound to stay that way. With the increasing complexity and distributed nature of data and applications, the vast number of application users (a good portion of the planet now), the rapid advancement of technology, and the challenges involved in building and maintaining an even barely adequate cadre of INFOSEC professionals how will the future not become even more of a hacker’s playground?

Ali-Reza Anghaie: The problem space is going to continue to grow at an accelerating pace. We will drown in more data and we won’t ever have enough bodies to throw at the problem. Government “regulation” will likely further exasperate the staffing problems. Generally we’ve shown ourselves incapable of effective security automation. Woe is me?

There is a difference between a hacker’s playground and an unmanageable risk. Like any other type of crime, society will compensate in some areas and not in others. Some regions will do better with the same `door locks` and other regions will need `burglar bars` on all windows. So the question isn’t if the attack surface will continue to outpace us – it certainly will – the question is how will we compensate, as an industry and society, elsewhere?

This goes to the very root of competition – and we’re stuck with this idea that InfoSec is absolute. You’re either not using computers or your pwned. In no other aspect of life or society do we so readily say that to customers, through Governments, and in our daily routines.

So I would say that hackers will hack and that’s OK. If you aren’t viable and complete even under hacker fire – I’d say you were never actually viable or complete.

Scot Terban: It shall be just as it is now. The only answer is to become a new age Luddite and live in a bunker awaiting the end…

John Little: A significant portion of the cyber-chatter inside the Beltway and in the media is focused on China. How would you characterize the threat Chinese hackers (official or not) pose to the U.S. and how should we be talking about it?

Ali-Reza Anghaie: Lets be clear – the Chinese threat is real and it’s aggressive. It is also entirely irrelevant.

We’re at such an early stage of secure architecture and software that concentrating on a given foe is foolish for all but a small core of defense and intelligence agencies. Along those lines, Government emphasizing a given nation-state threat also leaves people with the false impression that these threats ~require~ a nation-state to execute. And…. wait for it… a nation-state level response.

About now big red spinning alarms should be going off in your head. THAT is the problem with “the Chinese threat” – it’s become a political football that has turned into a lobby interest that has turned into a disadvantage to an already painfully broken field. It creates whole classes of C-levels looking at the wrong problems, wrong solutions, and wrong people to deliver those solutions.

Scot Terban: How would I characterize the Chinese threat… Well, they are a threat because they are just persistent and mostly sneaky. Not all of the teams are uber ninja’s like portrayed in the news media or in a Mandiant self propaganda piece but they are pretty good (some of them) What the question really should be though is how would I characterize the attacked.. Not the attacker. We are on the whole not prepared to deal with attacks either in the MIL space or the private whatsoever. Companies are reticent to fix their infrastructures because it would cause loss of productivity, they hold on to old technologies like XP and IE6 for way too long, and they generally are not as a whole, security savvy.

So.. How hard is it for the average Chinese hacker to get someone to click on a link, pwn a machine, enter a poorly managed network, and steal them blind? Furthermore, how hard is it then to keep persistence?

Meh.

John Little: You both raise a very important point. While the debates over terminology, doctrine, and threats rage on the assets are going unprotected. We hear case after case of hackers having an easy time with their targets because of laziness, ignorance, and irresponsibility on the behalf of individual users, software developers, and network owners. It seems like we could eliminate most threats by shifting the focus away from “external” threats and back to our own behavior and business practices.

Ali-Reza Anghaie: Some years ago various groups started referring to de-perimeterisation as an inherit system design goal – that is to say that every system’s functions should act like it’s facing the “outside” world. From the outset I thought that should be the data protection goal as well – trust no one, period. Everything should have a forensic trail, least-privilege model, etc. Insiders can become your outsiders – prepare as such.

Now, that was naive of me – cost applies. So I think it comes down to appropriate risk assessments in the complete context of your business, legal, and technical resources – which is non-trivial for multinationals and small business alike.

So – the “right” answer to your question is – we still have an accountability problem period. Internally or externally the risk assessments, valuations, and models just aren’t being done appropriately on a reliable basis for most organizations. The good news is that the body of work on these topics are increasingly reliable – we can fix the overall scheme of things. Where fixing doesn’t always mean absolute security as the goal.

I’d like to thank Blogs of War for taking the time to put together this interview. It’s been great and I really enjoy your various feeds.

Scot Terban: The answer is “yes” but I would also hasten to say that it’s not just accountability but a more encompassing problem of OPSEC altogether. The point being that many people today lack understanding of the need never mind the practice of OPSEC. So we have all these private and public entities that really have no concept of the security landscape in the first place and why it is important to protect their data so how do you expect them to be aware of internal or external threats? While in the military and government space they have an idea they too suffer from lackadaisical attitudes and lack of comprehension of the technologies that they are using to manipulate, store, and use data. I tend to think of it as a human nature issue in general that we need to tackle just to bring people to the security table in the first place before we can make them aware enough to think about and secure their assets. Once people are on the same page with the technologies (not just the tech folks we all work with but the end users) then we will have a discussion over the internal versus the external threats posed.

It might seem odd that someone who worked at the CIA would offer up an opinion piece not related to Osama Bin Laden, on this, the 2nd anniversary of his ending. I actually think that now is the perfect day to talk about more important issues. I can think of no more important issue than the repatriotisation of captive American citizens abroad. That objective is complete….Levinson isn’t.

Levinson

The receptionist had a bowl of mini Reese’s Peanut Butter Cups on her desk. I remember that much. The large conference room where the asset validation / recruitment pitch security reviews were held for the Iran Operations Division was located in the main Iran Operations Division (IOD) Secure Compartmented Information Facility (SCIF). It was through a short maze of cubes filled with an operational targeting group and support staff. At the top of a raised section of the SCIF were a row of offices, and a few large sections of ceiling high glass that made up one wall of the conference room. Like most of the conference rooms I had been in at the Agency (and come to think of it, the other government jobs I’ve had) this one was mostly crammed full of a much too large conference table surrounded by an unwieldy amount of swivel chairs. To make matters worse, the outer edges of the room were encased with more chairs for overflow. It gave you a good sense of what goldfish must wake up to every day. Minus the reception desk with candy, and no I didn’t eat any.

I didn’t have access to this wing yet, having just moved to IOD, even though it had been over a month. I was in a SCIF across the hall and found this all out while on my way to the late morning meeting. Moments before I had grabbed my files and notes, headed out the SCIF I was in, and across the hall to the main door.

Beep

My blue badge just coughed at me; the obvious clunking of the magnetic lock suspiciously missing from my attempt at getting into my meetings. Nothing but silence, so I tried again.

Beep

Nope, not a fluke, I couldn’t get in. Just then the door burst open and a few people walked out, most likely on the way for a mid morning Starbucks break down the hall. In I went; ‘tail gating’ my way into the SCIF.

My first stop was down a long row of cubes straight ahead of me. My first office-mate from initial training was working as a Targeter somewhere along these rows. I had been bugging her for a few weeks to meet up and talk shop about IOD. She’d been there longer than me, and I wanted info on the Division. She’s also extremely focused and not surprisingly kept putting off meeting because she’d had too much she wanted to get done. Also no surprise, her cube was empty as she was in another meeting. Oh well, off to the conference room I went.

I was the second Staff Operations Officer (SOO) presenting a case at that mornings meeting. As this was my first, I was a little nervous. I knew the case, but felt like I had a vested interest given my previous line of work. These meetings were used to present potential agents, or HUMINT sources, for further development, recruitment, some sort of operation, handling issue or termination in a peer review setting. The peers in this case were more senior officers from the given division or operation group, as well as referents from the Counter Intelligence Center, Office of Security, the appropriate Directorate of Science and Technology officer and the ever present legal representative. The meetings were a clinical affair, at least based on my experience. I had written up my briefing packet and had pretty much gotten is signed off by the relevant officers already the day before via email. I figured this would be a formality.

I started my Federal career as a Special Agent with what was the US Customs Service / Immigration and Naturalization Service Post 9/11 Bush era mash-up formerly known as Immigration and Customs Enforcement (now Homeland Security Investigations). After a half decade of working a spectrum of customs and immigration cases I decided I needed a change and went through recruitment and hiring for the National Clandestine Service at the CIA. During that time, on March 9th, 2007 retired FBI Special Agent Robert Levinson was kidnapped while working a post retirement private sector investigations job that took him to Kish Island, a resort spot and free trade zone in the Persian Gulf, in Iran.

I have never been a traditional “cop” type of investigator. Though I respect and honor the “thin blue line”, I think I’ve always done a pretty good job at maintaining my old friendships and not being “that guy” who looks like a cop and only hangs out with other cops. That said, I did and do take law enforcement very seriously and one thing that has always been a constant for me is looking out for my brothers and sisters on the job. I never knew Robert Levinson, and wasn’t a Bureau agent (worked with plenty), this event really made me take notice however. A part of me filed it away and though I probably wasn’t fully conscious of it at the time, I assumed that the Bureau would do right by their former agent and move heaven and earth to get him back.

Now over two years later, everyone is filing into the IOD conference room, and Robert Levinson is fresh on my mind. I had been working the desk of my particular IOD branch for a number of months and felt good to be finally making some headway on a developmental asset, especially when that asset was saying they had information about Robert Levinson. I’d like to think that anyone sitting on the desk at that time would have been interested like me, but most likely it was my previous Special Agent background that made me push the officer in the field on this case.

The officer in question was a bit of an oddity. Not only was he based in National Resources; he was also a Staff Operations Officer (SOO) like myself. This meant he had been a SOO for a while before heading to Ops Certification at the Farm, so he could then officially recruit his own agents. This was also one of his first developmental assets, so it was our own special “big deal”, not that any of the more seasoned officers around seemed to care.

National Resources (NR) seems to be one of those misunderstood offices within the NCS. A few previous CIA officers, Henry Crumpton and “Ishmael Jones” for example, have detailed a bit about NR in their recent books. I had exposure to NR while working for the agency formerly known as ICE (or HSI as its called now), and later worked in NR for a time once inside the CIA. I find that most people I speak with see some kind of nefarious purpose for having what are supposed to be overseas “Spies” working within the United States. For clarity sake, NR is charged with a few very important functions that make operating within the US essential and beneficial to the Agency and our nations citizens.

NR officers handle communications and debriefings with US citizens who willingly cooperate with the Agency. These would be people traveling to countries of interest, or working with specific people of interest to the Agency. There are some other mechanisms here I won’t detail, but they pertain to agreements with companies in the US for similar activities.

Officers from NR also work to spot, assess, develop and recruit foreign individuals who are traveling inside the US. These might be people who live within the US continually with some form of permanent immigration status (green card, etc) or with a visa. Their access may involve them traveling back to their country of origin and then returning to the US. At that point they’d be met and debriefed by the NR officer. The scenarios vary quite a bit, but most NR spots are quite busy, and I’ve assisted in some very interesting recruitments based on NR cases. One such recruitment was facilitated by utilizing my previous years working immigration cases as a Special Agent with ICE to dig through hundreds of files in a targeting assignment to find a good lead for an officer to approach. In the end, the officer used my targeting package to successfully recruit and run this individual. I only know all this because my supervisor in that office was nice enough to keep me updated on the cases after I moved to DS&T.

My specific case on this day centered on an individual within the Iranian security apparatus. As things panned out they claimed to have access to a wide variety of information, some of which was related to Kish Island activities as well as the kidnapping of Robert Levinson. His motivation was purely financial, and our hope was to get some kind of good validating info about his access from an upcoming meeting. I felt the review was a moot point, so when it was my turn I quickly presented the case and led with what I thought was the most crucial bit of information we wanted to know more about: Levinson.

“I don’t want to hear fucking Kish Island mentioned again!”

It was blurted out with such a bureaucratically laced snide plop that I was caught a bit off guard. Factor in that it was one of the Deputy Chiefs of Operations for IOD who threw it down at me in the middle of my brief, well, let’s just say I wasn’t used to being talked to that way. I took a quick breath, sat on the comment for a second, suppressing my initially reaction that I won’t detail here, and then continued explaining why I thought the issue was important.

