Havana and the Globa

EXPERT OPINION — More than 200 U.S. officers have been hunted around the globe and targeted by an adversary using a mysterious weapon that causes permanent brain injury. It’s time to get serious about fighting back.

The Authors:

Paul Kolbe served for 25 years in the CIA’s Directorate of Operations. He is currently Director of the Intelligence Project at Harvard Kennedy School’s Belfer Center for Science and International Affairs.

Marc Polymeropoulos worked for the CIA for 26 years. He is author of “Clarity in Crisis: Leadership Lessons from the CIA.

John Sipher worked for the CIA’s clandestine service for 28 years. He is now a nonresident senior fellow at the Atlantic Council and a co-founder of Spycraft Entertainment.

Prior to 9/11, al Qaida declared war on the United States, bombed the USS Cole, and blew up U.S. embassies in Nairobi and Dar es Salam. Despite heavy casualties, America viewed successive al Qaida terrorist attacks as somehow unique, not representative of a larger threat or state of war. We went about our business and failed to take hard action against al Qaida despite clear warning. Our failure to respond forcefully led to 9/11 and the two decades of war that followed.

Fast forward to today.  Since 2016, more than 200 U.S. officials have reportedly suffered from a mysterious series of symptoms which have caused long-lasting, debilitating injuries. Suffering from searing headaches, vertigo, vision impairment, and nausea, many victims have been formally diagnosed with traumatic brain injuries (TBI) at the Walter Reed National Military Medical Center and other leading hospitals. Family members and young children have suffered as well. Some medical tests can now confirm the markers of brain injury, similar to those suffered by victims of concussive injuries in Iraq and Afghanistan.

These injuries began with a cluster of reports from Cuba in 2016 and have become commonly referred to as Havana Syndrome. Moscow, Vienna, Belgrade, and Hanoi are among more than a dozen cities where U.S. officials reportedly have been attacked and injured. In residences, on the street, in vehicles, and even at secure U.S. facilities, U.S. officers are being hunted. Stunningly, even a close aide to CIA Director Bill Burns was reportedly attacked on a trip to India just this past August.

The CIA, after a period of confusion, delay, and even denial at times, now appears to take these threats very seriously. CIA Director Burns and Deputy Director David Cohen have publicly stated that U.S. officials are being “attacked.” They have improved health care for CIA officers who are hurt. And an agency task force is hard at work trying to obtain additional intelligence on those responsible. We credit Director Burns for his solid leadership.

The cause of these injuries? The National Academy of Sciences has pointed to Directed Energy Weapons – devices which emit microwave pulses which can inflict pain and damage tissue. The United States, Russia, China, and others have all developed Directed Energy Weapons to destroy equipment, counter drones, and control crowds. This is not science fiction.

Directed energy weapons would account for the highly directional and locational nature of these incidents. When victims can “move off the x,” the signature sounds, sensations, and pain that goes with the attacks often stop, though damage has already occurred. The amount of exposure seems to affect the degree of injury. Other technologies could be at play and are being investigated, but microwaves appear to be the most likely vector. Russia has used them before, flooding the U.S. Embassy in Moscow with microwave radiation for decades.

Regardless of form, the weapons being used in these attacks are nothing less than weapons of terror, designed to cause injury to non-combatants. Who would use such a weapon to attack U.S. intelligence officers, diplomats, and military personnel, and to what conceivable end?

The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.

CIA Deputy Director Cohen stated at a recent intelligence summit, that the U.S. was closer to identifying the culprit, and Politico has reported that members of the Senate Intelligence Committee are increasingly convinced that Russia or another hostile adversary is behind the attack, although reportedly, no smoking gun has been found.

As former CIA operations officers with extensive experience dealing with both counterterrorism and counterintelligence issues, we have few doubts about who will be named as the culprit. For at least a decade, Russia has conducted itself as in a state of conflict with the West in general and the United States in particular. Russia has launched cyberattacks impacting critical infrastructure and supply chains, assassinated opponents with nuclear poisons and chemical weapons, gunned down people in the streets using criminal proxies, sabotaged a Czech ammunition depot, and mounted a violent coup attempt in Montenegro. It has also bombarded the U.S. embassy in Moscow with microwave radiation and used carcinogenic “spy dust” without regard to health effects. The attacks on U.S. officials would fit this pattern of behavior.

We recognize that it is important to let the intelligence community do its job and its findings must inform policy action. Congress and the administration must work together to formulate a range of possible responses and it is not too early to begin. As Senator Collins and others have stated, these attacks are “an act of war,” and as such, preparation for a future attribution call by the national security establishment is in order. So how could the U.S. respond?

Let’s start with what doesn’t work – sanctions. Sanctions feel good and satisfy an action imperative but they are feckless. Sanctions have not stopped Russia from killing dissidents, halted the Nordstream II pipeline, compelled a pull back from occupied territories, reduced support for tyrants, or hindered oil and gas production. Sanctions have simply forced Russia to develop more creative money laundering and sanction circumvention mechanisms.

