Senate Intelligence Committee

White House, Congress Arguing Over Which Senate Committee Should Fail in Drone Oversight

Ken Dilanian has a very interesting article in the Los Angeles Times outlining the latest failure in Congress’ attempts to exert oversight over drones. Senator Carl Levin had the reasonable idea of calling a joint closed session of the Senate Armed Services and Intelligence Committees so that the details of consolidating drone functions under the Pentagon (and helping the CIA to lose at least one of its paramilitary functions) could be smoothed out. In the end, “smooth” didn’t happen:

An effort by a powerful U.S. senator to broaden congressional oversight of lethal drone strikes overseas fell apart last week after the White House refused to expand the number of lawmakers briefed on covert CIA operations, according to senior U.S. officials.

Sen. Carl Levin (D-Mich.), who chairs the Armed Services Committee, held a joint classified hearing Thursday with the Senate Intelligence Committee on CIA and military drone strikes against suspected terrorists.

But the White House did not allow CIA officials to attend, so military counter-terrorism commanders testified on their own.

But perhaps the White House was merely retaliating for an earlier slight from Congress:

In May, the White House said it would seek to gradually move armed drone operations to the Pentagon. But lawmakers added a provision to the defense spending bill in December that cut off funds for that purpose, although it allows planning to continue.

Dilanian parrots the usual framing of CIA vs JSOC on drone targeting:

Levin thought it made sense for both committees to share a briefing from generals and CIA officials, officials said. He was eager to dispel the notion, they said, that CIA drone operators were more precise and less prone to error than those in the military.

The reality is that targeting in both the CIA and JSOC drone programs is deeply flawed, and the flaws lead directly to civilian deaths. I have noted many times (for example see here and here and here) when John Brennan-directed drone strikes (either when he had control of strike targeting as Obama’s assassination czar at the White House or after taking over the CIA and taking drone responsibility with him) reeked of political retaliation rather than being logically aimed at high value targets. But those examples pale in comparison to Brennan’s “not a bake sale” strike that killed 40 civilians immediately after Raymond Davis’ release or his personal intervention in the peace talks between Pakistan and the TTP. JSOC, on the other hand, has input from the Defense Intelligence Agency, which, as Marcy has noted, has its own style when it comes to “facts”. On top of that, we have the disclosure from Jeremy Scahill and Glenn Greenwald earlier this week that JSOC will target individual mobile phone SIM cards rather than people for strikes, without confirming that the phone is in possession of the target at the time of the strike. The flaws inherent in both of these approaches lead to civilian deaths that fuel creation of even more terrorists among the survivors.

Dilanian doesn’t note that the current move by the White House to consolidate drones at the Pentagon is the opposite of what took place about a year before Brennan took over the CIA, when his group at the White House took over some control of JSOC targeting decisions, at least with regard to signature strikes in Yemen.

In the end, though, it’s hard to see how getting all drone functions within the Pentagon and under Senate Armed Services Committee oversight will improve anything. Admittedly, the Senate Intelligence Committee is responsible for the spectacular failure of NSA oversight and has lacked the courage to release its thorough torture investigation report, but Armed Services oversees a bloated Pentagon that can’t even pass an audit (pdf). In the end, it seems to me that this entire pissing match between Congress and the White House is over which committee(s) will ultimately be blamed for failing oversight of drones.

You Were Warned: Cybersecurity Expert Edition — Now with Space Stations

Over the last handful of days breathless reports may have crossed your media streams about Stuxnet infecting the International Space Station.

The reports were conflations or misinterpretations of cybersecurity expert Eugene Kaspersky’s recent comments before the Australian Press Club in Canberra. Here’s an excerpt from his remarks, which you can enjoy in full in the video embedded above:

[26:03] “…[government] departments which are responsible for the national security for national defense, they’re scared to death. They don’t know what to do. They do understand the scenarios. They do understand it is possible to shut down power plants, power grids, space stations. They don’t know what to do. Uh, departments which are responsible for offense, they see it as an opportunity. They don’t understand that in cyberspace, everything you do is [a] boomerang. It will get back to you.

