Pompeo Appoints Amb. Dan Smith as New Director of the Foreign Service Institute

 

On October 23, Secretary Pompeo appointed Career Ambassador Daniel Smith as the new Director of the Foreign Service Institute. He was recently the Assistant Secretary of State for Intelligence and Research (INR). This past summer, he was one of four career diplomats nominated by Trump and subsequently confirmed by the U.S. Senate for the personal rank of Career Ambassador. This FSI appointment does not require a Senate confirmation.

In the waning days of Tillerson’s Redesign Project, Ambassador Smith was also assigned as the lead of the “Impact Initiative.” He was widely rumored as the next Director General of the Foreign Service but in late July, the WH announced the president’s intent to nominate career diplomat Carol Z. Perez of Virginia, to be the next Director General of the Foreign Service.

Below is a brief bio of Ambassador Smith (via state.gov):

Daniel B. Smith was appointed as Director of the Foreign Service Institute on October 23, 2018. In this capacity, he serves as the Chief Learning Officer for the Department of State and the federal foreign affairs community.

A member of the Senior Foreign Service, Ambassador Smith holds the Department’s highest diplomatic rank of Career Ambassador. Ambassador Smith served most recently as Assistant Secretary of State for Intelligence and Research from 2013 to 2018 and as Ambassador to the Hellenic Republic from 2010 to 2013. Previously, he served as Executive Secretary of the State Department, Principal Deputy Assistant Secretary for Consular Affairs, and Deputy Executive Secretary. In addition to Greece, his overseas service includes tours in Bern, Istanbul, Ottawa, and Stockholm. He also taught Political Science at the U.S. Air Force Academy.

Ambassador Smith is a recipient of the Arnold L. Raphel Memorial Award, the Secretary’s Distinguished Service Award, a Presidential Distinguished Service Award, and several Superior and Meritorious Honor Awards.

Ambassador Smith received his Ph.D. and M.A. from Stanford University, and his B.A. from the University of Colorado at Boulder. His foreign languages are German, Turkish, and Swedish.

As of this writing, the highest ranking officers of the Foreign Service with the exception of David Hale (P) are out of Foggy Bottom (Goldberg in Cuba, Sison in Haiti, and Smith at FSI). With one of only four Foreign Service’s equivalent to a four-star general heading to FSI, one wonders if Pompeo is out to elevate FSI and training to the same level as the U.S. Army Training and Doctrine Command (TRADOC) headed by  Army four-star Gen Stephen J. Townsend. If yes, that’s great. If not, then not so great because you know what that means.

For now, nothing in Ambassador’s Smith’s blogpost Up To the Task of Preparing Our Foreign Affairs Professionals indicate forthcoming changes in Foreign Service training.

#

#

 

 

Advertisements

Why rudeness at work is contagious and difficult to stop

By Trevor Foulk | He is a PhD candidate in business administration at the University of Florida. He is interested in negative work behaviours, team dynamics, decision-making, and depletion/recovery. Creative Commons Attribution-No Derivatives

 

Most people can relate to the experience of having a colleague inexplicably treat them rudely at work. You’re not invited to attend a meeting. A co-worker gets coffee – for everyone but you. Your input is laughed at or ignored. You wonder: where did this come from? Did I do something? Why would he treat me that way? It can be very distressing because it comes out of nowhere and often we just don’t understand why it happened.

A large and growing body of research suggests that such incidents, termed workplace incivility or workplace rudeness, are not only very common, but also very harmful. Workplace rudeness is not limited to one industry, but has been observed in a wide variety of settings in a variety of countries with different cultures. Defined as low-intensity deviant behaviour with ambiguous intent to harm, these behaviours – small insults, ignoring someone, taking credit for someone’s work, or excluding someone from office camaraderie – seem to be everywhere in the workplace. The problem is that, despite their ‘low-intensity’ nature, the negative outcomes associated with workplace rudeness are anything but small or trivial.

It would be easy to believe that rudeness is ‘no big deal’ and that people must just ‘get over it’, but more and more researchers are finding that this is simply not true. Experiencing rudeness at work has been associated with decreased performance, decreased creativity, and increased turnover intentions, to name just a few of the many negative outcomes of these behaviours. In certain settings, these negative outcomes can be catastrophic – for example, a recent article showed that when medical teams experienced even minor insults before performing a procedure on a baby, the rudeness decimated their performance and led to mortality (in a simulation). Knowing how harmful these behaviours can be, the question becomes: where do they come from, and why do people do them?