He wasn’t having any of it. He said he didn’t care to hear more, and that he had been led to believe there was more to this potential asset than anything to do with Kish Island. I quickly made my case and roped in one of the referents that had given me the unofficial sign off to present the case that morning. The Deputy Chief then seemed to sputter out, as if it had been some sort of compulsory obligation, not unlike the Brooks Brothers he was sporting that day. The operation was given an initial approval, so basically the officer could meet the potential asset and potentially recruit them. It all seemed really a strange and unnecessary way of recruiting people. When I’ve worked confidential informants in the past, well, I had done it differently, but I don’t own a nice suit, so what do I know?

Now, at this point I should say that I really wish I had some miraculous breakthrough with the Levinson case. It’s obvious that I did not, and had no other real part in this. I don’t know much of what happened after I rotated out of the office for a training course. After my certification course I jumped Directorates and moved to the Directorate of Science and Technology. I didn’t get any other updates from that office. This was, and absolutely still is, common for officers moving around to different offices in their careers at the Agency. As much as Agency HRS folks like to talk about “Hall Files” (your reputation at the Agency, as whispered in the halls), I found out early that just about every officer is as good as their most current assignment or operation. You might have things keep you in the spotlight throughout your career, but as soon as your flame goes dim, the giant information pit that is the Agency swallows you up. Much like Iran swallowed up Robert Levinson.

I have spoken with a former colleague and friend of Levinson, as well as exchanged messages with members of his family. I’m no expert on the man, by any stretch, but its clear that he is highly respected by his friends and loved by his family. In January of this year the Levinson family started a White House online petition that requested the government focus their energy on finding and freeing Levinson. The shocking result was that way more people turned out in favor of the creation of a “Death Star”

I found out more recently that several offices did get spotty information about Levinson during my time at the Agency. It seems like those cases and experiences were kind of like mine. Some initial interest, then nothing. Not like an effort not to do anything about Levinson, more a general uncertainty or inaction with regards to the information that was coming in. For instance, one officer I spoke with had been asked to review a video that was believed to be of Levinson while working in another IOD office. There was no follow up that he knew of, however.

I started out writing this piece before March of 2013, hoping to have this completed in time with Robert Levinson’s 7th anniversary in captivity. That obviously did not happen. I noticed that several organizations made statements about Levinson’s plight, including various former and current FBI Special Agent Associations, to include a moment of silence marking the dubious anniversary. While the attention and respect for their own is to be respected and honored, I can’t help but wonder what exactly has changed?

Robert Levinson is not the only American in captivity, not even the only being held by Iran. How many other anniversaries have gone by without much notice? How many other junior intelligence officers have pitched access agents who are said to have knowledge of Americans being held overseas? Were those cases given more attention by management?

Now that I am out of that direct stream of knowledge, I really could not even guess. As a country we seem to have a very short memory when it comes to critical events, so I would not be surprised if the Robert Levinson’s captivity, and that of former US Marine Amir Hekmati or pastor Saeed Abedini are not garnering the kind of attention that should really be given to those of our citizens being held captive by another nation.

Popular culture has educated people with the common US Military motto of “No Man Left Behind”. Though not always a reality, the spirit of the motto is something we could all do better at.

This is the point where I reach back to new officer training at the Agency and try to tie in history with the present day. As part of new officer training we all were encouraged to read “The Book of Honor” by Ted Gupp. His book details a number of the fallen Agency officers that have stars appearing on the Wall of Honor in the Original Headquarters Building (OHB) , and appear in the Book of Honor at the base of the wall. I bring this up because I think its very relevant to this discussion of our citizens in captivity around the globe.

I also bring it up because I just recently listened to the audiobook (I drive a lot for my current job and listen to quite a few audiobooks). Upon hearing these stories again, all the while thinking of Robert Levinson’s case, I see a definite pattern emerge. While the “Book of Honor” details CIA officers who perished in the line of duty, the lack of positive action, or downright inaction of our most senior officials in doing everything possible within their power to help US Citizens in harms way or captivity is shocking. If you are not familiar with these people I urge you to read or listen to Ted Gupp’s excellent book. In it you will learn about the likes of legendary Hugh Francis Redmond who spent 19 years as a captive in China, or John J. Merriman who though not a captive, was seemingly denied much needed medical aid after a plane crash in the Congo in 1964.

It seems to me as if government officials don’t care about what happens to Levinson. My feeling is that the issue is so far out of hand, that unless a direct and easy solution presents itself, the predominant risk adverse nature of our current intelligence apparatus will drag its feet until that “sure thing” comes along. This I believe needs to change. We as citizens should demand that our government takes immediate action to secure the release of our fellow citizens being held captive overseas. Its time to stand up and fight for people like Robert Levinson. We can choose to spend our precious time foaming about previously authorized interrogation programs, the stock market or movie stars, or we can take a stand for something more lasting and meaningful. People like Robert Levinson spent a career in service to our country. I don’t know his career trajectory, but it is safe to say from my first hand experience as a Special Agent, he gave more than he got to the citizens of this nation. He doesn’t deserve to sit locked up by a sworn enemy like the Iranian regime.

You might be asking yourself what you can do to help. If so, I’m glad to hear it. I’m not sure what good it actually does, but Internet access makes it very easy now to contact your representative. Why not check out http://www.house.gov/representatives/find/Twitter, retweet it. Then follow @HelpBobLevinson and show your support.

You can find that information on the Levinson family’s website as well as on the Wikipedia page devoted to him.

Scriven King is a security professional who has worked for the federal government for ten years and now enjoys a life in both the private and public sector. His previous positions have included law enforcement and security operations, physical security manager, crime prevention officer, and personal security officer. He is also the editor of The Security Dialogue, a blog where he enjoys talking about new security technologies, strategies, and techniques. You can follow him on Twitter at @scrivenlking.

I’ve been a security professional for over a decade and worked in a variety of areas in this field to include everything from major event security, dignitary protection, security operations, armed patrols, bike patrols, security management, physical security, personnel security, and program management. In each field, I have come to the realization that most people have no clue what “security” really is. That’s right. I’m not just talking about customers either. Security professionals also have a flawed concept of what constitutes “security”. And you know what? You do as well probably. So why is it that so many of us have no clue what we’re talking about or asking for?

Let’s first examine what security is. Security is a psychological construct. In other words, security is something we humans feel because it helps us prioritize the other survival needs we have. Think about it. Ancient cave dwellers faced a number of survival issues daily – food, water, shelter, etc. Security was a primary concern, given they had to ward off dangerous predators and rival humans. Certainly, hunting and gathering can’t be done if you’re preoccupied with having to worry about keeping your stuff (and you) from harm’s way. So they did whatever they needed to in order to protect against would-be threats. Over time, those defenses were tested by these threats and what worked against them stayed and what didn’t they rid themselves of. As those threats became less frequent, less real-time evidence was needed to establish security. We no longer needed to see a threat to feel as though we had deterred them. A great illustration I use to make this point is locked doors. Why locked doors? Think about it. Every time you lock a door and leave for the day, you do so feeling very secure. When you lock the doors at night, you sleep easy because you feel have adequate security. Most often than not, you have never been burglarized. You have zero experience with actual criminals. Yet, you believe the lock keeps the threat away.

Why is this bad? When we forget the differences between security and actual protection, we tend to be more concentrated on the mental assurance we have evaded attack rather than actual data to substantiate it with. Would you rather get a vaccine that was tested in a lab with real viruses or one scientists feel will work? All security measures should be evaluated on how well they stop actual attackers and should be implemented with the understanding an attack will occur rather than if. Too often, we fashion security after the least likely scenario in which the threat will attack or on the presumption he has come but was thwarted by something we did that can’t be corroborated. How many times have security professionals sold a piece of equipment to counter a threat that will likely never show up? It’s like buying an operating table for your home. Some would argue that’s how we got the Transportation Security Administration and countless other security bodies. It’s been the leading cause as to why intelligence reform will never be sufficient. In that light, the misnomers about security are no more apparent than they are in national politics where various threats, real or imagined, compete for our government’s attention and money.

So how do we fix this? There’s no easy road unfortunately. We have to begin by formulating a national risk analysis based on realistic threat scenarios from across the security spectrum. This discussion should focus on criminal and national security threats. We shouldn’t shy away from the various socioeconomic or geopolitical ingredients that feed them. From there, we should discuss how likely we are to see the attackers and evaluated what has worked against them in the past. We should be wary of adopting someone else’s security solution to our problems. What works in Tel Aviv sounds really cool but may not work in the modern American security landscape. Finally, we need to develop attainable goals and projections. We will never be rid of terrorism. Never. So let’s stop making that goal. Instead, let’s create an environment that mitigates the threat the minute it’s known preferably before an attack occurs. A lack of clear and specific attainable goals has been the biggest threat to our security. Remember it’s not about feeling secure because the threat is not present. It’s about what defeats an attacker when he/she chooses to attack that should constitute security.

To Provide Tips in the Investigation: If you have visual images, video, and/or details regarding the explosions along the Boston Marathon route and elsewhere, submit them on https://bostonmarathontips.fbi.gov. No piece of information or detail is too small.

You can also call 1-800-CALL-FBI (1-800-225-5324), prompt #3, with information.

Source: FBI.gov

The Boston Bombing Witch Hunt Bags Another Innocent Kid – On Monday, the New York Post doggedly stuck to its claim that 12 were killed in the Boston Marathon bombings. On Tuesday, CNN (among others) reported that a suspect had been arrested, before walking that all the way back. Today, the Post wrests back the “what the fuck are you doing?” crown by putting two “potential suspects” on the cover of the newspaper. They are most assuredly innocent.

Boston Police Commander: “I need somebody up there to get on social media…” – Shortly after the IEDs detonated in Boston (at 10:38 in the recording above), an unidentified police commander got on the radio and began giving orders. “We’re going to get the victims out, we’re then going to conduct a sweep with EOD assets… we will then get people out of the restaurants and bars. I need somebody up there to get on social media and let people know what we’re doing here–that we’re sweeping the streets to make sure it’s safe first, and then we’ll get them out of the bars once we get it swept.”

Crowdsourcing the Boston Marathon Bomber – The difference with the Reddit and 4chan crowd-sourcing is that the flow of information is not limited to the individual with information and the feds who receive the tip. Speculation is now published widely, for all to see—a dangerous idea, writes The Atlantic’s Alexis Madrigal. “They are not real cops. They are well-meaning people who have not considered the moral weight of what they’re doing,” he said. “This is vigilantism, and it’s only the illusion that what we do online is not as significant as what we do offline that allows this to go on.”

The Internet Mystery-Solving Machine – a horde of amateur digital-forensic analysts have been poring over every pixel of some of the same raw material as investigators—publicly available high-resolution photos and video of the race, bombing, and aftermath,which has been scattered across the Web and broadcast by news media—hoping to see something that official investigators have not. It’s a human-powered parallel-processing machine, one with overwhelming scale that is constantly churning as it aggregates known information with new data, synthesizing the two to produce highly idiosyncratic analyses. The machine is marked by its intensity, heterogeneous composition, and its odd syntax, in which annotations are made with crude graphics, and arguments are made in the raw language of Internet forums.

Media’s description of search for ‘dark skinned’ Boston Marathon suspect shows ineptitude around race – A reporter’s work is incomplete if the only description they have for a potential suspect – particularly for a crime on the magnitude of the Boston Marathon bombing – is ”dark-skinned.” Time is of the essence. Other U.S. cities and national landmarks have been placed on high alert. If a vigilant public is to help law enforcement put together the pieces of this puzzle, they must have full descriptions, which can include race but must include more.

Obama to visit Boston amid search for suspects seen on video – President Barack Obama was due to visit Boston today to attend a memorial service for victims of the Boston Marathon bombing amid a manhunt for two suspects seen on video taken before two blasts struck near the finish line on Monday.

How Long Does it Take to Catch a Terrorist? – As the country waits for answers about who the terrorist — or terrorists — is, the reality of how long that might take was discussed Tuesday on the PBS NewsHour. Michael Greenberger, director of the University of Maryland’s Center for Health and Homeland Security, said he’s optimistic that they’ll find the perpetrator of the Boston marathon bombings eventually, but possibly not until evidence is painstakingly pored through and analyzed. “I have the unfortunate suspicion that this won’t be solved quickly,” he said in a story posted yesterday.

Social media and the Boston bombings: When citizens and journalists cover the same story – There is a reflexive reaction to pit emergent social media behavior against the traditional journalistic practices and norms. This defensive posture is counterproductive for both sides. Rather than pointing out flaws in order to uphold one model over the other, we should appreciate the interplay between them with a sense of symbiotic dependence that ultimately produces a more participatory, accurate and compelling news cycle.

