Putting “Really Mushy” Functions in a Department that Refuses to Be Audited

Noah Shachtman points to NextGov’s unsuccessful attempt to define how much DOD plans to spend on cybersecurity next year. DOD or its components have offered three different versions:

  • DOD’s mid-February report it would spend $2.3 billion
  • Air Force’s mid-February report it, by itself, would spend $4.6 billion
  • DOD’s March 23 revised report it would spend $3.2 billion

Part of the problem, as Shachtman explains in the NextGov piece, is that the definition of what counts as cybersecurity is not yet well defined.

“All of this stuff is still really mushy,” Shachtman said. Further obscuring visibility into the budget is the fact that some cybersecurity funding is classified at Defense components such as the NSA. Meanwhile, Cyber Command presents a new spending variable, he noted.

“Exactly where the NSA ends and the Cyber Command ends is a very open question,” Shachtman said. “How the Cyber Command is supposed to interact with the services is still being worked out.” He predicted it will take years to untangle the process of budgeting for federal computer security.

While you’re trying to get your head around how the Air Force has a bigger budget than the whole DOD for cybersecurity, remember a couple of things.

First, both the Air Force and DOD generally have stated policies of not telling Congress about Special Access Programs (in the case of Air Force) or clandestine cyberops. So to the extent that this mushy budget is mixed in with cyberops (as distinct from cybersecurity), there’s a decent chance Congress isn’t seeing all of it.

But even if Congress decided to look, to the extent that NSA (or CyberCommand, which General Keith Alexander also commands) has a hand in it, Congress is almost guaranteed to be unable to track it closely. That’s because NSA books can’t be audited and apparently NSA doesn’t intend to fix those problems.

Now all of would be pretty funny except that, insofar as the government can’t distinguish between legitimate cybersecurity (you know, preventing hackers and leakers from using thumb drives to upload malware and download entire databases) and cyberwar financially, there’s a decent chance they can’t do so organizationally either.

Or to put it in more tangible terms, HB Gary’s past governmental work has been about cybersecurity–assessing malware and finding intrusions. But they’ve been proposing collecting information about citizens’ First Amendment activity to use to target those citizens. And the Air Force–that entity with a cybersecurity budget bigger than all of DOD’s cybersecurity budget–is the service that was engaging cybersecurity firms to develop persona management software.

But aside from that, why should we be worried that such dangerous entities are organizationally such a clusterfuck?

Marcy has been blogging full time since 2007. She’s known for her live-blogging of the Scooter Libby trial, her discovery of the number of times Khalid Sheikh Mohammed was waterboarded, and generally for her weedy analysis of document dumps.

Marcy Wheeler is an independent journalist writing about national security and civil liberties. She writes as emptywheel at her eponymous blog, publishes at outlets including the Guardian, Salon, and the Progressive, and appears frequently on television and radio. She is the author of Anatomy of Deceit, a primer on the CIA leak investigation, and liveblogged the Scooter Libby trial.

Marcy has a PhD from the University of Michigan, where she researched the “feuilleton,” a short conversational newspaper form that has proven important in times of heightened censorship. Before and after her time in academics, Marcy provided documentation consulting for corporations in the auto, tech, and energy industries. She lives with her spouse and dog in Grand Rapids, MI.

  1. marksb says:

    I worked in a few “blacker” programs, and no one is legally allowed to dig even a little bit into what the fuck is going on, how much it costs, not to mention what laws are laid to waste along the way. Of course it’s been years, but I don’t for a moment think that anythings changed for the better. Might as well try to calculate lotto numbers as to attempt to track this shit.


    He predicted it will take years to untangle the process of budgeting for federal computer security.

    Means, it ain’t ever gonna’ be done, so give it up already. That’s National Security y’all talking ’bout.

  2. phred says:

    But aside from that, why should we be worried that such dangerous entities are organizationally such a clusterfuck?

    To paraphrase Mike German (former FBI, current ACLU) secrecy breeds incompetence.

    Greater transparency would help produce a far more effective system at undoubtedly a fraction of the cost.

    Good thing we have no budget problems, because otherwise we might worry about spending so much money in such counterproductive ways. But, since everyone has plenty of heating oil in winter and every school is well funded, with solid pay and good benefits all around, who cares if DOD and the rest of the spooks piss a bit away?

  3. CTuttle says:

    Just tallying Noah’s numbers… $10.1 Billion on Cyber Security alone…? Another Stuxnet in the offing…? Just imagine which State would greatly appreciate that very same $10 Billion…! *gah*

  4. readerOfTeaLeaves says:

    Off topic, but related to earlier EW threads, so I’m going to leave a comment and link to a Guardian report now front page about Wachovia (now Wells Fargo) laundering money for Mexican drug cartels:

    During a 22-month investigation by agents from the US Drug Enforcement Administration, the Internal Revenue Service and others, it emerged that the cocaine smugglers had bought the plane with money they had laundered through one of the biggest banks in the United States: Wachovia, now part of the giant Wells Fargo.

    The authorities uncovered billions of dollars in wire transfers, traveller’s cheques and cash shipments through Mexican exchanges into Wachovia accounts. Wachovia was put under immediate investigation for failing to maintain an effective anti-money laundering programme. Of special significance was that the period concerned began in 2004, which coincided with the first escalation of violence along the US-Mexico border that ignited the current drugs war.

    Criminal proceedings were brought against Wachovia, though not against any individual, but the case never came to court. In March 2010, Wachovia settled the biggest action brought under the US bank secrecy act, through the US district court in Miami. Now that the year’s “deferred prosecution” has expired, the bank is in effect in the clear.

