copyright notice
link to the published version: IEEE Computer, June, 2014
Letter to the Editor and Response: IEEE Computer, September, 2014


accesses since May 6, 2014

Leadership Failures in the National Security Complex

Hal Berghel


Current NSA forecast: continued Snowden Flurries with no end in sight. No one blames the hardworking NSA employees. It’s the feckless leadership and the politics that got them there that is responsible for our current difficulties. There seems to be no shortage of new-millennia featherweights to lead our military-industrial complex to ignomy. Here’s one analysis for your consideration.


THE VAPIDITY CURVE

In his farewell address to the nation, President Eisenhower told Americans that the military-industrial complex offered enormous potential for abuse if not properly constrained. The problem has become much larger than he imagined. We now have a self-sustaining and self-regulating national military- industrial-surveillance-political-media-prison-energy-healthcare-academic-think tank-complex that is taken together too big to control. I'll return to this point at the end of this column.

When a country as technologically advanced as the United States becomes the object of global ridicule for its bungled attempt to cover up flagrant abuses of civil liberties – especially in cyberspace - something is very wrong. There is a reason why Vladimir Putin and Xi Jinping have remained silent about the spate of Snowden flurries – they're laughing too hard at our ineptitude.

I'm going to advance the thesis that the heart of the problem is a self-defeating leadership selection process. The intelligence community itself is not the problem! It is the way we select the leadership that's the problem.

So who are these leaders? Where did they come from? Why are so many of them sub-optimal decision makers? Why isn't the law of averages at work here? The answer to all these questions is that the leadership comes from a single source: the military. The selection pool is not defined by any normal distribution of IQ or virtue. With a lack of clear cut objectives, insensitivity to the ambient legal issues, and a preoccupation with communication skills and subservience to authority, the selection process for the intelligence agencies produces a vapidity curve that favors the 5% of the candidates who hold 95% of the worst ideas. We're not talking about a cross-section of the military by any means, but rather the self-energizing, self-absorbed, and self-promoting part of the leadership that holds the prestige and power of flag rank over accomplishments of enduring value. In the end, it isn't a matter of what rank they ultimately hold, but what they had to do to achieve it.

AN ALLEGORY OF THE HILL

See if you can detect a part of the following allegory that doesn't ring true?

General Eyes: “Colonel Smarts, command wants you and your men to take that hill, neutralize the enemy along the way, and plant a big enough flag on the top so everyone on the island, especially the top brass, can see if from the fleet. The command is big on PR, Smarts, so we need to take advantage of this photo op. Make it happen.”

Colonel Smarts: “General, I'm not seeing this. The enemy has been out of supplies for two months. He's low on everything: food, water, ammunition – you name it. Another couple of days, a week at the most, and he'll be begging to surrender just to get something to eat - without a shot fired! And by the way, General, no one fights uphill anymore – that's so Iwo Jima. Tell the General Staff that this operation just doesn't pass my smell test. We can have the photographers take a picture of my guys holding the flag over by the latrines , and Photoshop in the rest for the benefit of the media. The public will never know the difference, and no one will get hurt. ”

General Eyes: “Good point, Smarts. I can see the error of their ways. Clearly you have a far more vision than the General Staff does. Why, I'll let my 3-star know you've rejected his plan. Let's give a name to your plan: “Operation Wait-and-See.” I wouldn't be surprised if there's a commendation in this for you, Smarts. Tell your men to stand down while I straighten out the guys with scrambled eggs on their hats.”

That's one story that you didn't see narrated on the World at War. The absurdity lies in the preposterous assumption that military planning is dynamic and BISF (Best Ideas Selected First). The ability to achieve a command rank in the military, and the ability to think through complex problems, are fundamentally different. The former is best suited to a team player who follows orders (‘go along to get along' types) and can make quick decisions, while the latter prefers an individualist who questions everything, usually isn't all that compliant, and is exceedingly circumspect. Ask yourself how far stubborn determination, hasty decisions and a myopic world view have got us in our foreign entanglements over the past fifty years. Bureaucracies tend to organize themselves around formal structures (like chains of command) not in terms of the capacity to make intelligent decisions.

Why would that be? In order to understand that, we'll start by asking what it takes to be a good military leader.

LEADERSHIP 101c

Effective cyber security leadership is hard to find because of finely interwoven technical, legal, and ethical dimensions involved. Government recruiting at top levels looks for individuals who don't wander from the political page, have only armoire skeletons that can be overlooked by a political base, and are familiar with operational strategies shaped by such things as burn rates, procurements, logistics, and asset management. These are just not the sort of skills that is required for world class cyber-leadership. Kinetic and cyber events don't have much in common. Oversight of trucks, ships, aircraft, and captive recruits is different from oversight of code development, algorithms, and free thinkers.

