Sam Adams Associates for Integrity in Intelligence

Throwing a Curveball at ‘Intelligence Community Consensus’ on Russia

By Scott Ritter, July 12, 2017 at The American Conservative

A January intelligence product has served as the basis for a series of Congressional hearings into the issue of Russian meddling into American elections—and has taken on a near canonical quality that precludes any critical questioning of either the authors or their findings. There is one major problem, however: the supposedly definitive assessment was not that which it proclaimed to be.

On January 6, the Office of the Director for National Intelligence (DNI) released a National Intelligence Assessment (NIA), Assessing Russian Activities and Intentions in Recent U.S. Elections. Billed as a “declassified version of a highly classified assessment” whose “conclusions are identical to those in the highly classified assessment,” the report purported to be “an analytic assessment drafted and coordinated among The Central Intelligence Agency (CIA), The Federal Bureau of Investigation (FBI), and The National Security Agency (NSA), which draws on intelligence information collected and disseminated by those three agencies.”

A National Intelligence Assessment, like its big brother, the National Intelligence Estimate, is supposed to reflect the considered opinion of the U.S. Intelligence Community. Products such as the Russian NIA are the sole purview of the National Intelligence Council (NIC), whose mission is to serve as “a facilitator of Intelligence Community collaboration and outreach” through the work of National Intelligence Officers (NIOs) who are the Intelligence Community’s experts on regional and functional areas—such as Russia and cyber attacks.

Although published under the imprimatur of the NIC, the cover of the Russian NIA lacks the verbiage “This is an IC-Coordinated Assessment,” which nearly always accompanies a NIC product, nor does it provide any identification regarding under whose auspices the Russia NIA was prepared. (Normally the name of the responsible NIO or identity of the specific office responsible for drafting the assessment would be provided.)

Simply put, the Russia NIA is not an “IC-coordinated” assessment—the vehicle for such coordination, the NIC, was not directly involved in its production, and no NIO was assigned as the responsible official overseeing its production. Likewise, the Russia NIA cannot be said to be the product of careful coordination between the CIA, NSA and FBI—while analysts from all three agencies were involved in its production, they were operating as part of a separate, secretive task force operating under the close supervision of the Director of the CIA, and not as an integral part of their home agency or department.

This deliberate misrepresentation of the organizational bona fides of the Russia NIA casts a shadow over the viability of the analysis used to underpin the assessments and judgments contained within. This is especially so when considered in the larger framework of what a proper “IC-coordinated assessment” process should look like, and in the aftermath of the intelligence failures surrounding Iraq’s weapons of mass destruction and the lessons learned from that experience, none of which were applied when it came to the Russia NIA.

A Most Sensitive Source

Sometime in the summer of 2015, the U.S. intelligence community began collecting information that suggested foreign actors, believed to be Russian, were instigating a series of cyber attacks against government and civilian targets in the United States. The first indications of this cyber intrusion came from the Government Communications Headquarters (GCHQ), a British spy agency tasked with monitoring communications and signals of intelligence interest. GCHQ had detected a surge of “phishing attacks” targeting a wide-range of U.S. entities, and reported this through existing liaison channels to NSA, its American counterpart organization.

Among the targets singled out for this “phishing attack” was the Democratic National Committee; malware associated with these intrusions mirrored the operational methodologies and techniques previously used by Russian actors some cyber security analysts believed were affiliated with the Russian Federal Security Service (FSB). Both the NSA and the FBI began actively monitoring this wave of attacks, tipping off entities targeted, including the DNC, that there computer systems had been compromised.

Separate from the phishing attacks, the DNC claims to have detected a separate cyber intrusion into its servers in April 2016. The DNC called in a private cybersecurity company, Crowdstrike, to investigate, despite the fact that it was in active discussions with the FBI about the earlier intrusion. Crowdstrike claims to have discovered evidence of a separate malware attack, which Crowdstrike concluded was being directed by Russian Military Intelligence (GRU). Curiously, the DNC made no effort to coordinate its findings with the FBI, or to turn over its servers to the FBI for forensic examination, instead opting to go to the Washington Post, which published the Crowdstrike findings, including its attribution of responsibility for the intrusions to Russian intelligence services, on June 22, 2016.

