Armed Services Committees Agree On Final NDAA

The annual defense policy bill creates a new National Cyber Director and addresses other technology issues.

Last week, the negotiators agreed on a final FY 2021 National Defense Authorization Act (NDAA) that could get passed as early as this week. To no great surprise, President Donald Trump has threatened to veto the annual policy and authorization package for reasons largely unrelated to the Department of Defense and other agencies subject to the bill. It is unclear how the President will respond if Congress ends him the bill and similarly unclear whether Republicans would vote to override a veto. Additionally, the bill might not make it to the White House until around Christmas Day which would complicate the reconvening of Congress to hold override votes.

Nonetheless, big picture, the conferees explained in the Joint Explanatory Statement that conference report to accompany the “William M. “Mac” Thornberry National Defense Authorization Act for Fiscal Year 2021” (H.R.6395):

  • The budget request for national defense discretionary programs within the jurisdiction of the Committees on Armed Services of the Senate and the House of Representatives for fiscal year 2021 was $731.6 billion. Of this amount, $636.3 billion was requested for base Department of Defense programs, $69.0 billion was requested for overseas contingency operations, $26.0 billion was requested for national security programs in the Department of Energy and the Defense Nuclear Facilities Safety Board, and $314.0 million for defense-related activities.
  • The conference agreement would authorize $731.6 billion in fiscal year 2021, including $635.5 billion for base Department of Defense programs, $69.0 billion for overseas contingency operations, $26.6 billion for national security programs in the Department of Energy and the Defense Nuclear Facilities Safety Board, and $494.0 million for defense-related activities.

As always, the bill is replete with provisions to change national security-related technology policy, most of which pertains to the Department of Defense (DOD) and the Intelligence Community (IC). However, anymore, the Department of Homeland Security and other agencies also receive policy alterations in the NDAA.

The bill would change the requirements as to when the DOD notifies Congress if it conducts offensive or defensive cyber operations by narrowing the category of such operations. For example, if Cyber Command were to strike a botnet again as it reportedly did in the run up to the election, it would not need to notify Congress, for such an operation is not a foreign terrorist organization or a foreign government unless they may be deemed a “proxy force.” There is a provision extending the liability shield for DOD contractors participating in the Pentagon’s mandated cyber incident reporting system to include compliance with Defense Federal Acquisition Regulation Supplement clause 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.

H.R.6395 would tweak the Quadrennial Cyber Posture Review assessments of U.S. statutes, policies, and authorities to manage cyber threats, especially in achieving cyber deterrence.

The DOD would need to set requirements for the periodic, systematic review of the cybersecurity of major weapons systems and related critical infrastructure to ensure the security of these platforms. The Pentagon must also establish a “Strategic Cybersecurity Program” “to ensure that the Department of Defense is always able to conduct the most important military missions of the Department.” This new initiative “shall identify and designate for inclusion in the Program all of the systems, critical infrastructure, kill chains, and processes, including systems and components in development, that comprise the following military missions of the Department of Defense:

  • Nuclear deterrence and strike.
  • Select long-range conventional strike missions germane to the warfighting plans of United States European Command and United States Indo-Pacific Command.
  • Offensive cyber operations.
  • Homeland missile defense.

The DOD will need to “develop a standard, comprehensive framework to enhance the consistency, execution, and effectiveness of cyber hunt forward operations” including the criteria used to identify such operations, the roles of various stakeholders in the DOD, pre-deployment planning guidelines, the metrics to measure the success of the operation, and other facets. Cyber Command and the National Security Agency have been deploying more of these teams to other nations to develop partnerships with nations closer to shared cyber adversaries (e.g. Estonia and Montenegro visa vis Russia.) The formalization of this process indicates increased Congressional interest and a desire to regularize the practice.

The DOD must “conduct a review of the Cybersecurity Service Provider and Cyber Mission Force enterprises” to determine where there are gaps and redundancies between DOD systems and those provided by contractors. Presumably such an inventory process would precede the DOD consolidating where it can and expanding where necessary.