So far, history seems to suggest that those who are prepared by education and training to oversee the physical and kinetic, are not well suited to oversee the virtual and digital. The latter is difficult to observe, harder to identify, more difficult to quantify, and the outcomes at the macro level are less determinate. Cyber warriors will find Sun Tzu's thirteen principles and von Clausewitz' dialectical method a bit wanting at tactical levels. There are no straightforward reductive principles that allow one to move back and forth between the kinetic and cyber. Principles of mass, economy of force, battle geometry, and issues of warfare symmetry don't port over naturally to the digital realm.

George C Marshall, the senior U.S. military leader in WWII listed the qualities of a successful military leader in a democracy: common sense, good student, physically strong, cheerful and optimistic, energy, extreme loyalty, determined, “flexibility of mind.” What is more interesting is his list of undesirable qualities: outliers, individualists, eccentrics, dreamers – that is, those qualities commonly found in creators, innovators, and designers.

An insightful look at military leadership may be found in Thomas Ricks' recent book, The Generals (Thomas E. Ricks, The Generals: American Military Command from World War II to Today, Penguin, 2012). Ricks describes studies of desirable leadership skills that followed the military debacles in Korea and Vietnam – studies that the military resists to this day. Ricks points out that the military still emphasizes training over education, tactical over strategic thinking, and obedience over “ethical philosophizing.” “…the Army's rejuvenation [has been] tactical, physical, and ethical but not particularly strategic or intellectual…In its twenty-first-century wars the Army would come to realize it needed leaders comfortable with vague situations, alien cultures, inadequate information, and ill-defined goals.” (Ricks, pp. 348-9) The Army tried to change the culture in the mid-1980's by creating a School of Advanced Military Studies but without much effect. With few exceptions (Ricks specifically points to Gen. David Petraeus) the upper echelons of the Army just can't seem to internalize the SAMS program. The legacy of our military (and civilian) leadership remains wars without exit strategies, disregard of civilians, misunderstanding of underlying political realities, ignorance of world cultures and history, over-reliance on firepower, equipment and technology, and the inability to think outside what Ricks calls the “standard operational repertoire.” Incredible as it seems, our military and political leadership have managed the impossible: they've created a culture of preemptive wars and global nation building where more factions come out of the conflicts than went into them.

This is not to say that very bright, open-minded individualists don't find their way into the officer cadre of the military – they are legion. But they won't be promoted to the most senior command ranks because of the built-in bias of the military power structure toward tactics that were successful in prior wars and conformance to the status quo. Rick's argues that the modern military remains in a “post-Vietnam” evolutionary period. Are these the characteristics of leadership that are well suited to cyberspace?

WHAT MAKES A GOOD INTELLIGENCE AND SECURITY LEADER?

First off, technical skills. Management abilities are important as well, but technical expertise is a sine qua non. It is essential that the leader have the capacity if not the actual experience to master the technical requirements of subordinates. Understanding and open-mindedness are required. The ability to second guess yourself is critical, because it is essential to assume that in cyberspace the enemy is smarter than you are. A corollary to that principle is the willingness to delegate to others strategic decision making just as our General Eyes did above. Great security and intelligence leaders are not authoritarian executives. They are more like orchestra directors who have the chops to duplicate the unique capabilities and strengths of their subordinates if and when needed while simultaneously focused on the bigger picture. These are skills it seems to me are best developed bottom-up, not top-down. Chains of command are anathema to such leaders.

Such leaders recognize that contrarianism is a prerequisite for creativity. The siblings of contrarianism are abstract thinking, imagination, innovation, and the cousins are self-doubt, second guessing, deference, and the dependence on others for critical decisions. Irreverence and insolence share considerable DNA. Deference, homage, feality, loyalty and the like are not prerequisites. For simple, straightforward tasks, a military-control mindset may be fine. But for more complicated tasks, this is not the gene pool you want to draw from. Gung-ho mindsets won't work – the environment is too fragile and complex.

There are also cyber-subtleties/nuances that military leaders would likely overlook – for example why large groups of people would work diligently to develop world class software (think Linux) so that they can give it away. But unless a leader has internalized that phenomenon, it will be impossible to understand how the Internet works and the motivations of the major players (e.g., Anonymous). One can't rely on contractors to provide such understanding. In matters of intelligence, privacy and security the people's interests are best served by people who can think outside the beltway.

