Professional Documents
Culture Documents
htm
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
David H Gray Department of Government and History Fayetteville State University, Fayetteville, NC 28301 E-mail: dgray2@uncfsu.edu Tel: (910) 672-2120 Chris Slade Graduate School of International Studies University of Denver, Denver, CO 80208 E-mail: cslade@du.edu Tel: (303) 871-2324 Abstract This paper focuses on a particular aspect of intelligence - namely, counter-terrorism intelligence for the purpose of homeland security. In accordance with the form follows function model, this paper will survey the functions required and then discuss the organizations, discussing the planning and direction of counterterrorism HUMINT, following a brief survey of its related activities and potential sources.
Introduction
Intelligence reform issues in the United States following both 9/11 and the question of Iraqi weapons of mass destruction (WMD) surround the structure of the intelligence community (IC). As Michael McConnell, Director of National Intelligence, has stated, Sixty years ago, the National Security Act created a U.S. intelligence infrastructure that would help win the Cold War. But on 9/11, the need to reform that system became painfully clear (McConnell, 2007). As with the broader subject of homeland security, intelligence reform has largely taken the form of new organization charts in the hope and expectation that these upgraded organizations would produce new practices. Implicit in this hope was an expectation that the new forms would produce desired functions, but assuming that the opposite is more likely - that form follows function - what are the prospects for intelligence reform? Intelligence is a process, not just a product, and systematically analyzing this process should illuminate issues, obstacles, and opportunities for effective reform.
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
499
Qa'ida, a foreign group may include American members. However, some portion of intelligence relevant to counter-terrorism and homeland security may be collected overseas. Process will be examined first, followed by a discussion of the organizations themselves. To further structure this examination, the planning, and direction of the three specific types of intelligence (INT) most relevant to counter-terrorism will be considered: human intelligence (HUMINT), signals intelligence (SIGINT), and open source intelligence (OSINT). In so doing, the broad intelligence disciplines of imagery intelligence (IMINT) and measurement and signatures intelligence (MASINT) are perhaps not as valuable to counter-terrorism intelligence for homeland security. Intelligence is a process, not simply a product. Nearly all doctrinal explanations of this process contain five separate steps, which form an iterative cycle (FBI Official Website, 2005). In simple terms, the first step, planning and direction, consists of obtaining intelligence requirements from users, then matching collection resources (e.g. spy satellites, covert human operatives, etc) to these requirements - a sub-process known as tasking. Once tasked, collectors then gather raw information in the collection step. Often, this information is not readily usable by analysts without some level of manipulation, (such as developing film from reconnaissance cameras or translating intercepted communications), so the data is converted into a usable format in the processing and exploitation step. Analysts then examine this processed information and produce finished intelligence reports for users in the analysis and production step. The last step, dissemination, consists of sharing these reports with end users. Though the intelligence cycle illustrates a smooth continuum, in reality the divisions between steps often coincide with divisions between agencies. A divide exists between those agencies with the ability and responsibility of collection [e.g. National Security Agency (NSA) for SIGINT; Central Intelligence Agency (CIA) for HUMINT; National Geo-spatial intelligence Agency (NGA) for IMINT] and those that provide the intelligence support to particular customers. In contrast to the collectionoriented bodies, these customer support agencies owe their genesis not to the mastery of a particular INT, but rather to serving the intelligence needs of a certain element of government, such as the State Department's Bureau of Intelligence and Research (INR), the Department of Defense's (DoD) Defense Intelligence Agency (DIA), or the intelligence arms of the various military services. This fragmented intelligence community can in part be explained as mirroring the fragmented nature of American government itself. For the purpose of disseminating intelligence products from the right agencies to the right end users, this fragmentation on both the supply and demand sides of the equation poses a host of dilemmas. The natural beginning and ending points of the cycle are planning and direction. Surprisingly, there is widespread agreement as to the doctrinal definition of the intelligence cycle, whose five steps also include collection, processing and exploitation, analysis and production, and dissemination (see figure 1). However, the challenge abides in a comprehensive, intelligence community-wide definition of planning and direction. Drawing on the various conceptions, the following are considered the planning and direction component: 1) obtaining requirements from customers 2) prioritizing those requirements 3) efficiently and legally tasking collection resources to requirements. Some definitions of planning and direction include not just the planning and direction of collection, but of the subsequent steps as well. However, for simplicity's sake, the planning and direction step's inputs to the collection step are considered.
500
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
501
In examining each of the main collection methods employed against terrorism, three issues are critical: first, does the planning and direction scheme obtain all the relevant requirements, second, does it effectively prioritize them, and third, does it efficiently and legally task collection resources?
502
with SIGINT in mind, but express intelligence needs which collectors then determine can be met with a particular INT. The issue is the identification of requirements for potential collectors. One particular break seems to be between domestic customers and the NSA. Even in light of the revelations that NSA surveillance is being directed within the borders of the United States, it isn't clear how the collection gained benefited other elements of the IC, particularly those at anything other than the federal level of government. Even if this controversial domestic collection program were ended, terrorist planning or support activities may be detectable overseas well before they manifest themselves as homeland security threats, such as 9/11 plotter Mohammad Atta's activities in Hamburg, Germany. Whether or not the NSA collects SIGINT within the US, it can nevertheless contribute to homeland security intelligence. How then are these requirements made known to the SIGINT collection community at large? If, for example, there is no mechanism for the New York Police Department (NYPD) to express its needs, what about the FBI? Or the Director of National Intelligence (ODNI)? This breakdown carries over into the prioritization of requirements, as well. Since some portions of requirements are apparently never considered in the first place, any prioritization scheme would be handicapped. On the domestic law enforcement side, the prioritization of SIGINT requirements is very much like that of HUMINT requirements. The organizations with the collection ability are completely beholden to those making the requirements - the NYPD must answer to the city government. Again, coordination is required for those threats that cross jurisdictions.
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
503
A conceptual model of centralized guidance, decentralized execution is useful as broad guidance for the specific endeavor of planning and directing collection. Two things are clear: there is no comprehensive requirements system for counter-terrorism intelligence that spans all levels of government, and such a requirements system, if created, would be incapable of mandating priorities or tasking to agencies over which it has no authority. Although the second point may be true, it does not mean that the first point is not a worthwhile goal. As such, national, prioritized collection lists regarding counter-terrorism intelligence needs would aid in the efficient allocation of intelligence resources even if it were in the form of a suggestion and not a mandate. Such a resource would help add coherency to the disparate efforts undertaken by collectors. Due to its unique resources, the federal government should provide this overarching guidance. The federal government's advantage is not just its financial resources, but its ability to bridge the various jurisdictions, thereby discovering areas of common concern. Because the value of intelligence collection is increased when combined with multiple sources, any increase in the effective planning and direction of one particular INT will be felt in the quality of the resultant analysis. A corollary to this bridging function would also be the need for a new responsiveness of national intelligence resources to the requirements of not just the federal executive branch, but other levels of government, as well. The responsibility for the protection of US citizens from terrorism is dispersed and, consequently, the intelligence community should reflect the same.
504
international affairs worldwide, the United States is particularly challenged. The need is critical to be able to translate nearly every language, and yet our global economic power has made English the lingua franca of the day, removing the impetus for multi-lingualism in U.S. society. Much has already been written about the need for people with skills in languages not traditionally studied in America, and a quick survey of the employment sections of the web sites of intelligence agencies such as the CIA and FBI shows a continuing need for skills in such tongues as Arabic, Farsi, Chinese, Urdu, and other non-Romance and non-Germanic languages that are significantly different from our native English. Less than a week after 9/11, FBI Director Robert Mueller made a recruiting plea to Arabic speakers to join the bureau, which at that time only had 40 Arabic and 25 Farsi linguists (Klaidman and Isikoff, 2003). Despite receiving over 40,000 applications, stringent requirements for security clearances resulted in roughly 90% of the applications being rejected outright (Locy, 2003). This particularly affects foreign-born native speakers, who are most able to translate unique dialects and fully comprehend idiomatic language. Adding to this perfect storm, the increasing focus on terrorism and the legal tools provided by the USA PATRIOT Act of 2001 have increased the potential volume of electronic intercepts - all of which add to the increasing body of material to be translated, which also includes open source material from overseas. The aforementioned legal and policy barriers are roughly equal in application to both HUMINT and SIGINT. The discipline of OSINT raises some unique legal and policy challenges, however. Unique among these is the question of copyrighted material. Though in the past, governments were tempted to classify information gained through open sources in order to sidestep the copyright issue, the need for sharing such information widely necessitates keeping it unclassified (NATO Open Source Intelligence Handbook, 2003). It is therefore incumbent on intelligence agencies to respect copyright laws. Not to be overlooked, the validity of OSINT raises questions as to its use. With much OSINT being derived from journalism, there is always a question as to the authenticity of the source. Unfortunately, whether due to intentional manipulation, such as government control of media or simply shoddy fact checking, OSINT can all too often be indistinguishable from rumor and propaganda. Depending on how such intelligence is then used, the questions of validity could become very germane. For instance, if information gained from a foreign news publication is used to prompt an increase in the homeland security alert level, how justifiable is the attendant financial expenditure? What if an investigation is begun based on this information? How justifiable would further intelligence collection be? What standard should OSINT meet in order for it to justify further collection? Unfortunately, neither policy nor legal precedent exists to address these concerns.
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
505
Protocol (VoIP) technology and fiber optic lines. So-called wiretaps are no longer a simple matter of attaching clips to a live telephone wire and intercepting the conversation. In the case of some electronic communications, such as email, and even some cellular telephone communications, this data is also encrypted. Publicly available encryption methods have already sufficiently concerned the US government that it has tried, without success, to limit the level of encryption available. During the mid1990s, the Clinton administration proposed adoption of a system known as the Escrowed Encryption Standard, commonly referred to as the Clipper chip (Koops, 1999). Using an NSA-developed encryption algorithm that was weak enough to allow brute-force deciphering by agencies with sufficient computing power, this system also included such features as Law Enforcement Access Fields (LEAFs - also known as LEAKs by its detractors, standing for Law Enforcement Access Keys) which would allow law enforcement agencies to more easily access the encryption keys used to encode the message (RSA Laboratories Website, 2005). This effort was part of a two-pronged approach, the other component being export restrictions on strong encryption methods. In fact, until 1996, most encryption technologies were considered munitions subject to export restriction under the International Traffic in Arms Regulation (ITAR) (Koops, 1999). These were enforced up through the late 1990s and early 2000s, but advances in technology made by foreign firms and legal precedents coupled to make this technology-inhibiting approach untenable. Today, advanced standards such as triple-Digital Encryption Standard (3DES), Pretty Good Privacy (PGP), and the newly adopted Advanced Encryption Standard (AES) are not strictly controlled. Some, like PGP, are publicly available for anyone to download anywhere on the globe. Others like 3DES are still export-controlled by US law, but only to certain end users such as state sponsors of terrorism. The effectiveness of these laws is questionable, however, as proscribed states can set up front companies or use other intermediaries to access the technology. The bottom line for SIGINT collection is that encryption is becoming stronger and more widely available. The potential loss of SIGINT information to encryption could increase reliance on OSINTderived information. However, OSINT is also presented with technological barriers. The first is the simple question of availability. Not strictly technological, this barrier is a result of not being able to access all potential sources. One can imagine how difficult it would be to maintain access to foreign print publications, only a portion of which are available online. Even more complicating, though, is the problem of keeping our access of OSINT from being known. Ironically, the information may be unclassified, but our use of it may not be. Especially for online sources, this necessitates methods to obscure the identity of those obtaining the information. Not only could a potential enemy use web traffic analysis to determine our level of interest in a particular topic, savvy web site designers can use identifying data inherent in internet traffic to identify and direct potential spies to an alternate site intended to mislead, thereby denying access to the needed information.
506
picture. An even more interesting and potentially fruitful reform to ameliorate the lack of translation capability is the recent legislation granting special immigrant status to certain Iraqi and Afghan interpreters working for our military forces (H.R. 2293, 2005). Such legislation could be expanded to encourage the recruitment of translators for the intelligence services, as well. Additionally, the special immigrant status could also ease immigration of family members, thereby additionally simplifying clearance issues. Policy and legal measures can also ameliorate technological issues. The increasing sophistication of encryption is undeniable. Given this, the US would benefit from adopting legal measures similar to those used in the Netherlands, which empower legal authorities to mandate that people decrypt certain communications in specific cases (Koops, 1999). Failure to comply would in itself be a crime. This preserves legal protections while enabling law enforcement. This characteristic balance struck between rights and security, between civil liberties and law enforcement is the hallmark of reforms which will attain the inseparable but often mutually exclusive goals of liberty and safety.
How Far is Your Horizon? The (In?) Balance between Current and Forecast Intelligence
For many, if not most, time-strapped policymakers, current intelligence is the only kind of intelligence they will ever receive or may even care about (Blackwill and Jack Davis, 2004). Though this phenomenon seems inevitable given the demands placed upon policymakers, it does not necessarily follow that analysts should inevitably follow suit and ignore the important in favor of the urgent. Unfortunately, however, the real world, workaday demands of PowerPoint briefings, executive summaries, read files, and the ultimate current intelligence product, the President's Daily Brief, mean that the analyst's interaction with the customer often only encourages an ever faster news cycle. As many an analyst can attest though, the industry that specializes in that cycle - the 24-hour news
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
507
networks - is very difficult to scoop. The question is should analysts even try? Perhaps a more useful question would be what value could intelligence analysts add to breaking news? One answer, albeit unsatisfactory, seems to be that intelligence analysts are just another source of information in addition to open news sources - varying by kind, not by quality. If CNN reports bomb explosions in a metropolitan subway station, the policymaker may turn to his classified CNN for amplifying information from intelligence sources. Though it may make an analyst feel helpful and needed to provide that extra, classified nugget to the boss, a better answer would result in not merely amplification, but analysis. Answering these types of questions requires more than an inductive leap made after accumulating impressions from discrete events in a series of current intelligence products. Instead, intelligence professionals must perform the requisite background analysis in order to arrive at a broader understanding that can help synthesize discrete events with a solid conceptual framework. Without this deeper level understanding (which seldom, if ever, translates well into briefing bullets), predictive intelligence will be more likely to be based upon such questionable methods as hunches or (what too often substitutes for analysis), the assumption of linear progression - easily recognized by well-worn phrases like the trend indicates.. . or in the past we've seen. . . (Kerbel, 2004). This is all easier said than done, of course. In former Director of Central Intelligence James Woolsey's memorable phrase, the cold war dragon of the Soviet Union has been replaced by a multitude of snakes. This translated directly into an analyst management problem for the IC. A single, unitary enemy offered a level of focus that enabled consistency and predictability. Analysts, assigned to the same general target set, developed specialized expertise over time. With this depth of knowledge, so-called Kremlinologists became well-versed in reading significance into the most subtle of nuances. Not only was there a single overarching threat, but also the type of threat it posed to homeland security was highly unitary, being almost wholly military. Contrast that situation with today's asymmetry, where the potential threats are manifold. In the last decade and a half, the analysis capability of the IC has had to rapidly and repeatedly shift its attention from one concern to the other - from global environmental problems, to financial crises, to ethnic cleansing in Europe and Africa, to weapons proliferation, to airliner security - ad infinitum. This new scattering of focus, coupled with the post-cold war, pre 9/11 interregnum cutbacks in the nation's intelligence capability, were a recipe for more shallow analysis. Since 9/11, intelligence budgets have increased, and policymakers are making efforts to address the resource shortfalls - but this does not alleviate the problems of focus.