[26:39] Stuxnet, which was, I don’t know, if you believe American media, it was written, it was developed by American and Israel secret services, Stuxnet, against Iran to damage Iranian nuclear program. How many computers, how many enterprises were hit by Stuxnet in the United States, do you know? I don’t know, but many.

Last year for example, Chevron, they agreed that they were badly infected by Stuxnet. A friend of mine, work in Russian nuclear power plant, once during this Stuxnet time, sent a message that their nuclear plant network, which is disconnected from the internet, in Russia there’s all that this [cutting gestures, garbled], so the man sent the message that their internal network is badly infected with Stuxnet.

[27:50] Unfortunately these people who are responsible for offensive technologies, they recognize cyber weapons as an opportunity. And a third category of the politicians of the government, they don’t care. So there are three types of people: scared to death, opportunity, don’t care.”

He didn’t actually say the ISS was infected with Stuxnet; he only suggested it’s possible Stuxnet could infect devices on board. Malware infection has happened before when a Russian astronaut brought an infected device used on WinXP machines with her to the station.

But the Chevron example is accurate, and we’ll have to take the anecdote about a Russian nuclear power plant as fact. We don’t know how many facilities here in the U.S. or abroad have been infected and negatively impacted as only Chevron to date has openly admitted exposure. It’s not a stretch to assume Stuxnet could exist in every manner of facility using SCADA equipment combined with Windows PCs; even the air-gapped Russian nuclear plant, cut off from the internet as Kaspersky indicates, was infected.

The only thing that may have kept Stuxnet from inflicting damage upon infection is the specificity of the encrypted payload contained in the versions released in order to take out Iran’s Natanz nuclear facility. Were the payload(s) injected with modified code to adapt to their host environs, there surely would have been more obvious enterprise disruptions.

In other words, Stuxnet remains a ticking time bomb threatening energy and manufacturing production at a minimum, and other systems like those of the ISS at worst case. Continue reading

DiFi and the Silly Season of Senate Committee Music Chairs

A little over an hour ago, there was some rather notable news tweeted out by CNN:

Intel cte’s @SenFeinstein will give up the chair and move to Judiciary, source tells @CapitolHillCNN. @SenatorReid to announce today

I have talked to both sources at both the Senate Judiciary Committee and Personnel offices and have yet to hear a denial. This is, then, significant news as to a complete reshuffling of key Majority Senate Leadership assuming it continues to bear out.

First off, a tenured Senator like Feinstein does not leave a high value Committee Chairmanship without another, or something higher, on the offer. CNN said she it is to “move to Judiciary”. But DiFi has long been a member of the SJC, that can only portend she will then become Chairman of Judiciary.

Ryan Grim at Huffington Post has also picked up this shuffle, and beat me to the punch by a few minutes:

If Feinstein does take over leadership of the Judiciary Committee, that could ease the passage in the Senate of a renewed assault weapons ban, which was passed under President Bill Clinton in 1994 but expired in 2004. The shooting rampage on Friday in Newtown, Conn., in which 20 children and six adults were murdered by a gunman with a military-style assault weapon and high-capacity magazines, has renewed calls for stricter gun control legislation.

On Tuesday, speaking in the Capitol before the party’s weekly caucus lunch, Feinstein told reporters who had asked her whether she will jump to Judiciary, “Keep tuned. I think it is [going to become open], and I think it’ll happen.”

On Monday, Sen. Daniel Inouye (D-Hawaii) who was the chairman of the powerful Senate Appropriations Committee, passed away at the Walter Reed National Military Medical Center. Now that Inouye’s post is empty, Sen. Patrick Leahy (D-Vt.) is rumored to be looking at taking over Appropriations — in turn opening up the leadership slot at Judiciary. Feinstein could then move from her current spot as chair of the Senate Intelligence Committee to chair Judiciary.

That is good, fast reporting and coincides with what I can discern. And Appropriations Chair is a long time traditional home for the Senate Pro-Tem, which Pat Leahy became with yesterday’s passing of Inouye.

