When President Biden announced in the spring that America would withdraw its troops from Afghanistan by the fall, he spoke of terrorism threats — but never mentioned Islamic State Khorasan, or ISIS-K, the Islamic State’s affiliate in Afghanistan. In threat assessments about Afghanistan as late as April, the director of national intelligence, Avril Haines, barely brought up ISIS-K. On Aug. 20 Mr. Biden mentioned the group, in a speech on the last-minute effort to evacuate stranded U.S. citizens and vulnerable Afghans after the Taliban had overrun Afghanistan.

Read the rest at The New York Times

Ukraine finally has a chance to create a strong counterintelligence service and shed the Soviet standards of the old KGB.  

The Ukrainian parliament recently passed the first reading of a bill to reform the Security Service of Ukraine, known as the SBU. This is a crucial step in efforts to remake the SBU into a modern security service guided by Western democratic standards. 

This process owes much to the US Congress. In 2019, Congress voted to condition half of American defense assistance to Ukraine on adoption of a bill on national defense that laid the groundwork for future security service reform. 

In 2021, the United States will allocate USD 250 million for the Ukrainian defense sector. If this money is conditioned on real security service reform, it can prove a game-changer, not only for domestic law enforcement, but also in Ukraine’s fight against Russia.

A modern security service for Ukraine should deal exclusively with counterintelligence, counter-terrorism, protection of state secrets, and countering subversion. The SBU should not be included in any foreign intelligence operations, since this is done by the Service of Foreign Intelligence, which reports directly to the Ukrainian president.

The question now is whether Ukrainian MPs are ready to take responsibility and vote for such a security service. Recently, Maryana Bezugla, deputy head of the Ukrainian National Security, Defense, and Intelligence Committee, reported about pressure on MPs from the SBU’s leadership not to vote for the bill.

The SBU reform bill envisions a number of major changes in Ukraine’s security services. Crucially, it will eliminate the anti-corruption and organized crime department of the SBU. Ukraine has created specific agencies to fight corruption, namely the National Anti-Corruption Bureau (NABU) and the State Bureau of Investigations (SBI).

In the past, the SBU has duplicated the functions of both NABU and the SBI, and has been accused of misusing its authority to protect corrupt state officials. Eliminating the SBU’s anti-corruption function would also meet a key demand of the international community. 

The current anti-crime department is regarded as one of the most corrupt wings of the SBU. It stands accused of regularly engaging in raids on businesses. Pavlo Demchyna, former head of the SBU’s Anti-Corruption and Organized Crime Department, came under criminal investigation a few years ago for precisely such actions. He could not explain how he came to own his elite property and luxury cars. 

In line with the current reform proposals, the number of SBU employees would be reduced from 27,000 to 17,000 within four years. At present, Ukraine has the largest security service in Europe. The proposed cuts would still leave the SBU far larger than many comparative services. For example, Britain’s MI5 has only 4,400 employees, even though it is recognized as one of the top security services in the world. 

Reducing the number of SBU employees over four years can be done without harming Ukraine’s national security. The reduction will provide an opportunity to retain the best officers and raise salaries while ridding the service of old Soviet functions. The SBU does not need its own kindergartens, hospitals, or sanatoriums filled with “secret nannies and doctors” in order to be an effective security service.

While these proposed changes are encouraging, the new bill on Ukraine’s security service still needs to include additional important reforms.

It is vital to eliminate the SBU’s investigative functions. As long as the SBU has investigative powers, the service will remain a law enforcement agency rather than a Western-style security service. The SBU should focus on counterintelligence and national security, not ordinary crime, which should be left to the National Police. 

Eliminating the SBU’s investigative functions would cut opportunities for corruption. The European Union Advisory Mission in Ukraine also notes that the SBU should not have authority to conduct pretrial investigations, which are the purview of the National Anti-Corruption Bureau of Ukraine and National Police.

All SBU employees (except covert counterintelligence officers) should submit transparent asset declarations. Reforms introduced in 2015 obliged SBU officials, along with millions of other Ukrainian state employees, to publish asset declarations. However, SBU officials have ignored this rule, claiming that all 27,000 employees (including “secret” kindergarten nannies) should be exempt due to national security requirements.

It is important to remove the loopholes that currently enable corruption within the security service. In its present state, the new bill would allow the SBU to put inappropriate pressure on private businesses. This includes the ability to access databases, documents, audio, and video files without requiring any prior court permission. Such powers are subject to widespread abuse and should be eliminated.

The selection process for SBU officers must be competitive. Officers need to be chosen on the basis of competence not nepotism. 

Given Russia’s ongoing aggression against Ukraine, those with family ties or other links to Russia require specific scrutiny. It makes no sense, for example, to appoint someone as head of the security service whose wife holds Russian citizenship, but this has happened in the past.

Ukraine must end the SBU monopoly in wiretapping. Understandably, the SBU wants to retain that monopoly, which allows the service to control criminal investigations, even against its own officers. A few years ago, SBU officers misused this power and declassified the identities of NABU agents working on a corruption case.