508
location, along with sustaining logistics forces, arrayed in a manner consistent with preparations for an attack. Does anyone believe the IC can reliably deliver similarly detailed information about a terrorist attack? Yet, the current suggestions that the IC must penetrate terror cells via improved HUMINT seem to indicate just such an expectation. As other authors have pointed out, there are different levels of warning - from the fine-grained tactical to the more general or strategic (Rovner and Long, 2006). Our ability to do either is largely determined by the nature of the threat and not simply by our own intelligence capacity. As such, a starting point for effective reforms must realize that the best warning we are ever likely to get will be of the strategic variety. Seen in this light, the intelligence available on the 9/11 plot before the actual attack is instructive. When pundits and commission members talk of the failure to connect the dots, the dots they are referring to are indicators. Even if pre-9/11 intelligence sharing had been perfect, taken together, these indicators do not, indeed cannot, provide tactical warning. Both the intelligence community and the policy makers it serves must therefore adjust their expectations. So far, the remedies offered for this failure have focused mainly on the collation of indicators, while some have emphasized their increased collection. A full spectrum of homeland security strategy is required - not just the prevention of attacks, but the mitigation of their potential effects, the response to their actual effects, and the eventual recovery. In these efforts, strategic warning can offer useful, actionable information. For example, this brand of intelligence can profitably analyze information about previous attacks in order to drive planning for future possibilities. Though each attack is unique, many share similarities in planning, target selection, tactics, techniques, and effects. Instead of just notifying policy makers that an attack has occurred, analysts should seek to conduct a full post mortem of the event in order to divine intelligence useful to prevention, mitigation, etc. To do this adequately, our intelligence professionals will necessarily be in the position of analyzing not just enemy tactics and techniques, but how those apply to our own techniques and vulnerabilities. However, many analysts have been acculturated only to examine the enemy and loathe looking at blue issues. This must change if analysts are adequately to advise decision-makers. One way of thinking about this type of I&W is to recognize its emphasis on affecting planning. Instead of merely trying to predict a specific attack, this strategic warning seeks to anticipate decision makers' evolving needs for information across the spectrum of homeland security activity. This has implications for the organization of the IC, in particular its degree of centralization. In order to provide this more anticipatory, vice predictive, intelligence, analysts must be close enough to their customers to understand their intelligence needs. Though this comes with some risk of what's become known as clientism (Lowenthal, 2006), a centralized analytical capability would be poorly adapted to serving the wide variety of agencies responsible for preventing, mitigating, responding, and recovering from threats to homeland security.
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
509
Following each of these failures, blue-ribbon panels investigated, reported, and suggested fixes to the perceived problems. Perhaps inevitably, the widely different problems spawned widely different recourses that are meant to be applied to the same analytical community. It is therefore essential to examine how both of these broad fixes - first, the increased collaboration among analysts and, second, the increased competition among them - apply to the analysis and production processes. What are the implications? Arguably the primary solution offered for the problem of collaboration was the establishment of the National Counter Terrorism Center (NCTC), the idea being that by placing analysts from the various agencies into a single organization, you therefore overcome the policy, technological, and cultural barriers that impede information sharing. (Information sharing here means not just the sharing of finished intelligence products, which is more a dissemination issue, but the sharing of more raw data among analysts prior to a product's creation). This in turn enables analysts (at least those found within the Center - an important caveat) to obtain all the requisite data they need in order to make informed assessments. In practice, however, this solution can engender problems of its own. Designed to ensure information flow into the center, less attention may be paid to ensuring the equally important subsequent information flow out of the center. This would seem to be the case for the NCTC. By establishing it at the level of the ODNI, it gains a broad level of authority, but simultaneously risks an inherent bias towards only providing intelligence to senior decision-makers. In this way, these centers run the very real risk of becoming a sort of information black hole. To do this ignores the fact that a significant consumer for all intelligence analysis is the IC itself, and that without this internal distribution of intelligence, true collaboration is not possible. How then to spur the necessary analyst to analyst exchange of information and ideas? Currently within the IC is another model of interagency collaboration, that of embedding liaisons within sister agencies. To be effective, agencies must take care in whom they choose to represent their interests. Such a person must have sufficient authority and expertise within their parent agency in order to facilitate collaboration. Because they are often small in number, even in some cases alone, their individual personalities can be decisive in determining their effectiveness. As this practice applies to analytical exchange, these liaisons can be immensely valuable not just as conduits for intelligence (both finished products and unfinished data), but as matchmakers between analysts working similar issues. At one extreme, these analytical meetings of the mind can result in jointly produced, multiagency products - a concrete example of collaboration. At the very least, these exchanges can aid an individual analyst's understanding of an issue. With our fragmented IC structure, there is naturally a surfeit of seams between agencies. Centers span the existing seams, but as discrete entities themselves, they also create the potential for new ones. Effective liaisons represent a sort of glue that can bond the seams themselves. Liaisons are not the only means by which analysts in one organization can know about colleagues with similar interests in another. Technology, in the form of the IC's secure Intranet known as Intelink, also aids community self-awareness (Thomas, 1999). To the extent that authorship information is included with intelligence products posted online, analysts can readily contact those with relevant knowledge. Whether via email, telephone, or video teleconference, these issue-specific links can be thought of as virtual centers. Not needing alterations to existing bureaucratic structures, separate budgets, or additional physical space, these communities of interest are free to rapidly form, collaborate, expand, contract, and even dissolve. Aside from the suggestion of forming centers, it seems clear that a responsibility of those managing the analytical community is enabling this ephemeral sort of cooperation. However, not all issues are as transient. Another significant management question is deciding which issues are so permanent, so challenging, and so broadly applicable to multiple agencies, that they warrant real centers (while remaining cognizant of the attending risks) and not just the ad hoc variety. (The recognition of this dilemma seems evident in the creation of the so-called mission managers within the ODNI. These people can serve as leaders to communities of interest formed around certain enduring intelligence problems, such as Iran. In this, they would seem to represent an in-between solution somewhere on a spectrum between new organizations, like centers, and self-organizing ad hoc groups).
