Friday, December 20, 2013

Why Yenta's Background Checks Better than Governments'

The discussion that follows just came in from the annual No Dark Corners Roundtable Forum and Christmas Luncheon held at a Claim Jumper restaurant this year.

It isn't just a question of gathering up more data. Bureaucratic functionaries would have us believe that if they only knew just a little more about betrayers like NSA leaker Edward Snowden or phonies like Mandela memorial sign language imposter Thamsanqa Jantjie, they could have prevented such ne'er-do-wells from turning into national humiliations. This is balderdash. A thriving matchmaker, or yenta, can do better with even more limited data and budget. How so? The matchmaker blends available vetting data with direct observation and progressive testing before taking risks with important clients. This is hardly a matter left to chance. Nothing ends a matchmaking business faster than serial failures and mismatches.

What do matchmakers know and do that governments fail to apply in their background checks?

1. They check out prospects and clients with available data, but don't stop there. The way to do this is for the matchmaker not only to gather basic information via a standard questionnaire, but also to use that questionnaire as a starting point rather than an end point. The questionnaire informs a personal interview where the matchmaker gauges motives, manipulations, and determines what inevitable deceptions are acceptable white lies vs. dangerous fabrications. A savvy matchmaker also checks independently into reputations to determine whether it is worth doing business with a given candidate or client. After all, the matchmaker's own reputation is at stake if the match turns catastrophic.

2. They chaperone. The best matchmaker does not risk important clients by setting up liaisons with question marks. Instead, a low-risk experiment comes first. Thus, one sends a new, unknown prospect on a low-key lunch date to see how well it goes before presuming to pitch a weekend getaway in Monte Carlo with a shy billionaire client. A cautious matchmaker also knows how to be a chaperone without being a killjoy. The finesse is that of serving as a seasoned co-pilot who stays far enough in the background to let the aspiring pilot handle the take-off but remains close enough to take the controls if there a malfunction or problem with a safe landing. (For details on how this co-pilot model applies to insider threat defense, see Managing the Insider Threat: No Dark Corners, Boca Raton: CRC Press, 2012.)

3. They have enough of a stake in the deal to cut it off at the first sign of trouble, before a problem becomes a catastrophe. Unlike government background checkers with a hit-and-run mentality, matchmakers have a vested interest in follow-up and follow-through. Matchmakers have to own their results, taking credit for the sunshine as well as the rain. Government background checkers don't function with the same accountability. When was the last time a government employee lost a payday or a job from clearing a Snowden for classified access or a Jantjie for standing a dagger-thrust away from heads of state? We don't hear about it because this seldom happens. By contrast, a matchmaker whose deficient vetting produced such fiascoes would face no alternative but to embark on a change of careers.

Without necessarily realizing it, competent matchmakers exemplify some of the signature No Dark Corners (op cit) approaches to defending against insider threats. Their vetting process is akin to an enlightened new hire probation system, where penetrating scrutiny prevails over perfunctory checking. Their chaperoning and phased exposure to risk parallels the co-pilot model of limiting chances of undetected mischief. Finally, their ownership of their results keeps matchmakers vitally engaged in becoming and remaining a part of a team which is accountable for failure as much as for success. Until something like this happens in government-related background checks, look for more debacles to come.

-- Nick Catrantzos

Monday, December 16, 2013

Security Lessons from Somali Piracy

The motion picture Captain Phillips may indirectly give us pause to note a decline in Somali piracy. What can this decline tell us more broadly?

It seemed only a few years ago when the rise of piracy on the high seas sent the cargo freighter world and its insurers into frenzy and despair. Somali pirates were regularly boarding oil tankers and undefended commercial vessels at gunpoint, holding hostage their cargos and crews, and extorting million-dollar ransoms as a matter of routine. From about 2008 to 2011, piracy grew to over 40 successful attacks a year. Then the numbers began to tell a different story. There were 47 such hijackings in 2009, 46 in 2010, but only 14 by 2012. (For details, see http://www.independent.co.uk/news/world/africa/huge-decline-in-hijackings-by-somali-pirates-8602901.html )

One study offers a multitude of explanations for what led to the growth and more recent decline of Somali piracy. (Details are at
http://piracy-studies.org/2013/the-decline-of-somali-piracy-towards-long-term-solutions/ )

Stripping the study of its plumes and spangles, the essential reason behind the boom in piracy was this: It paid well. This payoff came in the form of relatively low risk for relatively high reward.

With automation being what it is today, cargo vessels on the high seas began to operate with relatively small crews, and those crews were, by international maritime policy, intentionally unarmed. This was well known. Moreover, no armed naval forces were paying attention or allocating resources to escorting, defending, or rescuing the potential targets until their frequency of victimization became alarming. Additionally, the legal shambles that passed for the government of countries most likely to serve as home base for pirates were such that the pirates had little to fear in terms of capture or prosecution at home. These foregoing developments meant that the risk facing would-be pirates was minimal.