While there are likely many reasons people behave rudely, at least one explanation that my colleagues and I have recently explored is that rudeness seems to be ‘contagious’. That is, experiencing rudeness actually causes people to behave more rudely themselves. Lots of things can be contagious – from the common cold, to smiling, yawning and other simple motor actions, to emotions (being around a happy person typically makes you feel happy). And as it turns out, being around a rude person can actually make you rude. But how?

There are two ways in which behaviours and emotions can be contagious. One is through a conscious process of social learning. For example, if you’ve recently taken a job at a new office and you notice that everybody carries a water bottle around, it likely won’t be long until you find yourself carrying one, too. This type of contagion is typically conscious. If somebody said: ‘Why are you carrying that water bottle around?’, you would say: ‘Because I saw everybody else doing it and it seemed like a good idea.’

Another pathway to contagion is unconscious: research shows that when you see another person smiling, or tapping a pencil, for example, most people will mimic those simple motor behaviours and smile or tap a pencil themselves. If someone were to ask why you’re smiling or tapping your pencil, you’d likely answer: ‘I have no idea.’

In a series of studies, my colleagues and I found evidence that rudeness can become contagious through a non-conscious, automatic pathway. When you experience rudeness, the part of your brain responsible for processing rudeness ‘wakes up’ a little bit, and you become a little more sensitive to rudeness. This means that you’re likely to notice more rude cues in your environment, and also to interpret ambiguous interactions as rude. For example, if someone said: ‘Hey, nice shoes!’ you might normally interpret that as a compliment. If you’ve recently experienced rudeness, you’re more likely to think that person is insulting you. That is, you ‘see’ more rudeness around you, or at least you think you do. And because you think others are being rude, you become more likely to behave rudely yourself.

You might be wondering, how long does this last? Without more research it’s impossible to say for sure, but in one of our studies we saw that experiencing rudeness caused rude behaviour up to seven days later. In this study, which took place in a negotiations course at a university, participants engaged in negotiations with different partners. We found that when participants negotiated with a rude partner, in their next negotiation their partner thought they behaved rudely. In this study, some of the negotiations took place with no time lag, sometimes there was a three-day time lag, and sometimes there was a seven-day time lag. To our surprise, we found that the time lag seemed to be unimportant, and at least within a seven-day window the effect did not appear to be wearing off.

Unfortunately, because the rudeness is contagious and unconscious, it’s hard to stop. So what can be done? Our work points to a need to re-examine the types of behaviours that are tolerated at work. More severe deviant behaviours, such as abuse, aggression and violence, are not tolerated because their consequences are blatant. While rudeness of a more minor nature makes its consequences a little harder to observe, it is no less real and no less harmful, and thus it might be time to question whether we should tolerate these behaviours at work.

You might be thinking that it will be impossible to end workplace rudeness. But work cultures can change. Workers once used to smoke at their desks, and those same workers would have said it was a natural part of office life that couldn’t be removed. Yet workplace smoking is verboten everywhere now. We’ve drawn the line at smoking and discrimination – and rudeness should be the next to go.Aeon counter – do not remove

Trevor Foulk

This article was originally published at Aeon and has been republished under Creative Commons.

#


What know-it-alls don’t know, or the illusion of competence

by Kate Fehlhaber (This article was originally published at Aeon and has been republished under Creative Commons).

 

One day in 1995, a large, heavy middle-aged man robbed two Pittsburgh banks in broad daylight. He didn’t wear a mask or any sort of disguise. And he smiled at surveillance cameras before walking out of each bank. Later that night, police arrested a surprised McArthur Wheeler. When they showed him the surveillance tapes, Wheeler stared in disbelief. ‘But I wore the juice,’ he mumbled. Apparently, Wheeler thought that rubbing lemon juice on his skin would render him invisible to videotape cameras. After all, lemon juice is used as invisible ink so, as long as he didn’t come near a heat source, he should have been completely invisible.

Police concluded that Wheeler was not crazy or on drugs – just incredibly mistaken.

