Wednesday, March 05, 2008

Giving it Away On-Line?—Dissecting an OPSEC Case Study

The F-22 Raptor in flight. Did a veteran fighter pilot disclose sensitive data about the Air Force's newest fighter, or simply discuss information that was already available in the public domain?

Part I of II

By Nate Hale

Asked to justify restrictions on certain forms of internet activity by military personnel—on government computers—DoD officials invariably cite concerns about operations security (OPSEC). In an increasingly wired world, the Pentagon is worried that adversaries can glean sensitive or even classified information from blogs, chat rooms and other on-line forums.

Noah Shachtman (who runs the widely-read defense blog, The Danger Room) has written extensively about this issue; his most recent post on the topic (which contains quotes from this blogger) can be found here. Mr. Shachtman’s reporting confirms what many already suspect; the Air Force—and other military organizations--see little value in blogs, and are moving aggressively to limit access through its IT network:

"The Air Force is tightening restrictions on which blogs its troops can read, cutting off access to just about any independent site with the word "blog" in its web address. It's the latest move in a larger struggle within the military over the value -- and hazards -- of the sites. At least one senior Air Force official calls the squeeze so "utterly stupid, it makes me want to scream."

And sure enough, retired Air Force Colonel Tom Ehrhard (now a senior fellow at the Center for Strategic and Budgetary Assessments) invoked the OPSEC issue in defending the crackdown. As he told Noah Shachtman:

"It is increasingly clear that active exploitation could take advantage of airmen and civilians who want to inform and correct the often outrageous, false assertions on these blogs. In doing so, it is easy for well-meaning insiders to violate operational security (OPSEC) tenets, either directly or tangentially. We are in a different world today when it comes to sensitive military information, and foreign intelligence operatives surely understand this and will exploit it. As a former member of Strategic Air Command, where OPSEC was (rightly) an obsession, this has been obvious to me for some time in reading aerospace-oriented blogs. This policy strikes me as a timely reminder to Air Force professionals that they should be on guard when blogging, because someone is watching."

Underscoring the potential threat, the Air Force is now circulating a PowerPoint presentation entitled “CyberOPSEC: An F-22 Case Study,” detailing information about the service’s state of the art fighter that appeared “on a popular public website about military and civilian aircraft.” Apparently, the source for much of the data was a Raptor pilot, who posted under the handle “dozerF22.” A copy of the briefing was obtained by In From the Cold.

The implication of the study--reportedly compiled by the Air Force Office of Special Investigations (AFOSI), the Navy’s Criminal Investigative Service (NCIS), the FBI and the Department of Homeland Security—is clear. By participating in the forum, answering questions about the F-22 and providing personal information, “Dozer” displayed questionable judgment and might have disclosed valuable information about the nation’s newest stealth fighter. The referenced assessment is “Unclassified/Open Source,” so discussion in public forums does not betray any classified or sensitive information.

Discovering Dozer’s identity wasn’t very difficult, according to the presentation. The pilot’s public profile listed both his name and military e-mail address. And, if that weren’t enough, another poster on the forum quickly testified to Dozer’s reputation as a fighter jock:

"For those who don't know, Dozer is one heck of a fighter pilot.

Then-Capt Dozer, a flight leader with the 'Grim Reapers' of the 493rd FS RAF Lakenheath, UK, on night one of Operation Allied Force led a package of four F-15Cs and four F-16CJs protecting the first wave of F-117A Night Hawks flying over Serbia. Engaging a charging MiG, he launched missiles through the formation of F-117s, ending in the MiG exploding about 1,000 feet off the nose of one of the Night Hawks. The pilot ejected safely out of the MiG-29 fireball.

Dozer encountered some more MiGs later in the conflict and scrambled the night the F-117A, callsign Vega31, Col Zelko, was shot down and rescued (More details and Dozer's photo in the hard-to-find book "Stealth Down," by Ross Simpson).

An honor to be able to chat with a pilot that has been there and done that.


The pilot’s on-line profile also included his picture in a flight suit (name and rank clearly visible), with an F-22 in the background.