So, what would work? For starters, we must understand that the Putin regime considers itself in a state of conflict with the U.S., short of war, but nonetheless deadly real. We are dealing with a state sponsor of terror which conducts operations across the globe to weaken the U.S. abroad, divide it from its allies, and sow discord at home. Our policy must be calibrated to win this conflict, without sparking a shooting war, but at risk of one.

Russia understands reciprocity and strength. When four Russian diplomats were kidnapped by extremists in Beirut in 1985, and one of them was killed, Russia reportedly responded by kidnapping and gruesomely killing a relative of the group’s leader. The surviving diplomats were released immediately. The story may be apocryphal, but it does illustrate the Russian approach. Tempting as it may be for America to retaliate tit for tat, we need not mirror Russia’s actions. Instead, we should play to our greater economic, diplomatic, and military advantages.

We offer five elements to frame a response: enlist U.S. allies, expand forward deterrence, limit the adversary’s reach, choke off money, and bring those accountable to justice.

NATO: With proof of the attacks on U.S. officials, we should activate NATO’s Article Five collective defense clause. The only other time this was enacted was after 9/11. As justification, in addition to the Havana Syndrome attacks, (which also caused Canadian casualties), we would include GRU and FSB assassination operations across Europe, deadly sabotage in the Czech Republic, a coup attempt in Montenegro, persistent cyberattacks, and a litany of other actions that can only be described as irregular warfare directed against NATO members.

Go beyond the headlines with expert perspectives on today’s news with The Cipher Brief’s Daily Open-Source Podcast.  Listen here or wherever you listen to podcasts.

Forward Presence: A crystal clear signal that we understand the nature of Russian hybrid warfare and are responding would be to enhance our deployed military presence in Poland, the Baltic States, and in the Black Sea region. These units would pose no offensive threat to Russia but would be a clear signal that the U.S. is prepared to counter any Russian shenanigans. We should also significantly ramp up our lethal aid and training to the Ukraine, where the nature of Russian aggression is well known. Weakness in Eastern Europe is an invitation to conflict.

Travel and Presence: We should drastically limit Russian business and tourist travel which is being used as cover for FSB and GRU operations. We would reduce Russian diplomatic presence in each capital to the bare minimum – handfuls not hundreds. American and European counterintelligence experts believe there are more Russian intelligence officers operating from embassies than during the Cold War. Limiting the size of Russia’s espionage infrastructure will complicate the planning and execution of all of its intelligence operations.

Finance: A key tool in counterterrorism operations is the ability to target sources of finance which constitute material support to terrorism. In this case, we would apply that principle to the Russian government, state enterprises, and individuals who provide cover, tools, and sources of funding to Russia’s campaign to undermine the West with violence, terror, and media manipulation. Russia’s dirty money has been used to undermine the west and poison our politics. We should limit the easy access of shady money to western banks.

Criminal Cases: We need bring war crime cases to the International Court of Justice (ICJ) in the Hague. Following a decade of conflict in the Balkans, the ICJ brought to justice 161 indicted Serbian, Croatian, and Bosnian war criminals. This was an astounding success – a manhunt which included American and European law enforcement and intelligence services. Just as in Nuremberg after World War II, these actions to hold war criminals accountable drew a line in the sand.

This is a start.  Successive Democratic and Republican administrations have pursued Russia policies which represent the triumph of hope over experience. We have treated the symptoms of malign Russian actions rather than the underlying pathology. It is now time to finally acknowledge that we are in a long-term hybrid conflict and forget the fantasy of changing Putin’s behavior. Only a new regime in the Kremlin would hold the hope of bringing about a change in actions. Eventually, the Putin regime will wither or collapse, but until it does, we and our allies must do a better job of defending ourselves.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The post Havana and the Global Hunt for U.S. Officers appeared first on The Cipher Brief.

Chris Inglis and the

Chris Inglis’ new White House office has a startup feel to it. There are desks, a few chairs, a coffee maker and a poster hanging on the wall.  But as the head of the newly established Office of the National Cyber Director, Inglis has to make due with what he has while still advising President Joe Biden on the smartest ways for the US to prevent and respond to cyberattacks.

Inglis has already had numerous conversations with the president, who has made clear that the government has a role to play in the defense of the private sector and in assisting the private sector in defending critical infrastructure.  And the president knows, says Inglis, that means the government needs to get its own cyber house in order. 

But like any real startup, Inglis’ resources are scarce.  More than three months after being confirmed by the Senate, he still doesn’t have the full staff he needs to take on his timely and critical mission.  That’s because the funding for his office – some $21 million, part of the $1 trillion infrastructure bill making its way through Congress – is still stuck in the political spin cycle.  Why does it matter?

“The threat is greater than I can ever remember,” Inglis told me during last month’s AFCEA and INSA Intelligence & National Security Summit in National Harbor, Maryland. “The audacity, the brazenness, the thresholds that have been crossed at every turn; we’re in a difficult place.”

While he’s waiting for Congress to act, he says he’s spending about fifty percent of his time defining his role, being careful not to duplicate the work already being done by other agencies and departments, while spending another fifty percent building relationships that will be important later.  Eventually, he’s expected to have a staff of some 75 people who will be expected to work hand in glove with CISA, the National Security Council’s cyber staff, the OMB and others.  The remaining fifty percent of his time, Inglis jokes, is spent figuring out how to attract the country’s best talent.   

