A big indicator appeared on Saturday, in a guise that may be a bit esoteric: a report that defense officials are pushing a proposal to split U.S. Cyber Command off from the National Security Agency, where the two have operated under a dual-hatted commander, the Director of NSA, since 2009.
Events are moving too fast to get bogged down in a lot of detail on the threads running through them. What’s important to understand is that this development is a connection between (a) the early days of Spygate, (b) the massive SolarWinds “hack,” (c) the major personnel moves at the Pentagon right after the November election, and – almost certainly – (d) the widespread indicators of electronic vote-tampering in the election itself.
Those who’ve been following along with the analysis of Trump’s post-election operation recognize the headline reference to the “key supporting effort,” from my 4 December article outlining it. The key supporting effort is an adjunct to Trump’s main effort to, in effect, cure the 2020 vote and restore law and order to America.
The gist of the key supporting effort is that it involves intelligence collection, principally through IT/cyber means, on the entities behind the electronic vote-tampering via voting systems in the 2020 election. Although some of the evidence that justifies this collection has been laid out in court cases, and briefed to state legislatures, this is a separate effort because it’s not about persuading courts to rule or government entities to investigate.
Assuming it has been prepared for, this effort is about using the intelligence collected up to now to expose the actors, in appropriate venues, and unite what we know about their activities with what we can demonstrate about the outcomes in vote processing and tabulation across the country.
My contention is that we have known more than enough to have been making these preparations, using intelligence surveillance means, since before the election. President Trump’s Executive Order 13848 of September 2018 was the mechanism to formalize making this a priority of the kind that FISA surveillance can be based on; if U.S. persons as well as foreign actors were involved, their roles could very probably have been unmasked for a legitimate purpose.
But FISA surveillance isn’t the only thing E.O. 13848 could justify. It could also justify cyber operations.
Follow the bouncing ball
The brief version of the connection thread listed above is as follows.
In the days after the 3 November election, a noteworthy development occurred at the Department of Defense. Secretary Mark Esper left, and was replaced by Chris Miller, a former Army special forces officer, as Acting SECDEF. A number of other senior replacements were made within a short period, including the addition of Kash Patel (formerly a staffer for Representative Devin Nunes, and a main player in the exposure of the Spygate operation against Trump) as chief of staff to SECDEF Miller, and Ezra Cohen-Watnick, whom Michael Flynn brought to the National Security Council in January 2017, but who was edged out by H.R. McMaster that summer. Cohen-Watnick was made acting Undersecretary of Defense for Intelligence in November 2020. (See the footnote at this post for what Cohen-Watnick was doing for part of the time in between.)
That wasn’t the end of the major personnel changes at the Pentagon. Trump has been replacing virtually all of two defense advisory boards as well. The scale of these replacements indicates a major shakeup of the Defense Department – as well as hinting at ways the advisory boards may have been used that the taxpayers might not approve of.
Having seen how the entire U.S. government has labored to sabotage the Trump administration for the last four years, I assume this is because elements of DOD were untrustworthy on an alarming scale. (Those who imagine Trump to be a glorified terrorist will naturally take a different view. However, the media, having gone all-in on Russiagate, and not scrupling to retail an incessant stream of lies about Trump and his administration, while actively suppressing information that contradicts their narrative, are entirely without credibility as regards Trump.)
A central assumption here must be that to execute his key supporting effort, Trump needed to clear the decks in the DOD.
I stress that this is not because he’s planning to deploy armed force in the U.S. I never saw that as likely and still don’t.
I did wonder if it had something to do with NSA, and with the literal tools – the satellites, computers, network connections, etc. – of national intelligence surveillance, which are largely under the physical and logistic administration of the Department of Defense. If you need to guarantee access to them, without hindrance or interference, you have to have a full-faith Pentagon across the river.
When the SolarWinds hacking story broke this past week, two things became clear. One, if the intrusion actually began in Mach 2020, it began on the watch of Chris Krebs, the fired head of DHS’s Cybersecurity and Infrastructure Security Agency (CISA) who swore after the 3 November vote that it was a totally secure election.
