The Complex

The Pentagon Has a Massive Leak Problem. Why Can’t It Close the Floodgates?

If loose lips sink ships, this Pentagon is taking on a lot of water.

The release of the Pentagon's massive-yet-smaller budget is just weeks away, but budget decisions like the number of ships the Navy will buy or the size of the National Guard have been dribbling out in the media for months. That has pleased reporters looking for scoops and those defense officials who seek to shape the debate about weapons programs in a budget cycle that has produced much anxiety before it has even begun. But one man is not pleased: Defense Secretary Chuck Hagel.

Hagel has told his senior officers, service secretaries, and other senior civilians that he expects they'll keep it zipped until the budget is unveiled. But that hasn't stopped the leaks. One day last month -- the day after a media report indicated that the Navy's buy of the prized littoral combat ship would be cut by 40 percent -- Hagel walked into a high-level meeting of his service secretaries, chiefs, and combatant commanders to tell them again that he was really unhappy. He wasn't shrill, said one individual in the meeting, and he was measured. As he looked around the room, he was pointed and he was firm, reminding everyone there again that he expected them to keep quiet.

"The secretary is extremely disappointed in the volume of information that unnamed sources believe is in their purview to share publicly about decisions that quite frankly haven't been finalized in some cases," Rear Adm. John Kirby, the Pentagon spokesperson, told Foreign Policy. "The secretary has expressed his displeasure over these leaks to the civilian and military leadership of the department on more than one occasion."

It's not entirely clear, of course, that any people sitting at the table that day were themselves guilty of the leaks. Nevertheless, there's no question that the leaks have already dominated this year's budget cycle. Cuts to the Army National Guard and Reserve and reductions to the Air Force's fleet of storied A-10 "Warthog" jets and the controversial F-35 fighters have all been floated publicly in media reports. The most prominent leak was probably the one indicating there would be a reduction in the number of littoral combat ships, the Navy will reportedly buy, from 52 to 32.

All the leaks suggest there will be few secrets when this year's budget is unveiled in March. But what's more significant is that the leaks have allowed opponents of such cuts to mobilize on Capitol Hill in hopes of preventing them. For example, after the story about the cuts to the Navy's ships was published, more than 20 members of Congress wrote Hagel to share their concerns about the possible cut.

Hagel is expected to do a soft rollout of the 2015 budget as early as next week. But much of what he has to say may not be news. That's due largely to the decidedly different approach he took on leaks where he favored trust of his people over strong-arming them.

Former Defense Secretary Robert Gates demanded that his senior officers, chiefs, and combatant commanders sign nondisclosure agreements that prohibited anyone from spilling secrets about budget deliberations. The move prompted some senior officials inside the Pentagon to grumble that Gates didn't trust his own people, but they signed the documents anyway. Gates's successor, Leon Panetta, reportedly followed suit by asking his people to sign similar agreements, not for the Pentagon's budget, but for a critical strategy document that was being written at the time. In December 2011, Panetta ordered officials preparing that strategy to sign a paper on which they promised not to disclose information about their work on the strategy -- which would have foreshadowed important budget decisions to come.

"Secretary Panetta views these agreements as critical to ensuring that decisions remain driven by strategy and analysis," Doug Wilson, Panetta's spokesman at the time, told Bloomberg.

Those documents helped prevent the kind of widespread leaks that can undermine budgetary and political success for Pentagon chiefs. Gates, for example, was able to get much of what his budget asked for in 2009 through Congress, in part because of the strategic rollout -- the budget remained under wraps until Gates was ready to unveil it, which meant that major defense contractors had little time to get their congressional allies ready to battle the Pentagon on their behalf.

Hagel's style has been markedly different. Unlike Gates and Panetta, Hagel did not require senior officers and secretaries to sign nondisclosure agreements, preferring to trust them to keep the secrets of the budget strictly confidential.

A senior defense official said Hagel wasn't naive about leaks but didn't want to run roughshod over senior officials entrusted with a wide variety of critical information. "His message to the leadership was: 'I'm going to trust you,'" the official told FP.

But that trust seems to have been misplaced. In recent weeks alone, there have been leaks not only about the number of littoral combat ships the Navy will buy, but the size of the cuts to the Army National Guard, and there have been several slips about changes to the military's compensation package. The level of detail in some of the reports has been eye-opening, a testament to both the skill of the reporters breaking the stories and the willingness of their sources to share ostensibly highly confidential information.

