A top-secret budget document obtained by The Washington Post from former National Security Agency contractor Edward Snowden provides new details about U.S. intelligence and surveillance efforts. The so-called “black budget” describes, among other programs, the NSA’s hacking unit, known as Tailored Access Operations:
So just what is Tailored Access Operations? According to a profile by Matthew M. Aid for Foreign Policy, it’s a highly secret but incredibly important NSA program that collects intelligence about foreign targets by hacking into their computers, stealing data and monitoring communications. Aid claims TAO is also responsible for developing programs that could destroy or damage foreign computers and networks via cyberattacks if commanded to do so by the president.
So, TAO might have had something to do with the development of Stuxnet and Flame, malware programs thought to have been jointly developed by the U.S. and Israel. The malware initially targeted the Iranian nuclear program, but quickly made its way into the digital wild. . . .
The unit bears a striking resemblance to a Chinese hacking group described in a report released by cybersecurity company Mandiant earlier this year. The report indicated that that group, APT1, was likely organized by the Chinese military. Perhaps not so coincidentally, Aid says multiple confidential sources have told him that TAO has “successfully penetrated Chinese computer and telecommunications systems for almost 15 years,” in the process, “generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.”
The black budget also shows that providing general strategic intelligence and advance notice of major world events to policymakers is the intelligence community’s first priority in terms of dollars. The other priorities enumerated in the document are counterterrorism, counterproliferation, cybersecurity and counterintelligence. Brian Fung was surprised to note that cybersecurity occupies a larger share of the black budget than counterproliferation:
Making sure WMDs are secured and well-maintained is an important priority. A cyber Pearl Harbor would likely be less psychologically hurtful than a dirty bomb going off in a major U.S. city. Yet since 9/11 we’ve also learned a lot about the level of danger posed by loose WMDs. Chemical and biological weapons are hard for terrorists to store and use. Nuclear weapons pose a greater risk, but as the Canadian researcher Robin Frost writes, even if terrorists got their hands on loose fissile material from the former Soviet Union, the technology might be literally inoperable. . . .
The point isn’t to turn this into an academic debate over which is worse, nuclear terrorism or a cyberattack. (And in fact, perhaps it’s notable that the budget chart breaks cybersecurity out as a separate item.) Yet it’s interesting to see how the intelligence community has spread its resources 10 years after the invasion of Iraq.
Another set of figures reveals the numbers of intelligence personnel who speak a foreign language. More than 2,700 speak Spanish, the most commonly spoken language in U.S. spy agencies. This number dwarfs those who speak Arabic and Chinese, which are the second and third most commonly spoken:
Given the high level of US engagement in the Middle East, you might expect Middle Eastern languages to be a top priority. But the statistics suggest that intelligence agencies have more than twice as many employees with Spanish proficiency than Arabic. Even combining Arabic speakers with other regional languages like Persian, Pashto, and Urdu . . . still brings the total to around 1,900, less than one-fifth of the payments for foreign language proficiency.
Also surprising, given China’s size and geopolitical importance: only 903 people in the intelligence community are proficient in Chinese languages.
The total annual budget for the agencies discussed in the document is $52.6 billion, which is greater than India’s defense budget this year and more than New York City’s tax revenue in 2012, but much less than the federal government’s annual spending on Medicaid. For more on the budget, see these charts from Wonkblog.
Opinion writer David Ignatius argues that the revelations in the document show that spy agencies have work to do:
The demonstrated inability of the U.S. government to keep secrets causes obvious problems for the intelligence agencies, which exist to steal other peoples’ classified goodies and protect their own. But it’s not so clear that this world of leaks threatens the security of the American republic. That’s because the very meaning of secrecy is changing in a world of transparent social media, where it must be assumed that every keystroke and GPS location may be captured by someone.
I write this reluctantly, as someone who favors a strong intelligence community for the United States that can protect the country against real threats from abroad. But if one theme emerges from these documents, it’s that the United States has been spending an awful lot for intelligence, especially at the CIA, without getting enough in return. What’s needed is better management, rather than more secrecy.
For more on the budget, read Barton Gellman and Greg Miller’s complete article here.