510
As mentioned, the failures in the Iraqi WMD case were largely attributed to the cognitive pitfall of groupthink. The Robb-Silberman Commission report made the suggestion, later legislated by the subsequent Intelligence Reform and Terrorism Prevention Act, of requiring the ODNI to conduct alternative analysis (Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, 2005). Given the loose confederation of intelligence agencies, analytical differences may be more common than not. Even in the Iraqi WMD case, there were examples of disagreement. One example was the Department of Energy's (DoE) assessment of Iraq's procurement of specialized aluminum tubes which held they were not intended for an enrichment program. The question is how should the IC leadership handle such dissenting assessments? The mandate to produce alternative assessments would seem to offer an outlet for just that. Even if dissent does not arise as a matter of course, the use of red teams to engage in devil's advocacy, intentionally trying to craft a competing assessment, would seem to guarantee that the IC comprehensively presents all sides of a given issue - but is this indeed the case, and if so, is that necessarily a good thing? Ironically, one of the causal factors in skewing the pre-war intelligence was the creation of this sort of red team, with a mission to challenge the IC's collective judgment - that of the Office of Special Plans (OSP) within the Office of the Secretary of Defense. Seen as an antidote to the IC's (particularly the CIA's) assumed, inherent analytical timidity, the OSP boldly sought alternative analysis and found it. By giving more credence to information that the mainstream IC considered questionable, this competitive analytical team indeed came to a stronger conclusion on the question of Iraq's WMD (Pollack, 2004). Far from ensuring a more thorough examination of all the relevant facts, this instance of competitive analysis enabled what critics deride as cherry picking of intelligence to suit the administration's purposes. In addition to this rather straightforward example, devil's advocacy can also lead to unintended consequences, which can solidify analysts' position on an issue rather than cause them helpfully to reevaluate it. As a recent article in the CIA's Studies in Intelligence points out, analysts can react to a red team analysis by becoming further wedded to their assessments, seeking to defend, rather than question, them. Additionally, assessments that undergo critical, competitive analysis can attain a certain unassailability through the impression that they have passed the test posed by analysis meant to upend them (Rieber and Neil Thomason, 2006). This impression is present whether or not that is in fact true. So is this the final verdict on competitive analysis? Perhaps not. Given certain standards, alternative analysis may be made more reliable. Additionally, this method may not be the only fruitful one in enhancing analytical rigor.
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
511
The IC leadership, constituted by those professionals inside the community and those policy makers responsible for it, would do well to seriously consider these suggestions. Enhanced training, whether through an institute, university, or some combination thereof, also holds the promise of simultaneously enhancing collaboration and competitive analysis to good effect. Some commentators have suggested intelligence community reform that seeks to emulate the military reforms spurred by the Goldwater-Nichols Act of 1986, which enhanced cooperation among the armed services. A prescient recognition of that legislation was the culturally transformative effect of education. By creating or enhancing joint professional military education while at the same time creating opportunities and incentives for exchanging personnel, Goldwater-Nichols helped effect a profound cultural change on the US military. By following a similar path, professional intelligence education and personnel exchanges could transform cooperation from an interagency phenomenon to an interpersonal one. In fostering mutual knowledge of one another's areas of responsibility and expertise, mutual professional respect, and awareness of other agencies' missions, this education could go a long way toward establishing a need to share culture.