Give It Arrest - A visiual guide to the CLUSTER$&K of misinformation during Wednesday afternoon’s Boston Marathon bombing news coverage.

Beware bogus Boston Marathon charity websites – One fraudster already tried to dupe the public by setting up a Twitter account minutes after the bombing that claimed to be associated with the Boston Marathon organization. The @_BostonMarathon account promised to donate $1 for every retweet. After users called it out as a fake, Twitter quickly shut the account down — but not before it received more than 50,000 retweets.

Internet Comes Up With 8.5 Million Leads On Potential Boston Bombing Suspect (satire) – While still early in the investigation, experts believe the internet is likely to uncover crucial evidence in the coming hours that will likely result in anywhere between 20 to 30 million more leads on potential bombing suspects.

Follow @Blogsofwar for continuous live updates of this story.

The limits of intelligence collection – U.S. intelligence didn’t pick up any threat stream about Boston or the marathon before the event, nor any terrorist “chatter” about the attack afterward. That doesn’t rule out al-Qaeda involvement, but this attack doesn’t resemble anything the core group or its major affiliates have done in the past. Officials can only speculate at this point about perpetrators. But the early evidence looks more like the work of a lone individual or a small group than that of a larger terror network. If it’s part of a broader terror plot, then it represents a new and cruder approach. Terror attacks that fit the same pattern are the 1995 Oklahoma City bombing, the 1996 pipe bombing at the Atlanta Olympics and the 2011 pipe-bomb plot in Spokane, Wash. In each case, the chief attackers were lone wolves.

Boston bomb investigators can’t decide: Foreign or domestic? – All of the talking heads that discuss this incident and incidents like it, if your experience and your expertise is Middle East terrorism, it has the hallmarks of al Qaeda or a Middle East group,” said former FBI assistant director Tom Fuentes, in a CNN article. He continued: But “if your experience is domestic groups and bombings that have occurred here, it has the hallmarks of a domestic terrorist like Eric Rudolph in the 1996 Atlanta Summer Olympics bombings.”

Local terrorism expert on Boston bombings: ‘Likely domestic, possible lone wolf’ – Dr. Greg Moore is the Director of the Center for Intelligence Studies at Notre Dame College. Moore said there is still an enormous amount of information to be viewed but he believes the attack is domestic terrorism.

Boston Bombing: World Reacts with Flood of Tributes – Users of China’s Twitter-like social media service Weibo reportedly praised the U.S. response to the incident. “In the face of the tragedy, we can learn a lot from the American government, media, businesses and citizens’ kind interactions,” wrote one user, according to the International Business Times.

Experts Skeptical Homegrown Terrorists Were Behind Boston Bombings – But one message from domestic terrorism experts is clear: Most of the evidence points against an antigovernment group being responsible for the attack. Several militia groups, who fiercely and sometimes violently fight to keep their Second Amendment rights, have come out against the bombings in Boston.

Boston Marathon blasts: Investigators eye ‘range of suspects and motives’ – “Importantly, the person who did this is someone’s friend, neighbor, co-worker or relative. We are asking anyone who may have heard someone speak about the marathon, or the date of April 15, in any way that indicated that he or she may have targeted this event to call us,” DesLauriers said.

Reddit Scours Photos in Search of Boston Bombing Suspects – The group, called r/FindBostonBombers, has hundreds of Redditors pointing their collective finger at several unknown people it considers suspicious based on their appearances and backpacks. Law enforcement has said the devices were contained in backpacks or large duffel bags, but authorities have provided no physical description of any suspect.

Boston Marathon bombing victims: Promising lives lost – “She was an incredible woman, always full of energy and hard at work, but never too tired to share her love and a smile with everyone,” the post said. “She was an inspiration to all of us. Please keep her and her family in your thoughts and prayers.” Even without government confirmation that Ms. Lu was killed in the bomb blast on Monday, Chinese Internet sites filled with mournful messages about a woman in her mid-20s whose ambitions took her from a rust-belt hometown of Shenyang to Beijing and then the United States. Her account on Weibo, a Twitter-like microblogging service used by tens of millions of people in China, attracted more than 10,000 messages, mostly of condolence, in the hours after Chinese media reported her death.

China Mourns the Death of a Student in Boston Blast – “You are in heaven now, where there are no bombs,” said one typical message.

Twitter Donates Promoted Trend to ‘One Boston’ – Entertainers, athletes and ordinary citizens aren’t the only ones aiding Boston residents after Monday afternoon’s deadly bombings at the Boston Marathon. Twitter lent a helping hand of its own on Tuesday in the form of a donated promoted trend on the microblogging network.

Alex Jones And His Enablers – As Jones Pushes Conspiracies About The Boston Bombings, A Look At The Politicians, Media Figures, And Outlets Who Validate Him.

Why One Californian Bought a Domain Name to Stave Off Boston Conspiracy Theorists – I saw some pretty unbelievable and disgusting statements being made almost immediately. So, I went back to my desk and quickly bought the domain for BostonMarathonConspiracy dot com and and posted a simple message saying that I purchased it only to make sure the kooks don’t get it.

Why the Conspiracy Theorists Will Have a Tough Time With Boston – The attacks in Boston lack a number of the factors they need to concoct a really compelling conspiracy theory. They’re always on the lookout for a “false flag” attack, a government-run ruse intended to bring public opinion in line. In reality, the last example they can point to of this is the Reichstag Fire; in fiction, it’s usually fun to point to Watchmen. But the Boston bombings are going to present some challenges.

The Saudi Marathon Man – What made them suspect him? He was running—so was everyone. The police reportedly thought he smelled like explosives; his wounds might have suggested why. He said something about thinking there would be a second bomb—as there was, and often is, to target responders. If that was the reason he gave for running, it was a sensible one. He asked if anyone was dead—a question people were screaming. And he was from Saudi Arabia, which is around where the logic stops. Was it just the way he looked, or did he, in the chaos, maybe call for God with a name that someone found strange?

Follow @Blogsofwar for continuous live updates of this story.

Downtown Boston Remains a Crime Scene – Downtown streets that normally would be clogged at rush hour were largely deserted Tuesday except for a cold wind and a few runners out for a morning jog. “It’s very surreal,” said Mary Ollinger, 32, who works at Wentworth Institute of Technology. “The streets are empty and the Common is filled with media trucks.”

Boston Marathon Explosions: Revere Apartment Searched – Police and federal agents searched an apartment building on Ocean Avenue in nearby Revere late Monday night in connection with the bombings. Agents searched this complex for 9 hours after the marathon bombing. CBS News Senior Correspondent John Miller reported Tuesday morning the apartment search was related to a man who is reportedly under guard at Brigham and Women’s Hospital. Miller reported the man is a Saudi national who is in the United States on a student visa. Police and federal officials exit an apartment complex in Revere with a possible connection to the earlier explosions during the Boston Marathon. Several bags were removed from the scene around 2 a.m. Tuesday, but authorities would not comment on the search.

Boston Marathon bombings: Security experts weigh in on potential culprits, motives – Former Homeland Security Secretary Tom Ridge says the absence of intelligence might suggest the attacker is not affiliated with a larger terrorist group: “It may lead to the fact that this was not connected to a major jihadist organization. This might very well may have been a domestic terrorist or lone wolf, as you might want to describe it.”

Twitter and news: The canary down the mine – Twitter has often been touted as the “first with news”. From the miniscule to the massive. From Stephen Fry being stuck in a lift, to the Arab Spring rippling across North Africa, it is the instant source of a story, the first gurgle from a tap. The only way to find out what’s really happening, according to some. But I’m beginning to think that so-called truth is losing some of its polish.

Social Media Shapes Boston Bombings Response – Terrorism experts said the proliferation of photos and video on the web through social media might also help authorities identify the perpetrators of the attack. “All the media provides a tremendous asset for the forensic evaluation of the explosion event,” said Roman. “Authorities can start examining the pictures and tapes looking for individuals near the receptacles where the bombs were found and individuals not fitting the profile of the general spectator can be identified.”

Social media to the forefront in Boston – ‘Authorities have recognized that one [of] the first places people go in events like this is to social media, to see what the crowd is saying about what to do next. And today authorities went to Twitter and directed them to traditional media environments where authorities can present a clear calm picture of what to do next.’

Boston’s tweeters offer aid to marathon runners – Gestures as small as offering a drink of orange juice and use of a home bathroom were recounted on Twitter on Monday in an ongoing online recollection of the fellowship that emerged in the wake of Monday’s devastation.

Public Shaming – Minutes after the explosions, internet tough guys and girls were already pointing the blame and ready to kill.

Follow me on @Blogsofwar for continuous live updates of this story.

Jon Iadonisi is the founder of White Canvas Group (Twitter) and leads the innovation and application of new products and solutions for all clients. He blends over 15 years of diverse experience in computer science, cyber security, and applied creativity into solving tomorrow’s challenges. He is regularly sought by the Department of Defense, various Intelligence agencies, members of the US Congress, industry conventions and popular media outlets to provide expert opinion and briefings on information age unconventional warfare. Prior to joining the private sector, Jon served as a Navy SEAL, where he designed, planned and led various combat operations that integrated innovative technologies and tactics into the operating environment, ultimately creating new capabilities for the Special Operations Community and Central Intelligence Agency. He is a combat-wounded and decorated veteran who earned a B.S. in Computer Science from the US Naval Academy, and M.S. in Homeland Security from San Diego State University. He is currently pursuing a PhD in Criminal Justice from the University of New Haven, focusing his research on the emerging field of cyber crime. Jon is a guest lecturer at San Diego State University and Georgetown Law School and is an academic and athletic all-American who participated in the 2000 Olympic Rifle team trials.

Tim Newberry is the co-founder of White Canvas Group and is responsible for day-to-day operations and sustained client engagement. Tim’s 15 years of identifying, developing, and executing projects in areas ranging from computer science to nuclear engineering has helped him hone a process-oriented delivery model that ensures clients’ objectives are met on time and on budget. Prior to joining the private sector, Tim spent eight years as a Naval Submarine Officer and Nuclear Engineer. He has a master’s degree in engineering from Catholic University, and a bachelor’s degree in computer science from the U.S. Naval Academy. Tim is currently pursuing a PhD in Criminal Justice from the University of New Haven in Connecticut, with an emphasis on understanding the intersection between cyber technologies and new age media with justice.

John Little: White Canvas has been involved in lot of interesting projects from crowdsourced crisis communications products like GridMeNow, to social media analysis, to your longtime involvement in the hacker conference scene. Can you briefly tell us where White Canvas is devoting most of its energy at the moment and where you see yourselves headed in the next 3-5 years.

Jon Iadonisi and Tim Newberry: John, first, thank you for hosting us in this forum. We’ve been a big fan of yours over the years and actually think we’ve got quite a bit in common with your content pursuits. As you allude to in the question above, we’ve been accused at times of being a bit unfocused and spreading ourselves too thin. We couldn’t disagree more.

Everything we do, day in and day out, now coming to the end of our fifth year, connects. It connects by focusing our efforts at an intersection between technology and people. Behind every social media account, keyboard, and mobile phone is a person. Our expertise is technology development but our focus is to serve people with that technology, with each one of our projects combining elements of design, science, and functional solutions.

Right now, we’re focusing on a handful of projects. We like to describe ourselves as a privatized DARPA (most of your readers will probably understand that analogy), except we like to produce a bit faster and be a bit more practical in solving tomorrow’s problems today. You’ll see GridMeNow spin off into its own company in the coming months as customer growth and demand warrants. 2013 will also see a renewed focus for WCG on the human factor in cyber security and digital operations for private and government customers. Our other significant energy focus will be an elite performance training system for military and law enforcement personnel, customizing systems currently used by professional and Olympic athletes.

Clients contact us regularly seeking other paradigm-shifting solutions, and we’re dedicated to evaluating those potential opportunities for future growth.

John Little: I know you guys were looking at the national security implications of social media, especially web video, well ahead of the Arab Spring. Has the marketplace for these concepts changed completely over the last three years or is it still an uphill battle with some customers?