Take a recent Bloomberg article about the Pentagon's "pre-decisional" budget thinking about the next-generation F-35 Joint Strike Fighters. The troubled program has been massively over budget, and Bloomberg said the Defense Department would be requesting 34 of the planes, not the 42 that had been expected.

"The fiscal 2015 request, to be released on March 4, will include funds to buy 26 of the Air Force's model, six of the Marine Corps' short-takeoff and vertical-landing jets and two of the Navy's version for aircraft carriers, according to the officials familiar with the plans who asked not to be identified because the budget hasn't been made public," Bloomberg reported.

On Jan. 15, Defense News broke the news that Hagel's Pentagon would limit its buy of littoral combat ships. The decision, the paper reported, came in a Jan. 6 memo from Acting Deputy Defense Secretary Christine Fox, who was said to be furious about the leak. (Some believed that Navy officials leaked information about the ship cut in the hopes that the cuts would be reversed; others believe there would be no advantage to the Navy to leak the fact that the budget for a prized ship would be cut.)

There have been other leaks about military compensation and benefits that have helped sharpen lobbying efforts by the bevy of veterans organizations that will fight to prevent any cuts from those coffers.

Loren Thompson, chief operating officer of the Lexington Institute, which does consulting for a number of defense firms, thinks that Hagel's ship is looser and that the leaks don't bode well for the success of his budget.

"The traditional military values like surprise and precision and synchronization matter as much in politics as they do in combat," Thompson told Foreign Policy. "If your budget arrives on Capitol Hill with all the controversial details already in legislator's minds, then it's going to be harder to sell because the defenders of the status quo will have been alerted."

But the Center for Strategic and Budgetary Assessments' Todd Harrison, a well-known defense budget analyst in Washington, sees many of the reports about the budget not as leaks as much as trial balloons. "The services and to a lesser extent [the Office of the Secretary of Defense] are testing ideas to see where the resistance would be," he told Foreign Policy. "The services are doing their own thing, and as a result we're seeing more trial balloons."

It's not necessarily a bad thing, he said. The more transparent approach may unnecessarily anger some constituents, who are able to mobilize and counter a proposed cut before it sees the light of day when the budget is released -- tying the hands of Pentagon leaders. But on the other hand, there's a level of accountability and openness that allows for public debate.

"If they are making the right decision, then that decision should be able to stand up to public scrutiny and debate," Harrison said. "And if you really have a good case for what you're doing, you should be able to make that case and win the argument."

Fox tried to do just that at a conference last week in California in which she took swipes at the littoral combat ship -- signaling the Pentagon's thinking on the matter -- but never named it. "Niche platforms that can conduct a certain mission in a permissive environment have a valuable place in the Navy's inventory, yet we need more ships with the protection and firepower to survive against a more advanced military adversary," she said at the event in San Diego.

Then Fox noted pointedly the fact that much of the budget is already out there. "At this point, I obviously can't share any particular program decisions, including the ones you have probably already read stories about in the press, but I can provide the fiscal and budgetary context that shaped our recommendations," she said.

Photo: Getty/Chip Somodevilla

The Complex

Forget China: Iran's Hackers Are America's Newest Cyber Threat

In March 2012, Ayatollah Ali Khameini, the Supreme Leader of Iran, publicly announced the creation a new Supreme Council of Cyberspace to oversee the defense of the Islamic republic's computer networks and develop news ways of infiltrating or attacking the computer networks of its enemies. Less than two years later, security experts and U.S. intelligence officials are alarmed by how quickly Iran has managed to develop its cyber warfare capabilities -- and by how much it's willing to use them.

For several years, Iran was believed to possess the ambition to launch disruptive attacks on Western, Israeli or Arab computer networks, but not necessarily the technological capability of actually doing so. Those doubts have largely evaporated. In late 2012, U.S. intelligence officials believe hackers in Iran launched a series of debilitating assaults on the Web sites of major U.S. banks. The hackers used a well-honed technique called a denial of service attack, in which massive amounts of traffic are directed at a site's servers until they crash. But the traffic flow in the bank attack was orders of magnitude greater than anything U.S. security officials had seen up to that point, indicating a remarkable degree of technical sophistication.

Last year, U.S. officials say that Iranian hackers infiltrated a large unclassified computer network used by the Navy and Marine Corps. Officials now say it took the Navy four months to fully clear its systems and recover from the breach, which was first reported by the Wall Street Journal.

"Iran should be considered a first-tier cyber power," Gabi Siboni, a cyber security expert with Israel's Institute for National Security Studies, said during a speech in Washington last December.

Western analysts see Iran's embrace of cyber attacks as a strategic attempt to counter the conventional military forces of the United States and Iran's regional rivals, particularly Saudi Arabia. Some analysts have blamed Iran for an attack on the computers of Saudi Aramco, the national energy company that supplies about 10 percent of the world's oil. The attack erased data from 30,000 computers, but it didn't affect oil and gas production and distribution facilities.

Analysts debate whether Iran should yet be included in the same league as the United States, Israel, or China, which each possess extensive capabilities to launch attacks on computer networks and the critical infrastructure connected to them, including electrical power facilities. But U.S. intelligence agencies now judge that Iran is well on the path to becoming a formidable cyber force. James Clapper, the U.S. director of national intelligence, recently warned that Iran's "development of cyber espionage or attack capabilities might be used in an attempt to either provoke or destabilize the United States or its partners.

The heart of Iran's national cyber efforts is the cyberspace council set up in 2012. It's chaired by the Iranian president, Hasan Rouhani and its members include senior government officials, including the head of Iran's elite Revolutionary Guard, which controls military units believed to conduct offensive cyber operations and electronic warfare, such as jamming communications systems. Iran was motivated to ramp up its cyber security efforts, particularly the defense of its internal networks and vital infrastructure facilities, after a cyber attack on an Iranian nuclear facility by the United States and Israel that disabled 1,000 centrifuges used to enrich uranium, a key component of a nuclear weapon. Iran's defensive capabilities today are devoted to preventing another such attack, as well as monitoring and suppressing domestic political opponents who threaten the regime, Siboni wrote in a recent analysis of Iran's capabilities.

The Revolutionary Guard now owns and controls the biggest communications company in Iran, Siboni said. The government restricts access to the public Internet and monitors computers in Internet cafes. A domestic police force, known as FETA is charged with monitoring online activity and speech, as well as combating fraud and theft.

But it's the offensive side of the ledger that worries U.S. officials the most. In the past week, Iranian leaders have threatened to use cyber warfare against Tehran's enemies. "One of the options on the table of the U.S. and its allies is a cyber war against Iran. But we are fully prepared to fight cyber warfare," said Gen. Mohammad Aqakishi, the commander of the information technology and communication department of the armed forces' general staff, according to Iran's Tasnim news agency.

"[Aqakishi] said the U.S. has been making ‘empty threats' against Iran for several years, noting that Washington itself is mindful of the Islamic Republic's military might in the arena of information technology and communication," Tasnim reported.

Last week, Khameini, Iran's supreme leader, reportedly exhorted Iranian students, whom he called "cyber war agents," to prepare to fight Iran's enemies in cyberspace. "Get yourselves ready for such war wholeheartedly," Khameini said.

"If any war is launched against Iran, we won't give any ground to the enemy and they themselves know this very well," Iran's military chief of staff, Gen. Hassan Firouzabadi, said last week, declaring that Iran was prepared for a "decisive battle" with the United States and Israel.

Such provocations haven't gone unnoticed. And U.S. military officials have acknowledged that if the United States uses cyber weapons against Iran, Americans should expect some retaliation. "That's a valid assumption," Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, said in an interview in January 2013. "There are reports that destructive cyber tools have been used against Iran. I'm not-I'm neither confirming nor denying any-any part in that. What that should tell you is that that capability exists. And if it exists...whoever's using those can't assume that they're the only smart people in the world."

A few days before Dempsey's remarks, Gen. William Shelton, the commander of Air Force Space Command, warned that Iran was a growing offensive threat in cyberspace. "They're going to be a force to be reckoned with, with the potential capabilities that they'll develop over the years and the potential threat that they'll represent to the United States," Shelton said. In other words, Chinese hackers aren't the only ones Washington needs to worry about.


John MacDougall / AFP