ABSENCE-OF-THOUGHT-LEADERS

Let's return to variations on our original questions. Why is the U.S. incapable of integrating IT protection, military communications, criminal investigation, and this war on terrorism of ours into a constitutionally-friendly framework? Why do we have Army privates rummaging through State Department secret archives and low-level employees of government contractors walking out with the NSA's favorite Powerpoint slides? Why was the public in the dark about the government's dragnet digital surveillance? Why does the government over-classify information, and over-prosecute leakers and whistle-blowers who disclose it? What would the NSA be doing with State Department Rolodex with contact information of world leaders? ( http://www.theguardian.com/world/2013/oct/24/nsa-surveillance-world-leaders-calls ) Why is a former NSA director overheard slamming the Obama Administration on a train? ( http://www.theguardian.com/world/2013/oct/24/former-spy-chief-overheard-acela-twitter ) Just look who's running these government agencies: political retreads and military double-dippers who have built their latter career around mastery of the iron triangle. It's the paradigmatic worst of all worlds - the combination of skill inversion and double dipping combined with a healthy dose of cognitive dissonance running amok within a military-industrial complex fueled by deficit spending.

Examples abound of the consequences of a failed leadership selection strategy. For example, we have past NSA Director Michael Hayden explaining how the NSA uses a Fourth Amendment that's different from the one in the Constitution - https://www.youtube.com/watch?v=cGhcECnWRGM . And Hayden's explanation that Senator Feinstein let's her emotions interfere with her appreciation of torture ( http://www.msnbc.com/all/hayden-feinstein-too-emotional-over-report ). And let's not forget Director of National Intelligence James Clapper's explanation that he didn't actually lie to Congress, he just offered the “least untruthful answer” he could think of ( http://www2.gwu.edu/~nsarchiv/NSAEBB/NSAEBB436/docs/EBB-082.pdf ). For another perspective on the “fog of misunderstanding,” see former NSA Director Keith Alexander's surveillance-bathtub metaphor at ( http://voiceofrussia.com/news/2013_10_27/NSA-Chief-Keith-Alexander-in-interview-to-Youtube-comparing-surveillance-to-taking-a-bath-0012/ ) and his proposal that the NSA can improve security by firing 90% of the system administrators ( https://www.schneier.com/blog/archives/2013/08/nsa_increasing.html ). Let's not overlook tapping the phone lines of friendly governments. It doesn't get much better than this. To the rest of the world, this reality TV is better than Pawn Stars.

Although largely ignored by the mainstream media, former President Truman realized by the early 1960's that the National Security Act that he signed in 1947 was bearing toxic fruit ( http://www.maebrussell.com/Prouty/Harry%20Truman%27s%20CIA%20article.html ; http://consortiumnews.com/2013/12/22/trumans-true-warning-on-the-cia/ ). By then he was aware of Project Shamrock, Operation Northwoods, Operation Bumpy Road (Bay of Pigs), Operation PBSUCCESS (CIA-sponsored coup d'etat in Guatamala), Operation Mongoose (plots to kill Fidel Castro) and so on, and saw that the military-industrial-complex apostolates were out of control. He recognized then, as we do now, that a moral compass doesn't read true when caught in the magnetic field of hegemony and unilateralism.

If the past seventy years of the national security policy have shown us anything it is that there is no room in intelligence and security leadership for demagogues and dilettantes. Military officers in particular are trained to fight wars, not interpret the Constitution, establish sound policy, and wax eloquent on the future of cyberspace. Failure to take note of this fact is costing us dearly in both the protection of civil liberties and global prestige. Due to exceedingly poor leadership, our intelligence agencies have wasted hundreds of billions of dollars on a brutish surveillance panopticon where more talented and refined intellects could have invented and deployed constitutionally-compatible alternatives at a fraction of the cost. In fact this is exactly what happened when the NSA Director Michael Hayden replaced the million-dollar ThinThread project that worked and was faithful to the Constitution with the billion-dollar Trailblazer Project that didn't work and lacked privacy protections for U.S. citizens. Traiblazer was the legacy of the same general who denied that probable cause had any relevance to the Fourth Amendment, and that Senator Feinstein shouldn't have stuck her toe in the sand short of organ failure and death.

I agree completely with the recommendation of the recent Presidential review committee that at this point the Director of the NSA should be a civilian who is approved by the Senate and that DIRNSA should not be the same person as the head of US Cyber Command ( http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf ). While not silver bullets, these changes would be an important first step toward sensible leadership and intelligent oversight. All three were rejected by President Obama.