512
Commission pointed out numerous aspects of the IC's internal organization that contributed to the failures. This focus on what political scientists would term endogenous order revealed particular shortcomings in the distribution of power within the IC (March and Olsen, 1984). One aspect of the IC's internal distribution of power examined by the commission was its lack of centralization, which has a resultant impact on the budget process. The commission cited the fact that it was the Secretary of Defense, and not the Director of Central Intelligence (DCI), who ultimately maintained the ability to hire or fire the directors of several key intelligence agencies such as NSA, NGA, and DIA (National Commission on Terrorist Attacks Upon the United States). Additionally, the triune intelligence budget, with its separate accounts for the National Intelligence Program (NIP), Tactical Intelligence And Related Activities (TIARA), and Joint Military Intelligence Program (JMIP), was likewise largely in the hands of the defense secretary and only partly controlled by the DCI. This remained the case even after President Bush signed Executive Order 13355, substantially strengthening the DCI's influence, without altering budget authority (Executive Order 13355, 2004). With the passage of the Intelligence Reform and Terrorism Prevention Act in December 2004, titular responsibility for managing the IC passed to the new post of Director of National Intelligence (DNI). However, even today the DNI only maintains control of the NIP portion of the budget and has an advice and consent role concerning the appointments of the directors of the NSA, NGA, and DIA (Public Law 108-458, Intelligence Reform and Terrorism Prevention Act of 2004). One last structural manifestation of this lack of centralization is found in the realm of legislative oversight of intelligence. Particularly because of the split within the IC between civilian agencies and defense agencies, both houses of Congress have multiple committees to which the IC reports. Noting that this inhibits the effective oversight of the IC, the 9/11 Commission recommended Congress establish a Joint Intelligence Committee, much like the Joint Atomic Committee of the early Cold War years (National Commission on Terrorist Attacks Upon the United States).
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
513
for state and local officials to obtain security clearances prevents them from accessing information that is classified. Over-classification can be attributed to a particular institutional attribute of intelligence collection agencies - the primacy of protecting their intelligence sources and methods. Two techniques employed by collection agencies to accomplish this are compartmentalization and originator controls. The first keeps information stovepiped within narrow channels, while the other requires that intelligence users obtain the approval of the originating organization before sharing the information further. The result is an intelligence community focused on keeping information under its control. It was this focus that the 9/11 Commission referred to when it wrote that the culture of agencies feeling they own the information they gathered at taxpayer expense must be replaced by a culture in which the agencies instead feel they have a duty to the information - to repay the taxpayers' investment by making that information available (National Commission on Terrorist Attacks Upon the United States, 2005).
514
Defense. Though the DNI does have influence over defense intelligence policy and funding, many argue that the balance of power is clearly in favor of the defense secretary who ultimately remains directly responsible for some of the jewels of the IC: the NGA, NSA and the National Reconnaissance Office (NRO). One other relevant power-sharing arrangement exists between the DNI and the Attorney General. To the extent that the FBI is both a law enforcement and an intelligence organization, it is similarly divided between the ODNI and the Department of Justice. For the FBI, however, an internal formal institutional change enabled more effective oversight by the ODNI - the establishment of the National Security Branch, which conglomerates the bureau's counter-terrorism, counter-intelligence, and intelligence directorates into a single administrative organization (White House, 2005). One of the roles performed by the DNI is the head of the NCTC. Established by Executive Order 13354, the NCTC is responsible for being the single focal point for all IC counter-terrorism intelligence (except for that subset of terrorism which is purely domestic). Perhaps the most fundamental institutional change represented by the center is its authorization to collect and disseminate information from any Federal, State, or local government, or other source [italics added] (Executive Order 13354, 2004). As predicted by the institutional learning model, this change in strategy is leading to new competencies in the sharing of information. To the extent that the participating organizations' measure of success is dependent on the success of the center, individual agencies' aspirations are evolving to include information sharing. The timeframe for this evolution is not instantaneous, however. As noted by a report by the National Academy of Public Administration, there are still foot draggers among the agencies, specifically the NSA, which the report identifies as not sharing adequately (National Academy of Public Administration, 2005). While the NCTC is the central node for counter-terrorism information sharing, the JTTF's represent distributed nodes that specialize in the sharing of intelligence between levels of government. According to the FBI, which manages the program, there are currently 100 JTTF's throughout the nation, each with its own mix of federal, state, and local participants. A typical JTTF involves organizations as diverse as the FBI, Customs and Border Protection, Immigration and Customs Enforcement, Secret Service, State Department Diplomatic Security Service, State Police, and local police departments, and county sheriff offices (FBI Denver Field Office website, 2005). The geographic distribution of the JTTF's enables the FBI to act as a backbone for the sharing of intelligence information between widely separated jurisdictions - a police department in rural Ohio has a potential means of getting information from the NYPD. Though these represent a significant advancement, there is a danger that this particular manifestation of institutional learning will come to have unintended consequences. When considering that the FBI has recently established JTTF's in such locales as Helena, Montana; Bloomington, Indiana; and Lubbock, Texas, there seems to be a very real danger that the FBI's aspiration to prevent terrorism could overwhelm its responsibility for combating other forms of crime (FBI official website, 2005). While terrorism may not be the highest concern in Bloomington and Lubbock, policy makers must weigh whether the effort expended is commensurate with the threat.
