Think Tank Predicted Russian Cyberwar v. United States

Posted on May 3, 2017May 3, 2017 by Denise Simon

Washington, D.C., May 3, 2017 – A Rand Corporation 1967 paper predicted many of the cyber dilemmas faced by policy makers today, and a 2017 expanded analysis of the “GRIZZLY STEPPE” hacking by Russian cyber operators disclosed key findings about the techniques the hackers used and ways to mitigate them, according to the National Security Archive publication today of 40+ highlighted primary sources from the critically-praised “Cyber Vault” at http://nsarchive.gwu.edu/cybervault.

Compiled and edited by noted intelligence historian Dr. Jeffrey T. Richelson, the Cyber Vault collection of primary sources is growing by a dozen or more documents every week, and includes the declassified briefings provided by the National Security Agency to the George W. Bush and Barack Obama transition teams in 2000 and 2009, respectively. The collection also includes a 2016 order from the U.S. Cyber Command to set up a unit with the mission of debilitating and destroying computer and communications operations of the terrorist group ISIS.

The Cyber Vault team obtained the 2016 order under the Freedom of Information Act (FOIA). The project has filed scores of other FOIA and declassification requests as part of a multi-year documentation contribution to the growing field of cyber studies, with the support of the William and Flora Hewlett Foundation.

The 2000 transition briefing explicitly foreshadowed the Edward Snowden controversy, warning the new White House team that the 4th Amendment-protected communications of Americans were inextricably mixed with those of foreigners on the Internet. The 2016 U.S. Cyber Command order established a joint task force designed to bring the resources of the Defense Department, Intelligence Community, and Justice Department to bear against the terrorist group that the Trump administration has since designated its top foreign policy priority.

Cyber Vault Highlights

By Jeffrey T. Richelson

On March 30, 2016, the National Security Archive opened its Cyber Vault, a repository of documents on all aspects of cyber activity – including computer network defense (and other other aspects of cybersecurity), computer network attack, and computer network exploitation. The more than 750 documents currently in the vault have been drawn from a variety of sources – Freedom of Information Act releases, websites of both U.S. federal and state government organizations, courts, foreign government organizations, NATO, government contractors, think-tanks, advocacy groups, and media websites (including Wikileaks and those that posted documents provided by Edward Snowden).

In addition to relying on a multitude of sources to populate the Cyber Vault, the Archive has sought to accumulate a diverse set of documents – which has guided its collection strategy. As a result, the Cyber Vault includes significant documents from the 1960s and each subsequent decade, on cyber organization, on policy and strategy, on domestic and foreign cyber activities, on cybersecurity requirements, and on cyber crimes and the related investigations. Also included are intelligence assessments and theses. The documents also represent a spectrum of classifications, from unclassified, to formerly classified, and – in the cases of Wikileaks and Snowden documents – currently classified documents. Many of the documents cut across a number of categories.

Among the documents represented from the 1960s and 1970s are two seminal papers. One is Willis Ware’s 1967 effort, Secrecy and Privacy in Computer Systems (Document 1), written for the RAND Corporation, and one of the very first systematic approaches to information leakage, security, and privacy. The other (Document 2), produced by a staff member of Britain’s signals intelligence agency, the Government Communications Headquarters (GCHQ), represents the initial development of public key cryptography – although it was not declassified until years after the concept had been made public by American mathematicians.

That document is also one of several illustrating or concerning foreign government cyber efforts. A much more recent GCHQ product (Document 29) was one of the documents provided to Glenn Greenwald and Laura Poitras by Edward Snowden – a briefing on efforts to deanonymize users of The Onion Router (TOR) network, which had been developed by members of the U.S. Naval Research Laboratory (Document 32) as a means of protecting online communications. Chinese cyber organization, policy, and operations are covered, collectively, by two documents – an unclassified paper (Document 36) produced under the auspices of the NATO Cooperative Cyber Defence Centre of Excellence and a Top Secret codeword NSA briefing (Document 24) on the People Republic of China’s computer network exploitation activity. Current Russian cyber activities are discussed in an extract (Document 35) from the controversial “Trump Dossier,” written by a former British Secret Intelligence Service officer.

Other documents concern hostile cyber activities from an earlier era. One, from 1998 (Document 12) provides information to the then director of the FBI, Louis Freeh, concerning the SOLAR SUNRISE investigation concerning intrusions into at least 11 unclassified DoD Computer systems at various locations in the United States. Another FBI memo (Document 13), concerns a 1999 investigation into intrusions into computer systems in the United States, the United Kingdom, Canada, Brazil, and Germany – an investigation which took some of the investigators to Moscow. In a newly released portion, it discusses possible response to intrusions – including the creation of “honeypots” containing “beacon” files.

