In Kabul with SecDef Mattis; Unprecedented Taliban attack; China hacked SKorea over THAAD; A look into CINC’s thought process; and just a bit more...

Mattis in Kabul. U.S. Defense Secretary Jim Mattis landed in the Afghanistan War for an unannounced visit Monday with a bit less impact than, oh, say, a massive bomb, writes Defense One’s Kevin Baron, traveling with the secretary.

His expected appearance in the AOR, the first in the Trump administration, should have a been a routine way for a new U.S. defense leadership team to settle in, meet Afghan leaders and U.S. commanders in country, and come closer to deciding when to re-add those several thousand U.S. troops that Gen. Mick Nicholson and CENTCOM’s Gen. Joey Votel told Congress they need. (As advisers, not combat troops, we know, we know…)

It’s a request that dates back to Obama and surprises no one. If the U.S. military is going to stay in Afghanistan forever—and likely they are, since 1) no nearby country offers similar jumping-off bases for JSOC’s counterterrorism ops and 2) Afghan forces still need U.S. intelligence, technology, and extensive hand-holding—then U.S. troop numbers will ebb and flow as needed.

Instead, Mattis follows the you-can’t-stop-talking-about-it “Mother of All Bombs”—the MOAB—that U.S. forces dropped on allegedly more than 100 ISIS fighters in a cave network earlier this month. Before that bomb, a few more thousand troops seemed like a relatively quiet and seemingly understandable request. After all, the ANSF fought off serious Taliban attacks in 2016 and need some breathing space to regroup. Pakistan seems to have disappeared from radar—at least in the American discourse. The Taliban won’t go away, ISIS affiliates are popping up, and Kabul is so dangerous the U.S. defense secretary won’t spend a single night in the city—or the country. Mattis flew in from Doha, four hours away.

But after the MOAB exploded on cable news, the entire Afghanistan War effort is once again under scrutiny. As it should be.

When Sen. John McCain, R-Ariz., is publicly questioning “after 15 years” what the U.S. has to show for it, and war critics and supporters wishing for the word “victory” again, one can sense frustration in the air.

Perhaps the question is not: Why did Nicholson order the bomb dropped? but rather: Why did it have to be dropped in the first place? Can CENTCOM and SOCOM right the ship with a few more thousand—ahem—advisors and looser reins to run more hit-jobs on terrorist cells up and down the Pak border? Can they keep the U.S. from another Bush/Obama-level “surge” of bloody fighting?

If the public doesn’t care (Congress certainly doesn’t) and Tampa gets to keep it all quiet, then just maybe they can. And good on ’em, that’s their mission. But at some point, it’ll be up to the civilian leaders of Trump’s administration to defend the policy—and its cost in American blood and money.

However, if Trump was serious about his pledge to pull the United States out of unnecessary conflicts and regime changes, and his voters were serious about caring about that issue, then perhaps the canary in Trump’s foreign policy coal mine isn’t Syria. Watch Afghanistan. One way or another, the U.S. is going to change its policy and posture there this year.

The one thing that is certain: the Afghanistan War will continue. Just check the faces on these Marines who arrived in southern Helmand province last week.

Also in Kabul: Two big resignations after Friday’s unprecedented attack in Mazar-i-Sharif. President Ashraf Ghani has accepted the resignations of his defense minister and Army chief, Afghanistan’s Tolo News reports this morning “in the wake of two major attacks against military installations in the past few week.”

The latest attack: Suspected Taliban have reportedly attacked a secretive U.S.-operated base in the eastern province of Khost, Reuters reports this morning with little additional detail. “The attackers had detonated a car bomb at an entrance to Camp Chapman, a secretive facility manned by U.S. forces and private military contractors, said Mubarez Mohammad Zadran, a spokesman for the provincial governor...A spokesman for the U.S. military in Afghanistan, Capt. William Salvin, confirmed the car bomb attack. He said there appeared to be a number of Afghan casualties but none among U.S. or coalition personnel at the base.” That, here.