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
515
Order 13356, sets ambitious guidelines for the classification of intelligence. First, it mandates that collection agencies devise ways of protecting sources and methods that allow for lower levels of classification. Secondly, analysts must write intelligence reports in formats that allow for degrading classification - the so-called write for release policy. One practice cited by the order is the use of tear lines, which refer to multiple versions of the same information, each having less specific details, which allow the watered-down versions to be released more widely. Two other mandates of the order require the IC to minimize use of compartmentalization schemes that serve to stovepipe information in narrow channels and the use of originator controls. Lastly, though it does not specify how, EO 13356 enjoins the management of the IC to create incentives for intelligence sharing (Executive Order 13356,2005). In addition to tackling the classification of information, new policies are attempting to widen the audience by allowing more officials to have access. Following 9/11, and to enhance the effectiveness of the JTTF's, the FBI established the State and Local Law Enforcement Executives and Elected Officials Security Clearance Initiative, which provides such officials with the opportunity to be cleared for intelligence up to the Top Secret level. This affords the advantage that even if particular intelligence cannot be downgraded or watered-down, an official with need-to-know can indeed know. In addition to the involvement of the FBI within the Department of Justice, Executive Order 13311 delegates authority to the Secretary of Homeland Security actually to determine state and local clearance eligibility (Executive Order 13311, 2003). In this implementation, a process intended to aid access sadly contributes to crossed lines of authority and bureaucratic confusion.
516
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security
517
More than its value as a suggested template for organization, the real contribution of the process view of intelligence lies in the systemic insights it affords. With benefit of the process perspective, the ODNI could fulfill the vital function of enabling those all-important activities at the national level through policy guidance, national-level coordination, and advocacy for the IC as a whole. All issues cited in this paper result in whole or in part from a deficit of this direction. This trinity of functions - guidance, coordination, and advocacy - has been notably lacking at the community-wide level in all previous efforts at intelligence reform in the US, even those which reflected the contours of the intelligence cycle. The most recent example was the community management staff within the Office of the Director of Central Intelligence (ODCI). Founded in the post-Cold War interregnum, this staff had positions for heads of collection, analysis, and administration. In these rough outlines, it is indistinguishable in form from the current arrangement of the ODNI. The reasons for the earlier incarnation's failure are thus very instructive. Foremost among these was its utter lack of authority to affect the order it sought to impose. As previously mentioned, though the DCI was the titular head of the IC, the real levers of authority - the ability to control hiring/firing and budgets - were outside his grasp. Inevitably, the community management staff experiment was doomed to fail (Kaplan, 2004). This mandate-without-authority arrangement is not new in the intelligence community, rather, it has been a constant feature since at least the National Security Act of 1947 which established a DCI to be the functional head of the IC without the concomitant power (especially relative to the military) to effectively fulfill that role. This failure is a major reason why at least one present-day commentator regards the CIA as flawed by design. Inexorably, this flaw led the CIA to transform from erstwhile manager to just another producer. As the vicious circle tightened, this management failure led to the creation of competing agencies to fulfill functions the CIA was incapable of performing (Zegart, 1999). The lack of unifying guidance, coordination, and advocacy had thus birthed the current confederation of agencies - a community in name only. Today, the ODNI's disadvantages versus the DoD and its nascent steps towards being a producer of intelligence, such as assuming responsibility for the President's Daily Brief, seem to echo this descent. Our government's success in stepping back from these errors will determine whether or not past is indeed prologue and the Intelligence Reform and Terrorism Prevention Act of 2004 will simply prove to be the 1947 National Security Act redact. Viewing the conclusions of this paper's examination of the intelligence cycle, it is clear that true reform lies in processes, and not just organization. Unless and until the ODNI has the mandate and authority to address the activities of the IC, it will remain only another bureaucracy among many. Particularly concerning homeland security, the United States intelligence community is neither monolith nor machine, but symphony. The success or failure of the current spate of intelligence community reforms will hinge upon the answer to this question - will its appointed director become the conductor or just another first chair violin?