So, what about SSCI? Next in line would, by seniority, be Jay Rockefeller. But, as Mother Jones’ Nick Baumann pointed out, Rockefeller gave up leadership at Intel nearly three years ago to take over the Commerce, Science and Transportation Committee helm, and there is no reason to think he would double back. That gave a brief glimmer of hope that Ron Wyden might get the nod at SSCI, but HuffPo’s Grim, in a tweet, thinks he is more likely to take over the helm of the Senate Energy and Natural Resources Committee for the outgoing Jeff Bingaman of New Mexico, who did not seek reelection. That would mean the next senior Democrat on SSCI as Barbara Mikulski of Maryland.

Now, if I were Wyden, I would want the SSCI job over Energy. It is likely most progressives would like him there as well, which is why the smart money likely says Reid talks him into the Energy Chair.

So, we are into the Congressional equivalent of Formula One silly season; i.e. the end of the year shuffling of drivers before the season is really over. The one real wildcard here is Wyden.

Blowback: Stuxnet and the Ongoing Risk to Manufacturing Worldwide

Dear Chevron: Thanks for letting us know you’ve been infected with Stuxnet. It’s difficult to muster sympathy for your management or shareholders, because you were warned.This guy quite clearly warned your industry, as did other firms specializing in technology security.

Every single manufacturer around the world using supervisory control and data acquisition (SCADA) driven equipment in their processes was warned. Businesses at particular risk are those relying on certain ubiquitous applications in a networked environment.

Perhaps you heeded the warning months ago but didn’t disclose widely that your business was working on eliminating the exposures. If your business has been hardening your systems, great. However, the public does have a right to know know if your plant located in their backyard might blow up or release toxic chemicals because your firm was exposed to cyber warfare elements our country sponsored in some fashion.

This goes for any other firms out there that are dealing with the same exposure. Perhaps you believe it’s a business intelligence risk to let your competitors know you’ve got a problem– frankly, we’re way past that. The potential risks to the public outweigh your short-term profitability, and if your plant blows up/dumps chemicals/produces unsafe or faulty products because of Stuxnet, our public problem becomes your public relations/long-term shareholder value problem anyhow.

By the way: perhaps it might be worthwhile to actively recruit American citizens who qualify for security clearance when hiring SCADA application analysts to fix your Stuxnet problems. Why compound your problem for lack of foresight with regard to national security risks? We can see you’re hiring. Ahem. Continue reading

Emptywheel Twitterverse
bmaz @JasonLeopold Well, I know it's early and all, but Merry Christmas! I have ordered a gift subscription for you!
2hreplyretweetfavorite
bmaz @Sherry_Reson @JayAckroyd Wait....birthday?
2hreplyretweetfavorite
bmaz RT @azcentral: NEW DETAILS Director at Barrow Neurological Institute arrested with AR-15 rifle at Sky Harbor http://t.co/IgGYMXpTyR http:/…
2hreplyretweetfavorite
bmaz @azcentral @brahmresnik Is this guy one of the 2nd A gun nuts who go to businesses with assault weapons just to belligerently show they can?
2hreplyretweetfavorite
bmaz @jeff_kaye Agree.
3hreplyretweetfavorite
bmaz RT @dcbigjohn: Truly fantastic @AramRoston story: How A One-Time Pig Peddler Helped The U.S. Flood War Zones With Guns http://t.co/fL6eBdl1
3hreplyretweetfavorite
bmaz @pbump T-Mobile, not Verizon
3hreplyretweetfavorite
bmaz @ColMorrisDavis @jaketapper It is patently false, and it is reckless to disseminate that.
3hreplyretweetfavorite
bmaz @ColMorrisDavis @jaketapper Let's be honest, Bob Baer in that article is either ignorant or he is lying about war crime status of mistake.
3hreplyretweetfavorite
bmaz @ColMorrisDavis @Krhawkins5 I think they are willing to make noise, but never have the guts to pull the trigger or go full Mike Gravel.
6hreplyretweetfavorite
bmaz @ColMorrisDavis @Krhawkins5 Not impossible, but remember all the noise Wyden+Udall made re NSA and, yet, never really did anything big.
6hreplyretweetfavorite
July 2014
S M T W T F S
« Jun    
 12345
6789101112
13141516171819
20212223242526
2728293031