Few thoughts on this, threaded... 1/ this was also a massive intelligence failure by the FBI. I believe a fulsome, transparent review- akin to the 9/11 commission- of overall USG and partner failings is needed to learn from this event. From an FBI perspective I can envision... https://twitter.com/ChicagoCyber/status/1345423365515964417

2/ several scenarios that may have occurred. First, the FBI may have completely lacked intel that could have revealed this activity. If so, why? From a technical collection standpoint, it is difficult to conduct electronic surveillance against sophisticated cyber actors in...

3/ the US even when you know what you want to target. The FBI does have the authority to conduct this type of surveillance with appropriate legal authorization, but the laws relied upon- FISA, TIII and its exceptions- are complex and obtaining approval can be very SLOW...

4/ So if the FBI did not have domestic surveillance on these targets, was it because they had no idea it was occurring or what to look for, or did they try to obtain authority but were shot down by DOJ or a judge? In my time with the FBI there were numerous 'pocket vetoes' of...

5/ FISA applications by DOJ, especially when we wanted to attempt novel approaches to surveillance of complex cyber actors. Add to that the significant compliance requirements that fall upon FBI agents who do successfully obtain FISA authorization, and there exist significant...

6/ pain points that I believe have created a chilling effect on FBI personnel aggressively pursuing FISA collection in general, especially against sophisticated actors. It should also be noted that while a lot of the discussion of Solar Winds has focused on...

7/ technical collection failures, were there HUMINT collection gaps as well that the FBI and CIA should have addressed sooner? The actors allegedly behind this event are certainly not an easy target to penetrate, but this should not be viewed solely through the lens of...

8/ 'the cybers.' Another scenario that may have occurred is the FBI did in fact have domestic intel collection that may have revealed this activity but did not realize it or take appropriate actions with the info. How could this occur you ask? Well the FBI collects a lot...

9/ of intel but honestly does not always have a good plan on what to do with it. This can be the result of many factors, including a lack of personnel and tools to effectively analyze very large amounts of data, and a lack of clear intelligence gaps and requirements driving...

10/ the analysis. These gaps can exist both at the national level- eg, between FBI and other IC members- but also from within the FBI. I think one major issue the FBI needs to address is the silos that exist between the Cyber and Counterintelligence Divisions. The Solar Winds...

11/ event is a massive intelligence / counterintelligence failure that occurred in the cyber domain. Who within the FBI is driving and coordinating the strategy to target the Russia threat in cyber? In my experience- 2018 and before- there was not a clear, coordinated...

12/ strategy, and much of the good work that was done was the result of specific agents and analysts driving ad hoc coordination at the worker bee level as opposed to delivering on a clear national strategy. Again, these are just my musings on things that may have gone wrong...

13/ at the FBI specifically, but the main takeaway is the review and analysis of this event needs to be thorough and transparent, and likely needs to drive significant changes to the USG's overall efforts against nation state threats in cyber. Fin.