518
David H Gray and Chris Slade Bald, Gary M., Executive Assistant Director, National Security Branch, FBI, testimony before the United States Senate Committee on the Judiciary, September 21, 2005, http://www.fbi.gov/congress/congress05/bald092105.htm (accessed September 22, 2005). Blackwill, Robert D. and Davis, Jack. A Policymaker's Perspective on Intelligence Analysis. In Strategic Intelligence: Windows Into a Secret World, ed. Loch K. Johnson and James J. Wirtz, 120. Los Angeles, CA: Roxbury, 2004. Central Intelligence Agency Fact sheet, Creation of the National HUMINT Manager, October 13, 2005. http://www.cia.gov/cia/public_affairs/press_release/2005/fs10132005.html (accessed October 14, 2005). Department of Homeland Security fact sheet, Homeland Security Information Network, http://www.dhs.gov/dhspublic (accessed June 18, 2005). Dizard, Wilson P. Intelligence Networks Go for Google, Government Computer News online, http://www.gcn.com/vol1_no1/daily-updates/24358-1.html (accessed November 16, 2005). DNI Program Manager Information Sharing Environment official website, http://www.ise.gov/ (accessed June 14, 2006). Executive Order 12333, United States Intelligence Activities, December 4, 1981. 13311, Homeland Security Information Sharing, July 29, 2003. 13354, National Counterterrorism Center, August 27, 2004. 13355, Management of the Intelligence Community, August 27, 2004. 13356, Strengthening Terrorism Information Sharing, August 27, 2004. FBI Denver Field Office website, http://denver.fbi.gov/inteterr.htm (accessed October 25, 2005). FBI Official Website, http://www.fbi.gov/ (accessed October 25, 2005). http://www.fbi.gov/intelligence/process.htm (accessed October 25, 2005). Foreign Intelligence Surveillance Act of 1978, 50 U.S.C. Chapter 36 http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36.html (accessed November 11, 2005). Gardner, William and Seamon, Richard, The PATRIOT Act and the Wall Between Foreign Intelligence and Law Enforcement, Harvard Journal of Law & Public Policy Vol. 28, Issue 2 (Spring 2005). Griset, Pamela L. and Mahan, Sue. Terrorism in Perspective. Thousand Oaks, CA: Sage Publications, Inc., 2003. Helmke, Gretchen and Levitsky, Steven, Informal Institutions and Comparative litics: A Research Agenda, Perspectives on Politics Vol. 2, No. 4 (Dec. 2004). Heuer, Richards. (1999). Psychology of Intelligence Analysis. Washington, DC: CIA Center for the Study of Intelligence. Kaplan, David E., with Whitelaw, Kevin and Ekman, Monica M. Mission Impossible. US News & World Report, Vol. 137, No. 3 (2004). Kerbel, Josh. Thinking Straight: Cognitive Bias in the US Debate about China. Studies in Intelligence Vol. 48, No. 3 (2004), http://www.cia.gov/csi/studies/vol48no3/article03.html (accessed May 28, 2006). Klaidman, Daniel and Isikoff, Michael. Lost in Translation. Newsweek, October 27, 2003. Koops, Bert-Jaap. The Crypto Controversy. The Hague: Kluwer Law International, 1999. Long, Austin and Rovner, Joshua. How Intelligent is Intelligence Reform? International Security Vol. 30, No. 4 (Spring 2006): 200-201. Lowenthal, Mark M. Intelligence Analysis: Management and Transformation Issues. In Transforming U.S. Intelligence, ed. Jennifer E. Sims and Burton Gerber, 220. Washington, DC: Georgetown University Press, 2005. Intelligence From Secrets to Policy, Third Ed. Washington, DC: CQ Press, 2006.
References
[1]
[2]
[3]
[4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15]
[16]
[26]
Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security [27] [28] [29] [30] [31] [32] [33] [34]
519
March, James G. and Olsen, Johan P., The New Institutionalism: Organizational Factors in Political Life, The American Political Science Review Vol. 78, No. 3 (Sep. 1984): 744. McConnell, Michael, Overhauling Intelligence. Foreign Affairs July/ August 2007. Morgan, Richard E. Domestic Intelligence. Austin, TX: University of Texas Press, 1980. National Commission on Terrorist Attacks Upon the United States, The 9/11 Commission Report. Washington, DC: Government Printing Office, 2004. National Academy of Public Administration, Transforming the FBI: Progress and Challenges. (Washington, DC: NAPA, 2005. National Security Agency official website, http://www.nsa.gov/sigint/index.cfm (accessed November 11, 2005). NATO Open Source Intelligence Handbook. Norfolk, VA: SACLANT Intelligence Branch, November, 2001. Office of the Director of National Intelligence News Release, ODNI Announces Establishment of Open Source Center, http://www.ODNI.gov/release_letter_110805.html (accessed November 9, 2005). Pollack, Kenneth M. Spies, Lies and Weapons: What Went Wrong, The Atlantic Monthly, January/February 2004, 88-89. Public Law 108-458, Intelligence Reform and Terrorism Prevention Act of 2004, December 17, 2004. Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Washington, DC: Government Printing Office, 2005. Rieber, Steven and Thomason, Neil. Creation of a National Institute for Analytic Methods, StudiesinIntelligence,Vol.49,No.4(2005),http://www.cia.gov/csi/studies/vol49no4/Analytic_Me thods_7.htm (accessed May 28, 2006). RSA Laboratories Website, http://www.rsasecurity.com/rsalabs/node.asp?id=2349 (accessed November 13, 2005). Thomas, Frederick M. Top Secret Intranet: How US Intelligence Built Intelink. Upper Saddle River, NJ: Prentice Hall, 1999. Titelbaum, Lorne. The Impact of the Information Revolution on Policymakers' Use of Intelligence Analysis. Santa Monica, CA: RAND, 2005. United States House of Representatives, 109th Congress, 1st Session. House Resolution 2293. May 11, 2005. United States Intelligence Community Official website, http://www.intelligence.gov/2business.shtml (accessed October 25, 2005). White House official website, Bush Administration Implements WMD Commission Recommendations, http://www.whitehouse.gov/news/releases/2005/06/20050629-2.html (accessed November 18, 2005). Wikipedia.Online.Encyclopedia..Export.of.Cryptography,http://en.wikipedia.org/wiki/Export_ of_cryptography (accessed November 13, 2005). Zegart, Amy B. Flawed By Design: The Evolution of the CIA, JCS, and NSC. Palo Alto, CA: Stanford University Press, 1999, 188-192. September 11th and the Adaptation Failure of US Intelligence Agencies, International Security Vol. 29, No. 4 (Spring 2005).