In addition to being the victim of intrusions, the U.S. has also debated and formulated policy, granted authority over, and conducted intrusions in pursuit of national security objectives. In March 1997, Secretary of Defense William Cohen assigned the responsibility for computer network attack and exploitation to the National Security Agency in a short memo (Document 10). During that Spring a senior NSA official addressed the issue of cyberwar in a Secret article (Document 11) in a NSA journal. Many years later, according to a number of accounts, U.S. and Israeli cyber personnel were able to penetrate industrial control systems associated with the Iranian nuclear program and damage centrifuges that could produce weapons-grade material. While there have been no publicly released executive branch documents concerning the “Stuxnet” operation, it has been the subject of reports by RAND and the Congressional Research Service. (Document 26).

Concern over possible Russian intrusion into U.S. computer systems related to elections became a significant subject of discussion in the 2016 presidential election. Apprehensions over the possibility of such intrusions go back at least a decade. A December 2007 report (Document 20) was commissioned by Ohio’s Secretary of State, and contained disturbing results about the vulnerability of Ohio’s electronic voting systems. In the wake of a poorly-received, brief analysis of alleged Russian cyber activity related to the 2016 election, the Department of Homeland Security’s National Cybersecurity and Communications Integration Center produced more detailed examination (Document 41) of the GRIZZLY STEPPE activity.

By the time the DHS report was issued, President Trump had been presented with a draft executive order on cybersecurity (Document 40 ), which would undoubtedly have been the first of a significant number of presidential actions on cybersecurity – just as President Obama had signed a number of cyber-related executive orders and presidential directives, including one (Document 34) that established a Cyber Threat Intelligence Integration Center. Ultimately, the Trump draft order became the first in a series of drafts, and no order has yet been signed.

Russia’s Hybrid Warfare, Here to Stay

Posted on May 1, 2017May 1, 2017 by Denise Simon

Seems like everyday, Russia is in our house, in fact it is true. The hybrid warfare crafted by the Kremlin is here to stay so exactly when does the Trump White House deal with this constant threat? What threat you ask?

Adam Meyers is from the cyber-security firm CrowdStrike. As the Vice President of Intelligence, Adam heads a team that identifies the perpetrators of cyber-crimes, both in the private and public sectors. CrowdStrike helped to identify the hackers behind the Democratic National Committee’s email leaks last year, and more recently the mastermind behind the Kelihos Botnet.

*** Notice, there was no intrusion into Marie Le Pen’s campaign operations. Why? Putin endorses LePen and has provided campaign funds to her.

According to Trend Micro researchers, the campaign of French presidential candidate Emmanuel Macron has been hit by the same Russian hackers who targeted Democratic campaign officials in the U.S. before last year’s presidential election, the New York Times reports.

On March 15, the researchers say, they saw the Pawn Storm group (a.k.a. Fancy Bear, APT28 or the Sofacy Group) begin targeting Macron’s campaign with phishing attacks seeking campaign officials’ login information.

“The phishing pages we are talking about are very personalized Web pages to look like the real address,” Mounir Mahjoubi, Macron’s digital director, told the Times. “They were pixel perfect. It’s exactly the same page. That means there was talent behind it and time went into it — talent, money, experience, time and will.”

Still, Mahjoubi said none of the attacks was successful.

He described the phishing attacks as the invisible side of a Russian campaign against Macron, with the visible side being fake news published on Russian news sites like Sputnik and RT. More here.

***

Panel to Senate: Cyber Operations Influence Political Processes Worldwide

Russia used “useful idiots” to meddle in the U.S. presidential election and “fellow travelers” opposed to European Union and NATO to influence elections in France and Germany, while Islamic terrorists used “agent provocateurs” to topple Spain’s government in 2004 and cast another pall over French voting, a cyber security expert told a congressional subcommittee Thursday.

That, in capsule form, is how cyber is changing how the public views elections, Clint Watts, of the Foreign Policy Research Institute, said at the Senate Armed Services cybersecurity subcommittee hearing.

So far in the case of the United States warding off this kind of activity, “far more is said than done.” He added it is a “human challenge, not technical ones” that needs to be addressed.

In the American and European elections, he said at the panel’s first public hearing since being formed the Russians created content, sent it out as if were “nuclear-powered and “pushed [it] in unison from many locations,” including “gray outlets” that appear to be legitimate sources of news. They also did all of this over long periods of time.

The goal in the American election was to plant doubt in the integrity of the voting, he said. He added there was no indication that actual votes were tampered with.

Later in answer to a question, Watts said the Russians “are picking parties and supporting them” in the United States and financially in Europe.

In cyber, not all is as it appears and its speed is instantaneous.

Rand Waltzman, senior information scientist at the RAND Corporation, described how an American special forces raid that successfully rescued a hostage and killed a number of terrorists in Iraq was turned into a terrorist propaganda victory. “Those guys film everything,” he said describing how they recorded the incident by placing the bodies on prayer rugs so it appeared that soldiers killed innocent civilians. The video was posted before the special forces soldiers returned to their base. “How did they manage to this so fast?” Their mobile phones.

This changed the story of what happened 180 degrees and put the United States in the position of having to refute the video rather than telling a story of rescue.

He said this kind of quick reaction by adversaries — misinformation, fake news — requires new thinking on cyber security. Instead of the traditional “denial of service” by causing a crash, they are applying “cognitive denial of service” — misinformation and propaganda — to achieve their ends.