“People are starting to flow into the organization. I’m confident that we’re coming up to a breakout moment, not for the National Cyber Director, but the contribution that we can and should make. I’m sobered by the nature of the challenge, I’m optimistic we can make a difference.”

Optimistic he is.  And he’s not even complaining about being given a critical task for US national security and then having to wait for politics to play out before being able to act on it.

“It has been a semi-silver lining in that we would not have had time to think about how we want to apply the resources coming our way.”

While Inglis has been waiting, he and his small team have had time to think about the four things they’d like to focus on right away. 

First, is streamlining the roles and responsibilities in government of who handles what when it comes to protecting the public and private sectors from cyberattacks.  He also spoke during his confirmation hearing about the importance of allocation of resources and while the Office of the National Cyber Director doesn’t have the authority to move money, it does have what Inglis calls the responsibility to account for cyber money.

“One of the most critical gaps in cyber is that the physical digital infrastructure is not built to a common standard. The executive order related to this requires that within a certain amount of time we have to install basic procedures like multifactor authentication and encryption of stored material. That is a challenge and a potential vulnerability for us. We need to make sure that we make these investments necessary to buy down the lack of investment for years.

The second gap is in talent related to number of people required to occupy these jobs. It’s not simply the folks with IT or cyber in their name, but general cyber awareness. There is some expenditure of resources of time, attention, and money to get awareness right on the part of the truly accountable parties like agency and department heads. We have to make sure they don’t see cyber as a cost center, but an enabler on the part of all the users as they understand what their roles are and what the accountability is.

He admits there is still a level of education needed within government to get there.

That is usually the case in both the government and the private sector,” he said.  “We need to think this way about cyber and invest in cyber so that we can enable the mission, not hold it back. I think that education is the most important and effective way to handle this. Then, it is to make sure that the accountability is aligned and harmonized. We tend to take risk in one place and expect someone in another place to be the mitigator of a risk they don’t understand was taken in the first place. We need to operate in a collaborative fashion and get away from divisions of effort which are an agreement not to collaborate and allow adversaries to pick us off one at a time.”

Inglis says that unity of effort must start at home.  “The executive order issued in May has begun to lay out common expectations about the hardware, software, and practices that we need to begin in those spaces,” he said.  “Externally, if we have sector risk management agencies who engage the private sector for the purposes of supporting and engaging the critical components of that infrastructure, we need to make sure you don’t need a Ph.D. in government to know who to deal with and what you’re going to get from them.”

He is arguing for the government to also put ‘valuable material’ on the table.  “That could be our convening power,” said Inglis. “We could perhaps address and reduce liability or give companies a clue as to what might be around the corner because the government has access to exquisite intelligence. If that setup is possible, we also need a venue where collaboration takes place. Information doesn’t collaborate, people do.”

Inglis likes to point to the example of CISA and the Joint Cyber Collaborative.  “They put people from the private sector and the public sector side by side to co-discover threats that hold us at common risk. That project sets up the possibility of implicit collaboration in what we then do with that common operational picture. The government could take ideas that private sector companies turn into proprietary systems and enrich and classify them to deal with it in their system.”

Using what he calls “all the tools in the toolkit,” Inglis also notes the importance of international relationships, which fits nicely into the White House’s International Summit on Ransomware last week in Washington, which zeroed in on tighter cryptocurrency standards, among other things. “Beyond the Five Eyes, what do other like-minded nations think about what is expected behavior in this? What are governmental actions that are appropriate,” he asked.  

Inglis has been an active participant in the president’s recent actions in cyber.  He took part in a White House meeting with tech leaders in August that was hosted by President Biden, who Inglis says, spent the first hour sharing his vision about how the country should focus on collaborative integration.  “The companies represented weren’t only companies like Microsoft and Apple, but people who operate in the critical infrastructure space,” said Inglis.  “The people component, educators, were represented reflecting the president’s view that cyberspace is not just technology, it is also the people component. They are a major link in the chain, and we need to get the roles and responsibilities right.”

While he’s waiting for the funding he needs to get his office fully staffed, Inglis said he’s also putting thought into reconciling resources with aspirations.  Managing expectations is going to be important.  Frustration has been growing for years over what some see as a lack of government response to some of the largest hacks in history.  The phrase ‘time and place of our choosing’ as a definition of response has grown old and some Americans are weary of a government that isn’t responding in a more public way to the beating it sees the US taking in cyberspace.

So, I asked Inglis whether there should be red lines in cyber.

“Red lines are both good and bad,” he answered.  “They are clear and crisp, and everybody knows what they are. The downside is that because of that, an adversary knows exactly how far they can go. It means that you set up a somewhat permissive environment. Red lines also don’t have context; sometimes there is a reason that a defender would make the ransomware payment. As a matter of policy, the U.S. government does not pay ransomware, but I imagine there will be a situation at some point where a hospital is against the Russian state and actual life and safety is at risk. If there is no other way to get the material back, in order to get back in the business of saving lives, they would want to rethink if a red line is a red line in that particular situation. I think the right thing to do here is not to establish hard thresholds of things with scripted responses, but outline what we are prepared to defend and what principles we will exercise in defense of those things. We commit to defending the private sector when it is held at risk by a nation state in cyberspace as much as in the kinetic space and make that clear to adversaries. I think that would be more helpful in changing decision calculus and creating a useful ambiguity about when and where we will come in.”

