16 DEC 16 – Executive Intelligence Summary – Forward Observer Shop

16 DEC 16 – Executive Intelligence Summary


[wcm_nonmember]In this EXSUM… (3895 words)

  • An overview of Russian hacking accusations
  • Russia & China SITREPs
  • 2017 Preventive Priorities Survey
  • Kelly may not be DHS panacea
  • Black Lives Matter: No negotiating with Trump
  • Rogers: Beware bursting bubbles
  • And more…


This content is for subscribers only. To continue reading, please log in or subscribe here. [/wcm_nonmember]

[wcm_restrict plan =”fo-osint”]

Bottom Line Up Front:  Was Russia responsible for influencing the US general election?  What a loaded question, but it’s one on which Americans and the US Intelligence Community are divided.  There’s one caveat to this ‘bottom line’: this is a very, very deep subject and there will undoubtedly be books written about the different explanations over just what happened.  This may turn out to be as significant and conspiratorial as the Kennedy assassination.  I’m going to explain the high points of this case, but there’s no way that I, in such a short space, can cover every statement in the detail that it requires.

To answer this question, I need to first make four points of clarification.  (1) What we’re dealing with are three separate events:  the Democratic National Committee (DNC) emails, Hillary Clinton emails (HRC), and the Podesta emails.  There’s been quite a bit of conflation treating the three events as one, but we need to treat case independently.  They’re different targets, different sources, and occurred at different times.  (2) The second point is that we’ve read this week many calls for ‘evidence’ and proof that Russia was responsible for one or any of the email leaks.  And we saw a disagreement between CIA and FBI sources over what constituted proof, after CIA sources said that Russia was likely responsible for the leaks.  In response, the FBI called the CIA’s opinion “fuzzy and ambiguous.”  Keep in mind that the FBI is a law enforcement organization, and (in theory) uses solid evidence to reach a conclusion.  The CIA, on the other hand, rarely has the luxury of having enough evidence needed to reach a conclusion.  That explains why the FBI is looking for real proof and the CIA reached a conclusion based off the available information and indicators.  There are different standards because the two organizations live in different worlds and serve different customers.

And this is the occupational hazard of intelligence: it’s rarely a slam dunk.  We can look at it this way… Pretend that we’re on a camping trip in the mountains.  The CIA says, “It’s cloudy out here, the barometric pressure is dropping, and those are nimbostratus clouds high up in the mountains, so it’s likely raining at 7,000 feet above sea level, even if we can’t see the rain drops.”  And the FBI says, “Well, wait just a minute.  You have no actual proof that it’s raining up there, even if there are clouds.  There’s a burden of proof requirement to your accusation, and we need to see solid evidence of rain before we reach that conclusion.”  And that’s the real difference here.  Intelligence is often based on indicators.  In this story, CIA is looking at the available data and saying, “Nimbostratus clouds produce rain, those clouds are present at 7,000 feet, and the barometric pressure is dropping, so the conditions indicate that rain is likely happening right now.”  It may not actually be raining, but there are sufficient indicators present that would lead an intelligence analyst to believe that it’s raining, even if there’s currently no proof that rain drops are hitting the ground.  Meanwhile, the FBI submits their evidence through the court, but the requirement for a burden of proof is nearly impossible for intelligence services in many cases.  The consequences of faulty analysis in this case couldn’t be less important, but they virtually couldn’t be higher in the case of whether or not Russia manipulated US elections.