“We’re hamstrung” by bureaucracy and directives in addressing the new “hyperkinetic world,” Michael Lumpkin, former acting under secretary of defense for policy, said. The United States’ government efforts in public diplomacy, public affairs and information operations have not been synchronized so that it becomes a credible source of information. It also needs to take the necessary steps “to make sure our information is accurate” before releasing it. “That has not always been the case.”

John Inglis, former deputy director of the National Security Agency, used his organization’s handling of metadata collection as an example. “You need to go first” to establish credibility and explain the value of what it is you are doing. “We went second. That made it more difficult to put it back in the bottle.”

Watts said one approach would be to have a rating non-profit, private agency, similar to Consumer Reports, vet every story on Twitter, Facebook and Google. He added Facebook and Google “are moving in that direction” to eliminate false news, but so far Twitter has not acted.

When asked how he rated RT, the Russian-sponsored media outlet, as a source of news, he said 70 percent was true, 20 percent was misleading and 10 percent false. Watts said he rated some American media outlets as falling in the same percentages of true, misleading and false.

A continuing difficulty in improving cyber security in and out of government is “how do you get people to share problems,” Waltzman said when they would prefer not to admit being hacked or even attacked. Lumpkin said more also needs to be done in training people how not to “provide access to adversaries unwittingly” and holding them accountable for security.

As for recruiting skilled cyber workers, “they’re motivated people out there” interested in the challenges they can find in government, rather than private sector, careers, Watts said. “Give them the space to be the tech savants they are.”

*** Need more? Do you ever watch C-Span and listen to testimony before Congressional committees? No? Too bad, but here is some help:

Full Spectrum Influence Operations: Synchronization of White, Gray and Black Efforts

Russian cyber enabled influence operations demonstrate never-before-seen synchronization of Active Measures. Content created by white outlets (RT and Sputnik News) promoting the release of compromising material will magically generate manipulated truths and falsehoods from conspiratorial websites promoting Russian foreign policy positions, Kremlin preferred candidates or attacking Russian opponents. Hackers, hecklers and honeypots rapidly extend these information campaigns amongst foreign audiences. As a comparison, the full spectrum synchronization, scale, repetition and speed of Russia’s cyber-enabled information operations far outperform the Islamic State’s recently successful terrorism propaganda campaigns or any other electoral campaign seen to date.

Cyber-enabled Influence Thrives When Paired with Physical Actors and Their Actions –

American obsession with social media has overlooked the real world actors assisting Russian influence operations in cyber space, specifically “Useful Idiots,” “Fellow Travelers,” and “Agent Provocateurs.”

“Useful Idiots” – Meddling in the U.S. and now European elections has been accentuated by Russian cultivation and exploitation of “Useful Idiots” – a Soviet era term referring to unwitting American politicians, political groups and government representatives who further amplify Russian influence amongst Western populaces by utilizing Russian kompromat and resulting themes.

“Fellow Travelers” – In some cases, Russia has curried the favor of “Fellow Travelers” – a Soviet term referring to individuals ideologically sympathetic to Russia’s anti-EU, anti-NATO and anti-immigration ideology. A cast of alternative right characters across Europe and America now openly push Russia’s agenda both on-the-ground and online accelerating the spread of Russia’s cyber-enabled influence operations.

“Agent Provocateurs” – Ever more dangerous may be Russia’s renewed placement and use of “Agent Provocateurs” – Russian agents or manipulated political supporters who commit or entice others to commit illegal, surreptitious acts to discredit opponent political groups and power falsehoods in cyber space. Shots fired in a Washington, D.C. pizza parlor by an American who fell victim to a fake news campaign called #PizzaGate demonstrate the potential for cyber-enabled influence to result in real world consequences. While this campaign cannot be directly linked to Russia, the Kremlin currently has the capability to foment, amplify, and through covert social media accounts, encourage Americans to undertake actions either knowingly or unknowingly as Agent Provocateurs.

Each of these actors assists Russia’s online efforts to divide Western electorates across political, social, and ethnic lines while maintaining a degree of “plausible deniability” with regards to Kremlin interventions. In general, Russian influence operations targeting closer to Moscow and further from Washington, D.C. will utilize greater quantities and more advanced levels of human operatives to power cyber-influence operations. Russia’s Crimean campaign and their links to an attempted coup in Montenegro demonstrate the blend of real world and cyber influence they can utilize to win over target audiences. The physical station or promotion of gray media outlets and overt Russian supporters in Eastern Europe were essential to their influence of the U.S. Presidential election and sustaining “plausible deniability.”

It’s important to note that America is not immune to infiltration either, physically or virtually. In addition to the Cold War history of Soviet agents recruiting Americans for Active Measures purposes, the recently released dossier gathered by ex MI6 agent Chris Steele alleges on page 8 that Russia used “Russian émigré & associated offensive cyber operatives in U.S.” during their recent campaign to influence the U.S. election. While still unverified, if true, the employment of such agents of influence in the U.S. would provide further plausible deniability and provocation capability for Russian cyber-enabled influence operations.