Inglis said he’s also thinking a lot about present and future resilience.  It’s a worthwhile focus, given that the White House estimates that nearly half a million public and private sector cybersecurity jobs are currently unfilled. 

“That is a massive problem,” said Inglis. “However, the more insidious problem is that the 320 million people in the United States who use the internet who have no idea how to properly take their place on the front lines of this issue. There is an awareness issue that requires us not to make Python programmers out of them but to make sure they understand the nature of this space.”

Everyone has heard the old saying that time is money, but in Inglis’ case, time is security so I asked him point blank whether he thought government was moving has quickly as it should on the cyber problem.

“Government is moving at speed; the question is if it is at the necessary speed. I don’t think anyone is moving at the necessary speed. Some are moving at light speed, but at the end of the day, we need an integrated, collaborative approach. While we won’t have unity of command, I think there needs to be a universally felt sense of urgency so that we will all get our heads in the game.”

Congress, are you listening?  Oh, and by the way, that poster in Inglis’ office? It reads, ‘Hours Since the Last Surprise.”

As a startup with maybe too few resources at the start and who often didn’t understand how all the wickets are run, we have our occasional surprise,” said Inglis.  “When we encounter those surprises and go to someone with the deep and sharp expertise to help us navigate that, we get what we need. However, we are not a full functioning, full featured, fully capable organization yet. We’re trying to build somebody else’s airplane while we’re free falling from our own. We have a parachute, and we can land safely, but it is a bit of a challenge at times.”

Find out more about why experts like former NSA Director General Keith Alexander (Ret.), Mandiant CEO Kevin Mandia and others have joined The Cyber Initiatives Group, powered by The Cipher Brief

Read more expert national security insights, perspective and analysis in The Cipher Brief

The post Chris Inglis and the Gathering Cyber Storm appeared first on The Cipher Brief.

AI and the IC: The T

Corin Stone, Washington College of Law

Corin Stone is a Scholar-in-Residence and Adjunct Professor at the Washington College of Law.  Stone is on leave from the Office of the Director of National Intelligence (ODNI) where, until August 2020, she served as the Deputy Director of National Intelligence for Strategy & Engagement, leading Intelligence Community (IC) initiatives on artificial intelligence, among other key responsibilities. From 2014-2017, Ms. Stone served as the Executive Director of the National Security Agency (NSA).

(Editor’s Note: This article was first published by our friends at Just Security and is the third in a series that is diving into the foundational barriers to the broad integration of AI in the IC – culture, budget, acquisition, risk, and oversight.)

OPINION — As I have written earlier, there is widespread bipartisan support for radically improving the nation’s ability to take advantage of artificial intelligence (AI). For the Intelligence Community (IC), that means using AI to more quickly, easily, and accurately analyze increasing volumes of data to produce critical foreign intelligence that can warn of and help defuse national security threats, among other things. To do that, the IC will have to partner closely with the private sector, where significant AI development occurs. But despite the billions of dollars that may ultimately flow toward this goal, there are basic hurdles the IC still must overcome to successfully transition and integrate AI into the community at speed and scale.

Among the top hurdles are the U.S. government’s slow, inflexible, and complex budget and acquisition processes. The IC’s rigid budget process follows the standard three-year cycle for the government, which means it takes years to incorporate a new program and requires confident forecasting of the future. Once a program overcomes the necessary hurdles to be included in a budget, it must follow a complex sequence of regulations to issue and manage a contract for the actual goods or services needed. These budget and acquisition processes are often considered separately as they are distinct, but I treat them together because they are closely related and inextricably intertwined in terms of the government’s purchasing of technology.

Importantly, these processes were not intended to obstruct progress; they were designed to ensure cautious and responsible spending, and for good reason. Congress, with its power of the purse, and the Office of Management and Budget (OMB), as the executive branch’s chief budget authority, have the solemn duty to ensure wise and careful use of taxpayer dollars. And their roles in this regard are vital to the U.S. government’s ability to function.

Unfortunately, despite the best of intentions, as noted by some in Congress itself, the budget process has become so “cumbersome, frustrating, and ineffective” that it has weakened the power of the purse and Congress’ capacity to govern. And when complicated acquisition processes are layered on top of the budget process, the result is a spider web of confusion and difficulty for anyone trying to navigate them.