The saga caught the eye of the psychologist David Dunning at Cornell University, who enlisted his graduate student, Justin Kruger, to see what was going on. They reasoned that, while almost everyone holds favourable views of their abilities in various social and intellectual domains, some people mistakenly assess their abilities as being much higher than they actually are. This ‘illusion of confidence’ is now called the ‘Dunning-Kruger effect’, and describes the cognitive bias to inflate self-assessment.

To investigate this phenomenon in the lab, Dunning and Kruger designed some clever experiments. In one study, they asked undergraduate students a series of questions about grammar, logic and jokes, and then asked each student to estimate his or her score overall, as well as their relative rank compared to the other students. Interestingly, students who scored the lowest in these cognitive tasks always overestimated how well they did – by a lot. Students who scored in the bottom quartile estimated that they had performed better than two-thirds of the other students!

This ‘illusion of confidence’ extends beyond the classroom and permeates everyday life. In a follow-up study, Dunning and Kruger left the lab and went to a gun range, where they quizzed gun hobbyists about gun safety. Similar to their previous findings, those who answered the fewest questions correctly wildly overestimated their knowledge about firearms. Outside of factual knowledge, though, the Dunning-Kruger effect can also be observed in people’s self-assessment of a myriad of other personal abilities. If you watch any talent show on television today, you will see the shock on the faces of contestants who don’t make it past auditions and are rejected by the judges. While it is almost comical to us, these people are genuinely unaware of how much they have been misled by their illusory superiority.

Sure, it’s typical for people to overestimate their abilities. One study found that 80 per cent of drivers rate themselves as above average – a statistical impossibility. And similar trends have been found when people rate their relative popularity and cognitive abilities. The problem is that when people are incompetent, not only do they reach wrong conclusions and make unfortunate choices but, also, they are robbed of the ability to realise their mistakes. In a semester-long study of college students, good students could better predict their performance on future exams given feedback about their scores and relative percentile. However, the poorest performers showed no recognition, despite clear and repeated feedback that they were doing badly. Instead of being confused, perplexed or thoughtful about their erroneous ways, incompetent people insist that their ways are correct. As Charles Darwin wrote in The Descent of Man (1871): ‘Ignorance more frequently begets confidence than does knowledge.’

Interestingly, really smart people also fail to accurately self-assess their abilities. As much as D- and F-grade students overestimate their abilities, A-grade students underestimate theirs. In their classic study, Dunning and Kruger found that high-performing students, whose cognitive scores were in the top quartile, underestimated their relative competence. These students presumed that if these cognitive tasks were easy for them, then they must be just as easy or even easier for everyone else. This so-called ‘imposter syndrome’ can be likened to the inverse of the Dunning-Kruger effect, whereby high achievers fail to recognise their talents and think that others are equally competent. The difference is that competent people can and do adjust their self-assessment given appropriate feedback, while incompetent individuals cannot.

And therein lies the key to not ending up like the witless bank robber. Sometimes we try things that lead to favourable outcomes, but other times – like the lemon juice idea – our approaches are imperfect, irrational, inept or just plain stupid. The trick is to not be fooled by illusions of superiority and to learn to accurately reevaluate our competence. After all, as Confucius reportedly said, real knowledge is knowing the extent of one’s ignorance.Aeon counter – do not remove

Kate Fehlhaber is the editor in chief of Knowing Neurons and a PhD candidate in neuroscience at the University of California, Los Angeles. She lives in Los Angeles.

This article was originally published at Aeon and has been republished under Creative Commons.

#

Tillerson to Shut Down @StateDept’s Sounding Board, Erase 7 Years of Institutional Collaboration

Posted: 5:11 am ET
[twitter-follow screen_name=’Diplopundit’]

 

On August 17, the State Department released an eDepartment Notice that the Sounding Board will be “retired” as of August 31st. A red banner reportedly went up on the Sounding Board site only on August 23 reminding users that the site will close on August 31 and that they should save any content they want to preserve in their local files before August 31st.  None of the contents in the Sounding Board will be archived.

The Sounding Board is an employee internal forum for ideas and collaboration launched in 2009 by then Secretary Clinton, and maintained throughout Secretary Kerry’s tenure.  Together with Communities and Corridor, they were all created and maintained to “enhance diplomatic initiatives by providing effective employee collaboration and information sharing capabilities.”