Over the months that followed, postings by Dozer and other forum participants attracted quite an audience, according to the OPSEC analysis. The board’s F-22 discussion logged over 700 posts, which were read more than 68,000 times. New users “came out of the woodwork,” the study claims, creating new accounts and posting questions for the F-22 pilot. The queries covered a broad range of technical, tactical and performance issues for the Raptor. Some sample questions:

· “That rocks…so is a JHMCS (Joint Helmet-Mounted Cueing System) or equivalent going to be included in the upgrades along with the AIM-9X (air-to-air missile)?
· “With the upgraded air to ground capabilities, will this allow the Raptor to attack mobile/moving targets in addition to autonomously identifying ground targets?“
· “What are your opinions regarding the effectiveness of the 20mm cannon on the F-22?”
· “It has been said that 2-3 RAF Eurofighters have been sent to Nellis AFB for testing and training…might you confirm this information and tell us some details about the result of Raptor versus Typhoon up to now?
· “You mentioned you are moving up north. Where are you heading?”
· "It is said that Raptor nowadays can supercruise with the speed of around Mach 2. Could you make a confirmation or comment for this declaration?”
· “I just want to know if that was the fastest pitch the Raptor can achieve?”
· “If the Raptor was to carry external stores would it loose its ability to supercruise straight away?”

One participant even asked about a specific feature on the F-22’s fuselage, posting a photo of the area in question with the query: "Dozer, what does this picture show?

Over the months that followed, the F-22 pilot responded to scores of questions, offering general information on the radars carried by Raptor variants; the location—and function-- of engine bleed air and bypass doors; the accuracy of aircraft weight numbers published in another aviation forum, and the date when his new unit (located in Alaska) would receive its last jets. A few of his replies are listed below:

· “I think the fuel numbers are not classified.”
· “The F-22 is not sitting alert in Alaska; however, we occasionally pulled a very tiny amount of alert at Langley.”
· “The pace will really pick up in August, both aircraft and pilots (in Alaska)
· “No they aren’t modified, and they have the older generation radar. The AK and beyond tails (although Langley does have three Lot 5 tails) are the ones with the next generation radar.”

According to the study’s authors, months of on-line questions and answers revealed a number of details about the F-22, ranging from its basing status, to the function of specific flaps and doors, and details on how various weapons systems operate. Other responses “confirmed and denied performance rumors,” discussed the status of radar upgrades, and covered “issues with thrust vectoring.”

Judging from the OPSEC presentation, readers would think that the on-line forum provided a veritable treasure trove of information on the Air Force’s newest fighter. But a closer examination of the study--and its conclusions--reveals that much of the information “disclosed” on the discussion board had been circulating for months—even years—before Dozer and other participants weighed in.

Tomorrow: A look at earlier discussions and media reporting on F-22 capabilities, deployments and operational issues. Did Dozer’s on-line comments represent a genuine OPSEC violation—or was it largely a rehash of information already available to the public and potential adversaries? And, what does the incident say about existing military policies on information disclosure and on-line activities?


Jim Howard said...

The irony here is that if the USAF blocks access to sites like the one in question, then it will that much harder to detect members who fall to the temptation of posting too much information on the web.

It's a 'see no evil' policy that just isn't very smart.

The USAF is thinking like the old Soviet Union, 'ban them, arrest them, restrict, regulate'.

I wonder if anyone in the USAF ever heard the expression that 'Given enough eyeballs, all bugs are shallow'. The USAF ought to encourage everyone to monitor as many blogs and forums as possible, and report possible OPSEC violations.

halojones-fan said...

Most DOD Top Secret stuff is Classified Out Of Habit. I recently got a DOD TS in order to work on TSAT. After I got my new badge, my boss called me into his office, closed the door, and vouchsafed unto me a piece of Top Secret information.

I was a bit disconcerted when I learned this information, because I'd already speculated that it existed--and had, in fact, been discussing it with co-workers since I came onto the program. It's fairly obvious if you look at the press releases describing the vehicle, or any pictures of it, but apparently this is Top Secret Classified.

So it's entirely possible that these "OPSEC Violations" are in fact blindingly freakin' obvious stuff that's classified because, well, things like that are classified. Stuff like "the Raptor has a launch bay that opens when a missile fires and closes afterwards" might well be Top Secret classified information!

TS/SCI stuff is a different story, but that's more !@(#$% N!@#I!N# qin ainergo ian e

Storms24 said...

I received 4 copies of that stupid PowerPoint - 2 from AF OPSEC program managers. I pointed out the same irony J.H. does - that AF seems to think that OPEN SOURCE material should only be accessed by private users and that we are routinely denied access to those same websites from the .mil domain because some comm-troop (or worse, contractor) can't see an "official use" for such access.

I also asked the PM's what was the result of these "violations." As far as I can discern, these postings went on for quite a bit of time and it obviously did not hurt "Dozier's" career. (And before anyone hammers me for an OPSEC no-no, that info is public knowledge.)