The Need for Speed … and Flexibility and Simplicity

As currently constructed, government budget and acquisition processes cause numerous inefficiencies for the purchase of AI capabilities, negatively impacting three critical areas in particular: speed, flexibility, and simplicity. When it comes to speed and flexibility, the following difficulties jump out:

  • The executive branch has a methodical and deliberate three-year budget cycle that calls for defined and steady requirements at the beginning of the cycle. Changing the requirements at any point along the way is difficult and time-consuming.
  • The IC’s budgeting processes require that IC spending fit into a series of discrete sequential steps, represented by budget categories like research, development, procurement, or sustainment. Funds are not quickly or easily spent across these categories.
  • Most appropriations expire at the end of each fiscal year, which means programs must develop early on, and precisely execute, detailed spending plans or lose the unspent funds at the end of one year.
  • Government agencies expend significant time creating detailed Statements of Work (SOWs) that describe contract requirements. Standard contract vehicles do not support evolving requirements, and companies are evaluated over the life of the contract based on strict compliance with the original SOW created years earlier.

These rules make sense in the abstract and result from well-intentioned attempts to buy down the risk of loss or failure and promote accountability and transparency. They require the customer to know with clarity and certainty the solution it seeks in advance of investment and they narrowly limit the customer’s ability to change the plan or hastily implement it. These rules are not unreasonably problematic for the purchase of items like satellites or airplanes, the requirements for which probably should not and will not significantly change over the course of many years.

However, because AI technology is still maturing and the capabilities themselves are always adapting, developing, and adding new functionality, the rules above have become major obstacles to the quick integration of AI across the IC. First, AI requirements defined with specificity years in advance of acquisition – whether in the budget or in a statement of work – are obsolete by the time the technology is delivered. Second, as AI evolves there is often not a clear delineation between research, development, procurement, and sustainment of the technology – it continuously flows back and forth across these categories in very compressed timelines. Third, it is difficult to predict the timing of AI breakthroughs, related new requirements, and funding impacts, so money might not be spent as quickly as expected and could be lost at the end of the fiscal year. Taken together, these processes are inefficient and disruptive, cause confusion and delay, and discourage engagement from small businesses, which have neither the time nor the resources to wait years to complete a contract or to navigate laborious, uncertain processes.

Engage personally with experts on Artificial Intelligence and national security  at The Cipher Brief Threat Conference October 24-26.  If you are an actively working in the national security field, we invite you to apply to attend.  Seats are limited.  

Simply put, modern practices for fielding AI have outpaced the IC’s decades-old approach to budgeting and acquisition. That AI solutions are constantly evolving, learning, and improving both undermines the IC’s ability to prescribe a specific solution and, in fact, incentivizes the IC to allow the solution to evolve with the technology. The lack of flexibility and speed in how the IC manages and spends money and acquires goods and services is a core problem when it comes to fully incorporating AI into the IC’s toolkit.

Even while we introduce more speed and agility into these processes, however, the government must continue to ensure careful, intentional, and appropriate spending of taxpayer dollars. The adoption of an IC risk framework and modest changes to congressional oversight engagements, which I address in upcoming articles, will help regulate these AI activities in the spirit of the original intent of the budget and acquisition rules.

As for the lack of simplicity, the individually complex budget and acquisition rules are together a labyrinth of requirements, regulations, and processes that even long-time professionals have trouble navigating. In addition:

  • There is no quick or simple way for practitioners to keep current with frequent changes in acquisition rules.
  • The IC has a distributed approach that allows each element to use its various acquisition authorities independently rather than cohesively, increasing confusion across agency lines.
  • Despite the many federal acquisition courses aimed at demystifying the process, there is little connection among educational programs, no clear path for IC officers to participate, and no reward for doing so.

The complexity of the budget and acquisition rules compounds the problems with speed and flexibility, and as more flexibility is introduced to support AI integration, it is even more critical that acquisition professionals be knowledgeable and comfortable with the tools and levers they must use to appropriately manage and oversee contracts.

Impactful Solutions: A Target Rich Environment

Many of these problems are not new; indeed, they have been highlighted and studied often over the past few years in an effort to enable the Department of Defense (DOD) and the IC to more quickly and easily take advantage of emerging technology. But to date, DOD has made only modest gains and the IC is even further behind. While there are hundreds of reforms that could ease these difficulties, narrowing and prioritizing proposed solutions will have a more immediate impact. Moreover, significant change is more likely to be broadly embraced if the IC first proves its ability to successfully implement needed reforms on a smaller scale. The following actions by the executive and legislative branches – some tactical and some strategic – would be powerful steps to ease and speed the transition of AI capabilities into the IC.

Statements of Objectives

A small but important first step to deal with the slow and rigid acquisition process is to encourage the use of Statements of Objectives (SOO) instead of SOWs, when appropriate. As mentioned, SOWs set forth defined project activities, deliverables, requirements, and timelines, which are used to measure contractor progress and success. SOWs make sense when the government understands with precision exactly what is needed from the contractor and how it should be achieved.

SOOs, on the other hand, are more appropriate when the strategic outcome and objectives are clear, but the steps to achieve them are less so. They describe “what” without dictating “how,” thereby encouraging and empowering industry to propose innovative solutions. SOOs also create clarity about what is important to the government, leading companies to focus less on aggressively low pricing of specific requirements and more on meeting the ultimate outcomes in creative ways that align with a company’s strengths. This approach requires knowledgeable acquisition officers as part of the government team, as described below, to ensure the contract includes reasonable milestones and decision points to keep the budget within acceptable levels.

The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.