2) How can the U.S. government counter cyber-enabled influence operations?

When it comes to America countering cyber-enabled influence operations, when all is said and done, far more is said than done. When the U.S. has done something to date, at best, it has been ineffective. At worst, it has been counterproductive. Despite spending hundreds of millions of dollars since 9/11, U.S. influence operations have made little or no progress in countering al Qaeda, its spawn the Islamic State or any connected jihadist threat group radicalizing and recruiting via social media.

Policymakers and strategists should take note of this failure before rapidly plunging into an information battle with state sponsored cyber-enabled influence operations coupled with widespread hacking operations – a far more complex threat than any previous terrorist actor we’ve encountered. Thus far, U.S. cyber influence has been excessively focused on bureaucracy and expensive technology tools – social media monitoring systems that have failed to detect the Arab Spring, the rise of ISIS, the Islamic State’s taking of Mosul, and most recently Russia’s influence of the U.S. election. America will only succeed in countering Russian influence by turning its current approaches upside down, clearly determining what it seeks to achieve with its counter influence strategy and then harnessing top talent empowered rather than shackled by technology – a methodology prioritizing Task, Talent, Teamwork and Technology in that order.

Task – Witnessing the frightening possibility of Russian interference in the recent U.S. Presidential election, American policy makers have immediately called to counter Russian cyber influence. But the U.S. should take pause in rushing into such efforts. The U.S. and Europe lack a firm understanding of what is currently taking place. The U.S. should begin by clearly mapping out the purpose and scope of Russian cyber influence methods. Second, American politicians, political organizations and government officials must reaffirm their commitment to fact over fiction by regaining the trust of their constituents through accurate communications. They must also end their use of Russian kompromat stolen from American citizens’ private communications as ammunition in political contests. Third, the U.S. must clearly articulate its policies with regards to the European Union, NATO, and immigration, which, at present, sometimes seems to mirror rather than counters that of the Kremlin. Only after these three actions have been completed, can the U.S. government undertake efforts to meet the challenge of Russian information warfare through its agencies as I detailed during my previous testimony.

Talent –Russia’s dominance in cyber-enabled influence operations arises not from their employment of sophisticated technology, but through the employment of top talent. Actual humans, not artificial intelligence, achieved Russia’s recent success in information warfare. Rather than developing cyber operatives internally, Russia leverages an asymmetric advantage by which they coopt, compromise or coerce components of Russia’s cyber criminal underground. Russia deliberately brings select individuals into their ranks, such as those GRU [Russia’s foreign intelligence agency] leaders and proxies designated in the 29 December 2016 U.S. sanctions. Others in Russia with access to sophisticated malware, hacking techniques or botnets are compelled to act on behalf of the Kremlin.

The U.S. has top talent for cyber influence but will be unlikely and unable to leverage it against its adversaries. The U.S. focuses on technologists failing to blend them with needed information campaign tacticians and threat analysts. Even further, U.S. agency attempts to recruit cyber and influence operation personnel excessively focus on security clearances and rudimentary training thus screening out many top picks. Those few that can pass these screening criteria are placed in restrictive information environments deep inside government buildings and limited to a narrow set of tools. The end result is a lesser-qualified cyber-influence cadre with limited capability relying on outside contractors to read, collate and parse open source information from the Internet on their behalf. The majority of the top talent needed for cyber-enabled influence resides in the private sector, has no need for a security clearance, has likely used a controlled substance during their lifetime and can probably work from home easier and more successfully than they could from a government building.

Teamwork – Russia’s cyber-enabled influence operations excel because they seamlessly integrate cyber operations, influence efforts, intelligence operatives and diplomats into a cohesive strategy. Russia doesn’t obsess over their bureaucracy and employs competing and even overlapping efforts at times to win their objectives.

Meanwhile, U.S. government counter influence efforts have fallen into the repeated trap of pursuing bureaucratic whole-of-government approaches. Whether it is terror groups or nation states, these approaches assign tangential tasks to competing bureaucratic entities focused on their primary mission more than countering cyber influence. Whole-of-government approaches to countering cyber influence will assign no responsible entity with the authority and needed resources to tackle our country’s cyber adversaries. Moving forward, a task force led by a single entity must be created to counter the rise of Russian cyber-enabled operations.

Technology – Over more than a decade, I’ve repeatedly observed the U.S. buying technology tools in the cyber- influence space for problems they don’t fully understand. These tech tool purchases have excessively focused on social media analytical packages producing an incomprehensible array of charts depicting connected dots with different colored lines. Many of these technology products represent nothing more than modern snake oil for the digital age. They may work well for Internet marketing but routinely muddy the waters for understanding cyber influence and the bad actors hiding amongst social media storm.