The other thing was a more general one. Something very big is going on in cyberspace, and by the nature of its targets, it obviously has to do with a national security attack on America. It didn’t take clarification that a SolarWinds product (not the product involved in the intrusion) was used by Dominion Voting Systems to clarify also that the intrusion is probably connected, if indirectly, to the election and our voting systems as well as to other elements of the national security infrastructure. (The Blaze has an explainer on which of SolarWinds’ branded software packages – Orion – is currently known to have been affected by the intrusion. Dominion has been insistent that it has never used Orion, and we can assume that to be true. However, the public information about the “hack” has come out in such a peculiar form so far that we have no reason to assume no other SolarWinds products have also been implicated.)
The circumstances, on the whole, make it likely that U.S. Cyber Command was an important entity in the thread. Again, both Cyber Command and NSA are DOD entities, and they are both headed by General Paul Nakasone, who took over from Admiral Mike Rogers in 2018.
Two salient points before bringing this home. One, sundance at Conservative Treehouse expressed exactly my sentiments in a post about the SolarWinds hack on 19 December: that it sure seems strange if an intruder has been in our national systems for nine months and we still can’t give an accounting of what, if anything, has been pilfered or manipulated. Sundance compares it to bank robbers breaking in and not taking anything.
I’m not convinced “the” intruder is either Russia or China, although it could be either one. More on that in a moment.
The other observation is (I promise) the most arcane one you will see in this article. It’s this. A couple of days ago, the media made a bit of a point of the fact that one of the agencies penetrated via SolarWinds was the National Nuclear Security Administration (NNSA), in the Department of Energy, which oversees the U.S. nuclear weapons stockpile.
That’s obviously something to be concerned about. What makes it extra interesting, however, is a connection the media didn’t make. The former head of the NNSA, Lisa Gordon-Hagerty, left her job shortly after the 3 November election, during the same period when the replacements were being made at the Pentagon. No one seemed to have a handle on why she was leaving.
But in early December, she turned up as one of the new appointees to the Defense Policy Board (see link on defense boards, previous section). She would not be moved from one position of trust to another if she weren’t considered trustworthy; the fact that she was in a job of such exceptional public trust – and the particular job it was (NNSA) – form clues as to just how big is the intrusion being rooted out of our government in these bizarre days.
It seems likely she knew about the SolarWinds cyber-intrusion at the time she left the NNSA, and indeed that the intrusion, or whatever/whoever is behind it, is why she left the NNSA.
That is speculation, of course. But again, she wouldn’t be moved to the defense board if she weren’t regarded as trustworthy.
Why the NSA and Cyber Command connections matter
The first answer to the section-break lead-in is a simple one: because both Kash Patel and Ezra Cohen-Watnick are reported to favor the split being proposed between to two agencies. The proposal is to put the agencies under separate command. It’s a proposal that’s been around for a few years, and the Wall Street Journal reports it as having been advanced under former SECDEF James Mattis.
If Patel and Cohen-Watnick favor it, we can guess their perspective on it means splitting the agencies would be a way of frustrating the “deep state,” or permanent bureaucracy. Their perspective presumably maps back to their knowledge of the spying on Trump – and it may well be related to other things the public has yet to learn about cyber tools being used by our government (or the cyber tools of our government being used by third parties).
That said, here is the eye-catching aspect of the current reporting. The fresh reporting leaves out detail from the even earlier origins of the proposal, including the basis on which the proposal was originally made.
Let’s listen with our ears. Here is the December 2020 WSJ summary (link at top) of reasoning about the marriage – and the proposed split-up – of NSA and Cyber Command:
Many current and former officials say the partnership between the two spy entities is vital to sharing intelligence and resources, but critics have said the arrangement can lead to bureaucratic headaches. Some officials also say the two agencies have dueling missions that are in conflict with one another because Cyber Command focuses on offensive operations while the NSA’s chief goal is intelligence collection. Some supporters of separation think that the two agencies are simply too critical and vast for one leader to manage.