New Authorities for the IC

Two new authorities would help the IC speed and scale its use of AI capabilities: Other Transaction Authority (OTA)  and Commercial Solutions Openings (CSO). Other Transaction Authority allows specific types of transactions to be completed outside of the traditional federal laws and regulations that apply to standard government procurement contracts, providing significantly more speed, flexibility, and accessibility than traditional contracts. While OTA is limited in scope and not a silver bullet for all acquisition problems, OTA has been used to good effect since 1990 by the Defense Advanced Research Projects Activity (DARPA), DOD’s over-the-horizon research and development organization, among others.

CSOs are a simplified and relatively quick solicitation method to award firm fixed price contracts up to $100 million. CSOs can be used to acquire innovative commercial items, technologies, or services that close capability gaps or provide technological advances through an open call for proposals that provide offerors the opportunity to respond with technical solutions of their own choosing to a broadly defined area of government interest. CSOs are considered competitively awarded regardless of how many offerors respond.

Both OTA and CSO authority should be immediately granted to the IC to improve the speed and flexibility with which the IC can acquire and transition AI into the IC.

Unclassified Sandbox

The predictive nature of the IC’s work and the need to forecast outcomes means the IC must be able to acquire AI at the point of need, aligned to the threat. Waiting several years to acquire AI undermines the IC’s ability to fulfill its purpose. But with speed comes added risk that new capabilities might fail. Therefore, the IC should create an isolated unclassified sandbox, not connected to operational systems, in which potential IC customers could test and evaluate new capabilities alongside developers in weeks-to-months, rather than years. Congress should provide the IC with the ability to purchase software quickly for test and evaluation purposes only to buy down the risk that a rapid acquisition would result in total failure. The sandbox process would allow the IC to test products, consider adjustments, and engage with developers early on, increasing the likelihood of success.

Single Appropriation for Software

DOD has a pilot program that funds software as a single budget item – allowing the same money to be used for research, production, operations, and sustainment – to improve and speed software’s unique development cycle. AI, being largely software, is an important beneficiary of this pilot. Despite much of the IC also being part of DOD, IC-specific activities do not fall within this pilot. Extending DOD’s pilot to the IC would not only speed the IC’s acquisition of AI, but it would also increase interoperability and compatibility of IC and DOD projects.

No-Year Funds

Congress should reconsider the annual expiration of funds as a control lever for AI. Congress already routinely provides no-year funding when it makes sense to do so. In the case of AI, no-year funds would allow the evolution of capabilities without arbitrary deadlines, drive more thoughtful spending throughout the lifecycle of the project, and eliminate the additional overhead required to manage the expiration of funds annually. Recognizing the longer-term nature of this proposal, however, the executive branch also must seek shorter-term solutions in the interim.

A less-preferable alternative is to seek two-year funding for AI. Congress has a long history of proposing biennial budgeting for all government activities. Even without a biennial budget, Congress has already provided nearly a quarter of the federal budget with two-year funding. While two-year funding is not a perfect answer in the context of AI, it would at a minimum discourage parties from rushing to outcomes or artificially burning through money at the end of the first fiscal year and would provide additional time to fulfill the contract. This is presumably why DOD recently created a new budget activity under their Research, Development, Test and Evaluation (RDT&E) category, which is typically available for two years, for “software and digital technology pilot programs.”

AI Technology Fund

Congress should establish an IC AI Technology Fund (AITF) to provide kick-starter funds for priority community AI efforts and enable more flexibility to get those projects off the ground. To be successful, the AITF must have no-year funds, appropriated as a single appropriation, without limits on usage throughout the acquisition lifecycle. The AITF’s flexibility and simplicity would incentivize increased engagement by small businesses, better allowing the IC to tap into the diversity of the marketplace, and would support and speed the delivery of priority AI capabilities to IC mission users.

Go beyond the headlines with expert perspectives on today’s news with The Cipher Brief’s Daily Open-Source Podcast.  Listen here or wherever you listen to podcasts.

ICWERX  

To quickly take advantage of private sector AI efforts at scale, the IC must better understand the market and more easily engage directly with the private sector. To do so, the IC should create an ICWERX, modeled after AFWERX, an Air Force innovation organization that drives agile public-private sector collaboration to quickly leverage and develop cutting-edge technology for the Air Force. AFWERX aggressively uses innovative, flexible, and speedy procurement mechanisms like OTA and the Small Business Innovation Research and Small Business Technology Transfer programs (SBIR/STTR) to improve the acquisition process and encourage engagement from small businesses. AFWERX is staffed by acquisition and market research experts who are comfortable using those authorities and understand the market. While the IC’s needs are not identical, an ICWERX could serve as an accessible “front door” for prospective partners and vendors, and enable the IC to more quickly leverage and scale cutting-edge AI.

De-mystify Current Authorities

While there is much complaining about a lack of flexible authorities in the IC (and a real need for legal reform), there is flexibility in existing rules that has not been fully utilized. The IC has not prioritized the development or hiring of people with the necessary government acquisition and contracts expertise, so there are insufficient officers who know how to use the existing authorities and those who do are overworked and undervalued. The IC must redouble its efforts to increase its expertise in, and support the use of, these flexibilities in several ways.