The position of DOD Principal Cyber Advisor would be reformed. The Secretary of Defense would name a person to fill this position from the DOD civilian officials confirmed by the Senate. The Principal Cyber Advisor would have the following responsibilities, among others:

  • Acting as the principal advisor to the Secretary on military cyber forces and activities.
  • Overall integration of Cyber Operations Forces activities relating to cyberspace operations, including associated policy and operational considerations, resources, personnel, technology development and transition, and acquisition.
  • Assessing and overseeing the implementation of the cyber strategy of the Department and execution of the cyber posture review of the Department on behalf of the Secretary.

The Principal Cyber Advisor will be tasked with the responsibility for the cybersecurity and critical infrastructure protection of the Defense Industrial Base (DIB) and must “synchronize, harmonize, de-conflict, and coordinate all policies and programs germane to defense industrial base cybersecurity.” This will encompass the Sector Specific Agency (SSA) responsibilities bestowed on the Under Secretary of Defense for Policy’s purview under Presidential Policy Directive-21, the Obama Administration era document that established the division and oversight of critical infrastructure with an eye towards cyber infrastructure. The Principal Cyber Advisor would also need to examine the Under Secretary of Defense for Acquisition and Sustainment’s authorities and responsibilities with respect to contracting and cybersecurity. The Principal Cyber Advisor would need to evaluate other facets of the DIB’s cybersecurity and critical infrastructure protection housed in different offices in the DOD, suggesting an obvious fracturing of efforts that may be at odds with one another.

The Principal Cyber Advisor and the head of Cyber Command would need to “conduct and complete an assessment on the operational planning and deconfliction policies and processes that govern cyber operations of the Department of Defense.” It appears that Congress would like DOD components to play better together when planning and conducting cyber operations, but this state of affairs is to be expected inside a large bureaucracy with players and entities interested in defending and even expanding their turf.

The DOD must “assess the feasibility and advisability of developing and using speed-based metrics to measure the performance and effectiveness of security operations centers and cyber security service providers in the Department of Defense.”

The DOD must study the feasibility of creating a new DIB information sharing program that would be above and beyond any current incident reporting requirements. Under law and regulation, at present, DIB contractors must report intrusions and incidents within 72 hours, but the language in H.R. 6395 envisions a program of greater information sharing for “cybersecurity purposes.” However, it begs the question as to why the DOD does not already have such a program given the “Cybersecurity Act of 2015” established the template for such programs over five years ago.

The Pentagon would need to “complete an assessment of the feasibility, suitability, definition of, and resourcing required to establish a defense industrial base cybersecurity threat hunting program to actively identify cybersecurity threats and vulnerabilities within the DIB.”

The DOD must “assess each Department component against the Cybersecurity Maturity Model Certification (CMMC) framework and submit to the congressional defense committees a report that identifies each such component’s CMMC level and implementation of the cybersecurity practices and capabilities required in each of the levels of the CMMC framework.” And, for those components that fail to meet the “good cyber hygiene” standards, the report must indicate whether they will bring their hygiene up to snuff by March of 2022 and how they will shore up vulnerabilities and risks in the meantime.

The DOD would need to start submitting monthly reports on all “cross domain incidents,” a new term that seems to include all intrusions into classified or restricted systems regardless of whether information is exfiltrated, contaminated, or exposed. The Pentagon would also need to provide Congress with a list of all currently operative exemptions to DOD information policy.

The DOD must draft and implement a plan on how to secure and protect the U.S. nuclear command and control system from cyber threats.

The Cyberspace Solarium Commission (CSC) was extended. It was supposed to sunset after the delivery of its final report, but now it will continue to exist for the better part of two more years. The CSC would need to discharge the following duties:

  • collecting and assessing comments and feedback from the Executive Branch, academia, and the public on the analysis and recommendations contained in the Commission’s report;
  • collecting and assessing any developments in cybersecurity that may affect the analysis and recommendations contained in the Commission’s report;
  • reviewing the implementation of the recommendations contained in the Commission’s report;
  • revising, amending, or making new recommendations based on the [aforementioned] assessments and reviews…

The CSC’s primary recommendation that the U.S. have a National Cyber Director in the White House was included in the final bill. This new position shall also have a dedicated office in the Executive Office of the President but would not be a Senate confirmed position as the CSC advised. Moreover, it appears that offensive and defensive cyber operations of the DOD would be outside his or her statutory remit unless the President decides to make it so. The National Cyber Director would offer advice to the National Security Council (NSC) on U.S. cyber strategy and policy and coordinate the formulation of such policies and strategies. Moreover, the director would be a statutory member of the NSC. The National Cyber Director would lead U.S. responses at the federal level to cyber attacks and significant cyber campaigns.

The bill would expand the authority of the United States’ (U.S.) Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) with respect to operating on civilian agency networks. CISA would be able to access and inspect other agencies’ information systems without the permission or knowledge of the other agency and could then share information and its findings with the agency. And yet, CISA would not receive authority to act if it found something on another agency’s information networks or systems. Nonetheless, CISA would also be empowered to provide a range of assistance to other agencies.

DHS would need to conduct an assessment of CISA per the CSC’s recommendations on how the agency could improve its operations and better use its resources, among other matters. DHS would also be tasked with evaluating how well the Sector Specific Agency approach to regulating critical infrastructure is working as laid out in Presidential Policy Directive 21 and successor documents and make recommendations on how to revise the framework if needed. This could result in the Biden Administration revamping the current 17 sectors and other components of how the U.S. oversees its critical infrastructure. In concert with this review and possible revision, Sector Specific Agencies would be replaced by Sector Risk Management Agencies that, as a practical matter, will probably be the same agencies overseeing the same sectors but with greater statutory responsibilities.

DHS must study and draft a strategy for all U.S.-based email providers to use Domain-based Message Authentication, Reporting, and Conformance (DMARC), “an email authentication, policy, and reporting protocol that verifies the authenticity of the sender of an email and blocks and reports to the sender fraudulent accounts.”

DHS would need to report annually on digital content forgery technology with the Director of National Intelligence, including:

  • An assessment of the underlying technologies used to create or propagate digital content forgeries, including the evolution of such technologies and patterns of dissemination of such technologies.
  • A description of the types of digital content forgeries, including those used to commit fraud, cause harm, harass, coerce, or silence vulnerable groups or individuals, or violate civil rights recognized under Federal law.
  • An assessment of how foreign governments, and the proxies and networks thereof, use, or could use, digital content forgeries to harm national security.
  • An assessment of how non-governmental entities in the United States use, or could use, digital content forgeries.
  • An assessment of the uses, applications, dangers, and benefits, including the impact on individuals, of deep learning or digital content forgery technologies used to generate realistic depictions of events that did not occur.
  • An analysis of the methods used to determine whether content is created by digital content forgery technology, and an assessment of any effective heuristics used to make such a determination, as well as recommendations on how to identify and address suspect content and elements to provide warnings to users of such content.
  • A description of the technological countermeasures that are, or could be, used to address concerns with digital content forgery technology.
  • Any additional information the Secretary determines appropriate.

CISA would receive the subpoena authority it requested to obtain the contact information of owners and operators of critical cyber infrastructure from internet service providers (ISP) should there be a risk. CISA submitted a legislative proposal in summer 2019 that was then taken up by Senate and House stakeholders who then introduced legislation in December and February respectively: the “Cybersecurity Vulnerability Identification and Notification Act of 2019” (S. 3045) and the “Cybersecurity Vulnerability Identification and Notification Act of 2020” (H.R. 5680). The bills were very similar but had some differences that have been ironed out.

CISA would be able to appoint an employee in each state to serve as Cybersecurity State Coordinator to help states improve their cybersecurity.

CISA must establish a “Cybersecurity Advisory Committee” to “advise, consult with, report to, and make recommendations to the Director, as appropriate, on the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the Agency.”

Inside CISA, there would be a newly created Joint Cyber Planning Office “to develop, for public and private sector entities, plans for cyber defense operations, including the development of a set of coordinated actions to protect, detect, respond to, and recover from cybersecurity risks or incidents or limit, mitigate, or defend against coordinated, malicious cyber operations that pose a potential risk to critical infrastructure or national interests.”

Within one year, CISA “a report on Federal cybersecurity centers and the potential for better coordination of Federal cybersecurity efforts at an integrated cybersecurity center within” CISA.