“Bureaucratic headaches,” “dueling missions in conflict with one another,” “critical and vast” agencies too big for one dual-hatted boss. Yawn.
In 2017 (and earlier), when the same split was being discussed for media consumption, those eye-glazingly generic considerations weren’t at the top of the list.
This account of a GAO analysis from more than three years ago summarizes the chief concern actually in play. (This was when Mattis was advocating the split, but it had been under discussion even during the Obama administration.) Emphasis added.
The benefits of the current arrangement [i.e., NSA and Cyber Command operating under one umbrella – J.E.], as identified by officials from the Department of Defense, involve collaboration, faster decision making and resource efficiency.
But the big downside is that wider access to NSA’s toolkit of exploits increases the risk that destructive bugs will get loose – as has been seen recently.
In other words, having Cyber Command and NSA under one roof and one commander gives Cyber Command access to the most super-secret things NSA is doing on the offensive side of the Agency’s portfolio – and that’s a cybersecurity hazard.
Here is the concern again, expressed a little more succinctly and explicitly:
CyberCom’s use of NSA’s tools and infrastructure increases the risk those tools being leaked or exposed.
“CyberCom’s use of NSA’s tools.” It sure does sound like a klaxon going off, for the split-up of NSA and Cyber Command to be moved to the front burner within a couple of days of the SolarWinds hack being reported. Especially if it’s being pushed by Patel, Cohen-Watnick, and the other replaced hierarchy at the Pentagon.
In case I haven’t been plain enough, it sounds like maybe destructive bugs have gotten loose from, oh, say, NSA, via – bear with me here – Cyber Command. (That’s not a comment on who may have used them; it’s a note on how such putative cyber tools may have been leaked. Consider the separate history of NSA cyber tools actually leaked in the 2010s, probably sometime before 2013.)
A brief detour into relevant history
At the very least, perhaps something similar to that occurred (and is related to the SolarWinds drama), and the possibility of such a thing recurring through NSA and Cyber Command needs to be averted. In this latter case, the split-up would be to close the barn door before more horses get out.
Have we had harbingers of such a similar possibility in the past? Yes, we have. That one involved the CIA and its exploits toolkit. It also involved James Comey, David Laufman at DOJ, and Christopher Steele go-between Adam Waldman (a lobbyist at the time for Oleg Deripaska) in a downright weird series of events in February and March 2017 (see here as well; there’s a lot more to it). One of the weird aspects of it was that it occurred simultaneously with an attempt by Sen. Mark Warner (D-VA) to get in direct contact with Steele through Waldman.
But the weirdest aspect was the main plot of the story itself, which was that Comey, then the FBI director, was trying to sabotage a DOJ effort, handled by Laufman, to make a limited-immunity deal with Julian Assange. The impetus for the deal on the U.S. government side was that WikiLeaks was preparing to release code-level material from the CIA’s cyber exploits toolkit.
Famously (though most have probably forgotten this), one of the items in the CIA’s bag of tricks was mounting false-flag cyber-attacks.
— WikiLeaks (@wikileaks) March 7, 2017
If the deal couldn’t be made with Assange, this and other offensive cyber-ops materials pilfered from the CIA were to be released publicly by WikiLeaks. (There was talk shortly after this period, when the story emerged, that Assange would also answer a negotiated set of questions about the “Guccifer 2.0” cyber-theft in June 2016, long attributed in the Russiagate narrative to Russian intelligence. Assange has always maintained that the Democratic files in question were not stolen by the Russians.)
Inexplicably, Comey opposed making a deal that would prevent WikiLeaks from releasing the sensitive CIA information. Though DOJ could still override him, conveying the news of Comey’s objection to Assange – the role Adam Waldman played in this little side drama – spooked Assange, and effectively spiked any chance of a deal.
