Sony, the NSA, and the Next Big Intelligence Failure

"(T)ranslation and analytical errors made by the American SIGINT analysts—errors that convinced the naval task force and national authorities that the North had ordered a second attack on August 4, and thus led Maddox's crew to interpret its radar contacts and other information as confirmation that the ship was again under attack." 
"Subsequent SIGINT reporting and faulty analysis that day further reinforced earlier false impressions. The after-action reports from the participants in the Gulf arrived in Washington several hours after the report of the second incident. By then, early news accounts had already solidified some opinions, and the Johnson Administration had decided to launch retaliatory strikes."
I was 10 years old when this event happened. By the time I turned 18 in 1972 the war was winding down. I had no idea until a few days ago that the thousands of lives lost and hundreds of billions of dollars spent was largely the result of bad signals intelligence (SIGINT) analysis.
The Intelligence Community, because of a lack of analytical imagination, failed even to consider the possibility that Saddam Hussein would decide to destroy his chemical and biological weapons and to halt work on his nuclear program after the first Gulf War. 
In the case of Iraq, collectors of intelligence absorbed the prevailing analytic consensus and tended to reject or ignore contrary information. The result was “tunnel vision” focusing on the Intelligence Community’s existing assumptions.  (WMD Commission)
The Godzilla of all intelligence fuck-ups was the Iraq war. Costs are projected to hit $4 Trillion and the number of lives impacted can't be accurately assessed today. Appendix B of the WMD Commission report is so damning that I couldn't read it all in one sitting without becoming enraged.

This is why President Obama's decision to sanction North Korea over the Sony attack in spite of so much conflicting evidence must not be allowed to go unchallenged. Had this not been Sony but a company that supports our critical infrastructure, the same un-proven assumptions being made about North Korea could easily have led the White House to take even more severe steps against a rogue government that has nuclear weapons! The Gulf of Tonkin, the WMD fiasco, and a dozen other intelligence failures that have been made public proves that we must be skeptical and as tax payers demand more and better analysis; even oversight since some of our best minds are in the private sector, not the public sector.

To that end, I've done two things to facilitate that end:

  1. I've created a White House petition which needs 100,000 signatures in 30 days before the President must address it. It asks that the White House release the evidence that it has against North Korea for review by independent experts. When it comes to cyberspace, the best minds are outside of government, not inside. 
  2. I've asked Danny Yadron from the Wall Street Journal to moderate a panel of experts to discuss the publicly available evidence at Suits and Spooks DC. The panel will include Marc Rogers (CloudFlare), Kurt Stammberger (Norse), Roel Schouwenberg (Kaspersky), myself, and hopefully someone from CrowdStrike or FireEye although so far neither company has offered to send anyone.
Please sign the petition and help spread the word, and please be part of the debate at Suits and Spooks DC on Feb 4-5, 2015. It's at the Ritz Carlton Pentagon City. Here's how to register.