At the same time, realizing a return in millions paid to ransom ship and crew was the kind of payoff unmatched by a lifetime of honest work in the same countries where few jobs were to be had. The prevailing euphemism, economic dislocation, is one way of sugar-coating the relative attraction of piracy to communities when their members have no productive work prospects and have ceased to collect handouts once the flow of United Nations' subsidies has declined to a trickle. Add these factors all together, and piracy became an attractive career choice. So, what changed?

For one thing, despite much international angst over the liability and unseemliness of so unsophisticated a throwback option, the targets started to arm themselves. For another, aggressive naval patrols by nations with a stake in hijacked crews and cargo, started changing the risk calculations for pirates. Getting caught or shot will do that to a predator. Another raising of the stakes for hijackers came with aggressive prosecutions and sentencing for their crimes. (According to the first article cited above, over 1,100 Somali pirates have been jailed in 21 countries since prosecutions started in earnest. Considering that the estimated number of active pirates was 3,000, these incarcerations made a discernible impact.) Thus there came to be consequences for villainy, a price to pay. The net result of all these measures was to change the situation enough to the point where piracy was no longer such a good deal for the aspiring pirate.

There are useful security lessons to harvest here and to apply more broadly. Among them are:

1. No matter how unsophisticated and agonizingly debated it may be to do so, you make yourself less of a target if you take visible steps to defend yourself. Most attackers perform risk assessment at some level, even if not through any complicated, analytical process. Even if they operate with nothing more than low animal cunning, they realize that their odds improve when attacking undefended targets and those odds get worse if going up against targets equipped and willing to defend themselves.

2. Few adversaries are invincible, and most will back down if they face a broad array of defenses (such as armed vessels and crews, naval patrols, and a legal system that imposes consequences). At first encounter, an enemy may seem formidable when attacks are unexpected and defenses are inadequate. With the steady addition of well conceived defenses, however, it is not only possible but likely for defenders to prevail.

3. Once a major security problem appears to be solved, watch for the possibility of a new but related one to occur. In security theory, this is the phenomenon of displacement. For example, when car alarms became effective and widespread, some car thieves had to change their tactics; they became car hijackers instead. A car difficult to steal when secured but unattended became easier to acquire by forcing its keys out of the hands of the driver while the engine was already running. In the case of the present decline of Somali piracy, the speculation now is that thwarted pirates may similarly resort to different targets and tactics. One possibility is kidnapping high-value executives and holding them in exchange for ransom without having to encounter the new security measures at sea. Another possibility is that if defenders start diluting or abandoning their countermeasures because they prematurely declare the problem as being solved, it will resurface once conditions tilt back the risk-reward calculation in the pirates' favor.

In addition to this situation offering lessons to learn, it also offers lessons not to forget.

-- Nick Catrantzos

Friday, December 13, 2013

Fairy Tales and Ex-FBI Spy in Iran

Whatever Robert Levinson was doing that resulted in his disappearance in Iran over six years ago, the latest explanation of a rogue intelligence operation defies logic, coming across as yet another fairy tale du jour that does no good for an American in captivity who is suffering or gone. The latest explanation is that this retired FBI agent with a knack for cultivating snitches throughout a 28-year career in law enforcement somehow materialized in Iran to recruit a suspected murderer at the behest of a CIA analyst. (For details, see http://www.washingtonpost.com/world/national-security/ex-fbi-agent-who-went-missing-in-iran-was-on-rogue-mission-for-cia/2013/12/12/f5de6084-637b-11e3-a373-0f9f2d1c2b61_story.html )

The picture painted in the foregoing narrative is that a CIA analyst who had forged a professional relationship with Levinson over the years hired him as a contractor and tasked him to gather intelligence on Iran in a rogue operation. This rogue operation, as the story goes, bypassed all the CIA's mature clandestine collectors and support mechanisms (including basic tradecraft, it would seem) and, significantly, channeled Levinson's reports to the CIA analyst at her home instead of her office.

This narrative has enough holes to rival a minefield, but consider only one neglected so far: How could an intelligence analyst actually benefit from the unvetted yield of an unsanctioned collection effort? It may take a passing conversance with human intelligence collection, reporting, and analyst involvement to spot this discrepancy.