Jon Iadonisi and Tim Newberry: Both. The Arab Spring undoubtedly caused global shifts in power but more critically, it caused a shift in the perception of what power is and who has it. Social media certainly helped those events transcend local boundaries onto the global stage; and the pressure of that elevated visibility shaped public opinions and corresponding ground action in near real time.

Video social media is the most important form of user-generated content when influencing someone to do something. That journey from being compelled or inspired to do something to taking action on that inspiration happens much quicker with video as opposed to just text, pictures, or audio. Video compels, inspires, incites action. That’s why we focus there, because it is the most potent form of influence, whether you use it for marketing or organizing. Further, the social technologies at play in these cases (YouTube, Vimeo, etc.) offer a transformative experience for the user/viewer because they instantly provide context (via comments, likes and shares), and connect users/viewers to wider online audiences via their own social presence. The video footage of the January 25 Tahrir Square protests in Egypt compelled a global audience in seconds. You personally could watch the event unfold via social media virally while other 1.0 organizations usually tasked with monitoring and analyzing these events (e.g. intelligence agencies, news bureaus, etc.) totally missed the boat. And in this case, the compulsion caused by the social video experience resulted in a united narrative promoting a regime change.

It’s still an uphill battle—that’s going to be the case for years, and unfortunately more so within the confines of government. But, we’re getting better at it – after all, the Internet is only about 20 years old.

John Little: It seems like with all the hype around social media and the internet in general that mobile gets overlooked as a driver. Twitter and Facebook wouldn’t be full of compelling real time content from Tahrir Square without the global spread of affordable hardware and networks. It’s really the convergence and ubiquitous nature of these technologies that is creating something special isn’t it?

Jon Iadonisi and Tim Newberry: The quick, simple answer is “absolutely” – I think we’ve heard recently that in many parts of Africa, cell phones and internet connectivity are more prevalent than running water. But the harder-to-measure second and third order effects this creates involve how PEOPLE are changing with this new dynamic. This is where we at White Canvas Group spend most of our time: helping people to navigate this new digital world order. Consider the fact that reliable, real-time information is being delivered via an underground Skype connection in Syria, which is then broadcast by the global news network powerhouses. It’s an inversion of power and influence. Many people don’t buy goods or services based solely on advertisements: they spend money based on peer recommendations or social network validation. These changes are only enabled by the convergence and spread of affordable connectivity. We think we’ll start seeing many more innovative uses of mobile technology in the future as burgeoning youth population bubbles reach critical mass inside the regions you mention and others.

John Little: You have a long history of participation in the hacker community through events such as DEFCON. And lately I’ve seen the two of you discussing cyber security on Fox Business News, CBN News, Government Computer News, C-SPAN and other media outlets. Cyber has been a beltway buzzword for some time now but it seems like, especially in the political arena, the threat is often hyped or mischaracterized, while real vulnerabilities are overlooked. It drives a lot of the information security professionals I know crazy. How can we move beyond the extremes of hype and apathy to implement the kind of broad and sustained effort needed to secure our digital infrastructure?

Jon Iadonisi and Tim Newberry: This transition will be lengthy, and in many ways similar to the societal adjustment towards terrorism post-9/11. Simply put, a broad sustained effort will not be embraced until either a generational change in the political landscape or a 9/11-scale cyber event. Until then, private businesses, institutions and individual American citizens will have to hold their own. We hate to be the bearers of doom and gloom, but the fact that those inside this professional industry are more focused on the context of a word instead of the practical manifestations of that word frankly says quite a lot about how much most people in this community care about it. Towards that end, and in the context of what the “industry” deems cyber security, we’re focused on providing tools, technologies, and perspectives that will help to fill that void; hopefully enabling individuals, companies, and organizations that are taking it seriously the ability and confidence to hold their own.

John Little: I know you guys are always looking forward and you can find opportunity almost anywhere. Are there any anticipated technological/social developments on the near horizon that you’re really excited about?

Jon Iadonisi and Tim Newberry: Unfortunately, innovation is a cliched term these days. We really enjoy following the modern day Da Vincis and Edisons. People who aren’t afraid to challenge the norm and risk changing the world. For example: Salvatore Iaconesi, diagnosed with brain cancer who instead of giving up hope, coded his medical records in a structured format, enabling thousands of people to help him successfully find a cure, which he did. Stories like his remind us that computing power, when used as a tool, enables creators a chance to globally impact our world. We’ve got a couple of promising projects we’d like to launch against Leukemia, and perhaps have a chance to impact the world. Until then, all we can do is fearlessly dream, and that begins like all of our projects: on a white canvas.

Phillip Smyth is a researcher specializing in Lebanon, Syria, and the broader Middle Eastern affairs. He travels regularly to the region and has been published by a number of publications including the American Spectator, the Counterterrorism Blog, the Daily Caller, Haaretz, MERIA Journal, The National Review Online, NOW Lebanon, PJ Media, and Voice of America. You can follow him on Twitter @PhillipSmyth.

John Little: We’ve seen countless accusations of chemical weapon use from both the regime and opposition forces. Twitter, YouTube, and Facebook have been overflowing with that content but most of it has been way off the mark. Some of the content creators are genuinely confused and many (on both sides) are pushing poorly constructed propaganda. I’ve consistently maintained that there is no upside to chemical weapons use by Assad. Using them on a large scale would be suicidal. Do you think that logic will prevail? What is the likelihood that Assad would do the unthinkable?

Phillip Smyth: If the regime openly uses chemical weapons (CW) (e.g. as Saddam did in Halabja) it will most likely result in a “Game over” situation for them. In that case, the “red line of red lines” would have been crossed and would probably lead to some variety of intervention involving external actors. Presumably, such an action may force the hand of even the most unwilling actor.The rebels understand this, as does Assad. It certainly accounts for numerous (generally erroneous) rebel reports of Assad having already used chemical weapons. It also serves as a main reason why Assad is not using them. He gains much more leverage from having his finger on the button than from pressing it.

There have also been numerous charges the Assad regime has already transferred some of these weapons to Hizballah in Lebanon. I have my doubts regarding those accusations aswell. Why hand off the keys to the castle before one has vacated the premise? For Assad, CW serve as the regime’s joker card–There are pluses and minuses. Thus, Assad understands that CW are best used as a strategic bargaining chip in the great game of retaining his hold on Syria.

Another oft-repeated line we hear is how “desperate” Assad has become. This is often described as a reason for certain actions executed by the regime (i.e. his launching of ballistic missiles). The message can be read as: “If he’s crazy and desperate, he can and will do anything”. However, there’s a huge difference between launching missiles and using the strongest, most deadly, and most internationally disapproved weapon(s) in his arsenal. Assad still has a functioning military, irregulars, and external help. This force is launching a number of counteroffensives now and Assad is not making a run for the hills.

Still, no one should discount the possibility of some type of chemical agent being used on a small scale to “Test the red lines” or accomplish other tactical tasks. Nevertheless, save for some cataclysmic collapse of the regime, I am hesitant to say Assad would use the weapons as an intrinsic part of a strategy to retake the country.

John Little: When the uprising started most expected the Syrian regime to have significant staying power and it has. However, we have seen a number of high profile defections, regime military installations are falling to the rebels, and Damascus is threatened. Where does the regime take it from here? Is their downfall now certain with only the timing and body count in question or is it still too early to tell?

Phillip Smyth: Assad’s downfall is an ongoing process–I believe that on the battlefield there may eventually be a major tipping point. This point has yet to be reached and the battle for supremacy in the country is currently a piecemeal one. The rebels lack game-changing tactics and weapons, are disparate, and still learning effective strategies. Assad is also continuing to hit back. Remember, Bashar’s father did not retain his position in the country through not building a working army capable of crushing dissent, a network of thugs, and duplicate intelligence agencies. Thus, Assad’s end–while coming into view–still requires a pair of high powered binoculars. Assad is in the battle to win, and right now we are still looking at a draw.

Body count is certainly a factor, but this too can go a few ways. Assad’s primary and most loyal fighting forces come from a minority group–his minority group–the Alawites. They understand the region’s zero-sum politics (there’s no such thing as “power sharing” and there will always be a dominant group and one or more under that group’s foot) and have tasted power; Their resolve to win or retain as much power as possible will be a hard nut for rebels to crack. There may come a time when Alawite mothers of sons, who continue to die in battle for Assad, become loud enough to affect change. Nevertheless, as with many Middle Eastern minorities, the communal survival mentality could and will likely override such sentiment.

The bigger issue is how many trained, loyal, and equipped fighters can and will Assad continue to throw into a multifaceted and geographically diverse front line? I expect that those numbers are not as high as Assad truly hopes for, but they are still strong enough to hold key strategic urban areas (such as Damascus, parts of Aleppo, and sections of Homs and Hama).

Assad’s viability also depends on what one defines as a “High profile defection”. None of Assad’s inner-Alawite circle of advisers or people in true power positions have left the regime or joined the rebels. This reflects the tightness of his ranks. Some have described Assad’s rule of Syria as reminicent of a mafia-don. It’s a bit more complicated and dependent on broader concentric and connecting circles of family, clan, sectarian, and business based loyalties. Hafiz Assad and Bashar both did a nice job cultivating links to and cutting in many urban Sunni bourgeois and like it or not, many of these links still exist, albeit at reduced levels.

I hate to continue statements which seem to push the narrative of sectarianism, but like it or not, it’s a reality. To which sect did “High profile defectors” Ryad Hijab (prime minister) and Manaf Tlas (general in the Republican Guard) belong? They are all Sunnis.

Additionally, Syria is awash with generals, so another “General’s defection” is hardly the equivalent of say Ulysses S. Grant joining forces with Robert E. Lee.

I also recall an article in the Arabic daily, Al Hayat from the summer of 2012. It discussed the “Highest ranking Alawite to defect”–Apparently, a leader of Assad’s air force intelligence special forces. His rank was not mentioned and he never gave his full name. He is just a small fry in a large pond of people actually running Assad’s show.

Regardless, it gives us some insight into the amount of security agency duplication found in Assad’s and even other dictatorial regimes. One force spies on the other, which spies on the one spying on it, which is spied on by another, which has 49 “commanding generals” who do little beyond sit at a desk and report on their juniors and seniors. At the end of the day, the Assad family and broader clan still run the show.

Howver, there’s no doubt in my mind that these defections did and continue to rankle a good number of Assad’s people in Damascus. Yet, those defectors are not leaders, per say. To paraphrase Alex Karras (Mongo) in Blazing Saddles, most of these “High ranking” defectors are, “Only pawn[s] in game of [the Assad regime's] life”.

So is Assad’s collapse a “Sure thing”? It’s certainly growing more possible and has been growing for a year. It is my contention that when Damascus falls, for all intents and purposes, so does Assad. He needs the capital city for ideological and social reasons. Without it, he’s just a former ruler-cum-warlord. Yet, even in that scenario, there’s the potential that he is still around controlling some chunk of territory. I just do not feel we are going to see a Libyan-style end a la Qaddafi in Sirte for Assad in Syria.

John Little: What options do you think Iran is considering as they contemplate a post-Assad Syria? They won’t have a lot of friends in the mostly Sunni opposition but inaction isn’t exactly an option for them – nor would it be expected.

Phillip Smyth: It really goes without saying that Syria is a strategic linchpin for Iran’s regional policy. The Iranians are doing their best to continue propping-up the Assad regime. Simultaneously, they are also creating sub-networks among their coreligionists (Syria’s Shia community); In much the same way they did in 1980s Lebanon and more recently in Iraq.

Iran has been rather public in their announcements that the Iranian Revolutionary Guard’s Quds Force is operating inside Syria. The same thing goes with Lebanese Hizballah, which has been reported guarding important Shia religious sites and fighting rebels in many locations. Iran is also ferrying Iraqi Shia fighters (from groups Iran helped create, like Asa’ib Ahl al-Haq and Kata’ib Hizballah, and from allies like Muqtada al-Sadr’s Liwa al-Yom al-Mauwud–formerly known as Jaysh al-Mahdi) into Syria. When Richard Engel was kidnapped, he reported his captors were Shia and they were trying to gain the freedom of pro-Assad/pro-Iran Lebanese Shia actors held by the Syrian rebels.

Thus, in a post-Assad Syria, it can be assumed Iran will attempt to draw the country’s Shia under their protective wing, likely creating proxy militias on the ground while backing any remnants of the Assad
regime.