Detecting cyber influence operations requires the identification of specific needles, amongst stacks of needles hidden in massive haystacks. These needles are cyber hackers and influencers seeking to hide their hand in the social media universe. Based on my experience, the most successful technology for identifying cyber and influence actors comes from talented analysts that first comprehensively identify threat actor intentions and techniques and then build automated applications specifically tailored to detect these actors. The U.S. government should not buy technical tools nor seek to build expensive, enterprise-wide solutions for cyber-influence analytics that rapidly become outdated and obsolete. Instead, top talent should be allowed to nimbly purchase or rent the latest and best tools on the market for whatever current or emerging social media platforms or hacker malware kits arise.

3. What can the public and private sector do to counter influence operations?

I’ve already outlined my recommendations for U.S. government actions to thwart Russia’s Active Measures online in my previous testimony on 30 March 2017. Social media companies and mainstream media outlets must restore the integrity of information by reaffirming the purity of their systems. In the roughly one month since I last testified however, the private sector has made significant advances in this regard. Facebook has led the way, continuing their efforts to reduce fake news distribution and removing up to 30,000 false accounts from its system just this past week. Google has added a fact checking function to their search engine for news stories and further refined its search algorithm to sideline false and misleading information. Wikipedia launched a crowd-funded effort to fight fake news this week. The key remaining private sector participant is Twitter, as their platform remains an critical networking and dissemination vector for cyber-enabled influence operations. Their participation in fighting fake news and nefarious cyber influence will be essential. I hope they will follow the efforts of other social media platforms as their identification and elimination of fake news spreading bots and false accounts may provide a critical block to Russian manipulation and influence of the upcoming French and German elections.

In conclusion, my colleagues and I identified, tracked and traced the rise of Russian influence operations on social media with home computers and some credit cards. While cyber-influence operations may appear highly technical in execution, they are very human in design and implementation. Technology and money will not be the challenge for America in countering Russia’s online Active Measures; it will be humans and the bureaucracies America has created that prevent our country from employing its most talented cyber savants against the greatest enemies to our democracy. Full article here.

Sea of Japan is Crowded v. North Korea

Posted on May 1, 2017May 1, 2017 by Denise Simon

Japan’s biggest warship Izumo departs from Yokosuka base following the first order in history for the forces to protect U.S. ships amid heightened tension over North Korea.

Japan has dispatched its biggest warship, in the first such operation since it passed controversial laws expanding the role of its military.
The helicopter carrier Izumo is escorting a US supply vessel heading to refuel the naval fleet in the region.
The ships include the Carl Vinson aircraft carrier group which was sent to the Korean peninsula.
North Korea has threatened to sink the Carl Vinson and a US submarine, amid rising tensions in the region.
It also carried out a failed missile test on Sunday, despite repeated warnings from the US and others to stop its nuclear and missile activity.

***

Japan launched a new spy satellite into orbit tonight (March 16) to help keep an eye on the nation’s unpredictable, nuclear-armed neighbor, North Korea.

The Information Gathering Satellite (IGS) Radar 5 lifted off atop a Japanese H-IIA rocket from Tanegashima Space Center in southern Japan at 9:20 p.m. EDT (0120 GMT, and 10:20 a.m. local Japan time on March 17). While the Japan Aerospace Exploration Agency did not provide a live webcast for the IGS Radar 5 launch, a video stream was available via the company Neconvideo Visual Solutions.

Japan started the IGS program in 1998, presumably in response to North Korean missile tests around that time that sent missiles close to, or flying over, Japan.

In the years since, North Korea has repeatedly threatened to annihilate Japan (and South Korea and the United States), and continued to develop its nuclear-weapon and missile programs. The IGS satellites keep tabs on such efforts, help the Japanese government respond to natural disasters and perform several other functions, experts believe.

The first IGS craft lifted off in 2003. IGS Radar 5 is the 15th one in the program to take flight, though not all have made it to orbit. Two were lost to a launch failure in November 2003.

Some of the IGS spacecraft use optical sensors to study the ground below, whereas others depend on radar instruments. As its name suggests, IGS Radar 5 falls into this latter category.

Little else is known about the newly launched satellite; Japan does not reveal many details about its IGS spacecraft. It’s unclear, for example, what orbit IGS Radar 5 will inhabit, though some of the satellite’s predecessors are known to circle the Earth at an altitude of about 300 miles (480 kilometers).

France joins in.

Forbes: France’s Mistral amphibious assault carrier docked in Nagasaki, Japan on April 29 in advance of military exercises to be conducted with the U.K., U.S. and Japan. Nagasaki is the closest major Japanese port to South Korea, and coming at a time of tension on the peninsula, the French and U.K. naval presence sends a strong message to both China and North Korea. Japan’s increased naval activity is also welcome support for South Korea, and will decrease diplomatic tension between the two natural allies. The U.K. and French presence shows that NATO, including the U.S., is strongly behind South Korea. The effect of these international allied naval forces is to pressure North Korea to abandon its self-destructive drive for ever more powerful nuclear weapons atop long-range missiles capable of reaching North America.

The naval forces gathering in East Asia is an alliance of democracies making a point against autocracies like North Korea, and its allies, China and Russia. While North Korea is building nuclear weapons and missiles capable of reaching the continental U.S., China is making more complaints about the U.S. Terminal High Altitude Air Defense (THAAD) anti-missile system emplacement in South Korea than it is about North Korea’s offensive buildup. This is a strong indicator that China remains firmly on the side of its ally North Korea in the current crisis.