The Washington Post/Crowdstrike attribution took on domestic political import when, in July 2016, on the eve of the Democratic National Convention where Hillary Clinton was to be nominated as the Democratic Party candidate for president, the online publisher Wikileaks released emails sourced from the DNC that were embarrassing to the Democratic Party and considered damaging to the Clinton campaign. Despite claims by Wikileaks’ founder Julian Assange that the emails did not come from Russia, the Clinton campaign immediately charged otherwise, and that the leak of the emails to Wikileaks was part of a Russian campaign to undermine the campaign.

According to reporting from the Washington Post, sometime during this period, CIA Director John Brennan gained access to a sensitive intelligence report from a foreign intelligence service. This service claimed to have technically penetrated the inner circle of Russian leadership to the extent that it could give voice to the words of Russian President Vladimir Putin as he articulated Russia’s objectives regarding the 2016 U.S. Presidential election—to defeat Hillary Clinton and help elect Donald Trump, her Republican opponent. This intelligence was briefed to President Barack Obama and a handful of his closest advisors in early August, with strict instructions that it not be further disseminated.

The explosive nature of this intelligence report, both in terms of its sourcing and content, served to drive the investigation of Russian meddling in the American electoral process by the U.S. intelligence community. The problem, however, was that it wasn’t the U.S. intelligence community, per se, undertaking this investigation, but rather (according to the Washington Post) a task force composed of “several dozen analysts from the CIA, NSA and FBI,” hand-picked by the CIA director and set up at the CIA Headquarters who “functioned as a sealed compartment, its work hidden from the rest of the intelligence community.”

The result was a closed-circle of analysts who operated in complete isolation from the rest of the U.S. intelligence community. The premise of their work—that Vladimir Putin personally directed Russian meddling in the U.S. Presidential election to tip the balance in favor of Donald Trump—was never questioned in any meaningful fashion, despite its sourcing to a single intelligence report from a foreign service. President Obama ordered the U.S. intelligence community to undertake a comprehensive review of Russian electoral meddling. As a result, intelligence analysts began to reexamine old intelligence reports based upon the premise of Putin’s direct involvement, allowing a deeply disturbing picture to be created of a comprehensive Russian campaign to undermine the American electoral process.

These new reports were briefed to select members of Congress (the so-called “Gang of Eight,” comprising the heads of the intelligence oversight committees and their respective party leadership) on a regular basis starting in September 2016. Almost immediately thereafter, Democratic members began clamoring for the president to call out Putin and Russia publicly on the issue of election meddling. These demands intensified after the November 2016 election, which saw Donald Trump defeat Hillary Clinton. Intelligence collected after the election, when viewed from the prism of the foregone conclusion that Putin and Russia had worked to get Trump elected, seemed to confirm the worst suspicions of the intelligence analysts and their Congressional customers (in particular, the Democrats). Calls to make public intelligence that showed Russian interference in the U.S. presidential election intensified until finally, on December 9, 2016, President Obama ordered the U.S. intelligence community to prepare a classified review of the matter.

The review was completed by December 29, and briefed to the President that same day. Brennan’s task force did the majority of the analysis, which solidified the premise of Russian interference that emanated from the original foreign intelligence report that started this process back in early August. President Obama expelled 35 Russian diplomats and shut down two Russian recreation facilities the FBI believed were being used to spy on American targets, as well as levied sanctions against persons and entities in Russia, including those affiliated with Russian intelligence, in retaliation for the Russian meddling in American electoral affairs detailed by the intelligence review.

Remember ‘Curveball’

Any meaningful discussion of the analytical processes involved in the production of the Russia NIA must take into account the elephant in the room, namely the October 2002 NIE on Iraq, Iraq’s Continuing Program for Weapons of Mass Destruction. The Iraq NIE will go down in history as the manifestation of one of the greatest intelligence failures in U.S. history. The Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, created under Presidential order in 2004 to investigate this failure, was unforgiving: “We conclude that the Intelligence Community was dead wrong in almost all of its pre-war judgments about weapons of mass destruction. This was a major intelligence failure.” The problem was more than simply getting the assessments wrong. “There were,” the commission noted, “also serious shortcomings in the way these assessments were made and communicated to policymakers”—in short, the NIE process had fundamentally failed.

In the aftermath of the 9/11 terror attacks in 2004, Congress mandated the creation of the Office of Director of National Intelligence (ODNI) in an effort to encourage the free flow of intelligence information between the various agencies comprising the U.S. intelligence community to prevent the kind of intelligence failures that led to the failure to detect and prevent the 9/11 attacks. While the ODNI was created after the publication of the Iraq NIE, and had as its impetus the intelligence failures surrounding the 9/11 terror attacks, and not Iraq, the Commission on the Intelligence Capabilities believed that this new structure was a step in the right direction toward resolving some of the underlying systemic failures that led to the intelligence failure regarding Iraq. The Commission, moreover, made several recommendations regarding the organization of the U.S. intelligence community that were designed to forestall the kind of systemic failures witnessed in the Iraq case.

One of these recommendations was the need to create “mission managers” who would “ensure that the analytic community adequately addresses key intelligence needs on high priority topics.” One of the ways Mission Managers would achieve this would be through the fostering of “competitive analysis” by ensuring that “finished intelligence routinely reflects the knowledge and competing views of analysts from all agencies in the Community.” In this way, the Commission held, mission managers could “prevent so-called ‘groupthink’ among analysts.”

The Commission made other recommendations, including that the DNI build on the statutory requirement for alternative analysis and the existing “red cell” process that postulates speculative analytical positions in response to more formal assessments, and formally empower specific offices to generate alternative hypothesis and part of a systemic process of alternative analysis. In doing so, the DNI would ensure that the kind of blinder-driven analysis such as which took place with the Iraq NIE—such as not considering that Saddam Hussein would have gotten rid of his WMD stocks in 1991—would never again occur.

Most of these recommendations were approved by President Bush and subsequently acted on by the DNI. The heads of the National Counterintelligence Center, the National Counter-proliferation Center, and the National Counterintelligence and Security Center were converted into functional National Intelligence Managers, while the NIOs serving under the aegis of the National Intelligence Council became regional National Intelligence Managers. Cyber-driven issues took on a new importance, with a new Cyber Threat Intelligence Integration Center being formed in 2015, following the creation of a new NIO for cyber Issues in 2011.

The CIA followed suit, embarking on a program that broke down the powerful regional divisions that had dominated the agency since its founding in 1947, and replacing them with new “mission centers” headed by “mission managers” drawn from the ranks of the most experienced senior CIA officers in their respective fields. There is no “Cyber Mission Center” per se; instead, the CIA created a new “Directorate of Digital Innovation” in 2015, whose officers support the work of the existing functional and regional mission centers.

The CIA was mandated to incorporate “red cell” alternative analysis processes into its work in the aftermath of 9/11; rather than replicate this activity, the DNI instead published new analytic standards in 2015 that required the incorporation of “analysis of alternatives”—the systematic evaluation of differing hypotheses to explain events of phenomena—into all analytical products.

All of these new mechanisms were in place at the time of the “phishing attacks” detected by GCHQ unfolded in the summer of 2015, emails stored on the computer servers of the DNC were compromised in the summer of 2016, and Brennan obtained his foreign-intelligence report directly attributing Russian interference in the U.S. 2016 Presidential election to Russian President Vladimir Putin. And yet none of these “lessons learned” were applied when it came to the production of the Russia NIA.

The decision by Brennan early on in the process to create a special task force sequestered from the rest of the intelligence community ensured that whatever product it finally produced would neither draw upon the collection and analytical resources available to the totality of the national intelligence community, nor represent the considered judgment of the entire community—simply put, the Russia NIA lacked the kind of community cohesiveness that gives national estimates and assessments such gravitas.

The over reliance on a single foreign source of intelligence likewise put Brennan and his task force on the path of repeating the same mistake made in the run up to the Iraq War, where the intelligence community based so much of its assessment on a fundamentally flawed foreign intelligence source—“Curveball.” Not much is known about the nature of the sensitive source of information Brennan used to construct his case against Russia—informed speculation suggests the Estonian intelligence service, which has a history of technical penetration of Russian governmental organizations as well as a deep animosity toward Russia that should give pause to the kind of effort to manipulate American policy toward Russia in the same way Iraqi opposition figures (Ahmed Chalabi comes to mind) sought to do on Iraq.