At the outset, it would appear Iran is playing a strictly sectarian game and will not be able to draw any support from Syria’s Sunni majority. Many analysts argue Sunni sectarian anger against Iran and the Shia as a whole is too great. However, this neglects the region’s constantly morphing multi-polarity.

Iran has a lot of money, arms, and strong forces. In any coming Syrian anarchy, all militias on the ground will need capital and support–Even if it is covert. The Iranians will reach out to just about anyone who takes their hand. Many speak of the “Sunni-Shi’a split”. Unfortunately, they forget that Iran has made some incredible inroads among a variety of groups. Of course, not many Sunnis (especially now) would wish to publicly recognize they get support from Shia Iran, but they do.

At this moment, Syria has around 1000 militias. Post-Assad (and even now) they will all be fighting for a slice of the pie. In keeping with the Middle Eastern version of the “Golden rule”, Iran is “The one with the gold [who] makes the rules”.

A great example to look at regarding how Iran will inject itself and retain some level of presence in Syria, are their (often via Hizballah) moves in the predominantly Sunni, Tripoli, Lebanon.

For all of the talk about sectarian fighting (between Alawites and Sunnis) going down in Tripoli, there are quite a good number of Sunnis–especially militiamen–who are or have been on Hizballah’s payroll. Some of these fighters continue to battle the city’s Alawites (Hizballah’s allies), but due to their economic conditions, they can be called to fall in line when Hizballah asks them to.

In the past some have even been wooed over using the plea of “‘Islam’ must unify in the face of Western enemies and Israel”. This is the kind of ideological logic pro-Iranian Sunni Islamist groups, like Tripoli’s Tawhiid Movement, use (i.e. “Sunnis and Shia are both Muslims and should not fight each other, but the greater foes). Nevertheless, I am guessing such a strategy will only have a limited effect in the near-future.

Hizballah and their Iranian paymasters also are not simply calling for their Sunni proxies to battle other Sunnis or fight directly on the side of Hizballah. They work slowly, giving some of Tripoli’s poorer Sunnis a financial cushion and aid them in other ways. In that way, Iran slowly embeds itself into the community. The potential for Iran/Hizballah is that this builds a lot of long-term influence in key areas among groups of people who should despise them. I cannot see why they wouldn’t try the same thing in Syria.

Wars make strange bedfellows and sands can shift at a moment’s notice. In a Syria sans Assad, Iran’s influence will be diminished to a great extent. However, they will not cease their attempts to gain connections whenever or wherever they can.

John Little: What is your take on the more Machiavellian view held by some that it is in the West’s interest that this conflict enters a sort of long-term standoff where Assad remains weakened, but in control of his arsenal (especially his chemical weapons), and the conflict churns through the more radical parts of the opposition?

Phillip Smyth: I hold a mixed interpretation of that viewpoint. The war on the ground is devolving into what has been termed a “Spanish Civil War” style conflict. It would appear to many that it is counterproductive to jump in.

On the sidelines such a scenario may be a wonderful thing to watch: Assad, Al Qaida, and other radical Islamist groups beating each other senseless–It also couldn’t happen to a nicer collection of foes. However, the situation on the ground isn’t always that simple and often a sequence of events does not always play out how one may have hoped. Even in an environment pitting just radical Islamists against Assad–with both forces lacking any love for the United States–the risks are just as high as the benefits.

As of right now, despite the fact that radical groups are taking center stage and getting a lot of coverage, it doesn’t mean they make up the majority of the Syrian opposition. Watching from the stands may result (as it has in the past) in even more polarization. Such a situation would not be good for the U.S. or region in the long-run.

Radical Sunni Islamists have already demonstrated that no matter where they spring-up, they don’t stay put. They will continue to spread problems to the region around them, even if engaged in an ongoing conflict. Case in point: Jabhat al-Nusra, which was spun from a very busy Al Qaida in Iraq. It’s a fallacy to believe they will simply be sucked into the Syrian conflict and just wear themselves down. In fact, I’d say they’ll use the conflict like they tried to use Afghanistan or Iraq. Only, this time, they won’t be facing a high-technology enemy which can more effectively check their growth. They will sharpen their skills, expand in size, and may spread like a virus to neighboring areas.

Let’s say Assad starts to triumph over the disparate rebels and radical Sunni Islamists. We will then see an emboldened Iran. If Assad is left in place during a stalemate, the pro-Iranian set will be shaken, but won’t be out of the game. In that case we will have two radical anti-American foes in control of large chunks of the Levant. Sure, they would be fighting one another, but that does not mean they will cease their other activities in the region.

Remember, in the early and mid-1980s, when Iran was “Tied down” fighting Iraq, they still found enough time to build Hizballah, bomb the Marine Corps. barracks in Beirut, attack some embassies, and hijack a few aircraft. Just as the “War weary” Saddam Hussein–after almost a decade of fighting Iran–Invaded Kuwait.

I for one do not see a scenario like you describe really playing out. There are too many variables which would be immediate regional game-changers in such an environment. Who says Assad, after a few more months or years of brutal fighting, can really hold onto his strategic weapons? Can Assad really “Churn through” the radicals, or will the conflict resemble something closer to the Lebanese Civil War with internecine fighting and defacto cantons? It’s really impossible to know.

I would leave with this: The U.S. needs to tread carefully but realistically assess its interests. Do we want Iran to hold onto a link to the Mediterranean and Hizballah? I don’t feel we should. However, does this mean it would be acceptable to have Al Qaida managing swaths of territory in a strategic Middle Eastern country? Absolutely not. Thus,I don’t believe it would be very prudent to just let the two foes kick each other into oblivion. There’s too much room for something blowing-up in our faces.

There are many covert, more quiet, and cost-effective ways to affect change. Nevertheless, right now, the United States is sitting on its hands in near bewilderment with no real policy to speak of.

John Little: Can Russia remain relevant as Syria descends into chaos? Could they still possibly broker a political solution to this crisis or is it just too late to engineer a smooth transition of power?

Phillip Smyth: As early as summer 2012, we heard many calls that Russia was essentially irrelevant. This was mainly due to the fact that it was doing little more than equipping Assad and attempting to buy him some breathing space in the international community and with the rebels. Certainly, few consider Moscow to be an unbiased actor.

Recently, rebels (with Khatib) and Assad rejected Russian overtures–Overtures that I’m sure were little more than additional feet-dragging measures and likely seen by rebels as nothing more than bolstering for Assad’s position. The Russians will continue to throw out offers for peace talks, but the writing on the wall says that calls for “Political transition” will amount to very little.

Realistically, Moscow remains relevant insofar as how much backing they continue to offer for Assad. Nevertheless, one must consider who is pushing Russia as a potential peacemaker. Ironically enough, it’s the United States. For months the U.S. has been promoting a policy of using the Russians to establish a “Political compromise”. Will that policy work? No. Is there any hope for Russia to mediate a transition? It’s doubtful.

John Little: Russian foreign chief Sergei Lavrov recetnly warned that a protracted stalemate could lead to the breakup of Syria. Does that seem like a plausible outcome to you?

We’re already seeing the “Break-up” of Syria. When you have 1000 militias on the ground all holding different positions. If we thought 1985 West Beirut was bad, this will be worse.

However, it’s important to remember that Lavrov is using a narrative first honed in Damascus by Assad. It’s the typical pan-Arabist line which encourages autocratic-central governance over a diverse population while simultaneously threatening a potential break-up if any movement exists countering the aforementioned central authority.

Regardless, in terms of an officially recognized “Break-up” of Syria (i.e. an internationally recognized Alawi state/Kurdish state), my position is a mixed one. I believe that on a defacto level, in a post-Assad atmosphere, large chunks of Syria will be dominated by certain ideological, ethnic, and religious groups . We are already seeing what can be termed as “general autonomy” for Kurds in the northeast. However, it’s really up to how all factions decide to play these developments in the long-term.

Michael Ross was born in Canada and served as a soldier in a combat unit of the Israel Defence Forces prior to being recruited as a “combatant,” (a term designating a deep-cover operative tasked with working in hostile milieus) in Israel’s legendary secret intelligence service, the Mossad. In his 13 year career with the Mossad, Ross was also a case officer in Africa and South East Asia for three years, and was the Mossad’s counterterrorism liaison officer to the CIA and FBI for two-and-a-half years. Ross is a published writer and commentator on Near Eastern affairs, intelligence and terrorism. He is the author of The Volunteer: The Incredible True Story of an Israeli Spy on the Trail of International Terrorists. You can follow him on Twitter.

John Little: There are a few intelligence agencies with high profile headquarters and the CIA leads the pack in that regard. Mossad facilities have a much lower profile (outside of Israel at least). Can you talk a bit about the size and scope of the Mossad’s headquarters – and the environment?

Michael Ross: I am prohibited from disclosing the Mossad’s HQ actual location but it is convenient and well-situated to meet the needs of the organization. It has a very modern (but highly secure) university campus feel about it and the grounds and gardens are quite beautifully maintained. It is a sanctuary from the greater hustle and bustle of Israel. There are even works of sculpture by some renowned artists that adorn the landscape. It is quite self-contained with indoor shooting ranges, meat and dairy dining rooms (the Mossad is “kosher”), fully equipped fitness center and an outstanding gymnasium (where I used to play inter-mural basketball).

It’s not large given the small size of the organization but it is a busy place. The parking lots start filling up early and the lights are always burning at all hours somewhere in the complex. As with any top tier intelligence service with a global footprint, It never actually goes to sleep.

Also like other services, the really interesting activity is conducted off campus where specialized units are maintained in out-stations. The Mossad is very strict about compartmentation so operational personnel do not interact with the HQ component on the main campus. I was in the Mossad for about 7-8 years before I ever set foot in the main HQ campus.

John Little: So it sounds very different from many other agencies that rotate officers in and out of HQ assignments then?

Michael Ross: Very, we have no cubicles and people can, and often do, spend their entire careers overseas until retirement. Some come back to HQ after many years overseas to take up senior management roles. There is also a population of operational personnel that live in Israel but travel to assignments all over the globe on a regular basis and for many years.

John Little: Overall, how did you feel about your interaction with HQ when in the field? Complaints about disconnects and micromanagement are common in intelligence literature. Is life in the Mossad any different?

Michael Ross: One of the great axioms of secret intelligence services is the sniping that goes on back and forth between HQ and the field and the Mossad is not immune to this side of HQ-field unit interaction. Given our flatter bureaucracy and overall size (and compartmentation) there is probably much less of it but it does exist. We have also made significant headway in divesting ourselves of the embassy station system. This makes for a more fluid (and less hierarchical) management style less conducive to counter-productive turf wars.

When I was in the field we used to think that some HQ requests were unreasonable and did not take into account the reality of our working environment. When I was in HQ, I thought some of the people in the field were high-maintenance prima donnas, so it works both ways. One of my great lessons was that HQ always has the big picture in mind so I came to realize that my quibble with some strange tasking did not always take into account the fact that what I was doing was a piece of something much, much bigger.

Our organizational culture is based on our management layers being populated by people whose resumes contain many years of operational experience in the field. If you don’t go overseas, you don’t get promoted in the Mossad. This helps mitigate any HQ-field disconnect because the people giving you taskings and orders at HQ have been there, done that, and worn the t-shirt.

John Little: Was your time at headquarters a nice change of pace or a shock to the system? I can imagine the office politics and rigidity being a bit off-putting after someone has spent many years in the field.

Michael Ross: It was actually an environment that I never really embraced nor felt comfortable with. Suddenly there were all these protocols and yes, a certain degree of rigidity to the proceedings. I was also an unknown because I came from this highly compartmented existence (people serving in the Mossad who are not members of the unit have no idea what my former operational division, “Caesarea”, does in the field). One of the hardest parts of being in HQ however, was the reduction in pay given that being in the field includes all kinda of extra allowances.

So I suddenly show up and everyone pays you a much respect because you were a combatant in the flagship unit of the Mossad but they also say, “You have no clue how things work here, so you better get up to speed and quickly.”

I also realized that all my report writing, cable communication overseas, etc. were all now to be in Hebrew. Both Hebrew and English are official languages in the Mossad meaning you can use either one, but nobody is going to use English because nobody else does. I’m fluent in the language but having been under cover for several years, did everything I could to forget it. Now I’m in a milieu where the majority of people are highly educated native Israelis and the writing and communication standards are very high. When I was in the field, I did all my reporting in English (for obvious reasons).