(3) When we’re asking for evidence, we’re asking the US Intelligence Community to provide us with information on sources and methods.  We can think of this concept this way: Is what Vladimir Putin had for breakfast this morning classified information?  It may seem mundane and unimportant, but this could actually be very highly classified.  It’s not the information that’s important, but the way in which we gathered this information.  If three people knew that he had an orange croissant for breakfast this morning (Putin, his chef, and his girlfriend), and that information leaked, then Russian counterintelligence would know that the US intelligence source was either the chef or the girlfriend.  So if there is actually evidence that Russia leaked any emails, we’re asking the CIA to potentially give up a highly placed source or a highly classified forensic cyber tool employed by NSA.  This is not to say that there’s any evidence; perhaps there’s none at all.  But when we start requesting evidence, don’t be surprised when CIA pushes back.  (And I would be remiss if I didn’t bring up the possibility that CIA’s conclusion is being influenced by politics, or mention the politicization of intelligence under the Obama administration.  In the next Forward Observer Podcast — Episode 50 — I’ll tell a story of one such instance when I was a contractor in Afghanistan in 2011.)

(4) And finally, we’re dealing with a cyber event.  There’s virtually no physical evidence to be gathered, and professional intelligence services typically don’t leave fingerprints.  Especially with an event of this magnitude, attribution could lead to very devastating consequences, so intelligence services have a vested interest in not being caught.  That means the goal is to make the already difficult task of attribution impossible.  (To paraphrase an acquaintance of mine, amateurs cover their tracks while professionals leave no trace.)  That’s why I think there’s a significant possibility that so-called “cyber mercenaries” or nationalist hacker groups could be involved, if not taking the place of state-run cyber units and building in some plausible deniability, then at least carrying out operations against Russian adversaries.

We know that the Russian foreign intelligence service (SVR) sat on the DNC servers for a year watching email traffic.  Then the Russian military intelligence directorate (GRU) also gained access to the server and attempted to download files, which tipped off cybersecurity personnel.  That was the most public evidence of Russian cyber exploitation to date.  There’s no proof that Russia had access to the HRC server, however, intelligence sources have said that they likely did have access.  And finally, this week news outlets reported that the Podesta emails on his Gmail account were the result of a phishing attack, and not necessarily the result of a foreign intelligence intrusion.

So what we’re really asking is, “Was Russia behind any of the email leaks in an attempt to swing the election?”  Here’s one line of reasoning that ultimately blames Putin.  It’s a rational theory built on some fairly large assumptions (as far as open source/unclassified information goes), however, this line of reasoning likely helps form the basis for many in the intelligence community who seek to blame Russia.  And since Russia has a long history of manipulating foreign elections (as does the US), then we know the capability, if not the intent, is there.

Let’s go back to April 2016 and the Panama Papers.   The Panama Papers were a series of files and emails showing that current and former world leaders, hundreds of their business associates, and other wealthy individuals were hiding cash in off-shore accounts.  In the years and months preceding, Putin had railed against Russians who had off-shore accounts, and repeatedly stated that individuals and corporations hiding money internationally were “unpatriotic.”  And then the Panama Papers were leaked, showing that some of Putin’s close associates had $2 billion hidden in these secret bank accounts.  This was five months before the Duma elections, where Russians voted for their national legislature.  It’s not a left-field assumption that Putin believes that the US was behind the leaks to target him and sink his regime in the elections.  And given Hillary Clinton’s words and tone in previous years on Putin and his regime, it’s also a fair assumption to say that Clinton would have likely been a warhawk with Russia.   So the natural consequence is, if Putin believes the US did attempt to sink him through the Panama Papers, that Hillary Clinton would have taken a hard line stance against Russia and his regional aspirations, and the international Clinton cabal would have worked to expand NATO, that Putin has only one choice in the upcoming election.  Putin might be facing a war were Clinton to win, or perhaps he would fall victim to attempted regime change, as has for decades been the status quo for US foreign policy — ‘replace leaders we don’t like with ones we do like.’  If we’re looking for a motive, then it’s right here.

Foreign intelligence services gather information so their political leaders can make well-informed decisions.  They don’t wait until policy decisions are announced through the press; they want to see these policies while they’re being formed by the policy makers and influencers themselves.  Several outlets reported this week that DNC insiders and/or Bernie Sanders supporters leaked the DNC and HRC emails to show the levels of corruption.  That’s a very plausible theory.  But I’d just like to point out that Russian intelligence services are very good, and I would not be surprised if they’re running sources in both the DNC and GOP.  So even if a DNC insider or Sanders supporter leaked the emails, it doesn’t mean that the leakers were not being influenced, manipulated, or guided to leakage by Russian intelligence, although the burden of proof would be extremely high here.