The current reform drive is also an opportunity to provide public access to declassified information. The SBU tends to overprotect information. For instance, even Ukrainian MPs are currently forbidden from knowing the exact number of SBU employees.

As Ukraine reforms its security service, it is important to avoid creating any new threats to the country’s democratic system. The new bill would empower the SBU to ban, without any court decision, political parties or individual candidates from participating in elections. That provision should be removed.

At a time when Ukraine finds itself engaged in an undeclared war with Russia, the country urgently needs to abandon the Soviet standards of the KGB and adopt the best practices and standards of Western security services. Ukraine also needs to restrict or remove powers that allow the SBU to pressure business or help certain oligarchs.

The current reform process has been a long time coming. It gives Ukrainian MPs the chance to transform the SBU into a modern, Western-style counterintelligence agency that will better serve the country’s national security interests. Parliament must not pass up this opportunity.

Oleksandra Ustinova, a Ukrainian MP with the Holos party, is an alumna of Stanford's Ukrainian Emerging Leaders Program. Steven Pifer, a fellow at the Robert Bosch Academy in Berlin and affiliate of the Center for International Security and Cooperation, is a former US ambassador to Ukraine (1998-2000).

Originally for Ukraine Alert

On Jan. 6, the U.S. Capitol was assaulted and occupied for the first time since 1814. Five people were killed, including a Capitol Police officer. Two Republican Representatives have introduced a bill to establish a national bipartisan commission to investigate the attack. We agree that a commission is needed. Here, we sketch the mandate, major areas of inquiry, and legislative language that we believe are needed to guide this effort.

Read the rest at Lawfare Blog

Last week, I wrote about cybersecurity issues raised by the loss of physical control in the U.S. Capitol during the occupation. Since then, it has become clear that a number of devices are missing and presumably taken by the occupiers. The rioters took laptops from the offices of House Speaker Nancy Pelosi and Sen. Jeff Merkley. These devices are now in the physical possession of people who can be considered adversarial threat actors, and those actors now have the opportunity to take their time in trying to penetrate them and see what data is available on those machines.

Read the rest at Lawfare blog

A National Academies panel commissioned by the State Department shed new light on a disturbing and still mysterious episode. Employees in the Cuban embassy reported headaches, pressure, nausea, strange piercing noises, and cognitive problems seeming to emanate from a directed source. Commerce Department employees in China also had similar experiences. Dr. David Relman discusses some of what hampered the investigation.

Listen to the interview at Federal News Network

The recently revealed SolarWinds hack unfolded like a scene from a horror movie: Victims frantically barricaded the doors, only to discover that the enemy had been hiding inside the house the whole time. For months, intruders have been roaming wild inside the nation’s government networks, nearly all of the Fortune 500, and thousands of other companies and organizations. The breach—believed to be the work of an elite Russian spy agency—penetrated the Pentagon, nuclear labs, the State Department, the Department of Homeland Security (DHS), and other offices that used network-monitoring software made by Texas-based SolarWinds. America’s intelligence agencies and cyberwarriors never detected a problem. Instead, the breach was caught by the cybersecurity firm FireEye, which itself was a victim.

Read the rest at The Atlantic

Foreign election interference must be bad if spy agencies are making public service announcements. Two weeks ago, Director of National Intelligence (DNI) John Ratcliffe and FBI Director Christopher Wray held a press conference warning that Russia and Iran have been acquiring voter registration data and waging influence operations to sow division and tilt the election. And earlier in October, counterintelligence chief William Evanina and General Paul Nakasone—who heads both the Pentagon’s cyberwarriors and the supersnoopers of the National Security Agency—participated in a video alert designed to reassure Americans that the threats are real but they are on the job.

Read the rest at Foreign Affairs

John Ratcliffe, the director of national intelligence, announced that the intelligence community would cut back on its briefings to Congress on electoral security. Amy B. Zegart, the author of three books on U.S. intelligence, including “Eyes on Spies: Congress and the United States Intelligence Community,” the standard book on the relationship between Congress and intelligence agencies, explains what the decision meant.

Read the rest at Washington Post

The findings show the Trump Campaign's interactions with Russian intelligence agencies posed what they're calling a "grave" threat to U.S. counterintelligence. For more, KCBS Radio news anchors Dan Mitchinson and Margie Shafer spoke with Kathryn Stoner, Deputy Director of the Freeman Spogli Institute for International Studies at Stanford specializing in Russian politics.

Listen to KCBS Radio

In a Lawfare post earlier this year, I questioned the wisdom of referring to cyber operations as psychological operations. These campaigns are the bread and butter of U.S. Cyber Command’s operational activities. My interest in this question stemmed from two recent articles, one on NPR and one in the Washington Post. The former discussed past activities of U.S. Cyber Command and the latter discussed possible future activities. Taken together, both articles used terms such as “information warfare,” “information operations,” “psychological operations” and “influence operations” to describe these activities.

I closed that post with a promise to comment on the doctrinal and conceptual confusions within Defense Department policy regarding all of these concepts. This post makes good on that promise.

Read the rest at Lawfare Blog