What the OPSEC briefers failed to mention is that "Dozier" was also a demo pilot and an official spokesman for that program. He performed at dozens of airshows, acted as the official POC for industry experts, and was routinely quoted in aviation magazines (including AF Times) - all with the blessings of USAF officials.

I wonder what kind of information about our UAV's these same enemies can discern from Erhardt's posted biographies, commentaries, policy papers, published works, and unclassified presentations?

PCSSEPA said...

Bottom line: If you are going to discuss matters related to ops, only discuss them with those who have a need to know - period. You never know who is on the other end of the net or how much information they already have or what they need to complete their assessment.

Jim Howard said...

"You never know who is on the other end of the net or how much information they already have or what they need to complete their assessment."

And if the good guys wall themselves off from the net, they'll never know what is being said about them on the net.

PCSSEPA said...

I did not say that they have to "wall themselves off". I said that they need to keep their mouths shut. The Good Lord gave us two eyes, two ears, and one mouth for a reason. Confirmation is information.

DRPK said...

Let me set the record straight: That presentation WAS NOT repeat NOT from any official AF/DOD investigation. It came from a lone OSI Agent from Davis Monthan (DM) AFB who, acting on one tip from some airman, took it upon himself to make a slanderous, misleading, and false hit piece. The facts:
- "Dozer" was ordered, by several General Officers, to be the F-22 Spokesman and use “any and all media,” INCLUDING THE BLOGISPHERE, to blunt negative press during at a time when the F-22 program was in peril
- Everything said was open source…HE DID NOTHING WRONG he obeyed orders!
- He is an American Patriot who does not deserve this CRAP!

Don't believe me? Check it out yourself, call The OSI at DM and ask them…I trust this Blog and its members have the integrity to do that. Oh, by the way, heads are rolling at the OSI over this character assassination…that’s where the REAL story is.

DM Operator 520-228-1110 ask to be connected to the OSI office.

Old Curmudgeon said...

Why bother worrying about accidental violations of OPSEC? Read this article in the WSJ, obviously leaked by NSA employees:

"NSA Domestic Spying Grows as Agency Sweeps Up Data"

Good thing they've stopped enforcing 18 USC Sec. 798, isn't it?

Mitch Miller

patriot.100 said...

I've seen this Opsec briefing (circulated where I work, a friend from a large aerospace firm sent it to me, it was circulating there!). I've also just read this air force article and have been reading a ton of posts all over the place, man this guy is getting cruicifed. How about some common sense here.

#1 This pilot was given a job, and part of that job was to "sell" the F-22 to the public, he was specifically told to counter the negative on the internet (in addition to other media). The F-22 was at a critical crossroads as to whether or not it would be cancelled or bought, still seems questionable to me but that's another topic. The air force brass was desparate to get a positive spin to the public about the aircraft and what it could do.

Now do you REALLY believe, and can you be possibly so naive, as to think EVERY time an officer or enlisted member of the military gets an order, direction or guidance from a senior officer (especially a General), that they'd ask for something in writing? How ridiculous can you get, "excuse me general, but before I do that I need this in writing...", are you KIDDING me? How many millions of times a day are people given orders or directions and the answer is "yes sir/ma'am", not "I need that in writing in case it comes back to bite me someday". The military, and in fact the civilian world, would cease to function in a day if that was the norm.

#2 Everyone in the military, especially those with high security clearances, as I'm sure an F-22 pilot must have, has to get training on what is / is not classified and what they can / can not discuss. This pilot, unfortunately for him, was obviously caught in a direct crossfire between doing what he was asked to do and having to watch how he did it. It's obvious from that he was already well known from being involved in shooting down aircraft, a position the US government put him in by sending him to war and then putting him in front of the press to "show off" one of their pilots. I GUARANTEE you he was told to do that for the advantage of the air force, maybe he should have gotten those directions on paper too? If he's been made the public face of the F-22, how could he NOT be googled and everything found out about him? They paint him into a corner and the OSI makes him look like a fool for it, as if he caused that and could do a damn thing about it. They obviously have him in a position where he had to interview how many dozens or hundreds of times and I'm sure it must have been going through his mind to not say anything wrong or that would get him in trouble, sounds like a nice no win situation to be in.

So he was investigated, so what? Isnt' that how the system is supposed to work if someone has a questions about something going on. If something is found to be amiss my guess is the security services handle it (probably lose their security clearance and/or get some form of reprimand or worse depeding on the severity of the incident, there are a lot of cases like that out there, I've read plenty of stories). If not, the individual is cleared an life moves on. The security apparatus obviously found nothing amiss in this case or this pilot would be in trouble. Too many cases of people being crucified, they have no problem "eating" their own when they screw up. No, makes no sense that they're hiding anything, other than maybe what the OSI did.

Here's why this is damaging from what I can gather.

1 the USAF gave this pilot a job and some pretty specific guidance on how to go about it.
2 the pilot did what he was asked to do.
3 an "unknown" source reports "suspcious" information on a website (God only knows who that might have been, maybe a wannabe pilot that couldn't make it)
4 the pilot is investigated, not once but twice, cleared of any "wrongdoing" or release of information that wasn't already "open source" as they called it
5 the OSI decides to take it upon themselves to write up a brief regardless of that fact with a ton of personal & identifying information, to include character judgement & "defamation of character" (that's what a lawyer friend of mine said after seeing it).
6 the OSI blows off all rules about "for official use only", FOUO it's called, and personal privacy act rules and sends this brief out around the planet (you should hear what my lawyer friend says about THAT!).
7 this brief spreads like wildfire across the internet because it's F-22 related, appears scandalous and we do love our scandals, and it trashes a pilot & officer - what better sport than to bash the military, officers, and especially those "arrogant" pilots
8 it appears the AF brass is protecting the OSI and from what I hear they know they screwed this up big time, so now they DO have an issue because an official government employee / office / agency has legally defamed another official of the US government, who was cleared of talking about anything classified.
9 so far from what I've seen / heard, not one official or officer of the air force has stepped up to defend this pilot for doing what they asked him to do. They seem to have made excuses for the OSI but no one has pubilcly defended him. Seems to me this would be a lawsuit in the making for whoever put this brief together and allowed it to be distributed. Hell maybe he should go after the air force for it, it's his name being tarnished. And this thing has reached across the planet, its not contained by any stretch. I've seen some of the posts and this guy is being seriously trashed, especially since its hitting major news sources.

So what's really happening here? It would appear the air force is hanging one of its officers out to dry and no one wants to stick their neck out for him. Especially if they cleared him, why hasn't anyone stood up for him? Makes me glad I'm not in the military, this guy ought to come out with guns blazing to defend himself. My guess is the brass is hoping this thing will just blow over as opposed to having to do right by this guy. Having seen how they tend to clamp down on things they don't like it wouldn't be surprising at all if they're putting the hammer on him and not letting him defend himself, especially since it appears they know this doesn't look good for the air force. How could it? One brief makes it appear a officer screwed up and on the other hand it appears the OSI screwed up.

Why hasn't anyone crushed this OSI for doing this? It appears to be a clear case of defamation of character. It appears the "OPSEC violation" is not anything the pilot did but in fact what the OSI did. They took a whole bunch of his personal information and collected it and presented it for the world to see and use in this brief, remember this is supposed to be legally protected information, and who doesn' t know that in this age of identity theft? They made damning character assesments about him, all apparently without even bothering to interview him, how nice! Nothing like judging people you've never met. They also framed him by writing the brief such that it appeared he answered all the questions asked of him, its now been shown that's not the case (in my book that's called lying to make your point). I've seen a copy of the powerpoint brief and you walk away thinking this guy has sold all the F-22's secrets, when in fact (and I was told this), he didn't answer any of the questions the brief made it appear he did (that's called twisting the truth). The OSI then goes on to claim he answered all of these other questions that to the uninformed make it appear he's provided classified / sensitive information about the F-22! When in fact ALL of the information was "open source" as they call it. So if he's only talking open source and its sensitive then the air force, and the government are also wrong because they've allowed that information to be released, shouldn't they be held accountable as opposed to one lone pilot? Sounds to me like he's a scapegoat.

It sure seems to me the only thing that's happened wrong here is that this OSI has screwed up royally and the air force is covering for them, and certainly not the pilot, he's apparently on his own. If I was this guy I'd be in court tomorrow trying to get my name cleared, he's being absolutely strung out. Either he's got a lot of guts to take this on the chin or someone is making him be quiet. Maybe a congressman or two in his state should take a look into why this is happening. I read the first or second post earlier and it would seem they're going to lose this experienced pilot and all the money the US taxpayer has invested in him, all because of a brief that turned out to be mostly bogus, what have we come to? How can our military, already stretched so thin, continue to function, recruit & retain the caliber of people we need to defend our country when our military personnel get treated this way?

I'm horrified and absolutely disgusted at how quickly we rush to judge people and seem to believe anything that's said or written until all the facts come out. Especially true of our military who sacrifice so much for us. By all accounts it sounds like this guy has honorably served his country for many years, to watch him be crucified in such a manner makes me very, very sad.