Some employees think of the Sounding Board as part of the agency’s process improvement and see it as a valuable feedback loop.  It is also a central repository of employee opinions and suggestions. In the last seven years, the Sounding Board was reportedly used by over 120,000 users, generating 4,000 ideas. It also resulted in the implementation of some 130 suggestions/requests. We understand that some of the implemented ideas include the creation of pedestrian walk signals outside the Harry S. Truman building which increased employee safety, the creation of ePerformance guides, improvements in the female bathrooms in HST and others that helped with employee engagement and morale.

The State Department did inform employees that it is planning on establishing a “new forum for employee suggestions and responses,” but apparently it did not explain what was wrong with the current Sounding Board, and why a new forum is considered necessary.  There is also no timeframe when the new forum will be operational and employees were instructed to use the Redesign Portal to provide their ideas to management in the meantime.

So after August 31, stuff will just go to some kind of “digital suggestion box” in the Portal and no one can see (presumably with the exception of those designated to watch the suggestion box) what topics are under discussion or what subjects are important to employees. Also — we have no way to verify this since we have no access to the portal —  apparently the ideas accepted in the Redesign Portal are restricted to topics related to the redesign effort only.  So how’s that going to work?  Does anyone know?

Employees were informed that they can still share their concerns with the Director General through the DGDirect email, and collaborate with others using Communities@State, an internal blogging program; and Corridor, an internal professional networking application. Those platforms, of course, are not suited for a community back and forth discussion that is unique in a forum setup.

So the State Department basically gave employees a 2-week notice that it is shutting down the Sounding Board, that the contents will not be archived or be available for viewing, and that the replacement forum will not be ready when the current forum shuts down next week.

Look, given that the State Department is already suffering from abysmal morale, this is one way of just digging a deeper hole. While we can understand why Secretary Tillerson and his circle might want to start from scratch with a new employee forum, this is not the way nor the time to do it.

Cost Savings

What savings do you get with a Sounding Board 2.0?  And seriously, what is wrong with the current Sounding Board? What is the justification for shutting it down? How much money does the State Department generate in savings in building a new forum vs. maintaining the old forum? For an agency with a 30% projected cut in funding, the questions “how much” and “why” deserve some answers.

Options

We expect that it would be objectively trivial in cost and time to preserve the Sounding Board. Some suggestions floating around:

1) Keep the Sounding Board “as-is” until the new forum is operational. Archive the Sounding Board when the new forum is activated.

2) Keep the Sounding Board “read-only” until the new forum is operational.  This would curtail the submission of new ideas but allow employees to read/view the archive as needed until the replacement forum is activated.

3) Hybrid Sounding Board/Redesign Portal, except that the “redesign” has a lifespan. If State bundles the Sounding Board with the Redesign Portal, what happens after the reorganization is completed? Bundling them together requires unbundling them later on, which we imagine could require more work than if it were a stand alone forum.

4) The Sounding Board is government record, is it not? Does the National Archives and Records Administration (NARA), the nation’s record keeper has anything to say about this planned destruction of government record?

Demolition

The State Department may call this the Sounding Board’s “retirement”but in fact, since its archive will not be retrievable/viewable, this is actually a demolition. And it’s not just the demolition of the employee forum itself, but a demolition of the employees’ collective ideas, contributions, and memories.  In reality, it would erased the last seven years of the institution’s collective work.

If the State Department goes through with this, it could only re-enforce employees perception that its new leadership does not walk the talk. You cannot say that the “Secretary values and wants employee feedback” and expect people to believe that if at the same time, you’re demolishing the system that affords employees the ability to provide feedback.

#

 

How are you dealing with Foggy Bottom’s bad jujus?

Posted: 2:45 am ET
[twitter-follow screen_name=’Diplopundit’]

 

How are you dealing with the bad vibes, and negative energy in the Foggiest Bottom these days?  We don’t care what a billionaire says, but health is wealth, so guard it fiercely and faithfully. Will the Deployment Stress Management Program soon include employees on domestic assignments? That is, until that gets gutted, too.  Sigh! If you have coping strategies you want to share, contact us via our Foggy Bottom nightingale line.

#

The Do’s and Don’ts of Talking to the Press, Congress, and the Path to Blowing the Whistle

Posted: 12:30 am ET
[twitter-follow screen_name=’Diplopundit’]

 

The Foreign Policy Project produced a podcast in partnership with the Women’s Foreign Policy Network on the do’s and don’ts of talking to the press, congress, and the path to blowing the whistle. The discussion includes an overview of protections available – do you want to disclose openly or anonymously?  What does the process of going to the Project on Government Oversight look like? What tools can you use to encrypt your communications? What should you consider before going to the press? POGO’s Danielle Brian is in the podcast. Check it out.

Check out the rest of the podcasts here: http://theforeignpolicyproject.org/women-in-diplomacy-podcast/.

 

#

Sexual Violence: Why Is a Consistent Definition Important? Attn: @StateDept Task Force

Posted: 12:41 am ET
[twitter-follow screen_name=’Diplopundit’ ]

 

Via the Centers for Disease Control and Prevention:

Why Is a Consistent Definition Important?

A consistent definition is needed to monitor the prevalence of sexual violence and examine trends over time. In addition, a consistent definition helps in determining the magnitude of sexual violence and aids in comparing the problem across jurisdictions. Consistency allows researchers to measure risk and protective factors for victimization in a uniform manner. This ultimately informs prevention and intervention efforts.

Sexual violence is defined as a sexual act committed against someone without that person’s freely given consent.  Sexual violence is divided into the following types:

  • Completed or attempted forced penetration of a victim
  • Completed or attempted alcohol/drug-facilitated penetration of a victim
  • Completed or attempted forced acts in which a victim is made to penetrate a perpetrator or someone else
  • Completed or attempted alcohol/drug-facilitated acts in which a victim is made to penetrate a perpetrator or someone else
  • Non-physically forced penetration which occurs after a person is pressured verbally or through intimidation or misuse of authority to consent or acquiesce
  • Unwanted sexual contact
  • Non-contact unwanted sexual experiences

Completed or attempted forced penetration of a victim ─ includes completed or attempted unwanted vaginal (for women), oral, or anal insertion through use of physical force or threats to bring physical harm toward or against the victim. Examples include

  • Pinning the victim’s arms
  • Using one’s body weight to prevent movement or escape
  • Use of a weapon or threats of weapon use
  • Assaulting the victim

Completed or attempted alcohol or drug-facilitated penetration of a victim ─ includes completed or attempted unwanted vaginal (for women), oral, or anal insertion when the victim was unable to consent because he or she was too intoxicated (e.g., incapacitation, lack of consciousness, or lack of awareness) through voluntary or involuntary use of alcohol or drugs.

Completed or attempted forced acts in which a victim is made to penetrate a perpetrator or someone else ─ includes situations when the victim was made, or there was an attempt to make the victim, sexually penetrate a perpetrator or someone else without the victim’s consent because the victim was physically forced or threatened with physical harm. Examples include

  • Pinning the victim’s arms
  • Using one’s body weight to prevent movement or escape
  • Use of a weapon or threats of weapon use
  • Assaulting the victim

Completed or attempted alcohol or drug-facilitated acts in which a victim is made to penetrate a perpetrator or someone else ─includes situations when the victim was made, or there was an attempt to make the victim, sexually penetrate a perpetrator or someone else without the victim’s consent because the victim was unable to consent because he or she was too intoxicated (e.g., incapacitation, lack of consciousness, or lack of awareness) through voluntary or involuntary use of alcohol or drugs.

Nonphysically forced penetration which occurs after a person is pressured verbally, or through intimidation or misuse of authority, to consent or submit to being penetrated – examples include being worn down by someone who repeatedly asked for sex or showed they were unhappy; feeling pressured by being lied to, or being told promises that were untrue; having someone threaten to end a relationship or spread rumors; and sexual pressure by use of influence or authority.

Unwanted sexual contact – intentional touching, either directly or through the clothing, of the genitalia, anus, groin, breast, inner thigh, or buttocks of any person without his or her consent, or of a person who is unable to consent or refuse. Unwanted sexual contact can be perpetrated against a person or by making a person touch the perpetrator. Unwanted sexual contact could be referred to as “sexual harassment” in some contexts, such as a school or workplace.

Noncontact unwanted sexual experiences – does not include physical contact of a sexual nature between the perpetrator and the victim. This occurs against a person without his or her consent, or against a person who is unable to consent or refuse. Some acts of non-contact unwanted sexual experiences occur without the victim’s knowledge. This type of sexual violence can occur in many different settings, such as school, the workplace, in public, or through technology. Examples include unwanted exposure to pornography or verbal sexual harassment (e.g., making sexual comments).


Reference

Basile KC, Smith SG, Breiding MJ, Black MC, Mahendra RR. Sexual Violence Surveillance: Uniform Definitions and Recommended Data Elements, Version 2.0. Atlanta, GA: National Center for Injury Prevention and Control, Centers for Disease Control and Prevention; 2014.

 

Sexual Assault Related posts:

#

USConGen Chennai: Diplomats Sample Hand-to-Mouth Dining at Kasivinayaga Mess

Posted: 2:41 am ET
[twitter-follow screen_name=’Diplopundit’ ]

 

Back in 2013, we blogged about the “boodle fight” at US Embassy Manila (see US Embassy Manila Hosts a “Boodle Fight” … or Fine Dining Combat Without the Flatware).  This week, the US Consulate General Chennai posted its first video in the Madras Week video series — which highlights everyday rhythm of Madras culture, food, and traditions. The clip below shows how you eat your meal with your hands. Communal dining similar to the “boodle fight” but not quite as up close and personal (you get to have your own banana leaf as plate).

Also read Simple formula keeps this mess afloat and  The Rules For Eating With Your Hands In India, Africa And The Middle East.

#

K. Hamster’s Spot Report From the #BigBlockofCheeseDay Event With @StateDept Deputies

Posted: 1:48 am EDT
[twitter-follow screen_name=’Diplopundit’ ]

 

The State Department’s two deputies, Tony Blinken and Heather Higginbottom joined the White House for its third #BigBlockofCheeseDay on January 13 (see @StateDept to Join @White House’s #BigBlockOfCheeseDay — Have Your Policy Qs and Bad Cheese Puns Ready!).

Most of the questions are posted  under Secretary Kerry’s tweet (see below). Fair warning, most of the questions are  um, interesting to put it mildly. It’ll give you a window at the misconceptions out there on what diplomacy is and is not (also if you’re multi-tasking, you’re not doing your job), and the expectations the public hoards for our public officials (why don’t you have a magic wand, those sailors should have been home yesterday?).

The questions posted for Deputy Secretary Blinken are answered on his TL here: https://twitter.com/ABlinken. The questions and answers for Deputy Secretary Heather Higginbottom are posted on her TL here: https://twitter.com/hhigginbottom.

Below is Kissinger Hamster’s spot report from the Big Block of Cheese Day event.

He’s not perfect but what do you think? Should we keep him as a stringer?

#

 

 

Purported ISIS ‘Hit List’ With 1,482 Targets Includes State Department Names

Posted: 6:52 pm EDT
[twitter-follow screen_name=’Diplopundit’ ]


According
to CNN, a group calling itself the Islamic State Hacking Division recently posted online a purported list of names and contacts for Americans it refers to as “targets,” according to officials.

Though the legitimacy of the list is questionable, and much of the information it contains is outdated, the message claims to provide the phone numbers, locations, and “passwords” for 1400 American government and military personnel as well as purported credit card numbers, and excerpts of some Facebook chats.

The Guardian describes the list as a spreadsheet, published online last week which exposes names, email addresses, phone numbers and passwords. The 1,482 names include members of the U.S. Marine Corps, NASA, the State Department, the U.S. Air Force, and the FBI.

The Daily Mail  reports that the list includes an accompanying message that reads:  ‘Know that we are in your emails and computer systems, watching and recording your every move, we have your names and addresses, we are in your emails and social media accounts.’

The list apparently also includes the names of eight Australians and UK government personnel. In Australia where there this is huge news, Prime Minister Tony Abbott told the press, “We’ve just discovered that it’s actually able to launch cyber attacks in this country so this is a very sophisticated and deadly threat to us even here in Australia.” A chief executive of a forensic data firm in the country went so far as to advise that Canberra’s public servants get off social media. He also recommended that “on the day [ADFA] cadets enlist, their entire electronic lives be erased” and that “they should not exist on digital networks until they retire from Defence.”

The reaction here is a little less ZOMG!  Last week, then Army Chief of Staff Gen. Ray Odierno said in a press conference that “this is the second or third time they’ve claimed that and the first two times I’ll tell you, whatever lists they got were not taken by any cyber attack.”

“This is no different than the other two,” Odierno said. “But I take it seriously because it’s clear what they’re trying to do … even though I believe they have not been successful with their plan.”

CNN reports that Pentagon spokesman Lt. Col. Jeffrey Pool also cautioned that many of the military email addresses looked at least several years old, based on their suffixes. He said that shortly after this list was posted, a reminder went out to service personnel that they should limit the personal information they put on social media. “If any of your information on it is accurate, you’re very concerned,” former Homeland Security adviser Fran Townsend told CNN, “as are government officials.”

According to the Washington Examiner, State Department employees comprise about a quarter of the alleged personal information on the list. That would be about 370 names. It also says that at the bottom of the leaked document, originally posted on zonehmirrors.org, are receipts from State Department employees along with their credit card numbers.  The report notes that Islamic State supporters tweeted a link to the document and also tweeted, in one instance, information claiming to be the personal details of a staff member from the U.S. embassy in Cairo that said: “To the lone wolves of Egypt.”

Technology security expert, Troy Hunt,  writes that “nothing makes headlines like a combination of ISIS / hackers / terrorism!” and has taken a closer look with an analysis here. Mr. Hunt’s conclusion — drawn merely from looking at the leaked list and applying what he observed from experience with previous data dumps leaked list —  is that “the data is almost certainly from multiple locations and very unlikely to be from a single data breach.” Also that “most of the data is easily discoverable via either existing data breaches or information intentionally made public.” He writes, “Even the source of the amalgamated data is unverifiable – it could be someone who does indeed wish harm on the individuals named, it could be a kid in his pyjamas, there’s just not enough information to draw a conclusion either way.”

In his analysis of the ISIS list, Mr. Hunt says that “there are many sources from which attributes in this list can be compiled.” As an example, he cited the Adobe breach of 2013 in which 152M records were leaked, which includes 257k .gov email addresses. He writes:

The ISIS list has a lot of state.gov email addresses – Adobe leaked 1,657 of those and they look just like this:

state.gov email addresses in the Adobe data breach

state.gov email addresses in the Adobe data breach via Troy Hunt (used with permission)

“Adobe also leaked password hints so you can begin to quite easily build a profile around people working in the US State Department,” he said.

Would be good to know if any of the names in the Adobe breach are showing up in the ISIS list. We have not seen the purported ISIS list or the names from the Adobe hack but we hope somebody at State is looking at those names. Folks probably need to work on their password hints, too.

In a separate post, Mr. Hunt also notes this:

“The hyperbole and the fear, uncertainty and doubt that spread over this was just off the scale compared to the significance of the actual data. Here we have what amounts to little more than easily discoverable information mostly already in the public domain and suddenly it’s become a huge terror hack. [….] However, the legitimacy of the claims that this was an “ISIS hack” appear to have gotten in the way of a good story and the news has simply run with it.

A couple more reading clips below from Troy Hunt:

.

.

There’s not much one can do with the Adobe, Target, Home Depot, OPM hack except to sign up for credit monitoring service or put a credit freeze on one’s account. That is, if we’re concerned about identity thief. But those services  will not work against potential blackmails related to a foreign government hack, or online threats related to potentially scraped data, collected from websites and social media accounts.

We are persuaded by Mr. Hunt’s analysis that this was not a real hack. But real or not, the information is out there and thinking about ‘lone wolf’ offenders seduced by ISIS’ call, in the U.S. or elsewhere is not paranoid.  Folks might consider this a good excuse to review their digital footprint.

The threats online — whether real or part of propaganda — is not going to abate anytime soon. This is the world as it is, and not an attempt at hyperbole.  Employees overseas can report these threats to RSOs but hey, have you seen the rundown of the RSO’s managed programs?   We don’t even know what specific office at State tracks these breaches or who has responsibility for online threats. Was anyone notified by State when the Adobe breach occurred in 2013 and leaked hundreds of official emails? Were those emails changed?  A talkinghead writinghead would like to know.

Also some of USG’s overseas posts still display the official email addresses of personnel in public affairs, and those dealing with contracts, solicitations, and acquisitions on their websites. Those should be generic e-mail accounts not linked to an individual’s name but linked instead to the section, function or office, e.g. Sanaacontracts@state.gov. Makes better sense as people rotate jobs anyway.

We’re trying to find if Diplomatic Security has any response, guidance, reminder for State Department personnel given this report and the Burn Bag received earlier.  Would be a good time as any to issue an opsec reminder. We will have a follow-up post if/when we get an official response.

 #