First, the IC should create formal partnerships and increase engagement with existing U.S. government experts. The General Services Administration’s Technology Transformation Services (TTS) and FEDSIM, for example, work across the federal government to build innovative acquisition solutions and help agencies more quickly adopt AI. In addition, DOD’s Joint AI Center has built significant acquisition expertise that the IC must better leverage. The IC also should increase joint duty rotations in this area to better integrate and impart acquisition expertise across the IC.

Second, the IC must prioritize training and education of acquisition professionals. And while deep acquisition expertise is not necessary for everyone, it is important for lawyers, operators, technologists, and innovators to have a reasonable understanding of the acquisition rules, and the role they each play in getting to successful outcomes throughout the process. Collaboration and understanding across these professions and up and down the chain of command will result in more cohesive, speedy, and effective outcomes.

To that end, the Office of the Director of National Intelligence (ODNI) should work with the many existing government acquisition education programs, as well as the National Intelligence University, to develop paths for IC officers to grow their understanding of and ability to navigate and successfully use acquisition rules. The ODNI also should strengthen continuing education requirements and create incentive pay for acquisition professionals.

Third, the IC should prioritize and use direct hire authority to recruit experts in government acquisition, to include a mix of senior term-limited hires and junior permanent employees with room to grow and the opportunity for a long career in the IC. Such a strategy would allow the IC to quickly tackle the current AI acquisition challenges and build a bench of in-house expertise.

Finally, practitioners should have an easily accessible reference book to more quickly discover relevant authorities, understand how to use them, and find community experts. A few years ago, the ODNI led the creation of an IC Acquisition Playbook, which describes common IC acquisition authorities, practices, and usages. The ODNI should further develop and disseminate this Playbook as a quick win for the IC.

Incentivize Behavior

To encourage creative and innovative acquisition practices, as well as interdisciplinary collaboration, the IC must align incentives with desired outcomes and create in acquisition professionals a vested interest in the success of the contract. Acquisition officers today are often brought into projects only in transactional ways, when contracts must be completed or money must be obligated, for example. They are rarely engaged early as part of a project team, so they are not part of developing the solutions and have minimal investment in the project’s success. Reinforcing this, acquisition professionals are evaluated primarily on the amount of money they obligate by the end of the fiscal year, rather than on the success of a project.

Therefore, to start, project teams should be required to engage acquisition officers early and often, both to seek their advice and to ensure they have a good understanding of the project’s goals. In addition, evaluation standards for acquisition officers should incorporate effective engagement and collaboration with stakeholders, consideration of creative alternatives and options, and delivery of mission outcomes. If an officer uses innovative practices that fail, that officer also should be evaluated on what they learned from the experience that may inform future success.

Lastly, the ODNI should reinvigorate and highlight the IC acquisition awards to publicly reward desired behavior, and acquisition professionals should be included in IC mission team awards as a recognition of their impact on the ultimate success of the mission.

Conclusion

Between the government’s rigid budget and acquisition processes and confusion about how to apply them, there is very little ability for the IC to take advantage of a fast-moving field that produces new and updated technology daily. Tackling these issues through the handful of priority actions set forth above will begin to drive the critical shift away from the IC’s traditional, linear processes to the more dynamic approaches the IC needs to speed and transform the way it purchases, integrates, and manages the use of AI.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

 

The post AI and the IC: The Tangled Web of Budget and Acquisition appeared first on The Cipher Brief.

Glossing Over in Gla

NEW YORK, Nov 19 (IPS) – A week has gone by since COP 26 with 197 Parties ended in the Scottish city of Glasgow on extended time last Saturday. Climate change which covers wide array of issues affecting all living beings engaged the people around the world for COP 26 in a way never experienced since COP1 was held in Berlin in 1995.

Read the full story, “Glossing Over in Glasgow – Some Thoughts on COP26”, on globalissues.org

How to Avoid Cold Wa

EXPERT PERSPECTIVE — A meeting – albeit virtual – between President Joe Biden and Chinese President Xi Jinping finally happened.  It was a cordial and reportedly candid exchange that hopefully cooled some of the tension between the U.S. and China.

President Biden captured the essence of the meeting with his concern that this tension “does not veer into conflict, whether intended or unintended.”  President Xi said, “China and the U.S. need to increase communications and cooperation” and “respect each other and coexist in peace.”

It’s hard to believe that in 1979, when formal U.S. – China diplomatic relations were established, Chinese President Deng Xiaoping looked to the U.S. as the country that would provide the investment, technology, and unlimited access to our best universities.  And the U.S. didn’t disappoint.  Investment and sophisticated technology flowed to China, with hundreds of thousands of Chinese students enrolling in our universities.  Strategic bilateral cooperation initially contributed to the defeat of the Soviet Union in Afghanistan, with joint efforts to address international terrorism and nuclear proliferation.

So, during the span of forty-two years, relations have gone from close economic and strategic cooperation to a concern about conflict, intended or unintended.  Understandably, scholars will spend considerable time analyzing what went wrong. 