The Government Accountability Office (GAO) would need to investigate and report on cyber insurance in the U.S. At one time, some experts considered the development of a cyber insurance market as being crucial to driving greater cybersecurity across the private sector. However, this has not come to pass, which is likely why the GAO will be reporting on the issue.

On other technology policy, a Public Wireless Supply Chain Innovation Fund would be established and overseen by the Department of Commerce’s National Telecommunications and Information Administration (NTIA) to support the following activities:

  • Promoting and deploying technology, including software, hardware, and microprocessing technology, that will enhance competitiveness in the fifth-generation (commonly known as ‘‘5G’’) and successor wireless technology supply chains that use open and interoperable interface radio access networks.
  • Accelerating commercial deployments of open interface standards-based compatible, interoperable equipment, such as equipment developed pursuant to the standards set forth by organizations such as the O-RAN Alliance, the Telecom Infra Project, 3GPP, the Open-RAN Software Community, or any successor organizations.
  • Promoting and deploying compatibility of new 5G equipment with future open standards-based, interoperable equipment.
  • Managing integration of multi-vendor network environments.
  • Identifying objective criteria to define equipment as compliant with open standards for multi-vendor network equipment interoperability.
  • Promoting and deploying security features enhancing the integrity and availability of equipment in multi-vendor networks.
  • Promoting and deploying network function virtualization to facilitate multi-vendor interoperability and a more diverse vendor market.

A Multilateral Telecommunications Security Fund would be created and run by the Department of State “to establish a common funding mechanism, in coordination with foreign partners, that uses amounts from the Multilateral Telecommunications Security Fund to support the development and adoption of secure and trusted telecommunications technologies.” The bill provides that “[i]n creating and sustaining a common funding mechanism, the Secretary of State should leverage United States funding in order to secure commitments and contributions from trusted foreign partners such as the United Kingdom, Canada, Australia, New Zealand, and Japan, and should prioritize the following objectives:

  • Advancing research and development of secure and trusted communications technologies.
  • Strengthening supply chains.
  • Promoting the use of trusted vendors.”

Both of these new programs would need the Appropriations Committees to provide funding as the FY 2021 NDAA does not give them any money.

H.R.6395 directs “an interagency information technology spectrum modernization effort, led by the Assistant Secretary of Commerce for Communications and Infrastructure and the NTIA, to synchronize development and coordination of standards and Federal spectrum management.” This provision “would also require the Secretary of Defense to establish a program to identify and mitigate vulnerabilities in the telecommunications infrastructure of the DOD.”

The FY 2021 NDAA contains the “Developing Innovation and Growing the Internet of Things Act” (DIGIT Act) (S.1611) that would require the Department of Commerce to “convene a working group of Federal stakeholders for the purpose of providing recommendations and a report to Congress relating to the aspects of the Internet of Things.”

H.R.6395 has provisions “that would require the Secretary of Commerce to establish a program that provides grants to covered entities to incentivize investment of semiconductor fabrication facilities, or assembly, testing, advanced packaging, or advanced research and development of semiconductors in the U.S.”

© Michael Kans, Michael Kans Blog and, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and with appropriate and specific direction to the original content.

Photo by Michael Afonso on Unsplash

Much Of The Post’s Afghanistan Scoop Was In Plain Sight

A bit of a deviation here from the usual fare. The Washington Post has begun to publish a series of blockbuster articles on the interviews and materials it has obtained from the Office of the Special Inspector General for Afghanistan Reconstruction (SIGAR), showing that U.S. officials knew very early that operations in Afghanistan were not going well and that the Bush, Obama, and Trump Administrations have misled the American public about the state of operations over the last 18 years. It seems fair to say, these materials might rival the Pentagon Papers. Much of the material is shocking, especially when one compares the public statements and the private statements of some of the key figures who have been identified thus far.

However, if one had been following the quarterly SIGAR reports, to say nothing of the Lessons Learned series, one was able to see that efforts in Afghanistan were going poorly. In helping clients in my past life, I stayed on top of defense issues, and so I did write ups of a number of the SIGAR reports. Below are the excerpts I could find and reading them leads the reasonable reader to the conclusion that operations in Afghanistan were going poorly across a number of dimensions. Consequently, the Post’s articles lose a bit of their shock value when one turns back to SIGAR’s reports, which have been in the public sphere.

January 2017

This week SIGAR released its assessment of the current situation in Afghanistan and the biggest threats to success for the U.S. and its allies. SIGAR presented “High-Risk List report to the incoming Administration and the new Congress…[that] identifies what we see as the greatest threats to the ultimate success of our more than 15-year-long U.S.-funded reconstruction effort in Afghanistan.” SIGAR noted that since 2002, over $115 billion in U.S. funds have been expended in Afghanistan, “the largest expenditure to rebuild a single country in our nation’s history.” SIGAR stated that “[w]hile all eight risk areas outlined in this report threaten reconstruction, the questionable capabilities of the Afghan security forces and pervasive corruption are the most critical.” SIGAR stated that “[w]ithout capable security forces, Afghanistan will never be able to stand on its own…[and] [w]ithout addressing entrenched corruption, the legitimacy and effectiveness of the Afghan government will remain in a perilous state.” SIGAR stated that “[i]f these two risk areas are not addressed, I fear that our reconstruction efforts could ultimately fail, to the detriment of our national-security goals in Afghanistan.”

SIGAR identified the following high-risk areas:

  • AFGHAN SECURITY FORCES CAPACITY AND CAPABILITIES: Afghanistan needs a stable security environment to prevent it from again becoming a safe haven for al-Qaeda or other terrorists. More than half of all U.S. reconstruction dollars since 2002 have gone toward building, equipping, training, and sustaining the Afghan National Defense and Security Forces (ANDSF). However, the ANDSF has not yet been capable of securing all of Afghanistan and has lost territory to the insurgency. As of August 28, 2016,USFOR-A reported that only 63.4% of the country’s districts were under Afghan government control or influence a reduction from the 72% as of November 27, 2015. Capability gaps in key areas such as intelligence, aviation, and logistics are improving, but still hinder effectiveness.
  • CORRUPTION: Corruption continues to be one of the most serious threats to the U.S.-funded Afghanistan reconstruction effort. Corruption has eroded state legitimacy, weakening the government’s ability to enlist popular support against the insurgency, discouraging foreign investment and economic growth, as well as seriously diminishing Afghan military capability.
  • SUSTAINABILITY: Much of the more than $115 billion the United States has committed to reconstruction projects and programs risks being wasted because the Afghans cannot sustain the investment—financially or functionally—without massive, continued donor support. Donors were expected to finance approximately 69% of Afghanistan’s $6.5 billion fiscal year (FY) 1395 national budget (December 22, 2015–December 21, 2016), mostly through grants. At 2016 conferences in Warsaw and Brussels, the United States and other donors pledged to maintain assistance to Afghanistan at or near current levels through 2020.
  • ON-BUDGET SUPPORT: On-budget assistance includes direct assistance (also referred to as bilateral, government-to-government assistance) and assistance that travels through multi-donor trust funds before reaching the Afghan government. On-budget assistance is intended to reduce costs, increase Afghan government ownership, and build the Afghan institutional capacity for managing their own budget. However, on-budget assistance, whether delivered directly or through multilateral trust funds, leads to reduced U.S. control and visibility over these funds. Given the evidence that the Afghan government still cannot manage and protect these funds and may not use them appropriately, the Department of Defense is planning to reduce some of its on-budget assistance.
  • COUNTERNARCOTICS: The cultivation and trafficking of illicit drugs puts the entire U.S. investment in the reconstruction of Afghanistan at risk. Although the United States has committed more than $8 and a half billion to counternarcotics efforts in Afghanistan, the country still leads the world in opium production, and Afghan farmers are growing more opium than ever. The Afghan insurgency receives significant funding from participating in and taxing the illicit narcotics trade, raising the question of whether the Afghan government can ever prevail without tackling the narcotics problem.
  • CONTRACT MANAGEMENT: The scope of contracting in support of U.S. objectives in Afghanistan is enormous, but contracting represents a high risk to the success of Afghanistan reconstruction. The usual difficulties of contract management are magnified and aggravated by Afghanistan’s remoteness, active insurgency, widespread corruption, limited ministerial capability, difficulties in collecting and verifying data, and other issues.
  • OVERSIGHT: The ability for trained professionals to conduct site visits is a critical part of effective reconstruction oversight. Unfortunately, accessing reconstruction project sites and programs in Afghanistan has grown increasingly difficult with the U.S. and Coalition military drawdown. Oversight has also been weakened by instances of poor documentation, failure to monitor contract compliance and work quality, and inattention to holding contractors and grantees accountable for unsatisfactory performance.
  • STRATEGY AND PLANNING: A lack of emphasis on planning and developing related strategies means the U.S. military and civilian agencies are at risk of working at cross purposes, spending money on nonessential endeavors, or failing to coordinate efforts in Afghanistan.