Luckily, I was placed in a staff officers course right after entering HQ. It’s an advanced course that people wait years to get on and I was able to jump the queue because of my time in the field. Combatants achieve rank at an accelerated pace over their peers in other operational and support divisions and so I entered HQ with the equivalent military rank of Major and left as a branch head at the rank of Lieutenant-Colonel (the ranking is military equivalent as our salaries, benefits, and pension are indexed against the IDF).

It was a real education and I was able to work with some terrific people in the CIA and FBI but after 2.5 years, I could not wait to get back into the field as soon as possible. I don’t have a personality type that thrives in an overly structured environment. I also found the politics of working with the vast and Byzantine U.S. intelligence community frustrating. In retrospect I was probably better suited to working a liaison role with a country whose intelligence service has no diplomatic relations with Israel.

John Little: Were your options limited to domestic postings or liaison roles at that phase of your career? It sounds like, generally speaking, once you are called back to headquarters your operational work is done.

Michael Ross: Typically if you come from one operational division’s field component, you return to its HQ counterpart but I did something different and tossed myself into the deep end by joining a division that didn’t know me at all: The Liaison and Special Political Operations Division known as “Tevel” which is Hebrew for “World”. While liaison work seems cushy, it’s not at all and almost all my colleagues were former case officers or combatants. One of my colleagues was a deep cover combatant for many years and took part in the operation to assassinate Abu Jihad in Tunisia.

Some of my colleagues joined the HUMINT division so coming in from the field doesn’t necessarily ground you in any way. You can go back to a posting in the field almost immediately if you want.

The truth of the matter is that HQ doesn’t need more people to fill roles at the office. Support people can be hired fairly easily. What the Mossad always has in short supply are officers that can be deployed in the field under foreign cover. If you come from an operational background, there are always opportunities to go back out until you return take up a management role at HQ or retire.

John Little: So what was a typical day like for you at headquarters? Was it a constant grind of 16 hour days and layers of bureaucracy to navigate or different?

Michael Ross: It started with 05:30 wake-up to beat traffic and a 45 minute commute to the office where I’d hopefully score decent parking.

Days at work in the office started by reading cable traffic from our Washington station (always entertaining) and meetings both internally and with our liaison partners from either the local CIA station or FBI Legatt (but never at the same time!).

As the CT liaison officer to the U.S. IC, I was constantly exchanging material and data on terrorists and their targets with both agencies, but a huge part of my job was dealing with attack alerts. Israel and the U.S. are main focal points of every potential terror attack on one of our many missions, schools, and military installations worldwide. A source report of an impending attack on a U.S. target would have me coordinating the transfer of said warning to my U.S. counterpart together with our CT division and the division responsible for the source of the warning. I’d call the CIA station on the “STU” (secure telephone unit) connecting the station with Mossad HQ. Together, we’d make sure that all the relevant security functions knew about the warning, it’s viability, and any other relevant intelligence. It was a fast-paced, dynamic position where delay could cost lives. I greatly enjoyed working with my American counterparts and I think it was mutual. Beyond terror attack alerts, we worked on joint operations, exchanged delegations on many mutual subjects and basically kept the relationship on track. I especially remember the period where the U.S. embassies in Kenya and Tanzania were attacked. Not only was I involved in helping the U.S. immediately after the attacks, I represented the Mossad as part of the CIA team that captured some of the main players in Baku in 1998 (based on our intelligence provided to the CIA). That was a “full circle” moment when I realized how important and powerful liaison relationships can be between two top tier services working together.

I normally worked a 12-14 hour day, but if the terrorist attack threats were coming thick and fast (either sourced by us or from CIA sources) I’d be dealing with them at all hours. It’s ironic, but when I was living under deep cover, I got way more sleep than I did when I was working in HQ. After doing this job, was it any wonder I couldn’t wait to get back to the field?

This is about “a day” at the Central Intelligence Agency Headquarters Building. In the following piece, I will attempt to shed light on what an average day might look like for someone who is on rotation at Headquarters. Before you become disappointed, this isn’t about the Jason Bourne’s, James Bond’s or Jack Ryan’s of the intelligence world. The Central Intelligence Agency is housed on a compound in the Washington Metropolitan Area (WMA) located in the middle of some of the worst traffic areas (it gives the 405 in Los Angeles a run for its money) and most diverse populations in the country. If you are interested in a career in the National Clandestine Service, expect to spend a few years at Headquarters, which will include very long days, a never ending cycle of priorities and the joy of everyone in the area intent on playing “spot the spook” with everyone they encounter. Mix that in with a career destined to stress the family out from the inevitable home time interruptions and limited days off.

I was a Paramilitary Officer in Special Activities Division (SAD) of the National Clandestine Service (NCS). I spent all of my time in the NCS and my experience with other Directorates comes from my many interactions and projects with them. I spent some time in the Iran Operations Division, Information Operations Center, and National Resources Division but the majority of it was in SAD. Special Activities Division is an amazing place to work because, not only is it full of professional and mission focused Officers, those Officers exude the same code of ethics and camaraderie (but on a higher level since these Officers, with few exceptions, are picked from the best this country has to offer) that I missed since departing the Military. My time there was a blur of hard work, great people, constant internal/external pressure, and far more travel than I did while in the military.

The Agency houses some of the most intelligent and hard-working people, but even those premier Officers can’t escape a case of the “Mondays”. These Intel Officers attempt to protect US citizens and national interests (often times in spite of the bureaucracy that pretends to guide it) at a great personal sacrifice of personal time, social life, and public acknowledgement of their service. The truly amazing work of the CIA is as humbling as it is frustrating since you are constantly battling between effective mission completion, the Teamster style legal team that constantly looks over your shoulder, management, the ever evolving interests and focus of Congress and Senate (oversight and funding), and finance who dash your hopes of ever getting your operation off the ground if the decimal places don’t line up. The paramount responsibility is always the safety of your fellow Officers as well as that of the agents who risk their lives (and many times that of their families) to provide HUMINT in order to fill the intelligence gaps designated by the National Intelligence Estimate (NIE).

On any given day the random Intelligence Officer wakes up before the club crowd gets to bed so he/she can get to the office before traffic and the Agency parking lot tempts them to request a mental health day. The awe of passing through the gates of the George Bush Center of Intelligence (a unique government building and living history museum rolled into one) quickly fades when one looks for one of the few remaining parking spots in the back 40 of the immense Agency compound. After the cross country trek to your office in the bowels of the Agency’s Old (or new) Headquarters Building and finally sitting at your desk in one of the endless cube farms, a sinking feeling, that your emails and morning meetings will result in 18 to 20 hours of work that needs to be crammed into the next 8-10 hours, quickly settles in. All of this happens while prepping for your upcoming TDY. You open your email and find that while you were spending the precious few hours with your family, others were diligently typing more than 50 priority emails that require your immediate attention (aside from those patronizing – you’re a good kid – ones from the ODNI). While deep in your latest mental rant about being tasked with something that is actually handled by another office, you mentally calculate which would take longer: explaining the actual process to the one tasking you AND the office that should do it, or just doing it yourself. The meeting results in task changes to many of the items you completed yesterday and adds a few management fires which easily puts your day at about 22-24 hours of actual work, including the paperwork, constant emails and instant messages needed to clarify and re-clarify your tasks, requests, responses, trip plans, and remaining meetings. After your seventh meeting and 63rd email, you realize that you missed your window to eat lunch by 2 hours and the resultant hunger delusions make you rationalize with yourself “its ok, you can just leave early since you didn’t spend your mandated 30 minute lunch time eating”.

After grabbing something from one of the many vending machines that adorn every floor of the building, you rush off to meet with someone from another office that may have some vetting info for one of your cases. On the way there you run into an Officer from another office who needs to ask you a few questions regarding one of his cases and get your thoughts on a request he needs to route for some resources your office controls. You finally finish and get to the intended office only to see your “contact” leaving. Chasing him down is the only option so off you go until you catch up and lay out your needs. A colleague from your office catches up to you and indicates that something has come up and a meeting has been called which you need to attend. An hour later you appear with new tasking to head a planning group which in two days, can have an effective rough draft of a plan that can be briefed to senior management in case the new potential hotspot becomes an actual. This involves pulling other Officers from their schedules, requesting information on resources, planning logistics and searching for assets in a location that hasn’t been dealt with in quite some time due to its low key, low priority status from the NIE and congressional funding. It is now 5 o’clock and you realize that if you leave now, you might be able to sit down and eat while your family sits in front of their already cleared places at the dinner table but that won’t happen because your boss calls your office in for a “quick” meeting to brief the results of his meeting with the Group and Branch Chiefs.

The quick meeting lasts about 45 minutes and concludes with immediate taskers for you to reach out to the field and other Divisions in order to coordinate some changing priorities. A renewed sense of urgency drives you to jump right in because these changes relate to a case you have been working on for several months which, until now, looked to be stagnating. You finally conclude your last instant message conversation and send your last email. You log off with a sigh, a stretch and begin to walk out when you hear “have a good night” from your boss’ office. When you peek around the corner he is typing emails and checking off items on what looks to be a very long list. You then realize he is going to be there for a few more hours. You say good night and walk out the door, then past security and out into the dark. It is then that you realize it is after 8pm. Cell phones are not authorized in the building and because you were either on the phone or away from your desk basically the entire day, you have had no contact with home. As you begin the drive home, you are sure that all you will get when you try to explain why is the all too familiar rolling eyes.

Cheer up though… its only Wednesday!!!

Military Ethics Twitter Course

We’re getting ready to start our electives period at the Command and Staff College, where I have the good fortune of teaching 17 Majors, Lieutenant Commanders, and GS-14s about military ethics. The course runs 10 sessions over five weeks, and as I’ve been preparing I had one of those ‘flash of the obvious’ moments:

I love teaching. I love military ethics. I love twitter.

Would it be possible to combine the three? I honestly don’t know, but I figure we might as well take a crack at it.

Here’s what I propose:

1.  You can see a readings list at Twitter Military Ethics Course. Very graciously, @khanserai has created a googledocs that has the readings for the first couple of weeks. For the others, you’re smart; you can find them. If you have better ideas for readings, videos, etc., lemme know and I’ll update. Nothing like crowd sourcing learning!

2.  I intend to loosely mirror the same pace as my seminar course, which means we’ll cover 2 topics per week. Unlike seminar, we’re not constrained by a two-hour window. We’ll have roughly 3 days to develop our thoughts (in 140 character chunks!).

3.  All are welcome. Come and go as you please.

4.  I’ll post a brief backgrounder on this blog at the start of each topic to kick things off. Then I’ll tweet specific learning points and questions with the hashtag #METC. All you need to do is follow along and ask me questions or give your thoughts on the questions I ask. Just make sure to use the hashtag #METC so everyone catches it. I’ll do my best to storify conversation threads as we go.

5.  Since I’ve never done this before, I expect there will be a pretty sharp learning curve. Apologies in advance for whatever I mess up; please let me know how I can help make it more productive for you! Always remember: you get what you pay for.

6.  There will be an honor grad. There will be an honor grad prize. That is all I have decided so far.

Any questions? Hit me up at @johnsonr. Here are the general windows for each topic:

Class 1: Introduction to Professional Military Ethics (January 21-23, 2013)

Class 2: Moral Dilemmas (January 24-26, 2013)

Class 3: Motivating Moral Behavior (January 28-30, 2013)

Class 4: Setting the Command Climate (January 31-February 2, 2013)

Class 5: Moral Development (February 4-6, 2013)

Class 6: Targeted Killings (February 7-9, 2013)

Class 7: Emerging Issues – Unmanned Systems (February 11-13, 2013)

Class 8: The Stoic Warrior (February 14-16, 2013)

Class 9: Responding to the Command Climate (February 18-20, 2013)

Class 10: Ethical Fitness (February 21-23, 2013)

February 25, 2013 GRADUATION!!!

Just to start, no I wasn’t there. I wasn’t even in DC on 30 December 2009 when Humam Khalil Abu-Mulal al-Balawi blew himself up taking the reported 7 Americans and 1 Jordanian and 1 Afghan with him.

I was in San Diego for the holidays, visiting family. I remember getting up and coming downstairs to make coffee for myself. Then I must have checked my phone and saw the news.

My mind raced, as I’m sure anyone whose life has been directly tied to the last 10 plus years of war does anytime news like this comes out. Who do I know OCONUS? Who can I call or text? Where can I get the most recent info? Can I get back to Langley to help in any way?

I have known of fellow agents getting injured or killed on duty. The hard part for me was this was a different kind of experience at that time. I never served in the military, so I missed that terrible experience of being just that close to something you can’t directly help or affect change upon.

I felt, and quite literally was, useless at that time. I can’t begin to imagine what those on the ground, in country and back at Langley actually felt. A few hours after I first read the news I was able to get a cryptic SMS back from a colleague who let me know that no one close had been injured or killed in the attack.

A lot has been written, mostly by fellow former Intelligence Officers who likely have years of experience on me, and as equally should know better, about what led to Balawi’s successful suicide attack that day in Khost. You can search online to see the various run downs of who was or was not following tradecraft, or who should or should not have been Chief of Station. My goal is not to try and armchair quarterback anything. Swept up in the craziness that must have been a surging tide of “what if” the Officers on the ground and back at Headquarters pushed to make that meeting happen. Sometimes you push too hard, and chances are those are the times some crazy person will try to blow you up. The term “perfect storm” comes to mind.

This being the 3rd anniversary of this terrible event, I just wanted to share what I took away from everything.

I only knew one Officer killed at Khost, very peripherally. Elizabeth Hanson was a Targeting Officer (officially titled Specialized Skills Officer – Targeting). Very simply, her job was to look for leads to piece together detailed information related to HUMINT targets of interest. I always thought of it as looking for that one piece of thread to pull, that when pulled it unraveled the whole sweater. Balawi was that piece of thread; at least that was the idea.

I went through recruitment at the Agency at a time of flux for Headquarters based officers (HBOs). In fact, I was hired as a Targeting Officer (SSO-­T), but by the time I entered on duty and drove to the back reaches of the Purple lot, I was a Headquarters Based Trainee (HBT).

Like most things in a huge bureaucracy, titles matter. Networking is hugely important in an Agency career and although it seems counter intuitive, its even more important as a headquarters based officer. I found that conversations with new acquaintances usually began with a short bio. What did you do before coming to the Agency? Where are you from? Then always ended up with: What are you? Meaning, what sort of Officer are you. Imagine the fun that could be had by knuckle-­dragging Paramilitary Officers when they ask that last question and were given the response of, “I’m an HBT”…which was followed by a quick deafened response of “HVT!” (high value target). Laughter ensued.

By now quite a few former Agency Officers have detailed recruitment and training, and have even spoken of the rotations that new officers do within headquarters. For the HBT’s, soon to be HBO’s, we did similar rotations, with a certification course related to our final job selection coming right before being home-based in an office.

As part of networking and building a so called “Hall File”, or reputation, the National Clandestine Service’s HR department (HRS) advised us to attend sponsored “brown bag” lunches. These were usually informal (if your idea of informal is crowding into a conference room, in a bad suit eating your Subway sandwich purchased at the Agency Subway counter all the while sitting next to a Group Chief who is talking about how great their office is) events that were used to introduce prospective home-­basing officers to an office, as well as share general information about an office or operation that was being talked about at length.

HRS also pushed the idea of more seasoned HBO’s creating individual mentoring groups for the Staff Operations Officers, Targeting Officers and Collection Management Officers. These were a rotating peer mentoring group that had the goal of helping new HBO’s find their way through the bureaucracy. Sometimes they helped calm nerves, or make introductions to offices of interest, or just shared stories about their jobs. From my memory, I met Elizabeth Hanson at one of these peer meetings for Targeting Officers. I only put it together after meeting one of her former certification instructors during my SOO certification. For whatever reason the Targeting Officers had the more active peer-­?mentoring group at Langley.

Elizabeth Hanson kept a small plaque with a meaningful quote on it at her desk. I know this because I had the same head instructor as her during my certification phase as a SOO. At graduation this instructor related Elizabeth’s story to us, and then tearfully gave us all the same small desk plaque with quote. She asked us to think on the quote and what it meant to us, and to live our lives and careers the way Elizabeth did hers. Its funny, the quote itself is less meaningful than the gesture through someone’s grief at losing a friend.

When onboarding with the Agency, going through initial orientation, class instructors like to try and demystify the Agency for new employees. It would seem obvious that most of us, even when approaching the job with open eyes, have bought into at least some of the romanticism and mystique that surrounds life at the CIA, especially life working under some sort of cover. Maybe it’s for that reason, romanticism, that I’ve held onto my memory of that day at graduation. I find meaning in remembering our fallen colleagues, who right or wrong, gave of their lives in pursuit of something bigger than themselves.

I’ve taken to trying to honor those fallen in some meaningful way. At this point in my Federal career, there isn’t much I can do directly. Instead I choose to think about other fallen colleagues, even those I never worked with directly. I also try and get out and do something meaningful to me. Today I’ll be out honoring the fallen nine by pushing myself through the Crossfit Hero WOD “The Seven”. I do it every year, and the plaque still sits on my desk at work. Always there to remind me what I would attempt if I had no fear of failure. Egging me on to push through the fear.

• Jennifer Lynne Matthews CIA officer, chief of base (Age 45)
• Harold Brown Jr CIA officer (Age 37)
• Elizabeth Hanson CIA officer (Age 30)
• Darren LaBonte CIA officer (Age 35)
• Scott Michael Roberson CIA officer (Age 39)
• Dane Clark Paresi Blackwater Worldwide (Xe) (Age 46)
• Jeremy Wise Blackwater Worldwide (Xe) (Age 35)
• Al Shareef Ali bin Zeid Jordanian intelligence official (Age Undisclosed)
• Arghawan Security director at the base (Age Undisclosed)

Dr. Johnson is Associate Professor of National Security Affairs at Marine Corps University’s Command and Staff College. Prior to joining the faculty in 2009, she taught at The Georgetown Public Policy Institute at Georgetown University and the School of International Service at American University. Dr. Johnson has spoken on topics related to military ethics across the services in the United States and at service schools abroad. She has published numerous articles and book chapters and is currently writing a book on emerging trends in military ethics. Her most recent work, “The Wizard of Oz Goes to War: Unmanned Systems in Counterinsurgency” is forthcoming in Strawser (ed.) Killing by Remote Control: The Ethics of an Unmanned Military. You can follow her on Twitter.

John Little: Let me start by saying that Blogs of War will never knowingly be the launching point for a leak of classified information – no matter how big the scoop. I consider protection of classified information to be a patriotic duty even if one is not directly tasked with that responsibility. At the same time it is impossible to ignore the fact that anyone who discusses or studies intelligence is able to do so, in large part, because of a long history of unauthorized disclosures. Once a story drops in a major publication the damage can’t be undone or minimized. The information is distributed too quickly and too widely. Given that, what responsibility do ordinary Americans, commentators, and journalists have after the initial disclosure?

Rebecca Johnson: I agree whole-heatedly that protection of classified information is everyone’s responsibility – even those who aren’t in direct government service. American lives and missions really are at stake, and it will be a cold day in hell before I do something I know could sacrifice either. I’m not persuaded by the argument that once information is leaked it’s too late to minimize damage. That may be true, but to me, it’s irrelevant. Journalists and government sources both have their own missions and motivations for what they do. I can’t do anything about what brings classified information into the public realm. I can – and must – accept responsibility for my own actions. That means my sharing of classified information (because even if it’s leaked, it’s still classified), puts me not only on the wrong side of the law, but on the wrong side of my duty to work to make the country more secure. People know I work in national security are more likely to take what I share as actual US policy. I think I have to be more careful than analysts who aren’t related to the government or regular private citizens. They might not read a specific story in the paper, but if I share what I consider to be the ‘important bits’, then I’m highlighting the potentially most damaging elements of the leak for anyone to see. I won’t do free work for enemies of the United States. I know they’re perfectly competent to identify the damaging parts of leaks themselves, but again, I’m not responsible for them. I’m only responsible for me.

Ordinary Americans have a responsibility as well. Everyone knows (but often forget) not to telegraph troop movements. Posting on Facebook that you can’t wait to see Tommy when he gets back from Afghanistan next week may not violate federal law, but it’s not the smartest thing to do. Americans also have a responsibility to be involved and communicate their opinions to the government. Here, I would simply caution that leaked classified information by definition gives only a very small part of the picture. Taking one leak and using it to indict some facet of US policy is shortsighted and sure to be inaccurate. Here, I would encourage folks to give a story time to develop, turn to a multitude of sources from different perspectives, and keep their eyes focused on what’s really important – the strength of the country, not scoring partisan or personal points.

John Little: But patience and careful consideration are in short supply. Is there a way to introduce a common ethical framework back into this arena (as opposed to a purely legal one) when it looks like the dysfunctional relationship between media and social media exhibited in the Sandy Hook School shooting is the new norm? The notion of personal responsibility doesn’t exactly appear to be on the rise either.

Rebecca Johnson: If they’re in short supply, then it’s probably a good idea to practice more! I just don’t buy this line of argument. The people working the issues are the ones generating the classified material to begin with; they don’t magically see it for the first time once it’s leaked (very often, at least!). It’s the public — and primarily those of us who work in this area, but maybe not a specific issue directly — who want to know what’s happening on the ‘high side’ and create a lot of the churn following a leak. I am a true believer in our particular system of democratic governance but I couldn’t care less about feeding personal egos or people’s desire to be ‘in the know’. There are times when people claim disclosure is in the name of democratic transparency, but what they really mean is that it’s in the name of advancing their particular agenda or sense of personal entitlement. Anyone who’s in this business to be the center of the ‘look what I know’ universe would be better served just staring in a mirror all day. It would be far more helpful for everyone.

I see Sandy Hook differently, primarily because we’re not talking about national security and classified information. It does, however, highlight both sides of social media – important information is shared quickly and efficiently, but the impulse people (not just journalists) have to be the one who shares the information first resulted in the wrong man being accused of a horrific crime in a very public, terribly painful way. Did he find out that he was accused of mass murder on twitter before or after he learned that his brother had killed his mom and 26 other people on Facebook? That is the very real cost of social media and citizen journalism. In terms of a common ethical framework, I would suggest the following (and I’m speaking here to your basic user of social media – I’ll leave journalism ethics to the professionals):

• Sourcing in everything. If you don’t know the credibility of a source, ask before you share. If that takes you extra time, oh well. If you’re not in a position to be breaking news, it probably doesn’t matter if you’re 15 minutes behind the curve. No one will remember you weren’t first out of the box tomorrow, and it could spare you from looking like a complete jackass if you share something that turns out to be wrong.
• Ask yourself what good would come from sharing a particular piece of information. If you’re just piling on, or potentially exposing someone’s (or the country’s) vulnerability, maybe don’t RT. When big stories break there is a group dynamic that takes over that motivates people to share more than they should. If you lack the judgment and impulse control to moderate what you share on social media, then really – REALLY – take the time to practice developing that skill. It will serve you well in life.
• Remember that no one really cares what you think anyway. You honestly don’t have to vocalize every single thing you know or suspect to be true. I’m active on social media, so I won’t pretend to be immune to this temptation, but there seems to be a sense in which people use social media to feed self-importance. Folks who follow me on twitter know I tweet all sorts of irrelevant nonsense. It’s actually intentional. I ain’t all that, and chances are, you ain’t either. Get over yourself. You don’t have to share what you know. You certainly don’t have to let yourself get caught up in a story as it’s developing if you lack the skills to moderate yourself effectively. Just stop.
• Do you want to be right, or do you want to be effective? There are all sorts of baiters lurking on social media trying to draw people into saying something they shouldn’t. You don’t have to correct every knucklehead who gets a story wrong. Really. Work your issues and let stupid take care of stupid. It can be stomach churning to watch stories build in a direction I know to be wrong, but that’s life. People would do well to remember why they’re on social media to begin with and not let one-off distractions compromise their larger goals.

John Little: Lastly, do you think we are doing enough to prepare incoming public servants and soldiers with the burden that comes with having access to sensitive information in an environment that also encourages persistent personal broadcasting?