What is important now is that U.S. – China relations move in a more positive direction.  That tension over China’s aggression against Taiwan, the militarization of islands and reefs in the South China Sea, internment camps for Uyghurs in Xinjiang, the national security law in Hong Kong that suppresses democratic protests and the theft of intellectual property all must be candidly discussed by our diplomats and leaders to avoid misunderstanding and accidental conflict.

President Biden said Washington continues to have a “one China” policy and “opposes unilateral efforts to change the status quo.”  President Xi reportedly said, “Beijing will take decisive measures if the pro-Taiwan independence movement crosses a red line.”

The three communiques and the Taiwan Relations Act of 1979 specifically states that, inter alia, “the United States decision to establish diplomatic relations with the People’s Republic of China rests upon the expectation that the future of Taiwan will be determined by peaceful means; to consider any effort to determine the future of Taiwan by other than peaceful means, including by boycotts or embargoes, is a threat to the peace and security of the Western Pacific area and of grave concern to the United States.”

The challenge for the U.S. and China is to address Taiwan and a myriad of other irritants in the bilateral relationship to ensure that no one issue, or series of issues leads to conflict.  Toning down the rhetoric and pursuing a policy of substantive and sustained communications, especially by our diplomats, would be a necessary first step.

The Cipher Brief hosts private briefings with the world’s most experienced national and global security experts.  Become a member today.

The annual Economic and Strategic Dialogue with China, led by the heads of State Department and Treasury and their counterparts in Beijing was established to oversee progress in addressing these and other challenging issues.  A forum of this type, with announcements to ensure that the public is kept apprised of the issues and the work being done to resolve these issues, is of value, only if this dialogue is substantive and not just ceremonial.

This virtual presidential summit can be transformative if, in addition to addressing these and other irritants, it also addresses the opportunity to cooperate on a multitude of geopolitical issues that affect the security of the U.S. and China – and the world.

I’ll start with the nuclear issue and the fact that there’s minimal dialogue with China on its nuclear program.  And given recent reporting on the three sites in China with the construction of hundreds of missile silos and the recent DIA report that China, by 2030, will have a nuclear arsenal of 1000 nuclear warheads is of concern.  Ideally, China should be part of New Start arms control negotiations with the U.S. and Russia.  But they previously refused to join in this or any other arms control dialogue.  At a minimum, China should be responsive to a dialogue with the U.S. on nuclear-related issues, to include their recent test of two hypersonic missiles.

A separate but equally important dialogue with China is on cyber, to ensure that the cyber domain is not weaponized and used against our private sector for economic advantage.  Also, to ensure that outer space is used exclusively for peaceful purposes.

There are a multitude of global issues requiring bilateral cooperation.  We recently saw some U.S. – China cooperation on climate change at the Glasgow COPS 26 UN Climate Change Conference.  Obviously, more must be done, but this is a positive first step.

Other issues, like North Korea can and should be addressed now.  China has unique leverage with a North Korea that relies on China for its economic survival.  China can use that leverage to get North Korea to return to negotiations and to convince the North that complete and verifiable denuclearization, in return for significant deliverables, is in North Korea’s interest.

With over five million global casualties and over 760,000 deaths in the U.S. due to COVID-19, it should be obvious that greater bilateral cooperation on this and future pandemics is necessary.

Go beyond the headlines with expert perspectives on today’s news with The Cipher Brief’s Daily Open-Source Podcast.  Listen here or wherever you listen to podcasts.

Bilateral cooperation on nuclear proliferation, countering international terrorism, the trafficking of narcotics and confronting international organized crime are just some of the global issues that affect the security of the U.S. and China and the global community.  Failure to cooperate on these and other international issues is not only a security imperative, but a moral responsibility of all great powers.

Finally, with the Taliban back in control in Afghanistan, the U.S. and China have a shared goal: ensuring that the Taliban does not permit Al Qaeda and other terrorist organizations to once again use Afghanistan as a base for its international terrorist operations. China has engaged this Taliban government and should use its significant financial leverage to ensure that all terrorist groups are permanently removed from Afghanistan.

Xi Jinping was just anointed by the Chinese Communist Party as one of its revered leaders, with Mao Zedong and Deng Xiaoping.  The Party congress next year will likely give Xi a third five-year term as the Party’s Secretary General.  There are a multitude of domestic issues requiring Xi’s and the Party’s attention, to include a campaign of “common prosperity” – addressing the disparity of wealth in a China governed by a capitalist system with Chinese characteristics.

Hopefully, President Xi Jinping will work with President Joe Biden to ensure that the two great powers, consumed with domestic issues, will also address the myriad of international issues requiring immediate and long-term attention and avoid a cold war that could veer into conflict.

Read more expert-driven national security insights, perspective and analysis in The Cipher Brief

The post How to Avoid Cold War with China appeared first on The Cipher Brief.

Hot meals helping Ha

The children of families who were affected by the massive earthquake which devastated large parts of south-west Haiti in August this year are receiving free hot meals at school as part of an initiative by the UN’s World Food Programme (WFP) to support the recovery of the country’s most vulnerable communities.

Read the full story, “Hot meals helping Haiti’s children recover from the earthquake”, on globalissues.org