July 2017

In a few different media outlets, the Trump Administration signaled that it is no closer to the strategy promised to Congress by July on how to handle U.S. involvement in Afghanistan. Unnamed Administration officials in one article suggested that a withdrawal of U.S. troops is being considered, while in an interview President Donald Trump made the case for relieving the commander in Afghanistan of his current duties. Other media accounts suggest Trump is considering a shakeup of his national security team by sending current National Security Advisor Lieutenant General H.R. McMaster to command U.S. forces in Afghanistan with Central Intelligence Agency Director Mike Pompeo being tapped to succeed McMaster in the White House. And, amidst these competing messages, at least one key Member on Capitol Hill is signaling his displeasure at the state of affairs.

The Trump Administration has been grappling with how to proceed in Afghanistan since the beginning of the year. McMaster, and other stakeholders, have been pushing for a troop increase to help stabilize the Afghan government, creating space to work with Pakistan, India and other countries in the region to decide upon a plan to end hostilities. Yet, other White House officials, such as White House Chief Strategist Steve Bannon have resisted further engagement in Afghanistan and have reportedly been pushing to withdraw troops. Even among those aligned with ramping up the U.S. military presence, there have been tensions. According to accounts, McMaster was forced to revise his Afghanistan strategy after Secretary of State Rex Tillerson and Secretary of Defense James Mattis refused to support a more ambitious broadly reaching plan. Despite reaching agreement on a more plan to deploy 3,900 more troops to Afghanistan, McMaster and others allegedly failed to persuade the President to sign on. In a National Security Council Principals meeting last month, Trump reportedly pushed back against this plan and questioned why the U.S. is still fighting in Afghanistan after 16 years. Moreover, it remains to be seen what role new White House Chief of Staff General John Kelly will play in the shaping of Administration policy in the White House beyond trying to formalize communication between staff and the President.

The Trump Administration is beginning to face unrest in Congress regarding plans for Afghanistan. In public hearings before Congress, Mattis had committed to delivering a strategy for Afghanistan by July, and some Members are expressing displeasure at not having received any plan. This week, Senate Armed Services Committee Chairman John McCain (R-AZ) even stated he will draft a strategy and add it to the FY 2018 National Defense Authorization Act (NDAA). In a statement, McCain asserted that “[m]ore than six months after President Trump’s inauguration, there still is no strategy for success in Afghanistan…[and] [e]ight years of a ‘don’t lose’ strategy has cost us lives and treasure in Afghanistan.” He declared that “[w]hen the Senate takes up the National Defense Authorization Act in September, I will offer an amendment based on the advice of some our best military leaders that will provide a strategy for success in achieving America’s national interests in Afghanistan.” Should such an amendment be added to the NDAA, it may be another sign the Congress, particularly the Senate, may be taking a more prominent role in foreign and military affairs as evidenced by the passage of a bill to limit the President’s discretion on lifting sanctions imposed by the Obama Administration on Russia.

Likewise, Trump’s comments to NBC that he may relieve U.S. Forces Afghanistan and the Resolute Support Mission General John Nicholson Jr. were met with statements of disagreement. McCain and Senator Lindsey Graham (R-SC) both made statements cautioning the White House against removing Nicholson from command. According to media reports, this was not the first time Trump has discussed such a change. In a July 19 meeting with Mattis and the Chairman of the Joint Chiefs of Staff General James Dunford, Trump emphasized that Nicholson should be relieved because the U.S. is “losing.”