There is a basic pas de deux between collectors and analysts that roughly follows this sequence. Collectors focus their efforts to address intelligence requirements, which are questions that analysts have about foreign intentions and capabilities. When the collectors obtain something responsive to a given requirement, they cite it on the report they write. Meanwhile, the collector's boss and unit check out the report for accuracy and completeness before sending it into the system. This process, in turn, distributes the report to the interested analyst for review and comment prior to dissemination throughout the intelligence community. If the report is particularly good and highly responsive to analyst needs, the analyst ends up using it for a more important analytical product, such as a National Intelligence Estimate. When this happens, the analyst supplies good feedback and positive ratings back to the collector through the system. The collector's report benefits from a high rating or grade, the collector and analyst are both pleased, and the collector is thereby incentivized to produce more reporting along similar lines because (a) there is an audience for it, and (b) that audience is officially rewarding the collector and collection effort.

Now, what is wrong with the picture painted in the latest story? The answer is that there is no way for the analyst in question to actually use the reports Levinson allegedly sent to her home. How can she cite them in any official intelligence study or estimate? Rogue reports are not in the system, have undergone none of the basic vetting that a boss and unit perform for quality control, and do not exist in a way that anyone else in the intelligence community can legitimately use or cite. For this reason alone, the "rogue" collection effort run by an analyst in the way characterized above just does not wash.

The protocols of clandestine collection exist for a reason. That reason is effectiveness, as measured not only by the quality of the yield that they produce but also by due concern for the personal safety of all persons involved in the hazardous task of obtaining useful information from human sources in risky corners of the globe. Iran is a hostile or denied area, and it would be more than malpractice to send any American there on an intelligence mission without extreme caution and preparation. This is why there are overseas stations, station chiefs, tradecraft, and legitimate processes in place to govern the interactions of collectors and analysts alike. Rogue operations are certainly possible in theory, but something is missing in this latest fairy tale. Even if an analyst can bypass the system by using contractors to collect data, that still leaves the analyst professionally unsatisfied unless the resulting yield can enter the intelligence community legitimately. Otherwise, why risk a career and the life of a contractor to gather something you cannot use?

There has to be more to this story. The fairy tale of a rogue operation orchestrated by an analyst just does not hold up to scrutiny.

-- Nick Catrantzos

Monday, December 9, 2013

Making Prevention Contagious for the Holidays

Security in its broadest application is all about preventing adverse consequences, but the details of prevention can seldom compete against loss-inducing fads ranging from knockout game attacks, flash mob robberies, spree killing, and even to teen suicide. In the case of the latter, the magnitude of the challenge becomes apparent in a statistic: Since 1950, the suicide rate today is three times what it was then. However, the source of this statistic also offers new hope in trumpeting otherwise unheralded successes in curbing suicidal tendencies of today's teens. (For details on both data points, see http://www.csmonitor.com/USA/Society/2013/1208/Teen-suicide-Prevention-is-contagious-too)

What can we learn from such suicide prevention programs to inform other protection via prevention? First, there is a question of attitude. In the suicide prevention world, this comes down to noting and continually reminding oneself of reasons for living, as the linked article highlights. Perhaps no one said it better than concentration camp survivor and psychiatrist Viktor Frankl in his book, Man's Search for Meaning, where he pointed out that what kept some concentration camp prisoners going while other, more or less identical prisoners lost hope and perished was that the survivors chose their attitude and set themselves tasks to perform every day. These are what the foregoing article today calls things to live for. Speaking in the voice of Sherlock Holmes, Conan Doyle put it another way a century ago when he said that work remains the best antidote to sorrow. What, then, is the attitude to adopt to any protective challenge? It is that the challenge is attainable, a job to do, and one that is worth doing.

Second, what else can we learn? As in suicide prevention, protective action in general delivers its best yield when focused upstream of a crisis point. In other words, waiting until just before disaster is waiting until it is too late. One must anticipate adverse events and act in advance in order to channel them away from the worst of consequences. Prevention is best and most affordable when performed early, before a crisis has become apparent.

Third is a focus on relative costs and benefits. As a colleague in the protection business used to point out, suicide is a permanent solution to a temporary problem. The application to preventive action for situations less dire, such as protecting one's retail business, or trade secrets, or even for defending against some sophisticated form of reputational risk calls for similar taking of stock. What is the cost of neglecting security contrasted against a catastrophic loss? If we don't know or haven't thought this through, then we are most likely contributing to an unwitting acceptance of such risk. This is akin to the myopic perspective of a self-absorbed, callow teen obsessed with eluding temporary, often exaggerated torments through immolation without regard for the pain that suicide causes to others or the variety of alternatives which could not only have solved the ephemeral problem but ultimately led to the sweet self-satisfaction that maturity finds in another aphorism: Living well is the best revenge.

Here, in a nutshell, is the derived prescription for recharging the protective batteries of one's security prevention program for the holidays:

1. Adopt a can-do attitude based not on wishful thinking but on a candid appraisal of alternatives.

2. Focus prevention efforts upstream of the crisis point. Do the little things in advance so as to face less of a herculean obstacle just before all hell breaks loose.