And the deadliest Taliban ambush in more than 15 years took place Friday in northern Afghanistan’s Balkh province, killing at least 140 soldiers and officers, The New York Times reported this weekend, noting the “shortage of coffins” for the deceased troops at the Afghan National Army’s 209th Corps military base in Balkh’s Mazar-i-Sharif—which is responsible for security in nine of the country’s 34 provinces.

What happened: “Dressed in military uniforms, a squad of 10 Taliban militants drove in two army Ford Ranger trucks past seven checkpoints...For the next five hours, the militants went on a rampage, killing at least 140 soldiers and officers in what is emerging as the single deadliest known attack on an Afghan military base in the country’s 16-year war. Some assailants blew themselves up among the soldiers fleeing for their lives, according to survivors, witnesses and officials.” More here.


From Defense One

With Mattis Visiting, Netanyahu Applauds Trump's Military Strikes // Kevin Baron: Israeli security leaders and U.S. Defense Secretary Jim Mattis blamed Iran for backing an "axis of evil" from Hezbollah to Pyongyang.

The Pentagon's Bug Bounty Program Should Be Expanded to Bases, DOD Official Says // Frank Konkel, via NextGov: The 'best and brightest' hackers could accelerate the search for vulnerabilities across some of the Defense Department's broader critical infrastructure.

Welcome to this Monday edition of The D Brief by Ben Watson and Bradley Peniston. #OTD1967: Gen. William Westmoreland blames the antiwar movement for giving hope to the enemies of South Vietnam. Wanna subscribe to The D Brief? Email us at the-d-brief@defenseone.com and we’ll take care of you.


China’s Xi urges restraint on the Korean peninsula in phone call with President Trump as the USS Carl Vinson chugs to its latest destination. As well, “Two Japanese destroyers have joined the carrier group for exercises in the western Pacific, and South Korea said on Monday it was also in talks about holding joint naval exercises,” Reuters reports.

A look into the commander-in-chief’s thought process. On Friday, Trump gave an interview with AP reporter Julie Pace. Worth reading in its entirety, but here are some natsec takeaways: On ISIS: “we have a very strong plan, but I cannot talk about it.” Pace asked: “Can you say generally what the strategy is?” Trump responded: “Generally is we have got to get rid of ISIS. We have no choice. And other terrorist organizations.”

Trump also explained that he said America’s largest alliance was obsolete “not knowing much about NATO, now I know a lot about NATO” and because the alliance wasn’t focused on terrorism. (CBS has a guide to Trump’s statements on NATO, which began in earnest about a year ago.)

And the president repeated the falsehood that he reined in an F-35 program that was “out of control,” with higher price tags being demanded by plane maker Lockheed Martin. In fact, the plane’s cost has been declining for years, and the per-plane price tag of the most recent buy is on line with that trend. See Defense One’s analysis, here.

Meanwhile: “The FBI gathered intelligence last summer that suggests Russian operatives tried to use Trump advisers, including Carter Page, to infiltrate the Trump campaign,” CNN reports, citing unnamed U.S. officials. “The new information adds to the emerging picture of how the Russians tried to influence the 2016 election, not only through email hacks and propaganda but also by trying to infiltrate the Trump orbit.” Read, here.

And that Senate investigation into Trump-Russia contacts, the one that’s supposed to be going much better than the House inquiry? Not so much, The Daily Beast reports, here.

North Korea now has at least three Americans in custody after Pyongyang authorities “detained a US citizen for unknown reasons as he was planning to fly out of Pyongyang International Airport on Saturday morning,” CNN reports. “Kim Sang Duk, also known as Tony Kim, was teaching at Pyongyang University of Science and Technology, a statement from the school said.”

The State Department is reportedly working with the Swedish Embassy to get a clearer picture of what happened and where to go from here. There’s been little additional comment on the case.

As far as the other two Americans held, they are: “Otto Warmbier, 21, a student at the University of Virginia, [who] was detained at Pyongyang airport on January 2 last year after visiting the country with a tour group. He has since been sentenced to 15 years of hard labor for allegedly removing a political sign from a hotel wall.” And the other: “Kim Dong Chul, a naturalized US citizen of Korean origin, was arrested on October 2015. Last year, North Korea sentenced him to 10 years of hard labor on espionage charges.” More here.