In addition to the gains made by the Taliban and associated factions, this week, SIGAR issued another mixed “quarterly report on the status of the U.S. reconstruction effort in Afghanistan.” SIGAR acknowledged that “[i]nsurgents and terrorists carried out a number of deadly high-profile and insider attacks this quarter.” SIGAR noted that “[a]t the same time, there were some positive developments this quarter…[because] President Ashraf Ghani has already begun implementing policies laid out in his forthcoming four-year reform plan for the Afghan National Defense and Security Forces (ANDSF).” SIGAR stated that “[i]n addition, ANDSF force strength also increased for the second quarter in a row…[and] [t]he number of districts under the control of the government also appears to have stabilized at 59.7%, the same as last quarter.”

October 2017

This week, SIGAR released its 37th quarterly report regarding the reconstruction of Afghanistan and the first in eight years for which that the Department of Defense (DOD) would not provide classified information used by SIGAR to assess U.S. and Afghan efforts.

SIGAR stated that “Afghanistan is at a crossroads…[and] President Donald Trump’s new strategy has clarified that the Taliban and Islamic State-Khorosan will not cause the United States to leave.” SIGAR stated that “[a]t the same time, the strategy requires the Afghan government to set the conditions that would allow America to stay the course.” SIGAR noted that “[e]fforts are already under way to implement the President’s strategy…[and] [b]efore determining new troop levels for Afghanistan, the Pentagon acknowledged in August that there are more than 11,000 U.S. personnel already on the ground, about 3,000 more than the 8,400 figure previously reported.” SIGAR stated that “[o]n August 31, Secretary [of Defense James] Mattis signed new deployment orders to add over 3,000 troops in Afghanistan, which will bring the total to 14,000–15,000 personnel, not including civilians and contractors.” SIGAR stated that “[t]he force increase is expected to expand the advising mission, increase training for Afghanistan’s special operations forces, and allow for increased provision of U.S. air and artillery strikes in support of Afghan forces.”

SIGAR explained that “[i]n a significant development this quarter, U.S. Forces-Afghanistan (USFOR-A) classified or otherwise restricted information SIGAR has until now publicly reported…[which] include important measures of Afghan National Defense and Security Forces (ANDSF) performance such as casualties, personnel strength, attrition, capability assessments, and operational readiness of equipment.” SIGAR Noted that “USFOR-A said the casualty data belonged to the Afghan government, and the government had requested that it be classified.” SIGAR observed that “[m]ore than 60% of the approximately $121 billion in U.S. funding for reconstruction in Afghanistan since 2002 has gone to build up the ANDSF, so the increased classification of ANDSF data will hinder SIGAR’s ability to publicly report on progress or failure in a key reconstruction sector.”

SIGAR noted that “[e]fforts are already under way to implement the President’s strategy…[and] [b]efore determining new troop levels for Afghanistan, the Pentagon acknowledged in August that there are more than 11,000 U.S. personnel already on the ground, about 3,000 more than the 8,400 figure previously reported.” SIGAR stated that “[o]n August 31, Secretary [of Defense James] Mattis signed new deployment orders to add over 3,000 troops in Afghanistan, which will bring the total to 14,000–15,000 personnel, not including civilians and contractors.” SIGAR stated that “[t]he force increase is expected to expand the advising mission, increase training for Afghanistan’s special operations forces, and allow for increased provision of U.S. air and artillery strikes in support of Afghan forces.”

April 2018

On April 30, the SIGAR released its most recent quarterly report “on the status of the U.S. reconstruction effort in Afghanistan” for the first quarter of calendar year 2018. While SIGAR reported greater cooperation from the Pentagon regarding statistics that were newly classified last year, the agency also asserted that based on available numbers, it is clear that Afghan forces are getting smaller.