Russia supports China and North Korea, by calling for de-escalation to the status quo which allows for North Korea to periodically increase its nuclear development without significant consequences. Russia stated that THAAD, which protects South Korea, erodes China’s deterrent. Why does China need a “deterrent” against non-nuclear South Korea? To me it appears more of a threat.

President Trump flattered President Xi in recent days, no doubt buttering him up in case the U.S. needs to launch a pre-emptive strike on North Korea. But giving China a good trade deal or concession on Taiwan in exchange for pressuring North Korea, which China should have done long ago, would go too far. Russia and China’s vague calls for peace and negotiation at this point are far too little, far too late. Trump’s tough approach now has China’s nationalist state-owned media, the Global Times, defending economic sanctions on North Korea.

Trump should keep up the pressure. It worked in Syria, and it will work with North Korea. That is peace through strength.

Important Unreported Recent Aggressions of Russia

Posted on April 27, 2017April 27, 2017 by Denise Simon

It was just a few days ago that the United States deployed advanced fighter jets to Estonia as a rather ‘in-your-face’ tactic to Russia. Why not, Russia has a history of doing the same to the United States including the spy ship on our Atlantic coast line, buzzed our destroyers and the constant flying of bombers near U.S. airspace of Alaska. So…what is the full story of our F-35’s in Estonia?

On Apr. 25, two U.S. Air Force F-35As belonging to the 34th Fighter Squadron, from Hill Air Force Base, Utah, deployed to the UK since mid April, flew from RAF Lakenheath, UK, to Ämari, Estonia.

Based on the information gathered by aircraft spotters, airband listeners and ADS-B monitors, who tracked the mission to Estonia of the F-35s, the two 5th generation multirole combat aircraft , 14-5102 and 14-5094, using radio callsign “Conan 01” and accompanied by “Quid 89”, a 100ARW KC-135 from RAF Mildenhall, departed from RAF Lakenheath at 07.35z.

The trio landed in Estonia shortly before 11.00z and took part in a brief ceremony (at this link you can find some interesting photographs).

Noteworthy, the quick visit to Estonia was “accompanied” by a rather unusual activity of U.S. and British spyplanes in the Baltic region.

In fact, as the F-35s headed towards Amari in formation with their KC-135 tanker, as many as three RC-135s (including a RAF bird) operated in the airspaces over or close to Estonia.

The U.S. Air Force dispatched an RC-135W Rivet Joint 62-4139 “Haiti 79” and an RC-135U Combat Sent 64-14847 “Spool 06” to the Baltic states. The Rivet Joint positioned off Kaliningrad Oblast, where some of the most active Russian bases in the Baltic region are located, whereas the Combat Sent started a racetrack over Estonia, not far from the border of mainland Russia.

Shortly thereafter, even a RAF RC-135W “Airseeker,”one of the three ex-USAF KC-135 tanker converted to the Rivet Joint variant starting back in 2011, from RAF Waddington joined the scene. The British intelligence gathering plane that, just like the American “RJs” is equipped with all sorts of antennae and sensors, to eavesdrop enemy signals, transmissions, detect frequencies used by radio and radars and pinpoint sites of interest, mobile stations, SAM batteries, etc., maintained a racetrack off Kaliningrad

At 14.43Z, the two JSFs departed Ämari to return to the UK and shortly thereafter both the U.S. and RAF spyplanes headed back to their homebases.

Although we can’t but speculate here, it appears to be quite likely that the RC-135 missions to the Baltic were somehow related to the deployment of the F-35 so close to the Russian border. In fact, whilst Rivet Joint and Combat Sent aircraft regularly fly to the region and can be daily tracked online as they head towards the international airspace off Lithuania, Estonia and Latvia, the presence of three such spyplanes not too far away from one another seems to suggest their missions were coordinated and probably related to something “big” happening there.

And the only “big thing” (Zapad 2017 preparation aside) we are currently aware of is the first presence of the JSF in Estonia. Moreover, not only was the type of racetrack flown by the Combat Sent unusual, but it was also located in a pretty interesting position: east of Ämari, as if the RC-135U, an aircraft designed to collect technical intelligence on adversary radar emitter systems, was there to detect emissions from Russian radars interested in the F-35.

However, there is another possibility: what if the American and British spyplanes were there to deter the Russian from using their radars?

Indeed, whilst three RC-135s flying at the same time in the same area is something unusual, it is quite weird that the three spyplanes had their ADS-B transponder turned on during their missions.

“If they wanted to hide, they would do” says the ADS-B / ModeS tracking enthusiast who runs the popular @CivMilAir and @ADSBTweetBot Twitter feeds. “The daily RC-135s flights over the Middle East very rarely show up and even the daily missions to the Baltics can usually be tracked during their transit to the area of operations, where often the transponder is turned off. That’s why I believe they remained trackable on purpose.”

