Security

MOCA loop and a CIA official just caught with $40m gold bars at home

Leave a comment

This NYT report of a government credibility failure reads like Snowden all over again. A basic IT tech guy has been inflating his resume forever and getting away with it because apparently the people checking aren’t able to tell he’s all about the lies.

“After a CIA internal investigation identified potential violations of the law, CIA Director John Ratcliffe referred the information to the FBI for a law enforcement investigation,” the written statement said.

The system that vetted David Rush for one of the most sensitive clearances in government accepted his self-described pilot career and his diplomas without the checks catching that he’d never flown a plane or, apparently, earned the degrees. A claim to be a decorated test pilot yet he couldn’t even fly a plane? Caught after the horse left the barn? That’s so Snowden.

A 2004 commission validated his 2009 hiring, which validated the SES promotion, which validated the clearance. It’s trust turtles all the way down, trusting the credential the prior step accepted. No one tested the chain, no one looked at the tree, they all just re-verified a dead leaf by design.

Clearance reinvestigation confirms the continuity, and doesn’t re-open the original question. Periodic reinvestigation asks whether the same cleared person has nothing new. It never asks whether a 2009 filing was wrong, or the 2004 root was fake.

Twenty years is a long time for a lie to never get audited. Then again, that’s Trump even more than Snowden.

But to be precise, with regard to my integrity breach research, Rush highlights two control failures. The first is an 2009 adjudication that never tested the root claims, which is the automation of an absence. The second, same as Snowden, was reinvestigation pointed trust scope to the wrong question.

Both were IT staff holding access far past their station. Rush’s lies bought the access, and apparently he cashed it as actual gold. Snowden’s access came with being allowed a basic sysadmin role, and he spent it on dumping “grab it all, let fascist Greenwald sort it out” to elevate himself. Which he did, as if the infosec industry had no integrity checks to stop him. Same over-scope. Rush is fixed by running the damn check, then by scoping the fixed check. Snowden especially needed the scoping half of the fix.

The Rush and Snowden control-design problems we know well. In fact, over-permissioned agents are the scoping failure recommitted at machine speed today, so Snowden was foreshadowing of the stupidity of OpenClaw.

Trump is different, because trust is captured by the people paid to test it. This integrity breach should worry national security experts most, because it is the only one where the control itself changes nothing. The control has been captured and disallowed from ever pointing at the truth. Trump survives because the defect is the integrity breach of an operator’s incentive rather than their control.

That’s an org-design problem to ensure control is measured outside the control domain, familiar to ISO auditors and the entire premise of a MOCA (modify-observe-converge-act) loop for agents versus OODA and PDCA. Verification has to move outside the system being verified. The only fix is an independent check with no stake in fixing the answer, which is precisely the thing Trump’s entire Witch of Oz persona and his army of gilded golden monkeys are made to prevent.

Trump threats should sound familiar to anyone who has seen the classic Oz film, projected menace backed by a borrowed army.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.