3. Weigh relative costs against benefits, with an eye to long-term benefits. Remember that the cost of not taking prudent, preventive action is likely to outweigh the expense if the net result of inaction proves to be a catastrophic consequence.

Happy holidays.

-- Nick Catrantzos

Friday, December 6, 2013

Sopko Seeing Cash Cow in $34M White Elephant?


Why would Pentagon brass soldier on with construction of a multimillion dollar building in Afghanistan for a U.S. military that did not want it or had no reasonable expectation of taking up beneficial occupancy as America was announcing plans to withdraw from Afghanistan? John Sopko, Special Investigator for Afghanistan, raised this question before and, after being stonewalled with a perfunctorily report of the military's own inquiry into this matter, Sopko is back. (For details, see http://www.foxnews.com/politics/2013/12/05/miltary-watchdog-to-re-open-investigation-into-millions-wasted-afghanistan-hq/?intcmp=trending) Sopko's probe is no small task, and the answers and support that have eluded his efforts to date may signal a greater deception than mere bureaucratic stonewalling.

A look at the built-out but unoccupied facility cannot help raise eyebrows. If pictures shown in an unintelligible mangling of the original news story are better than the story's atrocious English (at http://www.daytodaynews.com/topstories/34m-white-elephant-watchdog-to-re-open-probe-of-unused-military-facility.html ), then the building looks like an ordinary administrative facility, rather than some exotic laboratory or production plant whose price tag traces more to the contents than to the structure of the complex.

Let us thread together some logical premises and conclusions to infer what dark current may be running beneath the glittering surface of what looks like a $34M waste of construction funds.

First, if the story Sopko unearthed so far is true, one military general has already gone on the record to rate this facility unneeded and undesired. That it also remains unoccupied only adds to this general's credibility.

Counterbalancing this general officer's doubts over the operational value of the facility, the Pentagon's internal probe of this expenditure apparently concluded that the construction was warranted and the expense justified. Now, assuming that generals do not reach flag rank by being stupid or demonstrably disingenuous in the face of legitimate audits, what legitimate reason could there be for one general's studied and fully staffed report to contradict a field general's unvarnished assessment of operational value?

The only category of answer that makes sense is this: There must be a higher, prevailing national interest at stake. And what might the face of that overriding national interest look like? It could very easily look like what may be variously called, on a scale of euphemistic intensity, offsets, facilitation payments, bribes, payoffs, kickbacks, or extortion payments.

In the United States and for U.S. companies, the Foreign Corrupt Practices Act exists to curb the predatory impulse that leads some businesses to win contracts by lining the pockets of the entity awarding the contract and some customers to deny business to any entity that refuses to supply some kind of requested kickback. At its most benign, this process results in U.S. sales to foreign clients on condition of offering certain offsets to the high cost of items sold. Such offsets could take the form of assembling some components of a U.S. product in the buyer's country or accepting as partial payment some natural resource or manufactured goods that the buying country has in abundance. Thus, the buyer's sticker shock is offset with local benefits, like jobs for its citizens or an artificial market for goods that are not selling well on their own. Such arrangements could, at least theoretically, explain why a struggling Latin American country bought its jet engines from France instead of Britain or the U.S. because the French were willing to buy more bananas and set up an assembly facility in-country, whereas their competitors were slow to warm to such an arrangement. So much for the benign approach to offset, which may well be structured in legitimate and transparent terms.

Where does the ethically challenged version creep in? Countries run by plundering oligarchs are notorious for giving bidders to understand that it is impossible to do business in their country without having a local office run by a local national. Unsurprisingly, the best if not only such local office invariably ends up being operated by a government official's family member or tribesman. A commission, or facilitation payment, is expected to go to such an office, and woe to the international business that tries to compete only on the basis of product quality and competitive pricing. It soon becomes clear to serious business people from the outside that the only way to obtain business in such an arena is to pay. Such payment may take the palatable form of facilitation fees charged by a local office acting as middleman and perhaps even providing actual value. However, it may equally transpire that the business finds itself compelled to pay the same fees for no service at all. This becomes the cost of doing business in that particular market, no matter how unpalatable it may be. And some of the recipients of such payments are less subtle and more demanding than others.

Look to the contract and to where the bulk of the $34 million has gone since this white elephant of a building was commissioned. Was this a glorified cash-for-poppies program crafted to supply Afghani villagers with an alternative means of making a living in exchange for backing down from their opium trade? Was it a payoff to regional panjandrums to buy their cooperation or at least reduce their targeting of American combat troops? Or was it part of a quieter, national leadership arrangement to "facilitate" arriving at a desired level of cooperation with Afghani officials in positions of influence?

The Sopko probe may have been stalled, but it appears as unyielding as the Chinese water torture and, as long as it is not completely halted or undermined, it will eventually bring to light some instructive findings.

-- Nick Catrantzos