Rebecca Johnson: This is a great question. No. This is true of both PERSEC and OPSEC. Every day for a month I had Facebook recommend that I friend an individual whom I’ve never met but who serves in a Cabinet level position in the current administration. Finally I friended the individual (who — *sniff* — has yet to accept my friend request) and posted a courtesy message on my wall that whichever of my friends who knows the principal may want to have a gentle conversation about privacy settings. If this is the level of security for senior leaders, imagine the lack of preparation and accountability at more junior levels. I have found myself correcting my own students numerous times for PERSEC issues on social media, and my students are seasoned professionals.

In terms of OPSEC, most service members are pretty good at keeping quiet on things they shouldn’t discuss; here I would say the breakdown comes not in preparing people not to leak classified information, but in reminding people that there is a lot of open source material that still should not be shared – at least by them. Since DOD changed its policy on the use of social media, each of the services has adopted guidelines and operating procedures, but these tend to be communicated by Public Affairs Officers, rather than by commanders or small unit leaders. I’ve had the good fortune of working with leaders who embrace social media rather than run from it, and that definitely helps in building a culture of responsible social media engagement. Still, I know this isn’t the norm.

In the military, familiarity on the part of unit leaders with what social media is and the general common sense prudential rules for how to leverage it goes a long way to training subordinates in responsible practices. I’m not saying leaders should be monitoring their people’s twitter feeds; I’m saying that familiarity puts leaders in a better position to actually lead in this area. In civilian organizations (including DOD) where there is a mix of career public servants and political appointees, it can be harder to get everyone on the same page in terms of what’s appropriate to share. I’m less familiar with what individual agencies do to regulate social media use on the part of their employees, but I would suggest that the obligatory “these views do not represent” disclaimer people cram into their profile is not enough.

Banning or over-regulating the use of social media is obviously not the answer either; it’s a fact of life and has the ability to make us all better at what we do. For me, it comes down to responsible engagement. My boss likes to say that we have two ears and one mouth for a reason – so we will listen twice as much as we speak. When it comes to social media I’d push it even further. We have two ears, two eyes, and one mouth. We’d all do better to stay on receive mode and be judicious in when and why we shift into transmit.

For the country’s premier intelligence agency, the Central Intelligence Agency sure seems to be airing copious amounts of laundry (fresh and dirty alike) as of late. According to press reports it’s drones, Bin Laden movies, and DCIA affairs, Oh My!

As a former Officer of both the National Clandestine Service and Directorate of Science and Technology, I cringe every time I read an article about the Agency. Usually it’s for a variety of reasons, however, lately it is over minor easily corrected journalistic errors.

Employees of the CIA’s National Clandestine Service (formerly the Directorate of Operations or Human Intelligence side of the Agency) are Officers of one sort or another. They are not agents, or operatives. They can be Operations Officers (Core Collectors is another name), the main recruiters and handlers of the actual agents. In that category are a small number of Paramilitary Operations Officers (PMOO’s), Air Operations Officers (AOO’s) and likely a few others I’ve forgot now. Alongside the deployed OO’s there are Collection Management Officers (CMO’s), also called Reports Officers.

Within the NCS there are also another group, and I admit it becomes even more confusing as the Agency itself seems to change these names on an intermittent basis. This group is the Headquarters Based Officers (HBO’s), which break down into Staff Operations Officers (SOO’s), to the variety of Specialized Skills Officers, Specialized Skills Officers – Targeting (or Targeters) and headquarters based CMO’s.

While the above may seem confusing it would seem that journalists, who’s careers are based on detailed research and analysis should be able to avoid inaccuracies by looking at a few places online. First, the CIA.gov website provides career opportunities to include a description of each and how to apply. A second option is any of the major beltway contractors that supply security clearance wielding talent to the Agency. In fact, I’ve seen more detailed descriptions of my previous positions on contractor websites than on the Agency itself (ah um).

Keep in mind that just covers a small section of the Agency. I haven’t touched on the DS&T who have Technical Operations Officers (now called Technical Intelligence Officers), Technical Targeting Officers, Engineers and a whole host of others and I won’t even begin with the Directorate of Intelligence. I guess I could wing it like so many reporters but I am not an idiot so I won’t.

To learn more about the host of job titles, responsibilities and levels of management at the agency one simply needs to check out the infamous Ishmael Jones’ memoir “The Human Factor” for that fun bit of government service. Although I take a lot of it with a grain of salt, and am not overly fond of the manner in which it was published, Jones gives a depressingly accurate portrayal of the Rubix Cube that is Agency management. This would have been an excellent primer for reference in light of the recent coverage that I’ve been reading regarding a mysterious Agency heroine that seems to have had a major role in the final tracking and removing of Osama Bin Laden.

Washington Post contributor Greg Miller writes about this Agency officer (see, its so easy! I called her what she is, an Officer. You can too yah hacks, I mean journalists!) in a December 10, 2012 article on the upcoming Zero Dark Thirty film. The main thrust of Miller’s article is about a seemingly combative Officer who followed through on a hunch about Bin Laden’s courier network, leading to his ultimate face shooting by US forces on May 2nd, 2011. Along the way it appears other Agency Officers disagreed with her insistence on couriers being the in to Bin Laden.

First, after having worked in the same Agency I find it completely plausible that this Officer was blocked and sidelined by more senior (in pay grade and likely age) Officers. Secondly, but as important as the first, I find it extremely unlikely that she was the only person that thought tracking the communication networks was a good idea. I can recall, quite clearly, this theory being referenced during recruitment and training: Tracking communication networks just makes sense.

I can’t help but smile at the Targeting Officer’s response to seeing the others named on the mass internal email about their Agency awards. Like any other office environment, the “reply all” is a common equivalent to storming out of a meeting with middle fingers raised high. Nothing says, “shove it!” like blasting everyone and their Security Officer (another group of Officers I forgot! Directorate of Support/Office of Security and hey, the CIA does actually have Agents, of the protective variety. The CIA Office of Inspector General also has agents, except their agents are “special”) with a reply all on some of the most secure (and archived) intranet servers in the nation (nothing made me laugh more than calling out with a confused “What does Conficker mean?” every time I logged onto my computer) . I would have to intuit that this was also a response to her not receiving her GS-­?14 promotion.

Yes, promotions. This is a truly secretive and mysterious bit of Agency business. It is not too often that you’ll read about CIA salaries and pay grades. Why is that? This Targeting Officer was apparently passed over for her promotion panel, which would have bumped her from a GS-­?13 to a GS-­?14. Though it seems like a minor detail, my time in the NCS showed me how an Officer’s promotion potential was directly attributed to the title next to their name. Most specifically, those Officers with anything other than OO (or CO) in their job description had one hell of a time busting through the GS-­?13 ceiling. According to another “Inglorious Amateur”, this ceiling is doubly vexing if the Officer is female. Suzanne Kelly of CNN did an interesting article related to the challenges female Officers face, serving in the Intelligence Community. This issue seems to be heating up even more in the news, thanks to a new found interest, positive or negative, in Agency based fiction.

As an example, shortly before leaving the NCS I took part in a specialty certification course which entailed a lot of writing, reporting, guiding, spooky agency stuff and practicing lock picking while listening to lectures in a conference room (it was either the lock picking or play with the toys they had on the tables to keep from dozing off) for hours. It just so happens that a 2 to 4 hour block (seemed like an eternity) of instruction on the promotion potential of a Headquarters Based Officer career track took place shortly before graduation. According to the instructor, the Director of NCS (D/NCS) detailed him to conduct a study of how many SOO’s the Agency had, and how they were being promoted through the NCS. Needless to say, the results were hysterically abysmal so much so that I distinctly remember wondering why the D/NCS would actually let this Officer give a lecture based on his findings. From the looks on my groups’ faces, it was definitely not good for morale.

Basically, he results of the study seemed to indicate that NCS SOO’s (one could extrapolate that it could incorporate all HBO’s) seemed to top out at the GS-­?13 level. Most reached this level after 5 to 7 years on the job, which the vast majority hanging out in the GS-­?12, which was reached at 2 to 3 years after onboarding. Of course the female officers seemed to have a bit of a harder time promoting to that same ceiling. The Officer told us that the best it seemed we could hope for would be to aspire to become a Deputy Branch Chief. It is hard to express exactly what this means without going into detail on the structure of the Divisions and Centers in the NCS, but let’s just say it’s a bit like telling Dwight Schrute (of The Office TV show) that he will never move past his position of Assistant to the Branch Chief (hell its almost the same thing, actually!).

We also learned that no HBO’s had made Group Chief, Chief of Station, and there were no HBO’s represented in the Senior Intelligence Service (SIS, executive level employees, or, the Mandarins that Ishmael Jones refers to in his book).

The NCS is an organization run primarily by Operations Officers. It’s apparent, from day one that OO’s are held in higher regard. If for no other reason than the vast majority of those running the NCS are OO’s, or some other Officer that has been through “The Farm” or otherwise “Ops Certified”. They hold themselves in higher regard because of their title; it seems, regardless of their production or work product under said title. The NCS has also created the HBO type positions based on an antiquated need to find jobs for Operations Officers who would not or could not return to the field. These HBO positions appear to have also come into being because of a need to find jobs for Agency spouses. There were at least two spouses turned Targeting Officers in my orientation class when I started. I also got a nice lecture from an Agency spouse turned HRS (or Human Resources) Officer about finding my wife a suitable job doing administrative work when I went looking for advice on how to make our recent move to DC work. Pay no mind to the fact that my wife had a very successful job in the tech industry, making more money than I did as an Agency HBO!

All that said, I give a big thumbs up to this Targeting Officer. A big thumbs down to lazy journalists and film directors (yes, I’m talking to you Katheryn Bigelow! I saw the preview for the movie referring to the heroine as an Analyst). I find it sad that so much is made over this movie when, as Agency Officers we drudge on knowing we face a disingenuous society and a media that shows nothing but contempt for those that attempt to ensure their right to free speech. At least care enough to get our job titles right when you are trying to expose our identities and drag our patriotism through the mud.

10. Ramadan Shallah: Leader of Palestinian Islamic Jihad. His low ranking is because he’s a weak terrorist leader but still has plenty of blood on his petite doll-like hands.

9. Samir Kuntar: Druze member of the PLF in Lebanon who murdered an Israeli policeman, Eliyahu Shahar, 31 year-old Danny Haran, and Haran’s 4-year-old daughter, Einat Haran, whom he killed with blunt force against a rock and for indirectly causing the death of two-year-old Yael Haran by suffocation, as her mother tried to quiet her crying while hiding from Kuntar. In November 2008, Syrian president Bashar al-Assad presented Kuntar with Syria’s highest medal.

8. Mahmoud al-Zahar: Founding father of HAMAS and considered a hard line hawk, even by HAMAS’ standards

7. Mohammed Deif: Commander of HAMAS’ Izz ad-Din al-Qassam Brigades. That’s reason enough.

6. Ali Moussa al-Daduq: Senior Hezbollah advisor captured in Iraq while acting on Iran’s behalf and responsible for the killing of U.S. military personnel in southern Iraq.

5. Ahmed Abu Khattala: Leader of the Benghazi-based Ansar al-Sharia group closely involved in the September 11 assault that killed four Americans including ambassador Christopher Stevens.

4. Hassan Nasrallah: “Secretary-General” of Hezbollah.

3. Hamid Arabnejad: Managing-Director of Mahan Air, the Iranian regime’s airline tasked with ferrying weapons/explosives, IRGC-QF personnel, and mayhem all over the world.

2. Qassam Soleimani: Head of Iran’s IRGC-QF. That’s more than enough reason.

1. Bashar al-Assad: How many lives could have been saved by rubbing out this man Christopher Hitchens once famously dubbed, “The human toothbrush”. Sic Semper Tyrannus.

Michael Ross was born in Canada and served as a soldier in a combat unit of the Israel Defence Forces prior to being recruited as a “combatant,” (a term designating a deep-cover operative tasked with working in hostile milieus) in Israel’s legendary secret intelligence service, the Mossad. In his 13 year career with the Mossad, Ross was also a case officer in Africa and South East Asia for three years, and was the Mossad’s counterterrorism liaison officer to the CIA and FBI for two-and-a-half years. Ross is a published writer and commentator on Near Eastern affairs, intelligence and terrorism. He is the author of The Volunteer: The Incredible True Story of an Israeli Spy on the Trail of International Terrorists. You can follow him on Twitter.