Thus, the CIA toolkit materials were released publicly in March and April 2017. In the aftermath, there was speculation that Comey’s concern was what Assange might say about the Guccifer 2.0 drop of Democratic files (i.e., that it would undermine the Russiagate narrative).
But the possibility is there that Comey’s goal was related to the CIA toolkit. (I do recall being surprised at the time that U.S. officials were so prompt to admit that the tools and capabilities involved came from the CIA, and were legitimate. I wrote this immediately after the first release on 7 March 2017. In a curious coda, a few weeks after working overtime to spike the Assange deal, Comey told a House committee that the Russians had been unusually “noisy” and ostentatious in their use of the “Fancy Bear” tools to maraud through the Democrats’ IT system.)
If the public knew the toolkit had been pilfered – a fact revealed by the WikiLeaks dump – it would be no surprise if later analysis were to suggest someone had used it. And that someone, after the leak of the toolkit, could be someone other than the CIA. Anyone could use it, and no one in the U.S. government at that point had to be implicated. Plausible deniability, in short.
Trump and Pompeo: Out of pattern
This little-remembered incident is one reason it’s particularly arresting that Trump and Mike Pompeo are putting out contradictory comments about who was behind the SolarWinds intrusion. The only thing we heard until Friday, 18 December, was an entirely unattributed media refrain that “sources familiar” somewhere – no one said where – thought the culprit was Russia.
That’s a farcically useless narrative, except for the purpose of trying to establish a story line through mindless repetition. Credibility requires attribution and some level of detail. There is still no detail, but we now have some level of attribution, with Pompeo saying on Friday that it appears Russia was behind the intrusion.
On Saturday, however, Trump tweeted that he’s looking at China.
….discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo
— Donald J. Trump (@realDonaldTrump) December 19, 2020
Now, Trump and Pompeo don’t have a history of running around contradicting each other. Pompeo has been a reliable source of the administration’s no-kidding party line on important matters. Trump doesn’t have to have Pompeo’s public statements corrected.
I’m not at all convinced that this is mere lack of coordination we’re seeing (and certainly not that Trump has gone rogue. The media have been pushing that theme for years and it never goes anywhere. It’s just a campaign of scare words to keep people feeling uneasy and off balance).
I’m also not at all convinced the culprit is Russia. It’s much more likely to be China. That was Michael Flynn’s choice in an interview with Lou Dobbs this past week. Flynn also mentions receiving – on Friday – information from “foreign partners” about electronic interference in our election.
— Lou Dobbs (@LouDobbs) December 18, 2020
But there may indeed be more to it than merely Chinese involvement. Sundance’s point about a nine-month penetration that doesn’t seem to be about anything is well taken (why would a foreign government engage that way?).
And the timing of the sudden concern about the command arrangements of NSA and Cyber Command is awful darn particular.
Meanwhile, Trump’s assertion that “everything is well under control” should make people laugh, if for different reasons. Those whose cognitive facilities are deranged by him will find the statement mind-blowing. Others, who may be on a spectrum of indifference to hero worship as regards Trump personally, recognize that Trump never tweets in vain. When he says something like this, he means it. My ears don’t hear that Trump doesn’t comprehend the gravity of the situation. They hear that the situation, while grave, is not chaotically out of control in the way depicted by the media. Trump is countering the media depiction, not trying to talk down reality. His track record of being right about these tweet assertions — e.g., whether he was being spied on or under electronic surveillance in Trump Tower; both were true — is considerably better than the media’s.
Now, in light of these various circumstances, the rather ostentatious and out of character “dispute” between Trump and Pompeo – possibly the most mind-melded personalities in the national security structure – looks a bit more like an info op than like uncoordinated signals.
I’m not so sure China, or Russia, is the sole audience for that op, or even that both of them together are. (However, I suspect Trump is counting on the media to cover the matter with the same blind arrogance they assumed years ago, confident they will never be called to account.)
The key supporting effort looks to be emerging in outline, and it looks to be very big. Don’t let the media spook you with terrors about what Trump may do. But do hold fast.