New Color-coded Cyber Threats

Remember when the Democrats and lobby groups ridiculed George W. Bush for using a color coded threat matrix? Carry on….

The White House now has a color-coded scale for cyber-security threat

TheVerge:  As the Obama administration nears its final months, the White House has released a framework for handling cyberattacks. The Presidential Policy Directive on United States Cyber Incident Coordination builds on the action plan that Obama laid out earlier this year, and it’s intended to create a clear standard of when and how government agencies will handle incidents. It also comes with a new threat level scale, assigning specific colors and response levels to the danger of a hack.

The cyberattack severity scale is somewhat vague, but it’s supposed to make sure that the agencies involved in cybersecurity — the Department of Justice, Department of Homeland Security, and Office of the Director of National Intelligence — respond to threats with the same level of urgency and investment. A Level One incident is “unlikely to impact public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence,” while a red Level Four one is “likely to result in a significant impact to public health or safety, national security, economic security, foreign relations, or civil liberties.” One final designation — Level Five, or black — covers anything that “poses an imminent threat to the provision of wide-scale critical infrastructure services, national government stability, or to the lives of US persons.”

The upshot of this is that anything at Level Three or above will trigger a coordination effort to address the threat. In addition to the groups above, this effort will include the company, organization, or agency that was attacked.

Cybersecurity is a growing concern, and both Congress and the White House have spent the past several years pushing various frameworks for shoring it up. This includes a series of hotly debated bills that culminated in the Cyber Information Sharing Act, which has raised privacy questions as it’s been put into practice. At the same time, high-profile hacks have led to serious consequences for companies like Sony Pictures, Target, and Ashley Madison. Most recently, an unknown hacker or hackers — potentially linked to Russia — breached the Democratic National Committee’s servers, releasing large numbers of embarrassing documents and emails. This announcement doesn’t tell us exactly how the federal government will handle future cyberattacks, but along with everything else, it does signal that they’re becoming a more and more standard part of the security equation.

*****

From the White House FACT SHEET: Presidential Policy Directive

The PPD builds on these lessons and institutionalizes our cyber incident coordination efforts in numerous respects, including:

  • Establishing clear principles that will govern the Federal government’s activities in cyber incident response;
  • Differentiating between significant cyber incidents and steady-state incidents and applying the PPD’s guidance primarily to significant incidents;
  • Categorizing the government’s activities into specific lines of effort and designating a lead agency for each line of effort in the event of a significant cyber incident;
  • Creating mechanisms to coordinate the Federal government’s response to significant cyber incidents, including a Cyber Unified Coordination Group similar in concept to what is used for incidents with physical effects, and enhanced coordination procedures within individual agencies;
  • Applying these policies and procedures to incidents where a Federal department or agency is the victim; and,
  • Ensuring that our cyber response activities are consistent and integrated with broader national preparedness and incident response policies, such as those implemented through Presidential Policy Directive 8-National Preparedness, so that our response to a cyber incident can seamlessly integrate with actions taken to address physical consequences caused by malicious cyber activity.

We also are releasing today a cyber incident severity schema that establishes a common framework within the Federal government for evaluating and assessing the severity of cyber incidents and will help identify significant cyber incidents to which the PPD’s coordination procedures would apply.

Incident Response Principles

The PPD outlines five principles that will guide the Federal government during any cyber incident response:

  • Shared Responsibility – Individuals, the private sector, and government agencies have a shared vital interest and complementary roles and responsibilities in protecting the Nation from malicious cyber activity and managing cyber incidents and their consequences.
  • Risk-Based Response – The Federal government will determine its response actions and  resource needs based on an assessment of the risks posed to an entity, national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
  • Respecting Affected Entities – Federal government responders will safeguard details of the incident, as well as privacy and civil liberties, and sensitive private sector information.
  • Unity of Effort – Whichever Federal agency first becomes aware of a cyber incident will rapidly notify other relevant Federal agencies in order to facilitate a unified Federal response and ensure that the right combination of agencies responds to a particular incident.
  • Enabling Restoration and Recovery – Federal response activities will be conducted in a manner to facilitate restoration and recovery of an entity that has experienced a cyber incident, balancing investigative and national security requirements with the need to return to normal operations as quickly as possible.

Significant Cyber Incidents

While the Federal government will adhere to the five principles in responding to any cyber incident, the PPD’s policies and procedures are aimed at a particular class of cyber incident: significant cyber incidents.  A significant cyber incident is one that either singularly or as part of a group of related incidents is likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.

When a cyber incident occurs, determining its potential severity is critical to ensuring the incident receives the appropriate level of attention.  No two incidents are the same and, particularly at the initial stages, important information, including the nature of the perpetrator, may be unknown.

Therefore, as part of the process of developing the incident response policy, the Administration also developed a common schema for describing the severity of cyber incidents, which can include credible reporting of a cyber threat, observed malicious cyber activity, or both.  The schema establishes a common framework for evaluating and assessing cyber incidents to ensure that all Federal departments and agencies have a common view of the severity of a given incident, the consequent urgency of response efforts, and the need for escalation to senior levels.

The schema describes a cyber incident’s severity from a national perspective, defining six levels, zero through five, in ascending order of severity.  Each level describes the incident’s potential to affect public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence.  An incident that ranks at a level 3 or above on this schema is considered “significant” and will trigger application of the PPD’s coordination mechanisms.

Lines of Effort and Lead Agencies

To establish accountability and enhance clarity, the PPD organizes Federal response activities into three lines of effort and establishes a Federal lead agency for each:

  • Threat response activities include the law enforcement and national security investigation of a cyber incident, including collecting evidence, linking related incidents, gathering intelligence, identifying opportunities for threat pursuit and disruption, and providing attribution.   The Department of Justice, acting through the Federal Bureau of Investigation (FBI) and the National Cyber Investigative Joint Task Force (NCIJTF), will be the Federal lead agency for threat response activities.
  • Asset response activities include providing technical assets and assistance to mitigate vulnerabilities and reducing the impact of the incident, identifying and assessing the risk posed to other entities and mitigating those risks, and providing guidance on how to leverage Federal resources and capabilities.   The Department of Homeland Security (DHS), acting through the National Cybersecurity and Communications Integration Center (NCCIC), will be the Federal lead agency for asset response activities.  The PPD directs DHS to coordinate closely with the relevant Sector-Specific Agency, which will depend on what kind of organization is affected by the incident.
  • Intelligence Support and related activities include intelligence collection in support of investigative activities, and integrated analysis of threat trends and events to build situational awareness and to identify knowledge gaps, as well as the ability to degrade or mitigate adversary threat capabilities.  The Office of the Director of National Intelligence, through the Cyber Threat Intelligence Integration Center, will be the Federal lead agency for intelligence support and related activities.

In addition to these lines of effort, a victim will undertake a wide variety of response activities in order to maintain business or operational continuity in the event of a cyber incident.  We recognize that for the victim, these activities may well be the most important.  Such efforts can include communications with customers and the workforce; engagement with stakeholders, regulators, or oversight bodies; and recovery and reconstitution efforts.   When a Federal agency is a victim of a significant cyber incident, that agency will be the lead for this fourth line of effort.  In the case of a private victim, the Federal government typically will not play a role in this line of effort, but will remain cognizant of the victim’s response activities consistent with these principles and coordinate with the victim.

Coordination Architecture

In order to facilitate the more coordinated, integrated response demanded by significant cyber incidents, the PPD establishes a three-tiered coordination architecture for handling those incidents:

National Policy Level:  The PPD institutionalizes the National Security Council-chaired interagency Cyber Response Group (CRG).  The CRG will coordinate the development and implementation of United States Government policy and strategy with respect to significant cyber incidents affecting the United States or its interests abroad.

National Operational Level:  The PPD directs agencies to take two actions at the national operational level in the event of a significant cyber incident.

  • Activate enhanced internal coordination procedures.  The PPD instructs agencies that regularly participate in the Cyber Response Group to develop these procedures to ensure that they can surge effectively when confronted with an incident that exceeds their day-to-day operational capacity.
  • Create a Unified Coordination Group.  In the event of a significant cyber incident, the PPD provides that the lead agencies for each line of effort, along with relevant Sector-Specific Agencies (SSAs), state, local, tribal and territorial governments, international counterparts, and private sector entities, will form a Cyber Unified Coordination Group (UCG) to coordinate response activities.  The Cyber UCG shall coordinate the development, prioritization, and execution of cyber response efforts, facilitate rapid information sharing among UCG members, and coordinate communications with stakeholders, including the victim entity.

Field Level:  The PPD directs the lead agencies for each line of effort to coordinate their interaction with each other and with the affected entity.

Integration with Existing Response Policy

The PPD also integrates U.S. cyber incident coordination policy with key aspects of existing Federal preparedness policy to ensure that the Nation will be ready to manage incidents that include both cyber and physical effects, such as a significant power outage resulting from malicious cyber activity.  The PPD will be implemented by the Federal government consistent with existing preparedness and response efforts.

Implementation tasks

The PPD also directs several follow-on tasks in order to ensure its full implementation.  In particular, it requires that the Administration develop and finalize the National Cyber Incident Response Plan – in coordination with State, Local, Territorial, and Tribal governments, the private sector, and the public – to further detail how the government will manage cyber incidents affecting critical infrastructure.  It also directs DHS and DOJ to develop a concept of operations for how a Cyber UCG will operate and for the NSC to update the charter for the CRG.

Passionatepolka, TreasureMap and FLATLIQUID?

I read one of his books several years ago….

The summary below is not classified material. The Intelligence Community  including the NSA has declassified a lot of material such as:

Chinese Cyber Espionage in the U.S.

August 10, 2015

China Read Emails of Top U.S. Officials – NBC News

NSA slide showing China hacking units

Commentary: The world’s best cyber army doesn’t belong to Russia

by: Bamford

Reuters: National attention is focused on Russian eavesdroppers’ possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns — and the presidents — of even its closest allies.

The United States is, by far, the world’s most aggressive nation when it comes to cyberspying and cyberwarfare. The National Security Agency has been eavesdropping on foreign cities, politicians, elections and entire countries since it first turned on its receivers in 1952. Just as other countries, including Russia, attempt to do to the United States. What is new is a country leaking the intercepts back to the public of the target nation through a middleperson.

There is a strange irony in this. Russia, if it is actually involved in the hacking of the computers of the Democratic National Committee, could be attempting to influence a U.S. election by leaking to the American public the falsehoods of its leaders. This is a tactic Washington used against the Soviet Union and other countries during the Cold War.

In the 1950s, for example, President Harry S Truman created the Campaign of Truth to reveal to the Russian people the “Big Lies” of their government. Washington had often discovered these lies through eavesdropping and other espionage.

Today, the United States has morphed from a Cold War, and in some cases a hot war, into a cyberwar, with computer coding replacing bullets and bombs. Yet the American public manages to be “shocked, shocked” that a foreign country would attempt to conduct cyberespionage on the United States.

NSA operations have, for example, recently delved into elections in Mexico,  targeting its last presidential campaign. According to a top-secret PowerPoint presentation leaked by former NSA contract employee Edward Snowden, the operation involved a “surge effort against one of Mexico’s leading presidential candidates, Enrique Peña Nieto, and nine of his close associates.” Peña won that election and is now Mexico’s president.

The NSA identified Peña’s cellphone and those of his associates using advanced software that can filter out specific phones from the swarm around the candidate. These lines were then targeted. The technology, one NSA analyst noted, “might find a needle in a haystack.” The analyst described it as “a repeatable and efficient” process.

The eavesdroppers also succeeded in intercepting 85,489 text messages, a Der Spiegel article noted.

Another NSA operation, begun in May 2010 and codenamed FLATLIQUID, targeted Pena’s predecessor, President Felipe Calderon. The NSA, the documents revealed, was able “to gain first-ever access to President Felipe Calderon’s public email account.”

At the same time, members of a highly secret joint NSA/CIA organization, called the Special Collection Service, are based in the U.S. embassy in Mexico City and other U.S. embassies around the world. It targets local government communications, as well as foreign embassies nearby. For Mexico, additional eavesdropping, and much of the analysis, is conducted by NSA Texas, a large listening post in San Antonio that focuses on the Caribbean, Central America and South America.

Unlike the Defense Department’s Pentagon, the headquarters of the cyberspies fills an entire secret city. Located in Fort Meade, Maryland, halfway between Washington and Baltimore, Maryland, NSA’s headquarters consists of scores of heavily guarded buildings. The site even boasts its own police force and post office.

And it is about to grow considerably bigger, now that the NSA cyberspies have merged with the cyberwarriors of U.S. Cyber Command, which controls its own Cyber Army, Cyber Navy, Cyber Air Force and Cyber Marine Corps, all armed with state-of-the-art cyberweapons. In charge of it all is a four-star admiral, Michael S. Rogers.

Now under construction inside NSA’s secret city, Cyber Command’s new $3.2- billion headquarters is to include 14 buildings, 11 parking garages and an enormous cyberbrain — a 600,000-square-foot, $896.5-million supercomputer facility that will eat up an enormous amount of power, about 60 megawatts. This is enough electricity to power a city of more than 40,000 homes.

In 2014, for a cover story in Wired and a PBS documentary, I spent three days in Moscow with Snowden, whose last NSA job was as a contract cyberwarrior. I was also granted rare access to his archive of documents. “Cyber Command itself has always been branded in a sort of misleading way from its very inception,” Snowden told me. “It’s an attack agency. … It’s all about computer-network attack and computer-network exploitation at Cyber Command.”

The idea is to turn the Internet from a worldwide web of information into a global battlefield for war. “The next major conflict will start in cyberspace,” says one of the secret NSA documents. One key phrase within Cyber Command documents is “Information Dominance.”

The Cyber Navy, for example, calls itself the Information Dominance Corps. The Cyber Army is providing frontline troops with the option of requesting “cyberfire support” from Cyber Command, in much the same way it requests air and artillery support. And the Cyber Air Force is pledged to “dominate cyberspace” just as “today we dominate air and space.”

Among the tools at their disposal is one called Passionatepolka, designed to “remotely brick network cards.” “Bricking” a computer means destroying it – turning it into a brick.

One such situation took place in war-torn Syria in 2012, according to Snowden, when the NSA attempted to remotely and secretly install an “exploit,” or bug, into the computer system of a major Internet provider. This was expected to provide access to email and other Internet traffic across much of Syria. But something went wrong. Instead, the computers were bricked. It took down the Internet across the country for a period of time.

While Cyber Command executes attacks, the National Security Agency seems more interested in tracking virtually everyone connected to the Internet, according to the documents.

One top-secret operation, code-named TreasureMap, is designed to have a “capability for building a near real-time interactive map of the global Internet. … Any device, anywhere, all the time.” Another operation, codenamed Turbine, involves secretly placing “millions of implants” — malware — in computer systems worldwide for either spying or cyberattacks.

Yet, even as the U.S. government continues building robust eavesdropping and attack systems, it looks like there has been far less focus on security at home. One benefit of the cyber-theft of the Democratic National Committee emails might be that it helps open a public dialogue about the dangerous potential of cyberwarfare. This is long overdue. The possible security problems for the U.S. presidential election in November are already being discussed.

Yet there can never be a useful discussion on the topic if the Obama administration continues to point fingers at other countries without admitting that Washington is engaged heavily in cyberspying and cyberwarfare.

In fact, the United States is the only country ever to launch an actual cyberwar — when the Obama administration used a cyberattack to destroy thousands of centrifuges, used for nuclear enrichment, in Iran. This was an illegal act of war, according to the Defense Department’s own definition.

Given the news reports that many more DNC emails are waiting to be leaked as the presidential election draws closer, there will likely be many more reminders of the need for a public dialogue on cybersecurity and cyberwarfare before November.

 

(James Bamford is the author of The Shadow Factory: The Ultra-Secret NSA From 9/11 to the Eavesdropping on America. He is a columnist for Foreign Policy magazine.)

Russia IS in Ukraine and Planning Another Offensive

Militants preparing offensive at Svitlodarsk bridgehead: Ukraine intelligence Militants are preparing for combat operations in the Donetsk and Slaviansk directions, the Main Directorate of Intelligence of Ukraine’s Defense Ministry wrote on Facebook.

Pro-Russian rebels in eastern Ukraine accuse government soldiers of launching a new offensive near a prized but obliterated airport in the separatists’ de facto capital of Donetsk.

“The intelligence service has detected signs of enemy preparations for combat operations in the Donetsk and Slaviansk directions (Svitlodarsk bridgehead). From August 4 to 8, there is threat of an intensified offensive or raid actions to expand controlled areas,” the report read.

Read also: Donbas militants keep tanks, Grad launchers near Makiyivka, Donetsk – intel

The militants also continue to conduct reconnaissance. In particular, the intelligence service spotted a reconnaissance group of the 9th separate Assault Marine Regiment (Novoazovsk) of the 1st Armed Corps (Donetsk) of the Russian Armed Forces. Sabotage and reconnaissance groups are also scheduled to make an appearance in the following settlements: Maiorsk, Zaitseve, Avdiyivka and Opytne, as well as Pisky, Krasnohorivka and Maryinka. In addition, the intelligence service has reported the arrival of railway cargo from the territory of the Russian Federation to Ilovaisk, comprising two railcars filled with anti-tank and anti-personnel mines, six railcars with ammunition, one railcar with medicines and another one with the uniforms. More here. 
******

Russia has been and is paying special attention to Ukraine. This was the case during tsarist and Soviet times. This is the case now. Consequently, Ukraine has been widely infiltrated by Russian agents, who help their “brotherly neighbors” direct the course of the Ukrainian state into the pro-Russian channel. These agents of influence are not only the Russian mass-media, like the Russian Vesti media conglomerate, the Opposition  Bloc Party, the Ukrainian Choice organization (pro-Russian group created by Putin’s crony Viktor Medvedchuk — Ed.), the numerous parishes of the Moscow Patriarchate, and the Russian business structures that continue to operate in Ukraine. Russian agents have even infiltrated the structures that display their pro-Ukrainian orientation.

Putin’s “Brusilov Offensive” is based on isolating Ukraine from the West on the one hand and destabilizing Ukraine on the other. He has already accomplished portions of the plan; he may yet accomplish others. But we alone will determine to what extent we will resist this “offensive” and if we have enough endurance and the ability to be guided by cold reason. Read more here.

$400M is but One Payment to Iran, from a 1996 Legal Case

It is not ransom, it is not ransom…okay…well let’s go further shall we?

Justice Department Officials Raised Objections on U.S. Cash Payment to Iran

Some officials worried about message being sent, but were overruled, WSJ

Then, Obama violated his own Executive Order as noted here and dated February 5, 2012.

Why did we convert to cash in various currencies and not just wire the money into designated Iranian banks? Well the excuse is sanctions. And Iran demanded cash such that later purchases or transactions could not be monitored, so John Kerry was cool with that. The result was smuggling $400 million on pallets on an unmarked cargo plane that landed in the middle of the night. Smuggling?

What is bulk cash smuggling?

Bulk Cash Smuggling is a reporting offense under the Bank Secrecy Act, and is part of the United States Code (U.S.C.). The code stipulates:

Whoever, with the intent to evade a currency reporting requirement, knowingly conceals more than $10,000 in currency or other monetary instruments on the person of such individual or in any conveyance, article of luggage, merchandise, or other container, and transports or transfers or attempts to transport or transfer such currency or monetary instruments from a place within the United States to a place outside of the United States, or from a place outside the United States to a place within the United States, shall be guilty of a currency smuggling offense.

What authorities govern bulk cash smuggling offenses?

Title 31 U.S.C. § 5332 (Bulk Cash Smuggling) makes it a crime to smuggle or attempt to smuggle more than $10,000 in currency or monetary instruments into or out of the United States, with the specific intent to evade the U.S. currency reporting requirements codified in Title 31 U.S.C. §§ 5316 and 5317.

ICE HSI relies on other financial authorities granted under Title 31 U.S.C. (Money and Finance), specifically those related to violations of reporting requirements and structuring financial transactions, as well as criminal authorities, such as Title 18 U.S.C. § 1960 (Unlicensed Money Transporter/Transmitter), Title 18 U.S.C. § 1952 (Interstate and Foreign Travel or Transportation in Aid of Racketeering Enterprises) and Title 18 U.S.C. § 1956 (Money Laundering). These authorities allow ICE HSI to disrupt and dismantle criminal networks that move bulk cash, wherever they may operate.

What are monetary instruments?

Monetary instruments are financial instruments that can be used similarly to cash. Specifically, monetary instruments are defined on the second or reverse side of the FinCEN Form 105:

  1. Coin or currency of the United States or of any other country.
  2. Traveler’s checks in any form.
  3. Negotiable instruments (including checks, promissory notes, and money orders) in bearer form, endorsed without restriction, made out to a fictitious payee, or otherwise in such form that title thereto passes upon delivery.
  4. Incomplete instruments (including checks, promissory notes, and money orders) that are signed but on which the name of the payee has been omitted.
  5. Securities or stock in bearer form or otherwise in such form that title thereto passes upon delivery.

Monetary instruments do not include the following:

  • Checks or money orders made payable to the order of a named person which have not been endorsed or which bear restrictive endorsements.
  • Warehouse receipts
  • Bills of lading.   More here.

****

Remember the plane was delayed for reasons no one was willing to declare but then John Kerry blamed it on a glitch with the passenger list.

There had been expectations that they would leave on Saturday, while the final round of talks on sanctions were taking place. But the Swiss plane carrying Jason Rezaian, the Washington Post’s Tehran bureau chief, Saeed Abedini, a pastor from Idaho and Amir Hekmati, a former Marine from Flint, Michigan as well as some of their family members did not leave until Sunday morning.

It had been reported when the plane took off that Nosratollah Khosravi-Roodsari, about whom little is known, was on board. But a senior U.S. official later said he was not traveling with the other released prisoners. More here.

It is also important to remember as Iran released 4 prisoners, the United States released 7. It is also important to remember that Obama had to issue a pardon for those 7 to be released.

Iran’s official state news agency, IRNA, named the Iranians set for release as Nader Modanlou, Bahram Mechanic, Khosrow Afghahi, Arash Ghahraman, Tooraj Faridi, Nima Golestaneh and Ali Saboonchi. Mechanic’s lawyer told Reuters that Mechanic, Faridi and Afghahi had been pardoned, but Mechanic and Faridi had not yet been freed from custody as their release was contingent on the four American prisoners leaving Iran. The U.S. government has yet to confirm the identities of the Iranians to be freed. All seven have the option of staying in the U.S. rather than returning to Iran. The U.S. State Department also dropped an international request to detain 14 Iranians on trade violations on Saturday, saying the extradition requests were unlikely to be successful. More here.

Okay, so with all of that, what about the rest of the money allegedly owed to Iran?

Well it seems someone needs to look at the lawsuit in clear detail as it was not filed until 1996. The U.S. response to the lawsuit is here in .pdf.

On August 12, 1996, the Islamic Republic of Iran filed aStatement of Claim (Doc . 1) in a new interpretive dispute againstthe United States, Case No . A/30, alleging that the United Stateshas violated its commitments under the Algiers Accords byinterfering in Iran’s internal affairs and implementing economicsanctions against Iran.

The Government of Iran, which has a long record of using terrorism and lethal force as an instrument of state policy, isseeking a ruling from the Tribunal that the United States hasviolated the Algiers Accords by intervening in Iran’s internalaffairs and enacting economic sanctions against it . Iran assertsthat the United States has violated two obligations under theAlgiers Accords : the pledge in Paragraph 1 of the GeneralDeclaration that it is and will be the policy of the UnitedStates not to intervene in Iran’s internal affairs, and therequirement in Paragraph 10 of the General Declaration to revokeall trade sanctions imposed in response to Iran’s seizing the

U.S . Embassy and taking 52 American hostages on November 4, 1979.

To hear the State Department spokesperson, Admiral Kirby (ret), John Kerry and the White House spokesperson Josh Earnest tell it, the U.S. was about to be rendered a decision by The Hague that we lost the case. Really when it began over kidnapping, hostages and terrorism? C’mon….

October Surprise, POTUS Clearing the Middle East Decks

It is all about politics which is all about timing. Obama is clearing the mess in Iraq and Syria for Hillary and while he is scheduled to take October off to campaign for Hillary, big military operations are planned for Islamic State destruction. Hillary then enters the White House to take on Supreme Court judges and social issues? It is political extortion to sway the elections and the electorate.

Get Ready for Obama’s ‘October Surprise’ in Iraq

If Iraqi and Kurdish troops—with stepped-up U.S. support—retake Mosul as planned, it could be a big boost for Hillary.

Politico: The American public could be treated to a major U.S.-led military victory in Iraq this fall, just as voters are deciding who will be the nation’s next president—but U.S. military officials insist the timing of the operation has nothing to do with politics.

Iraqi and Kurdish military and paramilitary units are preparing for a push on Mosul, the Islamic State-held city that is now in the cross hairs of the U.S.-led coalition battling the terrorist group across the Middle East. “The idea is to isolate Mosul, cut it off, kill it,” a senior U.S. Central Command officer told me.

Senior military officers say the city in northern Iraq, which has been under Islamic State control since June 2014, will be enveloped in a complex pincer movement from Iraqi military forces battling their way into the city from the southeast and Kurdish units storming the city from the northwest. The military offensive, months in the planning, is now tentatively scheduled to begin sometime in early October, with a final battle for Mosul coming at the end of that month.

If Mosul is retaken, it would both mark a major political triumph for Barack Obama and likely benefit his party’s nominee at the polls, Hillary Clinton, undercutting Republican claims that the Obama administration has failed to take off the gloves against the Islamic State. Even so, senior officers at U.S. Central Command who are overseeing the effort scoff at the notion that the Mosul offensive is being timed to help the candidate Obama is now actively campaigning for, his former secretary of state.

“Hurrying this thing along for political benefit would be just about the dumbest thing that we could do,” the senior Centcom officer told me this week, “and there’s been no pressure for us to do that. None. Iraqi and Kurdish fighters are going to fight for the city when they’re damned good and ready, and not before. There’s too much at stake to do it any other way.”

Iraqi and Kurdish fighters are going to fight for the city when they’re damned good and ready, and not before. There’s too much at stake to do it any other way.”

All evidence supports that notion, but U.S. officials have confirmed the Pentagon is planning ways to time their offensive against Mosul with an attack on the Islamic State “capital” in Raqqa, Syria. A coordinated Mosul-Raqqa military offensive could yield a dual defeat to the ISIS caliphate, unhinge ISIS power in both Syria and Iraq and have the added benefit of pinning ISIS units moving into Iraq along interior lines from Syria in place. In late March, the Centcom stepped up its monitoring of the Syria-Iraq border, with the intended purpose of spotting and bombing ISIS units headed toward Mosul.

The ambitious plans for Mosul and Raqqa reflect a shift in tactics and deeper U.S. involvement that has not been fully reported in the U.S. media—or talked about in the presidential campaign. Most recently, Centcom has gained White House permission to deploy U.S. advisers with Iraqi units at the battalion level, which would place U.S. advisers and trainers in greater danger, but would also give them more control of the battlefield. And the U.S. has been quick to flow advisers (an initial tranche of some 200 in all) into al-Qayyarah air base, about 40 miles south of Mosul, which was overrun by Iraqi military forces last week. Washington has also boldly stepped up its support of the Peshmerga, the veteran military units of the Kurdistan Regional Government who will lead the assault on Mosul from the north, despite the risk of upsetting the delicate regional politics—especially suspicions by the Shia-led Iraqi government that the U.S. is favoring the Kurds. On July 12, the U.S. signed an agreement with the KRG to provide Peshmerga units with $415 million for the purchase of ammunition and medical equipment. The agreement would also provide heavy weapons to Peshmerga units, which have been consistently outgunned by ISIS fighters, according to one senior civilian Pentagon official. The $415 million would correct that shortfall, with weapons flowing into Peshmerga units near Mosul.

The stepped-up aid to the Kurds reflects U.S. military confidence that the Islamic State is being rolled back. Since the campaign was initiated on August 8, 2014, the U.S.-led coalition has launched over 13,000 airstrikes on Islamic State military targets. Just as crucially, the four near-term goals laid out by the U.S. military to combat ISIS are on the verge of completion: to stabilize Anbar, prepare coalition ground forces to take Mosul, organize a ground campaign in Syria for a planned assault on Raqqa and ramp up the flow of weapons for anti-ISIS ground forces.

The stepped-up aid to the Kurds reflects U.S. military confidence that Islamic State is being rolled back.”

A dual offensive targeting Raqqa as well as Mosul was hinted at by Lt. General Sean MacFarland, the U.S. officer commanding the anti-ISIS effort, in a July 11 news conference. Seizing control of Raqqa, he said, would mean that ISIS would “lose a base of operations, would “lose financial resources” and would “lose the ability to plan, to create the fake documentation that they need to get around the world.” Centcom military planners say that, from a U.S. military perspective, the fight for Raqqa will be even more important than the fight for Mosul.

“It is clear who will be in the Mosul fight,” former Syrian diplomat Bassam Barabandi told me this week, “but just who will take part in the Raqqa fight is not so clear. It is being negotiated now. But I don’t think there’s any doubt, it will be Raqqa and Mosul, and Iraqi officials have confirmed that they would like to take the city in October.”

The fight for Mosul will be done by a trifecta of military forces: Iraq’s Popular Mobilization Forces (the controversial Hashd al-Shabi), the Peshmerga and Iraqi Security Forces, large numbers of whom are being trained by U.S. advisers. The U.S. is uncomfortable with the predominantly Shia Hashd forces leading the assault, as they are only nominally controlled by the Baghdad government and have proved recalcitrant in taking American advice. Formed in June 2014 after Grand Ayatollah Ali al-Sistani called on Shias to fight ISIS, some elements of the Hashd are closely aligned with the Iranian al-Quds force, with their commander reporting to Iranian commander Qasem Soleimani.

But according to Robert Tollast, a U.K.-based military analyst who has traveled to Iraq and spoken with a number of Hashd commanders, Hashd is proving to be a bigger help than ever; the group is increasingly recruiting Sunni tribesmen eager to expel ISIS from their towns and villages. “We’re seeing a replay of what happened during the Anbar Awakening,” Tollast says. “ISIS brutality has forced a lot of Anbar’s Sunnis into an alliance with Hashd, just as, back in 2006, Al Qaeda’s brutality forced the Sunnis into the arms of the Americans.” Crucially, the Islamic State’s cultural cleansing of Anbar has begun to increase the appeal of Hashd units to Anbar’s Sunnis, the exact opposite of ISIS’s strategy of maintaining and exacerbating Iraq’s sectarian divide.

But while Sunnis in increasing numbers are now joining the fight against the Islamic State, their presence has not always been welcome by Iraqi Shias already doing the fighting. “The Shias view ISIS as just another form of Sunni Baathism,” Tollast says. In this, at least, they are not wrong: The senior leaders of ISIS were often prominent in the Saddam’s Baath Party, which brutally suppressed Shias during his nearly 25-year rule. The divide is deep. During a recent trip, Tollast had a meeting with a Shia leader whose office included a poster depicting Baathist Republican Guardsmen executing Shia civilians in 1991. Tollast told me that the parallel to the June 2014 Camp Speicher massacre, in which an ISIS unit commanded by a former Saddamist murdered over 1,500 Iraqi Air Force cadets, all of them Shia, was unmistakable.

The Shias view ISIS as just another form of Sunni Baathism,” Tollast says. In this, they are not wrong.

All of which helps explain why the Kurdish Peshmerga are considered a mainstay of the Mosul operation; U.S. military officials have enormous faith in the Peshmerga’s fighting abilities, even as the strong U.S.-Kurdish relationship has proved difficult for the Iraqi central government (which recently accused Peshmerga forces of arresting and torturing Iraqi army soldiers), as well as the commanders of a variety of Popular Mobilization Force units. Turkey is another key player, since the neighboring country also fears growing Kurdish influence with the U.S.—especially since the failed coup attempt earlier in July, which the Turkish government has blamed on a Muslim cleric living in exile in Pennsylvania—as Turkey jockeys for position in a post-conflict Mosul against the PKK, the Kurdistan Workers Party, which now controls an arc of territory from northern Iraq into northern Syria. So far, the fight against ISIS has provided the glue for a tense, if uneasy, truce among these political factions—but U.S. officials concede the informal alliance on the battlefield could be shattered by political disagreements.

According to the senior Pentagon official, the recently negotiated U.S.-Kurdish understanding came with strings attached, including Peshmerga battlefield coordination with Iraqi Security Forces operating on the Mosul front. Peshmerga commanders, according to this official, have now agreed to stand aside when the Iraqi Security Forces pass through their units during the initial assault on Mosul. The move is part of a U.S. effort to make sure that the units involved in the Mosul fight don’t end up battling each other. The memorandum of understanding was signed in Erbil, with the Americans represented by acting Assistant Secretary of Defense for International Security Affairs Elissa Slotkin. It was Slotkin who, back in January of 2015, gave the cold shoulder to Sunni Anbar leaders who came to Washington to plead that the U.S. government bypass the Baghdad government to arm them directly. The U.S. refused.

While the refusal of the Obama administration to arm Anbar’s Sunnis met with widespread criticism on Capitol Hill, the administration still maintains that arming the Sunnis directly would be a mistake. In the wake of the visit by Anbar Sunnis in 2015, the administration quietly responded to its critics by pointing out that large numbers of weapons the U.S. had provided the tribes during the Bush years had ended up in the hands of ISIS. “They’re nice people, they mean well,” an administration official told me at the time. “But we can’t trust them.”

The U.S. continues to insist that all support for Anbar’s Sunni tribes be funneled through Iraq’s Ministry of Defense. But while the U.S. is still saying “no” to Anbar leaders who demand the U.S. bypass the Iraqi government in supporting them, the answer now is more nuanced: It’s more of a “no, but … ” More regular support for Anbar’s Sunnis is now possible, U.S. officials say, because the Defense Ministry is under the control of Khaled al-Obaidi, a Sunni from Mosul who has made it a point of touring Iraq military units preparing to storm the town. Obaidi’s appointment in October 2014 was widely criticized by Iraq’s Shia political parties, and there was an assassination attempt on him last September, when his convoy was hit by sniper fire north of Baghdad. Despite the controversy over his appointment, the U.S. told Iraqi Prime Minister Haider al-Abadi that Obaidi’s presence was essential in the anti-ISIS fight because it would help to heal the rift between the Shia dominated government and Anbar’s tribes.

Still, Sunni tribal leaders complained throughout the early part of 2015 that the Iraqi government was slow to provide them with the weapons they needed. So last October, Pentagon officials say, Defense Secretary Ash Carter increased pressure on the Iraqi government to accelerate weapons’ deliveries to Anbar’s newly created Tribal Mobilization Force. Carter told the Congress that the U.S. had provided “two battalions’ worth of equipment for mobilizing Sunni tribal forces,” adding that it was up to the Iraqis to “ensure it is distributed effectively.” He added that “local Sunni forces need to be “sufficiently equipped and regularly paid.”

The fight for Mosul and Raqaa will likely be a turning point in the war against ISIS.

What Carter didn’t say, but the Pentagon officials now confirm, is that the U.S. has also channeled funding support to key tribal leaders through Obaidi’s ministry, as a kind of replay of the financial support that helped jump-state the Sunni Awakening in 2006. While the new Tribal Mobilization Force cannot match the combat power of the Hashd al-Shaabi (Anbar’s Sunnis can contribute 10,000 soldiers to the Mosul effort, at most, one Centcom officer says), its participation is essential as a symbol of the Abadi government’s attempt to build an anti-ISIS coalition of diverse Iraqi forces. (Suhaib al-Rawi, Anbar’s governor, said he preferred to withhold any comment on this report.)

The fight for Mosul and Raqqa will likely be a turning point in the war against ISIS. But while no one in Baghdad or Washington is guaranteeing victory, the U.S.-led coalition’s control of the air and the continued degradation of ISIS’s battlefield assets (they have lost nearly 150 tanks and over 7,000 reinforced fighting positions, according to Centcom’s precisely tabulated data), means that the Mosul fight could follow the model provided by the Battle for Fallujah, which the Iraqis reconquered from ISIS back in June. In that case, according to Joel Wing who charts events in the country and writes the “Musings on Iraq” blog, “there were tougher outer defenses and then little in the interior.” Mosul, he says, could be “even more like that.” Then too, he adds, the fight for Mosul has become so important that “everyone wants in on it.”

That’s the good news. The bad news is that while the broad U.S.-led coalition to fight ISIS remains unified, the same cannot be said for the forces on the ground. The only thing that unites them, it seems, is that they hate ISIS more than they hate each other. So while senior U.S. military officers are confident that a final assault on Mosul will succeed, they also know that the offensive could break apart even before it is launched.

Which means that while Obama would welcome an October surprise, he continues to caution that the fight against ISIS could take years. And it’s why Prime Minister Abadi has ignored calls that he expel U.S. military advisers, that he seize control of the Shia-dominated Hashd al-Shabi, that he dismiss Obaidi, that he cease all support for Anbar’s Tribal Mobilization Force and that he get tougher with the Kurds. And that’s because Abadi knows that the fight for Mosul is a battle Iraq can’t afford to lose.

Read more: http://www.politico.com/magazine/story/2016/08/iraq-offensive-2016-mosul-islamic-state-isis-isil-obama-foreign-policy-kurdish-214121#ixzz4GG8Oadmu
Follow us: @politico on Twitter | Politico on Facebook

Read more: http://www.politico.com/magazine/story/2016/08/iraq-offensive-2016-mosul-islamic-state-isis-isil-obama-foreign-policy-kurdish-214121#ixzz4GG80b3Jn
Follow us: @politico on Twitter | Politico on Facebook

Read more: http://www.politico.com/magazine/story/2016/08/iraq-offensive-2016-mosul-islamic-state-isis-isil-obama-foreign-policy-kurdish-214121#ixzz4GG7qQ4Bn
Follow us: @politico on Twitter | Politico on Facebook