    I’m inclined to the view that on one point a lot of Tea Partiers, union activists, and ‘general folks’ who aren’t all that political would agree with me: the US government used our tax dollars to bail out these criminals!!?

    Previous threads here have discussed Wachovia and money laundering; nice to see it in as prominent a spot as the Guardian’s leader. Take a bow, EWheelies…!

    (I seriously doubt Roberts or Alito have a flipping clue about the implications here. They’ll probably continue bowing to corporations, no matter how many drug cartels they happen to be laundering for…)

        • eCAHNomics says:

          This country is disgusting beyond words. Every institution seems broken beyond repair.

          • readerOfTeaLeaves says:

            I look at the magnitude of the mess we’re in: Wachovia laundering money so the drug cartels could buy planes to fly tons of coke around, while in Afghanistan we’re being played for fools (and worse) by the heroin rings, and I just tell myself ‘there ain’t nothing but opportunity for improvements in US gu’mint’.

            Nothing BUT opportunity.
            The existing structures sure don’t seem to cut it; but when I think how many Wachovia employees had to be aiding and abetting the drug lords (and making damn good money doing it), or turning blind eyes, it makes me furious.
            We bailed out these depraved tools?

    • readerOfTeaLeaves says:

      Sorry for the intrusion, but for any of us who have followed the financial threads at EW or FDL or Naked Capitalism, or The Big Picture, or any number of other places, this Guardian article is just unbelievable.

      Just absolutely…the word ‘criminal’ doesn’t even scratch the surface. From EW’s post:

      Now all of would be pretty funny except that, insofar as the government can’t distinguish between legitimate cybersecurity (you know, preventing hackers and leakers from using thumb drives to upload malware and download entire databases) and cyberwar financially, there’s a decent chance they can’t do so organizationally either.

      now, golly…. why, oh, why might it be smart to get a handle on financial cyberwar…? Oh, gosh, maybe this Guardian article could off up a clue or two:

      Wachovia’s blatant disregard for our banking laws gave international cocaine cartels a virtual carte blanche to finance their operations,” said Jeffrey Sloman, the federal prosecutor….The conclusion to the case was only the tip of an iceberg, demonstrating the role of the “legal” banking sector in swilling hundreds of billions of dollars – the blood money from the murderous drug trade in Mexico and other places in the world – around their global operations, now bailed out by the taxpayer….Wachovia was at the centre of one of the world’s biggest money-laundering operations.

      “Through CDCs,” said the court document, “persons in Mexico can use hard currency and … wire transfer the value of that currency to US bank accounts to purchase items in the United States or other countries. The nature of the CDC business allows money launderers the opportunity to move drug dollars that are in Mexico into CDCs and ultimately into the US banking system….

      So while we are bailing out the venal creeps laundering money for murderous Mexican drug lords, who are sending wire transfers to the US, we are wasting our resources on developing ‘persona management software’…?

      It leaves me speechless.

  5. mzchief says:

    So the UN and central governments, captured by US tax deadbeats as multi-national GE which wants to build *more* nuclear facilities, can’t or won’t provide the actual required humanitarian aid because the UN and agencies of the central governments are just too busy not doing their job or engaging in illegal activities which forces citizens of various nations to come together to solve problems themselves.

    The British people have had it with a central government that just won’t take direction from its own citizenry: “Inside Story: UK march for an alternative” (Apr. 3, 2011)

    Now there’s this frustrated city official in Japan (Apr. 2, 2011):

    The mayor of Minami Soma city, located 25 km away from the Fukushima plant, had decided to bypass the traditional channels in requesting assistance out of disgust and frustration with the government’s handling of the disaster, and instead is appealing to the entire world via this soon to be viral video clip which was recorded over a week ago but is only now making the rounds. In the clip, mayor Katsunobu Sakurai says: “We are left to ourselves… we risk dying of hunger.” Minami Soma, once a city of over 70,000 and which may now be down to as little 20,000, is asking for volunteers to do what the Japanese government refuses to do: namely to help those most in need of if not help, then at least potentially life-saving information.

    This situation is a disgrace. How can citizens directly help these people?

  6. catch22oy says:

    I was a contract cost analyst for the DoD (with a one-year stint at NASA) and worked with DoD auditors to evaluate contract cost proposals and changes to contracts. These were not “black” projects, yet the contractor’s books were as transparent as mud. Federal law prohibits certain costs from being reimbursed (marketing, for example) so contractors had to essentially maintain two sets of books. Auditing and negotiating cost proposals was no picnic. Appropriation accounts were in a mess, too.

    That was over 20 years ago, before government procurement became much, much more corrupt by the use of more crony contracts, the “expedience” of our permanent state of war, and the firing of auditors (more DoD spending, fewer auditors.) I can imagine the impossibility of auditing “black” programs in the current milieu. I think it’s safe to say that we are being totally screwed

    • mzchief says:

      Oh so the rich-ster trick of off-books “accounting”? Where or where have I heard that before? And the whole thing about having to be hardwired into Washington to get a DoD contract? I’m told that’s a practice that pre-dates my time but the corruption only got much worse and accounting was all up in it every step of the way. Recently I have learned about how tied up in Chicago corruption Arkansas actually is. I’m told it was definitely there in the old-time gangster days of Prohibition. Organized crime would just cherry pick the subsequent more lucrative businesses they saw others start and develop as innovation is actually not their thing.