The approach taken by Brennan’s task force in assessing Russia and its president seems eerily reminiscent of the analytical blinders that hampered the U.S. intelligence community when it came to assessing the objectives and intent of Saddam Hussein and his inner leadership regarding weapons of mass destruction. The Russia NIA notes, “Many of the key judgments…rely on a body of reporting from multiple sources that are consistent with our understanding of Russian behavior.” There is no better indication of a tendency toward “group think” than that statement. Moreover, when one reflects on the fact much of this “body of reporting” was shoehorned after the fact into an analytical premise predicated on a single source of foreign-provided intelligence, that statement suddenly loses much of its impact.

The acknowledged deficit on the part of the U.S. intelligence community of fact-driven insight into the specifics of Russian presidential decision-making, and the nature of Vladimir Putin as an individual in general, likewise seems problematic. The U.S. intelligence community was hard wired into pre-conceived notions about how and what Saddam Hussein would think and decide, and as such remained blind to the fact that he would order the totality of his weapons of mass destruction to be destroyed in the summer of 1991, or that he could be telling the truth when later declaring that Iraq was free of WMD.

President Putin has repeatedly and vociferously denied any Russian meddling in the 2016 U.S. Presidential election. Those who cite the findings of the Russia NIA as indisputable proof to the contrary, however, dismiss this denial out of hand. And yet nowhere in the Russia NIA is there any evidence that those who prepared it conducted anything remotely resembling the kind of “analysis of alternatives” mandated by the ODNI when it comes to analytic standards used to prepare intelligence community assessments and estimates. Nor is there any evidence that the CIA’s vaunted “Red Cell” was approached to provide counterintuitive assessments of premises such as “What if President Putin is telling the truth?”

Throughout its history, the NIC has dealt with sources of information that far exceeded any sensitivity that might attach to Brennan’s foreign intelligence source. The NIC had two experts that it could have turned to oversee a project like the Russia NIA—the NIO for Cyber Issues, and the Mission Manager of the Russian and Eurasia Mission Center; logic dictates that both should have been called upon, given the subject matter overlap between cyber intrusion and Russian intent.

The excuse that Brennan’s source was simply too sensitive to be shared with these individuals, and the analysts assigned to them, is ludicrous—both the NIO for cyber issues and the CIA’s mission manager for Russia and Eurasia are cleared to receive the most highly classified intelligence and, moreover, are specifically mandated to oversee projects such as an investigation into Russian meddling in the American electoral process.

President Trump has come under repeated criticism for his perceived slighting of the U.S. intelligence community in repeatedly citing the Iraqi weapons of mass destruction intelligence failure when downplaying intelligence reports, including the Russia NIA, about Russian interference in the 2016 election. Adding insult to injury, the president’s most recent comments were made on foreign soil (Poland), on the eve of his first meeting with President Putin, at the G-20 Conference in Hamburg, Germany, where the issue of Russian meddling was the first topic on the agenda.

The politics of the wisdom of the timing and location of such observations aside, the specific content of the president’s statements appear factually sound. When speaking on the issue of U.S. intelligence community consensus regarding the findings of the Russia NIA, President Trump commented, “I heard it was 17 agencies [that reached consensus on the Russian NIA]…it turned out to be three or four. It wasn’t 17.”

Trump went on to opine about allegations of Russian hacking: “Nobody really knows. Nobody really knows for sure…I remember when I was sitting back listening about Iraq—weapons of mass destruction—how everybody was 100 percent sure that Iraq had weapons of mass destruction. Guess what? That led to one big mess. They were wrong.”

On both counts, the President was correct.

Scott Ritter is a former Marine Corps intelligence officer who served in the former Soviet Union implementing arms control treaties, in the Persian Gulf during Operation Desert Storm, and in Iraq overseeing the disarmament of WMD. He is the author of “Deal of the Century: How Iran Blocked the West’s Road to War” (Clarity Press, 2017).