I’m looking forward to seeing what evidence, if any, comes out, and I’m waiting with baited breath to see the conclusions of several ‘independent’ investigations.  For the record, whether or not Russian intelligence leaked any emails or actually influenced the election, I do believe that Putin had the desire to cause damage to the US political establishment’s status quo.  I’ve written before that Putin feels embarrassed by the collapse of the Soviet Union at the hands of the West, he’s promoted nationalist values and has promised to return Russia to greatness, he blames the West for many of Russia’s troubles (including the Ukraine fiasco and current sanctions), he wants to dismantle NATO and upend Western dominance in his region and around the globe, and if a Trump victory can help him turn the tide, then I believe that he would seriously consider his options.  He has one of the best intelligence services on earth, they’re highly capable, and they’re running circles around US counterintelligence right now.  There are likely more Russian agents in the US right now than at any moment in history, including the height of the Cold War (much of that is due to the expectation of being forced to fight a war with NATO).  I don’t believe that Russia is necessarily our enemy, however, your flavor of foreign policy largely determines what you believe is the appropriate relationship, friend or foe.  Under a non-interventionist foreign policy, we would have room to work with Putin to defeat Islamic terror, however, we would have to give Putin some breathing room, which means prioritizing his regional goals ahead of those of our NATO allies.  If anything, it looks like Trump’s cabinet nominations portend better relations with Russia, however, we should watch how Putin responds.  For Russia, 2018 is a presidential election cycle, and much of the future depends on the next foreign policy regarding the US and its status as current yet receding global superpower.

But until 20 January 2017, Obama is still president and it doesn’t look like he’s going to quit making decisions until then.  Obama gave an interview to NPR that aired this morning where he stated, “We need to take action.  And we will — at a time and place of our own choosing. Some of it may be explicit and publicized; some of it may not be.”  Obama formally accused Russia of interfering in the elections and that he’d directly communicated that to Vladimir Putin.  Obama also stated that the administration has been working on a proportional response, however, it’s unclear what the next step is going to be.

Here’s my last point.  Ultimately, how is this going to affect you and your community?  Whether this leads to war in the next 34 days, some electoral voting hokum pokum on Monday, or an increased level of illegitimacy against the Trump administration, it’s not the what that’s important here, but the how that’s important.  What are the effects that you’re going to be forced to navigate at your local level?  I would caution everyone not to get hung up on the play-by-play as this unfolds, because it could get very messy.  As always, I’ll be watching things and providing as best I can an overview of what’s going on.  But your mission, should you choose to accept it, is to take this information, identify its effects on you, and then decide how you can increase your survivability locally.


Priority Intelligence Requirements:

PIR1: What are the current indicators of systems disruption that could lead to a SHTF event?

PIR2: What are the current indicators of an outbreak of global conflict?

PIR3: What are the current indicators of military, government, political, or social-related instability or violence that leads to widespread domestic conflict?

PIR4: What are the current indicators of economic, financial, or monetary instability that leads to civil unrest?

PIR1: What are the current indicators of systems disruption that could lead to a civil unrest?

Nothing significant to report.

* These reports are sourced from the Daily Open Source Infrastructure Report published by DHS.  We read each daily report for significant threats and vulnerabilities to critical infrastructure, and include those events in this EXSUM.  Please use this reporting section to form a baseline for the type and frequency of threats to critical infrastructure.

PIR2: What are the current indicators of an outbreak of global conflict?

The prospects of global conflict continue to revolve around the usual players: Russia, China, and the Middle East. The ways in which global conflict could cause or contribute to a SHTF scenario in America are myriad and they largely depend on which conflict is initiated. We’re certainly at risk of cyber attack in the event of conflict in any of the three regions. Systems disruption, like the price and availability of fuel, is also a top concern that could cause a SHTF event.


Russia’s Strategic Missile Force commander was quoted this week as saying that 99% of Russia’s 400 strategic missiles remain in a combat-ready state.  (“Strategic” missiles refer to nuclear-armed intercontinental ballistic missiles capable of reaching North America.)  Around 2019, Russia’s current strategic missile system, which is 28 years old, will be replaced with an upgraded system called Sarmat.  In 2016, Russia’s strategic missile forces conducted six tests, and are expected to conduct 10 tests in 2017.  According a 1988 treaty, Russia must alert the US no later than 24 hours before a strategic missile test will be conducted.

US-Russia detente – Since the election, the US news media have reported with great frequency that Trump is planning to restore normal relations with Russia.  This week, the Finnish press reported on the chance for Trump and Putin to meet at the 2017 Arctic Council summit, which will be held in Finland.  Both the Finnish president and Finland’s ambassador to Russia said that they support the plan, and intend to invite both leaders.



On Friday afternoon (16 DEC), US officials told reporters that a Chinese Navy vessel had seized a US Navy underwater drone in international waters.  The drone was conducting a military survey of the area 50 nautical miles off the coast of the Philippines, which apparently displeased China.  This is a low intensity escalation, and doesn’t seem likely to lead to war.  Still, this event could set up a test for Donald Trump after he takes office next month, just as China tested his two predecessors early in their tenure.

This week, the Australian Air Force announced that it would be training with the US Air Force to maintain a “credible combat power” in the region.  The military development is absolutely a jab at China, as Australian officials have warned about Chinese militarization in the South China Sea.  The US F-22s will be based out of northern Australia, and follow a series of military deployments and re-arrangement of assets in the region.

In other news, China conducted another air patrol using a nuclear-capable strategic bomber late last week, and recently installed anti-aircraft guns and other weapons systems on all seven artificial islands in the South China Sea.  Chinese officials cited US presence in the region as the basis for arming its islands, and added that Trump’s position on Taiwan is the basis for positive relations going forward.

But improving relations may not be a reality, as this week Admiral Harry Harris of US Pacific Command said, “We will not allow a shared domain [the South China Sea] to be closed down unilaterally no matter how many bases are built on artificial features in the South China Sea,” he said. “We will cooperate when we can but we will be ready to confront when we must.”

Although I’m unsure of Trump’s exact policies, I expect him to continue freedom of navigation operations to keep Chinese expansion in check.  To reiterate, $5 trillion of international trade transits the South China Sea and keeping that shipping lane open will likely be a high priority for US policy in the region.  I expect the US Navy to maintain a presence in the area and support US allies, however, unless an unplanned confrontation sparks a conflict, we’re not likely in the near-term to engage in war with China.

And in a related development, several months ago I mentioned that the US had been reluctant to continue arms sales to the Philippines under President Duterte, which caused a significant amount of vitriol.  After a leading a large delegation to China in October, Duterte embarked upon a series of moves tying the Philippines closer to China, which has historically been a Filipino adversary.  In November, Duterte cancelled an order for 26,000 police rifles from the US, and this week announced a deal to instead purchase rifles from China; a decision which China was happy to oblige.


CFR publishes 2017 Preventive Priorities Survey

The US think tank Council on Foreign Relations (CFR) published their annual Preventive Priorities Strategies this week.  The 2017 edition’s Tier 1 threats include the following “Moderate Likelihood, High Impact” events:

  • A severe crisis in North Korea caused by nuclear or intercontinental ballistic missile (ICBM) weapons testing, a military provocation, or internal political instability
  • A deliberate or unintended military confrontation between Russia and NATO members, stemming from assertive Russian behavior in Eastern Europe
  • A highly disruptive cyberattack on U.S. critical infrastructure
  • A mass casualty terrorist attack on the U.S. homeland or a treaty ally by either a foreign or homegrown terrorist(s)


PIR3: What are the indicators of military, government, political, or social-related instability or violence that could lead to domestic unrest or conflict?