SIGAR stated that it “continued to work with United States Forces-Afghanistan (USFOR-A) this quarter to maximize the amount of unclassified information that could be provided to Congress and the public on the U.S.-funded mission to train, advise, and assist the Afghan National Defense and Security Forces (ANDSF).” SIGAR said that “[a]s a result of these meetings and other consultations with the Department of Defense (DOD), USFOR-A declassified or allowed the public release of several different types of data related to the reconstruction of the Afghan security forces.” SIGAR stated that “[a]mong them are the assigned, or actual, force strength of the ANDSF, which the latest figures show to be falling sharply over the last year.”

SIGAR explained that “[a]s of March 31, 2018, the United States had appropriated approximately $126.26 billion for relief and reconstruction in Afghanistan since FY 2002…allocated as follows:

  • $78.22 billion for security ($4.57 billion for counternarcotics initiatives)
  • $33.00 billion for governance and development ($4.22 billion for counternarcotics initiatives)
  • $3.42 billion for humanitarian aid
  • $11.62 billion for civilian operations

SIGAR stated that of the $126.26 billion, “DOD had disbursed nearly $65.60 billion for ANDSF initiatives.” However, SIGAR stated that “[t]his quarter, USFOR-A provided complete Afghan National Army (ANA) authorized (goal) strength figures in an unclassified format as well as top-line assigned (actual) strength figures.” SIGAR found that:

However, the assigned, or actual, strength of the ANA has decreased since the same period in 2017. As of January 31, 2018, assigned strength was 165,622 personnel, consisting of 74,184 soldiers, 58,678 noncommissioned officers, and 32,760 officers. This figure reflects 4,818 fewer soldiers, or 2.8% less, than January 2017 (not including civilians). The ANA was therefore at 85.4% of its authorized strength in January 2018, down over five points from 90.6% one year prior, which is partially explained by the recent increase in the ANA’s authorized strength.

On May 1, Secretary of Defense James Mattis was posed a question regarding “[t]he message from [the Pentagon] has consistently been that things, the situation is turning around; that things are improving there.” Mattis responded that “I don’t know that that’s been the message from this building…[and] I would not subscribe to that.” He said that “[w]e said last August NATO is going to hold the line…[and] [w]e knew there would be tough fighting going forward.” Mattis asserted that “[t]he Afghan military is being made more capable…[and] [y]ou’ll notice that more of the forces are special forces, advised and assisted, accompanied by NATO mentors, and these are the most effective forces.” He declared that “[w]e’ll stand by the Afghan people…[and] the Afghan government…[a]nd the NATO mission will continue, as we drive them to a political settlement.”

At a May 3 press briefing by DOD Chief Spokesperson Dana White regarding SIGAR’s finding that Afghan forces are getting smaller, she remarked “we’re working by, with and through our partners…[and] [t]hat, as the Secretary said earlier this week, these are desperate attempts.” White said that “our goal is to force the enemy to a political solution…[a]nd we’re going to do that.” She asserted that “the enemy gets a vote…[w]e will continue to work…[and] [w]e’re there to stand with the Afghan government.”

January 2018

This week, SIGAR released its 38th quarterly report on U.S. reconstruction efforts in Afghanistan. SIGAR John Sopko noted in his cover letter “the Department of Defense (DOD) instructed SIGAR not to release to the public data on the number of districts, and the population living in them, controlled or influenced by the Afghan government or by the insurgents, or contested by both…[even though] SIGAR has been reporting district-control data since January 2016, and later added estimates of population and land-area control reported by DOD.” SIGAR noted “DOD has determined that although the most recent numbers are unclassified, they are not releasable to the public.”

SIGAR asserted that “the number of districts controlled or influenced by the Afghan government had been one of the last remaining publicly available indicators for members of Congress—many of whose staff do not have access to the classified annexes to SIGAR reports—and for the American public of how the 16-year- long U.S. effort to secure Afghanistan is faring.” SIGAR claimed that “[h]istorically, the number of districts controlled or influenced by the government has been falling since SIGAR began reporting on it, while the number controlled or influenced by the insurgents has been rising—a fact that should cause even more concern about its disappearance from public disclosure and discussion.” SIGAR added that “[t]his worrisome development comes as DOD this quarter, for the first time since 2009, also classified the exact strength figures for most Afghan National Defense and Security Forces (ANDSF), another vital measure of ANDSF reconstruction.”