Spyplanes, including the U-Boat (as the RC-135U Combat Sent is nicknamed in the pilot community), usually operate in “due regard” with transponder switched off, with no radio comms with the ATC control, using the concept of “see and avoid” where the pilot flying is responsible for avoiding all traffic conflicts. Even if RC-135s can be regularly tracked online, they tend to keep a low-profile when reaching the area of operations, turning off the ADS-B to avoid being detected at least by commercial ADS-B receivers like those feeding online flight tracking systems such as Flightradar24.com, PlaneFinder.net or Global ADS Exchange.

On Apr. 25, both RC-135s could tracked throughout their missions suggesting they did purposely broadcast their position for everyone to see, to let everyone know they were there.

Russian spyplanes have done pretty much the same in the past: the Tu-214R, Russia’s most advanced intelligence gathering aircraft deployed to Syria and flew along the border with Ukraine with its transponder turned on. In that case it was a sort of “show of force”; yesterday was likely a way to prevent some interesting details about the F-35 to be gathered by the Russians.

By the way, it’s not the first time U.S. stealth jets flying to the Baltics are directly or undirectly “accompanied” by Rivet Joints: on Apr. 27, 2016, two F-22s deployed to Siauliai Air Base Lithuania. Supported (so to say) by an RC-135W.

***

This site has often posted about the Gerasimov Doctrine. There is more with regards to ‘active measures’ which in modern day terms is chaos. With regard to Ukraine it looks like this:

Before the Ukrainian crisis, the Russian Federation Chief of General Staff, General Valery Gerasimov, published an article explaining the General Staff’s view of modern military operations.[2] One key point of General Gerasimov’s views, later termed the Gerasimov Doctrine, is that non-military means to affect a target country or region such as “economic sanctions, disruption of diplomatic ties, and political and diplomatic pressure” are not means to reduce chaos or avoid war, but rather means to increase stress and support traditional military operations.[3]

The idea is that existing stressors in a target region combined with stressors introduced through military and non-military means shape the environment for follow-on decisive military operations. The doctrine features six stages.

Covert Origins

Escalations

Start of Conflict Activities

Crisis

Resolution

Restoration of Peace (Postconflict Settlement)

Descriptions of the early stages point to the existence or creation of chaos: “Emergence of differences of interest” are linked with “formation of political opposition,” which lead to “intensifying contradictions.”[4] These methods were clearly in action in Ukraine and to a lesser extent Georgia.[5] They also may already be at work in Belarus, as this article in Belarus Digest suggests.

Then we have the U.S. election intrusion:

General Director of Russia’s Political Information Center: The U.S. Influenced Russia’s 2016 Duma Elections

The General Director of Russia’s Political Information Center, Aleksei Mukhin, said there is evidence that the U.S. influenced Russia’s 2016 Duma elections. Mukhin said: “As my colleagues have pointed out quite fairly, the problem is far bigger than attempts at meddling in the 2016 election process. My center has identified direct traces of such interference and very serious and deep ones.

“As soon as Russia took the trouble of looking into the activity of some non-governmental organizations in its territory and adopted laws restricting that activity [it happened during preparations for the 2016 State Duma elections] it became clear that the United States had taken measures to create special units, including those within its armed forces, secret services, government agencies and also non-governmental organizations, for direct information confrontation with Russia. [In particular] the number of centers producing anti-Russian content, addressed mostly to the Russian-speaking audience, was increased [Mukhin refers to Voice of America, Radio Liberty radio stations, and the commercial U.S. television network CNN]. At the legislative level [in the United States] strategies of causing resistance to Russian information policies have been enhanced at the legal level. Their implementation is a sure way towards intervention in Russia’s internal affairs.”

***

‘Izvestia’: Russia Will Never Join The Western Coalition Led By The U.S.

According to Pro-Kremlin daily Izvestia, Russia will never join the Western Coalition led by the U.S. in Syria. Quoting two unidentified diplomatic sources, Izvestia wrote: “Moscow will never join a coalition under American auspices. We have explained that to our partners behind closed doors. We argue that their actions in Syria are illegitimate. They indeed proposed that we join them, but under the main condition that the U.S. leads the cause of the fight against terror. We are likewise unwilling to do so… If some coalition receives UN Security Council [approval] for action in Syria, we’ll consider it, but it will be a completely different formation [as opposed to the current coalition].”

***

One more item:

This site has previously posted about the Russian annexing of the Arctic region with no rebuke from the Obama administration. Wanna see what the Russians are gloating about now?

UPI: The Russian Ministry of Defense has released a virtual tour showcasing a newly constructed military base located in a remote area in the Arctic.

The tour, presented on the defense ministry’s website, allows visitors to browse through various structures of the base. It does not depict or discuss any military hardware.

The release marks a notable departure from Kremlin tradition regarding military matters, which are typically highly classified. BBC News reports the facility is built to house 150 personnel for 18-month long deployments and that it is designed to withstand extremely cold temperatures.

The Kremlin considers the Arctic to be a strategic location for Russia’s air defenses.

Getty Images Image caption The large complex is permanent and has plenty of energy and storage capacity

The Arctic Trefoil permanent base is in Franz Josef Land, a huge ice-covered, desolate archipelago. The Russian military sees the resource-rich Arctic as a key strategic region. President Vladimir Putin visited the new base, on Alexandra Land, last month.

It is built on stilts – to help withstand the extreme cold – and will house 150 personnel on 18-month tours of duty. Winter temperatures typically plunge to minus 40C. See the tour here.

Readout: Senate Meeting at WH on N. Korea

Posted on April 26, 2017April 26, 2017 by Denise Simon

WaPo

Joint Statement by Secretary of State Rex Tillerson, Secretary of Defense James Mattis, Director of National Intelligence Dan Coats

Press Operations

Past efforts have failed to halt North Korea’s unlawful weapons programs and nuclear and ballistic missile tests. With each provocation, North Korea jeopardizes stability in Northeast Asia and poses a growing threat to our allies and the U.S. homeland.

North Korea’s pursuit of nuclear weapons is an urgent national security threat and top foreign policy priority. Upon assuming office, President Trump ordered a thorough review of U.S. policy pertaining to the Democratic People’s Republic of Korea (DPRK).

Today, along with Chairman of the Joint Chiefs of Staff Gen. Joe Dunford, we briefed members of Congress on the review. The president’s approach aims to pressure North Korea into dismantling its nuclear, ballistic missile, and proliferation programs by tightening economic sanctions and pursuing diplomatic measures with our allies and regional partners.

We are engaging responsible members of the international community to increase pressure on the DPRK in order to convince the regime to de-escalate and return to the path of dialogue. We will maintain our close coordination and cooperation with our allies, especially the Republic of Korea and Japan, as we work together to preserve stability and prosperity in the region.

The United States seeks stability and the peaceful denuclearization of the Korean peninsula. We remain open to negotiations towards that goal. However, we remain prepared to defend ourselves and our allies.

***

North Korea Threatens Indo-Asia-Pacific Region, Harris Tells Legislators
WASHINGTON, April 26, 2017 — North Korea remains the most immediate threat to the security of the United States and its allies in the Indo-Asia-Pacific, Navy Adm. Harry B. Harris Jr., the commander of U.S. Pacific Command, told the House Armed Services Committee today.

Addressing security challenges in the Indo-Asia-Pacific region, the commander noted how North Korea threatened Australia in the past week with a nuclear strike.

“[It’s] a powerful reminder to the entire international community that North Korea’s missiles point in every direction,” Harris said. “The only nation to have tested nuclear devices in this century, North Korea has vigorously pursued an aggressive weapons test schedule with more than 60 listed missile events in recent years.”
Sense of Urgency

With every test, Kim Jong Un moves closer to his stated goal of a pre-emptive nuclear strike capability against American cities, and he’s not afraid to fail in public, the admiral said.

“Defending our homeland is my top priority, so I must assume that Kim Jong Un’s nuclear claims are true; I know his aspirations certainly are. And that should provide all of us a sense of urgency to ensure Pacom and U.S. Forces Korea are prepared to fight tonight with the best technology on the planet,” he said.

Threats from North Korea are why the United States has deployed its Terminal High Altitude Area Defense system to South Korea, put the USS Carl Vinson carrier strike group back on patrol in Northeast Asia and introduced the newest and best military platforms in the Indo-Asia-Pacific region, the admiral said.

And they are also why the U.S. is emphasizing trilateral cooperation between Japan, South Korea and calling on China to exert its “considerable economic influence to stop Pyongyang’s unprecedented weapons testing,” Harris said.

“As [President Donald J. Trump] and [Defense Secretary Jim Mattis] have made clear, all options are on the table. We want to bring Kim Jong Un to his senses, not to his knees,” the commander said.

Advancing Partnerships

The admiral named Russia, China and the Islamic State of Iraq and Syria as the other global and regional threats, but emphasized U.S. regional partnerships.
“We’ve strengthened America’s network of alliances and partnerships, working with like-minded partners on shared security threats like North Korea and ISIS. It’s a key component to our regional strategy,” he said.

Harris said he continues to rely on Australia for its advanced military capabilities and global operations leadership, and noted that last week’s trips by Vice President Mike Pence and Mattis to Northeast Asia emphasized U.S. alliances with South Korea and Japan.

The United States has also advanced its partnerships with regional powers such as India, Indonesia, Malaysia, New Zealand, Singapore, Sri Lanka and Vietnam, Harris said. Such partnerships, he said, reinforce “the rules-based security order that has helped underwrite peace and prosperity throughout the region for decades.”

Confronting Challenges

But more work remains to be done, he cautioned.

“We must be ready to confront all challenges from a position of strength and with credible combat power,” Harris told legislators.

He added, “So I ask this committee to support continued investment to improve our military capabilities. I need weapons systems of increased lethality, precision, speed and range that are networked and cost-effective [without] restricting ourselves with funding uncertainties [that] reduce our warfighting readiness. So I urge the congress to repeal sequestration and improve the proposed Defense Department budget.”