Kelly may not be DHS panacea

In an open letter to DHS Secretary nominee Gen. John Kelly (Ret.), a career emergency management employee offered some words of warning.  The most notable was that, while Americans may expect Kelly to take over DHS and re-order things, actual DHS employees may not react in the same way as Kelly’s former troops.  “All the 50 states and their National Guard Commands are not waiting to do your bidding. They will not ‘jump’ when you issue a directive or change a policy. They may actively oppose or just drag their feet in implementing whatever it is that you are trying to implement.”  The author points out that, historically, the tenure as DHS Secretary is around 18-24 months, so civilian employees who dislike new changes, and who know that DHS moves slowly, could just wait out new policies until a new Secretary takes over.  The author also warns Kelly about the future of emergency response.  “While you may want to focus on the border, we have mega disasters on the horizon. Think $80 to $100 billion that will stress our ability to respond to them and recover the regions and communities impacted.”  Although he gives no specifics, “mega disasters” could be referring to future cyber attacks, failures in critical infrastructure, and natural disasters.


Black Lives Matter: No negotiating with Trump

This week, Donald Trump met with black superstars like Kanye West, Ray Lewis, and Jim Brown.  Trump and Kanye were paraded around the press as they embraced at Trump Tower, in what must be part of a larger strategy to win over influential black Americans.  After the meeting, Kanye West tweeted, “I feel it is important to have a direct line of communication with our future president if we truly want change.”  And former NFL star linebackers Ray Lewis was quoted as saying, ““Urban development and job creation are everything.  What we believe with the Trump administration is if we can combine these two powers of coming together — forget black or white. Black or white is irrelevant. The bottom line is job creation and economic development in these urban areas to change the whole scheme of what our kids see.”

But that’s not having any affect on one Black Lives Matter co-founder.  “We’re not going to be taking meetings with Donald Trump.  We’re not going to be sitting with his Attorney General. What we will be doing is protesting. What we will be doing is calling for an end to white nationalism and fascism.”  There’s been some disagreements between members of the black community and the Black Lives Matter organization, on the basis of trying to solve black-on-black crime, and whether or not protests will actually work.  It’s going to be very, very interesting to watch how the Trump administration deals with these two competing camps — one that’s willing to work with Trump and the other that’s not.

And on a related note, the NPR story is worth a listen.  A 63-year old community organizer is talking about the need to gather around all the minority groups to work together against the Trump administration.  I would highly recommend that you, at a minimum, do a quick search to see if there are any Black Lives Matter recruitment drives in your area.  Make it an intelligence requirement, and ask around to see if there’s any local activity in your specific area or the nearest large town or city.

PIR4: What are the current indicators of economic, financial, or monetary instability that leads to worsening economic conditions or civil unrest?

Rogers: Beware bursting bubbles

In an interview, investor Jim Rogers warns about current and future bubbles.  “America… the S&P, people are keen on… European football clubs… that’s a bubble.  American tertiary education is a bubble. Everybody thinks it’s the end-all and be-all. America has done a great PR job of selling its universities. Everybody knows [that] grammar school, primary school, and high school are a disaster in America. But somehow or another that translates into the fact that America has great universities. Don’t ask me the logic. But that’s obviously a bubble.”
“Bonds are obviously something that is going to cause a lot of pain to a lot of people. Bonds have been going up for 35 years. Literally, for 35 years. Now, bond markets have a habit of having long, long, long cycles, 30, 35 years. It’s normal in the bond market. At least historically in the US it’s been normal, but that’s another clear bubble.”


Mike Shelby is a former military intelligence NCO and contract intelligence analyst. He spent three years in Iraq and Afghanistan and is now the intelligence and warfare researcher at Forward Observer.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *