Summary
2021 began with an unprecedented attack on the seat of government in the United States on January 6th. In fact, the OODA Loop Daily Pulse released at 10 AM EST on the 6th had this ominous headline in the “Political Risk’ section: Violent threats ripple through far-right internet forums ahead of protest. News briefs in the early part of the year were, as a result, concerned with the federal response to the attack, including a joint threat assessment for the 59th Presidential Inauguration – which noted that the most likely threat to the inauguration would be from domestic violent extremists. It also highlighted the role of foreign influence, particularly from Russia, in seeding unrest in the United States. Under unprecedently heavy security, the inauguration was a success, devoid of any security issues or acts of violence.
OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.
You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.
The Covid-19 pandemic also consumed the new administration in the early months of the year. Over the course of the year, over 200 million Americans have received at least two shots of the vaccine. Still, at this late date in December of 2021, we are all grappling with a Covid-19 variant, sending the entire U.S. population and the federal government reeling and reacting to the new levels of transmissibility, virality, and severity of the Omnicron variant – in what has become another heavily disrupted holiday season. Anecdotal evidence (from nearly everyone you speak to) indicates a common experience nationwide of a friend or family member who has either tested positive or is quarantining due to exposure.
The pandemic, unfortunately, will remain a variable in all our lives well into 2022. So too with the investigation into the events of January 6th as we approach the one-year anniversary of the violence at the Capitol. With all this uncertainty in the shadow of January 6th and the neverending pandemic, September of 2021 provided an opportunity for a rumination on loss, grief, and leadership in the form of the 20th anniversary of the 9/11 attacks. At OODA Loop, we are really proud of the 9/11 related posts we released as a series in and around September 11, 2021 – which drew their inspiration and content from previously recorded OODAcasts:
A CIA Officer and Delta Force Operator Share Perspectives on 9/11
Decision-Making Inside the CIA Counterterrorism Center Before, During, and After 9/11
Just a few weeks before the 9/11 anniversary, we were in bipartisan agreement as a nation on the need to leave Afghanistan after 20 years of the war that began as our initial response to the 9/11 attacks. The country was equally as bipartisan in its shock, disappointment, and sadness at the operational challenges that played themselves out as the U.S. departed Kabul. Many OODA Loop affiliates contributed to collective, direct efforts to assist Afghanis (who they know at a personal and professional level) trying to coordinate safe passage for their families and friends during the harrowing events on the ground in Kabul in August 2021.
The Beltway 2021
The federal government was essentially grappling with the following issues simultaneously throughout 2021:
- Domestic pandemic response, including economic policy to address the economic downturn and the global supply chain issues caused by the duration of the pandemic.
- Global IT supply chain disruptions in the form of semiconductor shortages impacting major industries like automotive manufacturing, including factory closures, and workforce layoffs. Ransomware incidents were also prevalent.
- The debate of unprecedentedly large legislative proposals in the House and Senate.
- The rolling revelations, indictments, arrests, and testimonies provided by law enforcement and the January 6th House Committee;
- The mis-disinformation, information disorder, and cyberwar ecosystem.
- High-profile court cases related to law enforcement and racial inequality, with the potential to cause social unrest depending on the verdict(s); and
- Climate change and extreme weather crises and emergencies.
Great Power Competition, Critical Infrastructure, Supply Chains, The Information Threat Vector, AI/ML and Cyber
There were also vital ‘whole of government’ federal activities we reported on and tracked throughout 2021, which will have strategic implications for the federal ecosystem for years to come. These activities are:
- A continuance of a shift to Great Power competition with China that began during the previous administration.
- The Global IT supply chain, including ransomware and semiconductor shortages, and the resources and initiatives designed to address these issues.
- Artificial Intelligence and Machine Learning (research, frameworks, policy recommendations, and agency implementation efforts).
- Securing the nation’s critical infrastructure, physical and cyber.
- The Information Threat Vector (mis-disinformation, information disorder, and cyberwar); and
- Federal Cybersecurity initiatives.
We found in our research that what all these areas of activity have in common is the perennial challenge of the partnership between the government and industry. There is, arguably, the conventional wisdom that large-scale public/private partnership is the necessary response to these parallel existential threats. The Marshall Plan, the Manhattan Project, and “Moonshots” are oft-mentioned analogies. Conversely, there remains the question of how historically ineffective the USG has been in collaborating with industry, especially with regulatory oversight (or lack thereof). Global IT supply chains and the intermodal supply chain for durable goods, for example, are industries managed and self-regulated by the private sector, with very few levers available to the U.S. Government to resolve the immediate problems and concerns.
Noteworthy news briefs on and OODA Loop analysis of the federal government throughout 2021 (along with great power competition, critical infrastructure, IT supply chain, AI/ML, misinformation, and cybersecurity initiatives throughout the federal government) are highlighted below in chronological order:
January
- Violent threats ripple through far-right internet forums ahead of protest
- Biden victory confirmed after four die amid Capitol riot
- Telegram Triangulation Pinpoints Users’ Exact Locations
- Post-Riot, the Capitol Hill IT Staff Faces a Security Mess
- The Race to Preserve the DC Mob’s Digital Traces
- Executive Order on Protecting Public Health and the Environment and Restoring Science to Tackle the Climate Crisis
- Secretary Pompeo Approves New Cyberspace Security and Emerging Technologies Bureau
February
- Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency
- Hacker Tries to Poison Water Supply of Florida Town
- Lawmakers Want the U.S. to Enable Increased Use of IoT Devices
- JAIC Seeks Test and Evaluation Services for Artificial Intelligence
- US Court system demands massive changes to court documents after SolarWinds hack
- Lawmakers concerned CISA lacks ‘centralized visibility’ to hunt agency cyber threats
March
- U.S. is ‘not prepared to defend or compete in the A.I. era,’ says an expert group
- The SolarWinds Body Count Now Includes NASA and the FAA
- Asian Food Distribution Giant JFC International Hit by Ransomware
- The US must adopt Software Bill of Materials to thwart cyberattacks
- National Lab Creates Technology to Detect Cryptocurrency Mining Malware
- Democrats’ new infrastructure bill highlights cybersecurity concerns
- Biden appoints Clare Martorana as US Chief Information Officer
April
- DHS Warns of Domestic Violent Extremists and Foreign Terrorist Organizations Exploiting TikTok
- Lawmakers Propose More Than $100B for Federal Tech-Driving Investments
- History Made: Government Hacks Your Systems To Remove Malware
- Justice Department to undertake 120 day (about 4 months) review of cybersecurity challenges
- How State’s Disinformation-Fighting Arm Uses Artificial Intelligence
- Ransomware Targeted by New Justice Department Task Force – WSJ
- Intelligence assessment warns of increasing cyber threats from China, Russia
- Biden Administration Takes Bold Action to Protect Electricity Operations from Increasing Cyber Threats | Department of Energy
- Ensuring the Continued Security of the United States Critical Electric Infrastructure
May
- Senate Bills Aim to Grow Federal Tech-Ready Workforce—and the Government’s Transparency About its AI Use
- DHS chief: Cyber workforce sprint will be department’s ‘most significant hiring initiative’ in history
- Executive Order on Improving the Nation’s Cybersecurity | The White House
- FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks
- U.S. has almost 500,000 job openings in cybersecurity
- DOJ hiring new liaison prosecutor to hunt cyber criminals in Eastern Europe
June
- Biden Threw the Cyber Gauntlet – Be Careful What You Wish For
- Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside
- US Seizes Attacker Domains Used in USAID Phishing Campaign
- Supreme Court Limits Scope of Controversial Hacking Law
- White House Forms Team to Develop Blueprint for National AI Infrastructure
- International Cybercrime Prevention Act of 2021: Section 5: Aggravated Damage to a Critical Infrastructure Computer. This provision would create a new criminal violation targeting those who knowingly cause damage to computers that control critical infrastructure systems, such as dams, power plants, hospitals, and election infrastructure
- Securing Critical Electric Infrastructure | Department of Energy
- Afghan Government Could Collapse Six Months After U.S. Withdrawal, New Intelligence Assessment Says
- Nearly 10% of SMB Defense Contractors Show Evidence of Compromise
- The Biden Administration Launches the National Artificial Intelligence Research Resource Task Force
July
- Pentagon CISO Suspected of Sharing Secrets
- The 6th Group of Governmental Experts (GGE) Shows Positive Signs if Governments Want to Cooperate
- Artificial Intelligence Risk Management Framework
- NSF partnerships expand National AI Research Institutes to 40 states | NSF – National Science Foundation
- National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems | The White House
- Biden administration officials endorse ransomware reporting rules
- “Richard W. Downing – Judiciary Committee, US Senate ”America Under Siege – Preventing and Responding to Ransomware Attacks”
August
- Stark Vulnerabilities and Strong Recommendations continue in 2021 update to “Federal Cybersecurity: America’s Data at Risk” Report
- What the C-Suite needs to know about a Return to “Great Power Competition” and DoD Capabilities (per the Congressional Research Service)
- DHS Science and Technology Directorate (S&T) releases Artificial Intelligence (AI) and Machine Learning (ML) Strategic Plan Amidst Flurry of USG-wide AI/ML RFIs
- NIST Prioritizes External Input in Development of AI Risk Management Framework
- House defense policy bill okays $10.4 billion for DoD cybersecurity
- Biden Administration and Private Sector Leaders Announce Ambitious Initiatives to Bolster the Nation’s Cybersecurity
- Deputy Attorney General Lisa Monaco Announces Creation of New Cyber Fellows Positions
- DOJ launches program to train prosecutors in cybersecurity topics
- Senate infrastructure bill sets aside money for cybersecurity
- The bipartisan infrastructure bill could bring a cyber bounty for state and local governments
September
- USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others
- Request for Information (RFI) on an Implementation Plan for a National Artificial Intelligence Research Resource
- Treasury Takes Robust Actions to Counter Ransomware | U.S. Department of the Treasury
- The Future of War, Information, AI Systems, and Intelligence Analysis
- What are the US Cyber Games?
October
- Supply Chain Resiliency Critical to Exponential Quantum Computing Innovation and Climate Change Response
- Building Resilient Supply Chains and Semiconductor Manufacturing
- DOJ Announces Cyber-Fraud Initiative for Protocol Accountability
- Commerce Tightens Export Controls on Items Used in Surveillance of Private Citizens and other Malicious Cyber Activities | U.S. Department of Commerce
- Ongoing Public U.S. Efforts to Counter Ransomware
November
- Drone at Pennsylvania electric substation was first to ‘specifically target energy infrastructure,’ according to federal law enforcement bulletin
- Cybersecurity funding is at stake in Democrats’ spending battles
- Pentagon issues revised cyber standards for contractors
- Strategic Direction for Cybersecurity Maturity Model Certification (CMMC) Program > U.S. Department of Defense > Release
- Joint Cybersecurity Advisory Released by CISA, FBI, AUS CSC and UK NCSC Regarding Iranian Government-Sponsored APT
- Cybersecurity and Cyber Incidents: Innovation and Design Lessons from Aviation Safety Models and a Call for a “Cyber NTSB”
- OODA Salon 10 Nov 2021: A member discussion of build vs buy in the federal ecosystem
December
- Commerce Secretary Raimondo Urges Passage of CHIPs Act, Praises Samsung $17B Fab and Updates on Agency’s Chip Policy
- Information Security Controls: Cybersecurity Items
- Nine State Department Phones Hijacked by Spyware
- DoD Announces New Chief Digital and Artificial Intelligence Officer (CDAO)
- The Next Commercial Space Industry? DARPA Explores Biomanufacturing in Cislunar Space
- A Call to Action from CISA’s Jen Easterly and Def Con’s Jeff Moss at Inaugural CISA Advisory Committee Mtg.
- Future Cybersecurity Architectures: DoD’s Zero Trust Pilot Program and Native Zero Trust Design