Source: Techland

The new Social Media in Strategic Communication (SMISC) program was submitted under the Defense Advanced Research Projects Agency (DARPA), an arm of the Department of Defense. The goal is to “develop a new science of social networks built on an emerging technology base” to help the agency keep abreast with communication technologies, namely Twitter.

The program’s plan is fourfold:
1. Detect, classify, measure and track the (a) formation, development and spread of ideas and concepts (memes), and
(b) purposeful or deceptive messaging and misinformation.
2. Recognize persuasion campaign structures and influence operations across social mediasites and communities.
3. Identify participants and intent, and measure effects of persuasion campaigns.
4. Counter messaging of detected adversary influence operations.

The development of a new science of social networks and the solutions to the problems posed by SMISC will require the confluence of several technologies including, but not limited to, information theory, massive-scale graph analytics and natural language processing. While SMISC will not directly support natural language processing development efforts, it will certainly use the results of previous programs as well as contribute new challenges to further stimulate ongoing efforts.

Technology areas particularly relevant to SMISC are shown here grouped to correspond to the four basic goals of the program as described above:

1. Linguistic cues, patterns of information flow, topic trend analysis, narrative structure analysis, sentiment detection and opinion mining;
2. Meme tracking across communities, graph analytics/probabilistic reasoning, pattern detection, cultural narratives;
3. Inducing identities, modeling emergent communities, trust analytics, network dynamics modeling;
4. Automated content generation, bots in social media, crowd sourcing.

Recent research has shown that traditional approaches to understanding social media through static network connectivity models often produce misleading results. It is, therefore, necessary to take into account the dynamics of behavior and SMISC is interested in a wide variety of techniques for doing so.

Cryptome PDF: http://cryptome.org/dodi/dod-smisc.pdf

Excellent background from George Washington blog: http://georgewashington2.blogspot.com/2009/01/government-heavily-manipulates-social.html

Deep statuatory background: http://en.wikipedia.org/wiki/Smith–Mundt_Act

The shift from wartime to peacetime “propaganda” operations was not taken lightly by Congress, especially with fresh memories of President Woodrow Wilson’s Committee for Public Information (CPI), President Franklin D. Roosevelt’s Office of War Information (OWI), and the Nazi propaganda machine. But there were other, deeper concerns the Congress focused on.

...

Congress, in recommending passage of the bill, declared that “truth can be a powerful weapon.” Congress further declared six principles were required for the legislation to be successful in action: tell the truth; explain the motives of the United States; bolster morale and extend hope; give a true and convincing picture of American life, methods, and ideals; combat misrepresentation and distortion; and aggressively interpret and support American foreign policy. As a Cold War measure, it was intended to counter and inoculate against propaganda from the Soviet Union and Communist organizations primarily in Europe. The principle purpose of the legislation was to engage in a global struggle for minds and wills, a phrase used by Presidents Harry S. Truman and Dwight D. Eisenhower.
It established the programming mandate that still serves as the foundation for U.S. overseas information and cultural programs at the Department of State.

Since 1972, the act prohibits domestic access to information intended for foreign audiences.

Bonus Round: Military Commissions Act of 2006

Less-deep background: http://news.bbc.co.uk/2/hi/americas/4655196.stm

US plans to ‘fight the net’ revealed

A newly declassified document gives a fascinating glimpse into the US military’s plans for “information operations” - from psychological operations, to attacks on hostile computer networks.

From influencing public opinion through new media to designing “computer network attack” weapons, the US military is learning to fight an electronic war.

The declassified document is called “Information Operations Roadmap”. It was obtained by the National Security Archive at George Washington University using the Freedom of Information Act.

Officials in the Pentagon wrote it in 2003. The Secretary of Defense, Donald Rumsfeld, signed it.

The “roadmap” calls for a far-reaching overhaul of the military’s ability to conduct information operations and electronic warfare. And, in some detail, it makes recommendations for how the US armed forces should think about this new, virtual warfare.

The document says that information is “critical to military success”. Computer and telecommunications networks are of vital operational importance.

Propaganda

The operations described in the document include a surprising range of military activities: public affairs officers who brief journalists, psychological operations troops who try to manipulate the thoughts and beliefs of an enemy, computer network attack specialists who seek to destroy enemy networks.

All these are engaged in information operations.

Perhaps the most startling aspect of the roadmap is its acknowledgement that information put out as part of the military’s psychological operations, or Psyops, is finding its way onto the computer and television screens of ordinary Americans.

“Information intended for foreign audiences, including public diplomacy and Psyops, is increasingly consumed by our domestic audience,” it reads.

“Psyops messages will often be replayed by the news media for much larger audiences, including the American public,” it goes on.

The document’s authors acknowledge that American news media should not unwittingly broadcast military propaganda. “Specific boundaries should be established,” they write. But they don’t seem to explain how.

“In this day and age it is impossible to prevent stories that are fed abroad as part of psychological operations propaganda from blowing back into the United States - even though they were directed abroad,” says Kristin Adair of the National Security Archive.

Credibility problem

Public awareness of the US military’s information operations is low, but it’s growing - thanks to some operational clumsiness.

Late last year, it emerged that the Pentagon had paid a private company, the Lincoln Group, to plant hundreds of stories in Iraqi newspapers. The stories - all supportive of US policy - were written by military personnel and then placed in Iraqi publications.

And websites that appeared to be information sites on the politics of Africa and the Balkans were found to be run by the Pentagon.

But the true extent of the Pentagon’s information operations, how they work, who they’re aimed at, and at what point they turn from informing the public to influencing populations, is far from clear.

The roadmap, however, gives a flavour of what the US military is up to - and the grand scale on which it’s thinking.

It reveals that Psyops personnel “support” the American government’s international broadcasting. It singles out TV Marti - a station which broadcasts to Cuba - as receiving such support.

It recommends that a global website be established that supports America’s strategic objectives. But no American diplomats here, thank you. The website would use content from “third parties with greater credibility to foreign audiences than US officials”.

It also recommends that Psyops personnel should consider a range of technologies to disseminate propaganda in enemy territory: unmanned aerial vehicles, “miniaturized, scatterable public address systems”, wireless devices, cellular phones and the internet.
‘Fight the net’

When it describes plans for electronic warfare, or EW, the document takes on an extraordinary tone.

It seems to see the internet as being equivalent to an enemy weapons system.

“Strategy should be based on the premise that the Department [of Defense] will ‘fight the net’ as it would an enemy weapons system,” it reads.

The slogan “fight the net” appears several times throughout the roadmap.

The authors warn that US networks are very vulnerable to attack by hackers, enemies seeking to disable them, or spies looking for intelligence.

“Networks are growing faster than we can defend them… Attack sophistication is increasing… Number of events is increasing.”
US digital ambition

And, in a grand finale, the document recommends that the United States should seek the ability to “provide maximum control of the entire electromagnetic spectrum”.

US forces should be able to “disrupt or destroy the full spectrum of globally emerging communications systems, sensors, and weapons systems dependent on the electromagnetic spectrum”.

Consider that for a moment.

The US military seeks the capability to knock out every telephone, every networked computer, every radar system on the planet.
Are these plans the pipe dreams of self-aggrandising bureaucrats? Or are they real?

The fact that the “Information Operations Roadmap” is approved by the Secretary of Defense suggests that these plans are taken very seriously indeed in the Pentagon.

And that the scale and grandeur of the digital revolution is matched only by the US military’s ambitions for it.

A curious classified wrinkle: WaPo

In January, President Bush signed a directive authorizing the intelligence agencies, including the National Security Agency, to monitor all federal network traffic to prevent attackers from breaking in and from stealing sensitive data or disrupting critical systems…

Most of the 18 strategic goals laid out in the cyber initiative are currently classified, and few within the government have been fully briefed on the the plan. But the official said the administration plans to release additional details on at least 12 of those goals next week, after the White House Office of Management and Budget issues rules for assigning classification levels for data collected and shared under the new program. An OMB spokesperson confirmed that the White House plans to release the classification memo as early as next week.

Whether the next administration continues the work called for in the cyber initiative remains and open question. But Paul Kurtz, a former cyber adviser to the Bush administration and a key author of the 2003 strategy, said it would be wrong not to try to stand up some new programs at this time.

“Candidly, they’re doing as much as they can given the 11th hour of this administration,” said Kurtz, who is among more than two dozen security experts working to devise a series of cyber-security policy recommendations for the next administration. “Our job is to get the programs in place at least initially so we have enough momentum going into the next presidency that—no matter who wins—they can carry on with this effort.”

Source: http://www.wired.com/threatlevel/2008/05/senate-panel-qu/

The government’s new cyber-security “Manhattan Project” is so secretive that a key Senate oversight panel has been reduced to writing a letter to beg for answers to the most basic questions, such as what’s going on, what’s the point and what about privacy laws.

The Senate Homeland Security committee wants to know, for example, what is the goal of Homeland Security’s new National Cyber Security Center. They also want to know why it is that in March, DHS announced that Silicon Valley evangelist and security novice Rod Beckstrom would direct the center, when up to that point DHS said the mere existence of the center was classified.

Those are just two sub-questions out of a list of 17 multi-part questions centrist Sens. Joe Lieberman (I-Connecticut) and Susan Collins (R-Maine) sent to DHS in a letter Friday.

In fact, although the two say they asked for a briefing five months ago on what the center does, DHS has yet to explain its latest acronym.

The panel, noted it was pleased with the new focus on cyber security, but questioned Homeland Security’s request to triple the center’s cyber-security budget to about $200 million.

They cited concerns about the secrecy around the project, its reliance on contractors for the operation of the center and lack of dialogue with private companies that specialize in internet security.

That center is just one small part of the government’s new found interest in computer security, a project dubbed the Comprehensive National Cybersecurity Initiative, which has been rumored to eventually get some $30 billion in funding.

Little is known about the initiative since it was created via a secret presidential order in January, though the Washington Post reports that portions of it may be made public soon.

Source: http://www.nextgov.com/the_basics/tb_20090601_8569.php

The Comprehensive National Cybersecurity Initiative
BY JILL R. AITORO 06/01/2009

What Is It?

That’s a question many people have been asking ever since President George W. Bush issued National Security Presidential Directive 54 (a.k.a. Homeland Security Presidential Directive 23) on Jan. 8, 2008. The directive called for the formation of the Comprehensive National Cybersecurity Initiative, information that the Bush administration kept confidential, as has, so far, the Obama administration.

Here’s what we know.

The Bush administration developed CNCI to improve how the federal government protects sensitive information from hackers and nation states trying to break into agency networks. The Bush White House assembled the initiative after a string of cyberattacks on multiple agency computer systems.

CNCI attempts to unify agencies’ fragmented approach to federal cybersecurity by reworking and expanding existing programs and developing new security programs that are better at reducing the risk that networks can be hacked.

The initiative’s budget officially has been kept secret, but some cyber analysts estimated it to be $40 billion, spread over several years. According to the Washington Post, Bush’s single-largest request for funds in the fiscal 2009 intelligence budget was for CNCI, although specific figures were not released.

A Glimpse Inside

In October 2008, the Bush administration revealed some details about the program—the biggest glimpse into the initiative to date. The Homeland Security Department revealed CNCI included 12 components that either formalized existing cybersecurity processes or introduced new policies and business practices to better protect computer networks and systems. DHS released details on only a few components, some of which had been previously made public:

Trusted Internet Connections. The Office of Management and Budget announced this program in November 2007 with the goal of decreasing the number of connections that agencies had to external computer networks to 100 or less. Officials believe that the fewer connections agencies have to the Internet, the easier it will be for them to monitor and detect security incidents.

TIC requires agencies to use Einstein, an automated system DHS developed that collects security information and then sends it to the U.S. Computer Emergency Readiness Team. Agencies reduced the number of Internet connections by 39 percent in the first four months of 2008, from more than 4,300 to 2,758, OMB reported.

The Bush White House ordered agencies to provide plans of action and milestones to OMB by Oct. 15, and reminded them that TIC services can be bought through the Networx contract. The Obama administration has not yet provided an update on how many more connections agencies have closed down.

Intrusion detection. Michael Chertoff, the Homeland Security secretary during the Bush administration, outlined in letter dated July 18, 2008, to Congress his plans to deploy sensors in agencies’ networks that would detect malicious software and alert the Einstein system to security breaches in real time. The sensors, Chertoff wrote, would provide visibility throughout the federal cyberspace to identify vulnerabilities, risks and how to fight the attacks.

Intrusion prevention. Most cybersecurity specialists say computer networks must be monitored in order to identify cyberattacks before they successfully break into the system. Critics said the initial version of Einstein did not allow for network monitoring or include other intrusion prevention tools, a major flaw of the system. DHS added those capabilities in a later edition of Einstein. Obama requested funds in his fiscal 2010 budget to pay for monitoring and detection tools for the system.

Global supply chain security. There are no standards to secure the flow of goods and services worldwide. This poses huge risks to the global economy from malicious software and hardware, which hackers can implant in equipment and sell to agencies, allowing cyber spies a back door into networks to steal information. The equipment also can find its way into contractors’ networks, providing hackers a window into federal systems. How vulnerable the supply chain is to cyberattacks became evident this year when computer networks operated by a Defense Department contractor that supports a major weapons program were breached.

Other CNCI components include research and development, cyber counterintelligence, classified network security, cyber education and training, implementation of information security technologies, deterrence strategies, public-private collaboration and situational awareness.

The Bush administration established the National Cyber Security Center to coordinate information from agencies to secure networks and foster collaboration.

....continues....

Why So Secret?

The Bush administration said it kept details of CNCI secret for national security reasons. The decision drew criticism.

In May 2008, the Senate Homeland Security and Governmental Affairs Committee sent a letter to DHS requesting specific information about the secrecy of the project. In February 2009, Gregory Garcia, then assistant secretary of cybersecurity and telecommunications at DHS, said, “there was too much classified” under the initiative, “which was not helpful politically and not helpful in getting the word out. We had to walk that line between raised awareness of what was being accomplished and not letting out too much information that could cause us to be targeted. Still, too much was kept secret.”

Who Runs the Cyber Show?

Who’s in charge of cybersecurity—and the billions of dollars that come with it—has been part of the Washington power struggle. DHS and the intelligence community view cybersecurity as part of their mission. The Bush directive authorized the National Security Agency to monitor agencies’ computer networks, including systems they had not previously monitored, the DHS deputy secretary announced that Homeland Security would coordinate “the protection of federal networks” that fall within the .gov, .mil and .ic domains.

Ultimately, both were right. The undersecretary for national protection and programs at DHS was charged with directing CNCI, relying on the US-CERT and its Einstein system to monitor agency networks. Defense and intelligence agencies were assigned an operational role, particularly for computer systems and networks deemed more sensitive to national security. Those agencies were expected to focus on counterterrorism efforts.

But the delicate balance of duties was quickly upset when Rod Beckstrom, director of the National Cybersecurity Center, resigned. In a letter dated March 5 announcing his resignation, he expressed frustration over the increasing influence of NSA on cybersecurity, pointing to the agency’s high levels of staffing and technology that support cyber initiatives. He also cited the proposed move of two DHS organizations, the National Protection and Programs Directorate and the National Cybersecurity Center, to an NSA facility at Fort Meade, Md. The agency effectively controls DHS cyber initiatives and dominates most national efforts, which Beckstrom called “a bad strategy.”

Others believe neither DHS nor the intelligence community should be placed in charge of cybersecurity initiatives. The Commission on Cybersecurity for the 44th Presidency, which was created in October 2007 to provide recommendations in cybersecurity policy for the next administration, said the White House should take the lead in managing the government’s cybersecurity program. “We need to let people know that this is part of what a responsible government does,” said Jim Lewis, program manager for the commission. “For that to happen, the White House has to push this. People won’t listen to another agency telling them what to do.”

What’s Next?

Obama has not commented publicly about the status of CNCI, but he made clear two months into his presidency that cybersecurity would be a top priority. In February, the White House announced that Melissa Hathaway, who serves as the cyber coordination executive at the Office of the Director of National Intelligence and was senior adviser to the former DNI Mike McConnell, would lead a 60-day review of overall cyber organization and strategy in the federal government.

As senior director for cyberspace for the National Security and Homeland Security councils, Hathaway described the review as an opportunity to start from a clean slate. The review identified more than 250 requirements that a comprehensive cybersecurity program should address. The requirements fall into four areas of interests that officials identified:

-- Governance. How policy coordination and operational activities will be organized across the executive branch.

-- Architecture. How to enable performance, cost and security in cyberspace through standards, research and development, procurement, and monitoring the supply chain.

-- Normative behaviors. How best to introduce laws, regulations and international treaties that encourage a more secure cyberspace.

-- Capacity building. How to bolster resources, activities, research and training to support cybersecurity efforts in the public and private sectors.

Specifics won’t be available until results of the review are released, but components of CNCI likely will continue under the Obama administration in some form—though with greater oversight from the White House. Administration officials confirmed that the White House will not play an operational role in implementing Obama’s cybersecurity agenda, but will provide guidance to synchronize agencies’ missions and responsibilities, and many suspect a cybersecurity coordination office will be established to directly advise the president.