China reportedly hacked South Korea over that THAAD anti-missile system, security firm FireEye told The Wall Street Journal this weekend. “One of the two hacker groups, which FireEye dubbed Tonto Team, is tied to China’s military and based out of the northeastern Chinese city of Shenyang, where North Korean hackers are also known to be active, said Mr. Hultquist, a former senior U.S. intelligence analyst. FireEye believes the other, known as APT10, may be linked to other Chinese military or intelligence units.”

The method for accessing the RoK systems: “spear-phishing emails armed with malware hidden in documents related to national security, aerospace and other topics of strategic interest, [according to] Park Seong-su, a senior global researcher for Kaspersky.”

What’s more, “Two cybersecurity reports this month accused APT10 of launching a spate of recent attacks around the globe, including on a prominent U.S. trade lobbying group. One of those reports, jointly published by PricewaterhouseCoopers LLP and British weapons maker BAE Systems, said the Chinese hacker collective has recently grown more sophisticated, using custom-designed malware and accessing its targets’ systems by first hacking into trusted third-party IT service providers.” Read on, here.  

A look into the commander-in-chief’s thought process. On Friday, Trump gave an interview with AP reporter Julie Pace. Worth reading in its entirety, but here are some natsec takeaways: On ISIS: “we have a very strong plan, but I cannot talk about it.” Pace asked: “Can you say generally what the strategy is?” Trump responded: “Generally is we have got to get rid of ISIS. We have no choice. And other terrorist organizations.”

Trump also explained that he said America’s largest alliance was obsolete “not knowing much about NATO, now I know a lot about NATO” and because the alliance, which ran the Afghanistan War for more than a decade, wasn’t focused on terrorism. (CBS has a guide to Trump’s statements on NATO, which began in earnest about a year ago.)

And the president repeated the falsehood that he reined in an F-35 program that was “out of control,” with higher price tags being demanded by plane maker Lockheed Martin. In fact, the plane’s cost has been declining for years, and the per-plane price tag of the most recent buy is on line with that trend. See Defense One’s analysis, here.

Meanwhile: “The FBI gathered intelligence last summer that suggests Russian operatives tried to use Trump advisers, including Carter Page, to infiltrate the Trump campaign,” CNN reports, citing unnamed U.S. officials. “The new information adds to the emerging picture of how the Russians tried to influence the 2016 election, not only through email hacks and propaganda but also by trying to infiltrate the Trump orbit.” Read, here.

And that Senate investigation into Trump-Russia contacts, the one that’s supposed to be going much better than the House inquiry? Not so much, The Daily Beast reports, here.

Want the “inside story” of how that U.S. aircraft carrier sparked a global crisis?  Navy Times’ David Larter has you covered thanks to “interviews with nearly a dozen defense officials in Washington, and in the Pacific, all of whom spoke to Navy Times on the condition of anonymity to relay in candid terms how the carrier's movement blew up from a routine Navy operation to a full-on crisis.” All that, here.  

Today in dataviz: North Korean missile launches since 1984, via the folks at the Center for Strategic and International Studies, here.

See also this outstanding Reuters graphic demonstrating how North Korea’s recent parade of military equipment was smaller than previous ones, yet more revealing. The one constant: Save those ICBMs for last.

An American was killed while monitoring the ceasefire in Ukraine. “An American monitor with the Organization for Security and Co-operation in Europe died after a mission patrol vehicle hit a landmine in the Russian-backed separatist east, eliciting sharp words towards Moscow from US Secretary of State Rex Tillerson on Sunday,” AFP reports from Kiev. A German and a Czech were also wounded in the attack. Separatists “accused the monitors of veering off the main road and travelling along an unsafe route not agreed with Russian and Ukrainian representatives.” More here.

Happening today: Sen. Tom Cotton, R-Ark., heads to the National Security Institute at Antonin Scalia Law School at George Mason University in Arlington, Va., for a 1 p.m. EDT discussion. The focus: “defending the nation in the 21st Century—including Section 702 [of the Foreign Intelligence Surveillance Act] reauthorization and empowering the intelligence community to detect and monitor threats to our nation,” The D Brief has learned. Deets here.