Attribution and Declassifying Current Satellite Imagery

I listened to a great Webinar by Rick Holland today about digital threat intelligence. During the talk he mentioned the precedent of declassifying satellite imagery as an example of an action the government could take with respect to "proving" DPRK attribution.

Rick is a former military intelligence analyst like me, and I've had similar thoughts this week. They were heightened by this speech excerpt from FBI Director James Comey yesterday:

[F]olks have suggested that we have it wrong. I would suggest—not suggesting, I’m saying—that they don’t have the facts that I have—don’t see what I see—but there are a couple things I have urged the intelligence community to declassify that I will tell you right now.

I decided to look online for events where the US government declassified satellite imagery in order to support a policy decision. I am excluding cases where the government declassified imagery well after the event. I'm including a few cases where satellites were not yet operational, so air breathing reconnaissance assets took the photos. Based on that examination I formed these conclusions.

First, high-end satellite imagery is like signals intelligence (SIGINT) against hard targets. They are near the apex of protected sources and methods. Both are expensive to develop, deploy, and maintain. If spy satellite photos are released, they are often "degraded" to hide their actual resolution.

Second, the US IC doesn't declassify information very often. When you read about "declassified satellite imagery," it's likely you are seeing photographs taken by commercial satellites like Digital Globe. I found numerous examples online, with supposedly "declassified imagery" bearing commercial logos.

Third, when the US IC does declassify information, it usually withholds the source. If a source is mentioned, the method least likely to hinder future collection is cited as the origin. In other words, the IC may have a source inside a foreign government, and a source who corroborated the information after defecting to a US embassy. If the US decides to reveal the intelligence revealed by both sources, and feels the need to provide its origin, the IC will cite the defector. The foreign government already knows about the defector, but hopefully will remain unaware of the spy still in its midst.

Finally, as publicly stated, the US intelligence community considers North Korea to be a "very hard target." This 2011 Bloomberg article spells out the problems getting information about the DPRK. That means that if the US IC has ways to gather intelligence on the DPRK, those are some of the most important sources and methods to the entire IC. They are not going to burn those sources and methods to try (and fail) to satisfy a few dozen critics posting Tweets or blog posts.

Declassifying satellite imagery is a decent public example of the intelligence "gain-loss" decision that the IC and administration must make. They are historically exceptional reluctant to reveal sources and methods. I expect that if the FBI releases more information on their DPRK case, it is more likely to be associated with a criminal maneuver, similar to the PLA indictment of May 2014.

The following are related sources which you may enjoy visiting:



Comments

Ryan said…
I can and do respect the fact that they may have legit reasons as to why they cannot release the hard facts. The facts that show us how they came to the conclusion for their attribution. But if they're not going to release those facts (for whatever reason), then our only basis to judge their truthfulness on the matter is their credibility. Which I'm sorry to say, isn't that high up on my scale. So where does that leave me?

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics