Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security

European Journal of Scientific Research ISSN 1450-216X Vol.24 No.4 (2008), pp.498-519 © EuroJournals Publishing, Inc. 2008 http://www.eurojournals.com/ejsr.htm

Applying the Intelligence Cycle Model to Counterterrorism

Intelligence for Homeland Security

David H Gray Department of Government and History

Fayetteville State University, Fayetteville, NC 28301 E-mail: [email protected]

Tel: (910) 672-2120

Chris Slade Graduate School of International Studies University of Denver, Denver, CO 80208

E-mail: [email protected] Tel: (303) 871-2324

Abstract

This paper focuses on a particular aspect of intelligence - namely, counter-terrorism intelligence for the purpose of homeland security. In accordance with the ‘form follows function’ model, this paper will survey the functions required and then discuss the organizations, discussing the planning and direction of counterterrorism HUMINT, following a brief survey of its related activities and potential sources. Keywords: Intelligence Reform, Intelligence Cycle, Counterterrorism, Homeland Security

Introduction Intelligence reform issues in the United States following both 9/11 and the question of Iraqi weapons of mass destruction (WMD) surround the structure of the intelligence community (IC). As Michael McConnell, Director of National Intelligence, has stated, ‘Sixty years ago, the National Security Act created a U.S. intelligence infrastructure that would help win the Cold War. But on 9/11, the need to reform that system became painfully clear’ (McConnell, 2007).

As with the broader subject of homeland security, intelligence reform has largely taken the form of new organization charts in the hope and expectation that these upgraded organizations would produce new practices. Implicit in this hope was an expectation that the new forms would produce desired functions, but assuming that the opposite is more likely - that form follows function - what are the prospects for intelligence reform? Intelligence is a process, not just a product, and systematically analyzing this process should illuminate issues, obstacles, and opportunities for effective reform. Scope, Assumptions, and Methodology The threat to be protected against, terrorism, is similarly narrowly defined as non-state actors who use violence or the threat of violence to further political goals. This includes US citizens as well as foreigners, because either may pose a terrorist threat inside the US, and in some cases, such as Al

Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security 499

Qa'ida, a foreign group may include American members. However, some portion of intelligence relevant to counter-terrorism and homeland security may be collected overseas.

Process will be examined first, followed by a discussion of the organizations themselves. To further structure this examination, the planning, and direction of the three specific types of intelligence (INT) most relevant to counter-terrorism will be considered: human intelligence (HUMINT), signals intelligence (SIGINT), and open source intelligence (OSINT). In so doing, the broad intelligence disciplines of imagery intelligence (IMINT) and measurement and signatures intelligence (MASINT) are perhaps not as valuable to counter-terrorism intelligence for homeland security.

Intelligence is a process, not simply a product. Nearly all doctrinal explanations of this process contain five separate steps, which form an iterative cycle (FBI Official Website, 2005). In simple terms, the first step, planning and direction, consists of obtaining intelligence requirements from users, then matching collection resources (e.g. spy satellites, covert human operatives, etc) to these requirements - a sub-process known as ‘tasking.’ Once tasked, collectors then gather raw information in the collection step. Often, this information is not readily usable by analysts without some level of manipulation, (such as developing film from reconnaissance cameras or translating intercepted communications), so the data is converted into a usable format in the processing and exploitation step. Analysts then examine this processed information and produce finished intelligence reports for users in the analysis and production step. The last step, dissemination, consists of sharing these reports with end users.

Though the intelligence cycle illustrates a smooth continuum, in reality the divisions between steps often coincide with divisions between agencies. A divide exists between those agencies with the ability and responsibility of collection [e.g. National Security Agency (NSA) for SIGINT; Central Intelligence Agency (CIA) for HUMINT; National Geo-spatial intelligence Agency (NGA) for IMINT] and those that provide the intelligence support to particular customers. In contrast to the collection-oriented bodies, these customer support agencies owe their genesis not to the mastery of a particular INT, but rather to serving the intelligence needs of a certain element of government, such as the State Department's Bureau of Intelligence and Research (INR), the Department of Defense's (DoD) Defense Intelligence Agency (DIA), or the intelligence arms of the various military services. This fragmented intelligence community can in part be explained as mirroring the fragmented nature of American government itself. For the purpose of disseminating intelligence products from the right agencies to the right end users, this fragmentation on both the supply and demand sides of the equation poses a host of dilemmas.

The natural beginning and ending points of the cycle are planning and direction. Surprisingly, there is widespread agreement as to the doctrinal definition of the intelligence cycle, whose five steps also include collection, processing and exploitation, analysis and production, and dissemination (see figure 1). However, the challenge abides in a comprehensive, intelligence community-wide definition of planning and direction. Drawing on the various conceptions, the following are considered the planning and direction component:

1) obtaining requirements from customers 2) prioritizing those requirements 3) efficiently and legally tasking collection resources to requirements. Some definitions of planning and direction include not just the planning and direction of

collection, but of the subsequent steps as well. However, for simplicity's sake, the planning and direction step's inputs to the collection step are considered.

500 David H Gray and Chris Slade

Figure 1: Source: US Intelligence Community website, http://www.intelligence.gov/2-business.shtml.

Challenges to Counter-Terrorism Intelligence Planning and Direction for Homeland Security The number of intelligence users who may benefit from counter-terrorism intelligence are as varied as the potential sources. Those who make policy and those who implement it are in need of access to this information. Policy makers could be at any and all levels of government. Therefore, requirements could come from any and all of these potential customers. In addition to this set of users, the public safety community at large could have a justifiable need for counter-terrorism intelligence. Law enforcement officials, again at all levels of government, are the most obvious example, but such diverse agencies as public health and public works would also have some role in preparing for or responding to a terrorist attack. The former would almost certainly be involved in any mass-casualty producing event, particularly if chemical, biological, or radiological weapons were involved, while the latter would be required to handle such disruptions as destroyed infrastructure. Much of the US infrastructure, from hospitals to power plants, is privately owned, thus incorporating the business community as yet another potential customer.

With this dispersed and varied customer base, any requirements handling scheme must be widely inclusive. However, multiple requirements greatly complicate prioritization. With the large number and variety of independent (indeed, sovereign in some cases) entities, and the fact that many of these also maintain their own independent collection means (i.e. local, state, and federal law enforcement), the challenge of apportioning resources to some tasks while deliberately forgoing others is formidable. The resulting potential for duplication of effort, or its opposite, a gap in coverage, is great and necessitates coordination among the various governments at all levels. Therefore, any prioritization scheme must effectively coordinate multiple efforts. While under our federal system of government, one government entity may not be able to dictate to another, at the very least such coordination should ensure awareness of each other’s activities.

Assuming the effective prioritization of requirements, tasking raises even more issues. Just as one government cannot change another's prioritization, neither can it directly task another's assets. Such actions must therefore be the result of influence or persuasion. Additionally, whether the collection is to take place within or outside the US, and whether the target is an American citizen, resident, or corporation drastically affects the legality of the nature of collection. Legal standards on collection may be enforced in order to ensure the rights and civil liberties of potential targets, or may be to ensure admissibility of collected intelligence as evidence in a court of law. Any tasking scheme must therefore account for the various laws and policies which govern intelligence collection under certain conditions.


In examining each of the main collection methods employed against terrorism, three issues are critical: first, does the planning and direction scheme obtain all the relevant requirements, second, does it effectively prioritize them, and third, does it efficiently and legally task collection resources? Coaching the Spy Game: Planning and Direction of Counter-Terrorism HUMINT Perhaps more than any other INT, HUMINT is valued for its ability to provide insights into the intentions of an adversary. Intentions are often extremely difficult to discern through other means. Since the resources required to execute a simple terrorist attack can be very limited, they are therefore very difficult to detect. Rather than looking for the means, therefore, it is often useful to look for the motives of potential terrorists.

Before discussing the planning and direction of counter-terrorism HUMINT, it is useful to survey briefly its related activities and potential sources. The first activity would be the recruitment and exploitation of human sources, whether overt, covert, or clandestine. Another form of HUMINT could come in the form of liaison with foreign government or intelligence bodies. Yet another form of HUMINT relevant to counter-terrorism may consist of simple surveillance, or ‘tailing’ of subjects believed to be of intelligence value.

Recent changes with HUMINT reflect the creation of the National Clandestine Service within the CIA. As the name implies, it is charged with the management of all clandestine HUMINT collection, both domestically and overseas. Obviously absent are all non-clandestine HUMINT activities, which for counter-terrorism purposes include informants, who remain under the purview of the respective law enforcement agency undertaking the investigation.

The current system does in fact ‘cast a wide net’ in obtaining requirements. Though distributed across the various intelligence and law enforcement agencies, potential customers demand a multitude of requirements. The challenge, of course, is the prioritization of these requirements and the necessary mechanism. If, for example, a large metropolitan police force can prioritize its requirements in response to the needs of its particular customers, what use is an over-arching, national-level set of priorities? Perhaps the collection target in that particular city may be of concern to other agencies as well. In that circumstance, some means of knowing other jurisdictions' prioritized requirements would be helpful. Within a metropolitan area, a Joint Terrorism Task Force (JTTF) established by the Federal Bureau of Investigation (FBI) may be useful as a forum for various agencies within a particular area to express their requirements. In order to regionalize or nationalize this process, however, the various JTTFs would need to communicate. The potential breakdown occurs in the third question of the efficient and legal tasking of resources. Here, the absence of planning and direction structures bridging the various levels of government results in potential duplication of effort and gaps. Even just among federal agencies, there seems to be no organization with the ability or authority to coordinate domestic HUMINT collection efforts. Such cooperation as exists today must therefore be the result of individual agencies voluntarily cooperating on an ad hoc basis, case by case. While such a system may be adequate in response to a crime already committed, this may not be sufficient for managing tasking dedicated to providing warning of activities indicating a terrorist plot. Rather than just cooperating on a case, domestic agencies must be able to effectively collaborate prior to an actual terrorist event occurring. Whispers in the Dark: Planning and Direction of Counterterrorism SIGINT In addition to the standard SIGINT activity of intercepting broadcast voice communications, SIGINT for counter-terrorism could also hypothetically include such techniques as wiretaps, bugging, and interception of email or online chat room conversations. As with HUMINT, the collectors involved in such activities, both domestically and abroad, are a mix of national intelligence agencies, in this case the NSA, and law enforcement at various levels. Again like HUMINT, the potential customers levying requirements are diverse and fragmented. In fact, those customers are not likely to make requirements


with SIGINT in mind, but express intelligence needs which collectors then determine can be met with a particular INT. The issue is the identification of requirements for potential collectors. One particular break seems to be between domestic customers and the NSA. Even in light of the revelations that NSA surveillance is being directed within the borders of the United States, it isn't clear how the collection gained benefited other elements of the IC, particularly those at anything other than the federal level of government. Even if this controversial domestic collection program were ended, terrorist planning or support activities may be detectable overseas well before they manifest themselves as homeland security threats, such as 9/11 plotter Mohammad Atta's activities in Hamburg, Germany. Whether or not the NSA collects SIGINT within the US, it can nevertheless contribute to homeland security intelligence. How then are these requirements made known to the SIGINT collection community at large? If, for example, there is no mechanism for the New York Police Department (NYPD) to express its needs, what about the FBI? Or the Director of National Intelligence (ODNI)?

This breakdown carries over into the prioritization of requirements, as well. Since some portions of requirements are apparently never considered in the first place, any prioritization scheme would be handicapped. On the domestic law enforcement side, the prioritization of SIGINT requirements is very much like that of HUMINT requirements. The organizations with the collection ability are completely beholden to those making the requirements - the NYPD must answer to the city government. Again, coordination is required for those threats that cross jurisdictions. Wheat and Chaff: Planning and Direction of Counter-Terrorism OSINT As a direct result of a recommendation made by the Robb-Silberman WMD Commission, the ODNI established a new ‘Open Source Center’ within the CIA. Formed around the nucleus of the CIA's Foreign Broadcast Information Service (FBIS), the interaction of this new center with the IC is the challenge (ODNI News Release, 2005). In order to be useful to homeland security, counter-terrorists must have some means of collecting requirements from domestic consumers as discussed earlier in the context of HUMINT and SIGINT. This need not be direct if these requirements are expressed to the ODNI or Homeland Security Secretary; these offices may be able to relay the needs, and even prioritize them. Given the broad and available nature of OSINT, which cannot be distinguished from other forms of overt research, it is difficult to logically speak of tasking when examining the OSINT practices of intelligence agencies and law enforcement. Perhaps only when speaking of open sources which are not widely available, such as foreign broadcast and print journalism, does the examination of ‘tasking’ of OSINT make sense. Since that segment of OSINT seems likely to remain within the purview of the new Open Source Center, if or when more information becomes available, a more thorough discussion of OSINT tasking may be possible. Policy Recommendations for Planning and Direction The past several years has seen a level of intelligence reform unprecedented since the National Security Act of 1947, but these changes have been largely focused on the national level. However, homeland security in general, and counter-terrorism particularly, involve agencies at all levels of government. The federal structure of our government, so effective at dispersing power, also hobbles effective coordination of intelligence activity. Regardless of collection type, whether HUMINT, SIGINT, or OSINT, a consistent theme is the need for cooperation between national intelligence agencies, and those in the states, counties, and cities, as well. Complicating this further, though, is the fact that at these levels, the bodies that both use and collect intelligence are often law enforcement organizations, which have their own cultural norms and legal restrictions. While these pose barriers, they do not completely preclude cooperation. This necessary partnership represents a significant challenge for the new national intelligence structures established by recent reforms.


A conceptual model of ‘centralized guidance, decentralized execution’ is useful as broad guidance for the specific endeavor of planning and directing collection. Two things are clear: there is no comprehensive requirements system for counter-terrorism intelligence that spans all levels of government, and such a requirements system, if created, would be incapable of mandating priorities or tasking to agencies over which it has no authority. Although the second point may be true, it does not mean that the first point is not a worthwhile goal. As such, national, prioritized collection lists regarding counter-terrorism intelligence needs would aid in the efficient allocation of intelligence resources even if it were in the form of a suggestion and not a mandate. Such a resource would help add coherency to the disparate efforts undertaken by collectors. Due to its unique resources, the federal government should provide this overarching guidance. The federal government's advantage is not just its financial resources, but its ability to bridge the various jurisdictions, thereby discovering areas of common concern. Because the value of intelligence collection is increased when combined with multiple sources, any increase in the effective planning and direction of one particular ‘INT’ will be felt in the quality of the resultant analysis. A corollary to this ‘bridging’ function would also be the need for a new responsiveness of national intelligence resources to the requirements of not just the federal executive branch, but other levels of government, as well. The responsibility for the protection of US citizens from terrorism is dispersed and, consequently, the intelligence community should reflect the same. Challenges to Counter-Terrorism Intelligence Collection for Homeland Security Within the intelligence cycle, there are different categories of barriers that impede the effective collection of intelligence by the various agencies. The first is found in the realm of policy, especially delineated by law. Oftentimes, the crafters of these policies fully intended to hamper intelligence collection, not enable it. In addition to these policy/legal barriers, there are also technological hurdles to overcome.

In many cases it is difficult to adequately separate the doctrinal steps of collection from processing and exploitation. Indeed, such a distinction would only serve to overlook issues of tremendous concern which are intimately intertwined with collection, such as the difficulty in translating foreign languages or deciphering encrypted communications. Therefore, though doctrinally messy, this paper will intentionally blur the distinction between collection and processing/exploitation, just as the issues require. Who is Holding Which Bag? The various policy and legal barriers to counter-terrorism intelligence collection can be divided into two categories: those which are equally applicable to the various forms of collection, whether HUMINT, SIGINT, or OSINT, and those which are specific to a certain form. The first set derives mainly from legal protections designed to assure privacy and civil rights. Particularly for the subset of counter-terrorism intelligence collectors who are law enforcement officers (spanning theoretically from the FBI to the smallest college campus police force), these legal measures greatly restrict activity. Though tasked with prevention of terror attacks, in many circumstances law enforcement must be able to meet thresholds to establish probable cause before pursuing aggressive intelligence collection. Notably, these thresholds are not always limited to just intelligence sought against US citizens, but foreigners, as well. One particular manifestation of this is the Foreign Intelligence Surveillance Court (commonly referred to as ‘FISA Court,’ after the implementing legislation, the Foreign Intelligence Surveillance Act of 1978). This secret court is charged with reviewing FBI and other federal law enforcement applications for warrants to conduct certain types of intrusive surveillance, such as wiretaps (Foreign Intelligence Surveillance Act of 1978).

The last policy issue that is broadly applicable to HUMINT, SIGINT, and OSINT surrounds the challenges arising from the need to translate foreign language material. Being a nation engaged in


international affairs worldwide, the United States is particularly challenged. The need is critical to be able to translate nearly every language, and yet our global economic power has made English the lingua franca of the day, removing the impetus for multi-lingualism in U.S. society. Much has already been written about the need for people with skills in languages not traditionally studied in America, and a quick survey of the employment sections of the web sites of intelligence agencies such as the CIA and FBI shows a continuing need for skills in such tongues as Arabic, Farsi, Chinese, Urdu, and other non-Romance and non-Germanic languages that are significantly different from our native English. Less than a week after 9/11, FBI Director Robert Mueller made a recruiting plea to Arabic speakers to join the bureau, which at that time only had 40 Arabic and 25 Farsi linguists (Klaidman and Isikoff, 2003). Despite receiving over 40,000 applications, stringent requirements for security clearances resulted in roughly 90% of the applications being rejected outright (Locy, 2003). This particularly affects foreign-born native speakers, who are most able to translate unique dialects and fully comprehend idiomatic language. Adding to this ‘perfect storm,’ the increasing focus on terrorism and the legal tools provided by the USA PATRIOT Act of 2001 have increased the potential volume of electronic intercepts - all of which add to the increasing body of material to be translated, which also includes open source material from overseas.

The aforementioned legal and policy barriers are roughly equal in application to both HUMINT and SIGINT. The discipline of OSINT raises some unique legal and policy challenges, however. Unique among these is the question of copyrighted material. Though in the past, governments were tempted to classify information gained through open sources in order to sidestep the copyright issue, the need for sharing such information widely necessitates keeping it unclassified (NATO Open Source Intelligence Handbook, 2003). It is therefore incumbent on intelligence agencies to respect copyright laws.

Not to be overlooked, the validity of OSINT raises questions as to its use. With much OSINT being derived from journalism, there is always a question as to the authenticity of the source. Unfortunately, whether due to intentional manipulation, such as government control of media or simply shoddy fact checking, OSINT can all too often be indistinguishable from rumor and propaganda. Depending on how such intelligence is then used, the questions of validity could become very germane. For instance, if information gained from a foreign news publication is used to prompt an increase in the homeland security alert level, how justifiable is the attendant financial expenditure? What if an investigation is begun based on this information? How justifiable would further intelligence collection be? What standard should OSINT meet in order for it to justify further collection? Unfortunately, neither policy nor legal precedent exists to address these concerns. The Tech Tsunami Unlike the policy barriers, the technology barriers are usually specific to the form of collection in question. It is therefore appropriate to examine each in turn, skipping HUMINT, whose collection barriers are not usually technological. Both SIGINT and OSINT, however, have significant technological issues. Gone are the days when SIGINT for counter-terrorism consisted only of radio intercepts and telephone taps. The explosion of mobile telephones, email, and the Internet has radically altered the world of ‘signals.’ This digital revolution in interpersonal communications is marked by two main characteristics - its portability and variety.

Mobile phones particularly pose problems for investigators seeking to intercept communications. This development has in fact necessitated alterations to policy and law. The primary example is the USA PATRIOT Act of 2001, which authorizes so-called ‘roving wiretaps,’ allowing investigators to intercept communications from a certain, specified individual regardless of phone number used (Griset and Mahan, 2003).

Not only is communication more mobile, it is assuming new forms, as well. Even the apparently simple landline telephone is complicated by such developments as Voice over Internet


Protocol (VoIP) technology and fiber optic lines. So-called ‘wiretaps’ are no longer a simple matter of attaching clips to a live telephone wire and intercepting the conversation. In the case of some electronic communications, such as email, and even some cellular telephone communications, this data is also encrypted. Publicly available encryption methods have already sufficiently concerned the US government that it has tried, without success, to limit the level of encryption available. During the mid-1990s, the Clinton administration proposed adoption of a system known as the Escrowed Encryption Standard, commonly referred to as the ‘Clipper chip’ (Koops, 1999). Using an NSA-developed encryption algorithm that was weak enough to allow brute-force deciphering by agencies with sufficient computing power, this system also included such features as Law Enforcement Access Fields (LEAFs - also known as LEAKs by its detractors, standing for Law Enforcement Access Keys) which would allow law enforcement agencies to more easily access the encryption keys used to encode the message (RSA Laboratories Website, 2005). This effort was part of a two-pronged approach, the other component being export restrictions on ‘strong’ encryption methods. In fact, until 1996, most encryption technologies were considered ‘munitions’ subject to export restriction under the International Traffic in Arms Regulation (ITAR) (Koops, 1999). These were enforced up through the late 1990s and early 2000s, but advances in technology made by foreign firms and legal precedents coupled to make this technology-inhibiting approach untenable. Today, advanced standards such as triple-Digital Encryption Standard (3DES), Pretty Good Privacy (PGP), and the newly adopted Advanced Encryption Standard (AES) are not strictly controlled. Some, like PGP, are publicly available for anyone to download anywhere on the globe. Others like 3DES are still export-controlled by US law, but only to certain end users such as state sponsors of terrorism. The effectiveness of these laws is questionable, however, as proscribed states can set up front companies or use other intermediaries to access the technology. The bottom line for SIGINT collection is that encryption is becoming stronger and more widely available.

The potential loss of SIGINT information to encryption could increase reliance on OSINT-derived information. However, OSINT is also presented with technological barriers. The first is the simple question of availability. Not strictly technological, this barrier is a result of not being able to access all potential sources. One can imagine how difficult it would be to maintain access to foreign print publications, only a portion of which are available online. Even more complicating, though, is the problem of keeping our access of OSINT from being known. Ironically, the information may be unclassified, but our use of it may not be. Especially for online sources, this necessitates methods to obscure the identity of those obtaining the information. Not only could a potential enemy use web traffic analysis to determine our level of interest in a particular topic, savvy web site designers can use identifying data inherent in internet traffic to identify and direct potential spies to an alternate site intended to mislead, thereby denying access to the needed information. Policy Recommendations for Collection Though presented as barriers to effective collection, these legal restrictions imposed are warranted and desirable. Vigorous oversight of intelligence activities is essential for our free society, but a balance must be sought between the demands of security and the rights of people. As a rule, measures to regulate intelligence collection function best when they reflect the separation of powers inherent in our Constitution. Therefore, the USA PATRIOT Act, legislated by Congress, which reaffirms the role of a judicial check (the FISA Court) is well-designed.

On a less constitutional matter, policy must be reformed to allow for increased recruitment of translators. Security clearance investigation requirements that entail background checks of family members, who in the case of immigrants may be unavailable, can be counterproductive and even unwarranted. Some common-sense judgments as to what constitutes a sufficiently thorough background check must be made. Coupled with this refinement of clearance guidelines, intelligence agencies can take steps to mitigate potential damage if translators are in fact security risks, such as intelligently dividing responsibility of translation so that no single translator is afforded the complete


picture. An even more interesting and potentially fruitful reform to ameliorate the lack of translation capability is the recent legislation granting special immigrant status to certain Iraqi and Afghan interpreters working for our military forces (H.R. 2293, 2005). Such legislation could be expanded to encourage the recruitment of translators for the intelligence services, as well. Additionally, the special immigrant status could also ease immigration of family members, thereby additionally simplifying clearance issues.

Policy and legal measures can also ameliorate technological issues. The increasing sophistication of encryption is undeniable. Given this, the US would benefit from adopting legal measures similar to those used in the Netherlands, which empower legal authorities to mandate that people decrypt certain communications in specific cases (Koops, 1999). Failure to comply would in itself be a crime. This preserves legal protections while enabling law enforcement. This characteristic balance struck between rights and security, between civil liberties and law enforcement is the hallmark of reforms which will attain the inseparable but often mutually exclusive goals of liberty and safety. Challenges to Counter-terrorism Intelligence Analysis and Production for Homeland Security An inherently cognitive endeavor, intelligence analysis is in many respects the most difficult phase of the intelligence process to conceptualize. The various treatments of this topic illustrate the existence of a levels-of-analysis problem on the topic of, well, analysis. Starting from the smallest discrete element and moving up, we have to begin with the individual analyst's own mind or cognition. This level was ably and most notably examined by career CIA analyst Richards Heuer in his book, The Psychology of Intelligence Analysis. Toward the end of that work, Heuer gives suggestions on how managers of analysts can orchestrate their teams to alleviate the various cognitive pitfalls (Heuer, 1999) - thereby alluding to the next level, that of the group. Though most of the challenges confronting analysts in teams seem to be equally applicable regardless of the size of the group, the plurality of agencies within the US intelligence community further subdivides the ‘group’ level of analysis between challenges within a single agency and those challenges that span across agencies. Unfortunately, for intelligence leaders and would-be reformers, the problems from lower levels are additive and distributive - individual pitfalls effect groups and organizational pitfalls further manifest themselves as interagency hazards. Though by no means exhaustive, three common and fundamental problems encountered at the group and interagency levels are relevant to counter-terrorism intelligence for homeland security. First, how do you correctly balance the demands for current, explanatory intelligence against the oft-competing demands for longer range, predictive analysis? Second, what exactly does ‘indications and warning’ mean when talking about counter-terrorism intelligence? Lastly, we have to consider two of the broad-brushed solutions to the recent intelligence failures of 9/11 and Iraqi WMD - the seemingly mutually exclusive practices of collaborative and competitive analysis (Lowenthal, 2005). How Far is Your Horizon? The (In?) Balance between Current and Forecast Intelligence For many, if not most, time-strapped policymakers, current intelligence is the only kind of intelligence they will ever receive or may even care about (Blackwill and Jack Davis, 2004). Though this phenomenon seems inevitable given the demands placed upon policymakers, it does not necessarily follow that analysts should inevitably follow suit and ignore the important in favor of the urgent. Unfortunately, however, the real world, workaday demands of PowerPoint briefings, executive summaries, read files, and the ultimate current intelligence product, the President's Daily Brief, mean that the analyst's interaction with the customer often only encourages an ever faster ‘news cycle.’ As many an analyst can attest though, the industry that specializes in that cycle - the 24-hour news


networks - is very difficult to scoop. The question is should analysts even try? Perhaps a more useful question would be what value could intelligence analysts add to ‘breaking news’?

One answer, albeit unsatisfactory, seems to be that intelligence analysts are just another source of information in addition to open news sources - varying by kind, not by quality. If CNN reports bomb explosions in a metropolitan subway station, the policymaker may turn to his ‘classified CNN’ for amplifying information from intelligence sources. Though it may make an analyst feel helpful and needed to provide that extra, classified nugget to the boss, a better answer would result in not merely amplification, but analysis. Answering these types of questions requires more than an inductive leap made after accumulating impressions from discrete events in a series of current intelligence products. Instead, intelligence professionals must perform the requisite background analysis in order to arrive at a broader understanding that can help synthesize discrete events with a solid conceptual framework. Without this deeper level understanding (which seldom, if ever, translates well into briefing bullets), predictive intelligence will be more likely to be based upon such questionable methods as hunches or (what too often substitutes for analysis), the assumption of linear progression - easily recognized by well-worn phrases like ‘the trend indicates.. . ’ or ‘in the past we've seen. . . ’ (Kerbel, 2004).

This is all easier said than done, of course. In former Director of Central Intelligence James Woolsey's memorable phrase, the cold war ‘dragon’ of the Soviet Union has been replaced by a multitude of ‘snakes.’ This translated directly into an analyst management problem for the IC. A single, unitary enemy offered a level of focus that enabled consistency and predictability. Analysts, assigned to the same general target set, developed specialized expertise over time. With this depth of knowledge, so-called ‘Kremlinologists’ became well-versed in reading significance into the most subtle of nuances. Not only was there a single overarching threat, but also the type of threat it posed to homeland security was highly unitary, being almost wholly military.

Contrast that situation with today's asymmetry, where the potential threats are manifold. In the last decade and a half, the analysis capability of the IC has had to rapidly and repeatedly shift its attention from one concern to the other - from global environmental problems, to financial crises, to ethnic cleansing in Europe and Africa, to weapons proliferation, to airliner security - ad infinitum. This new scattering of focus, coupled with the post-cold war, pre 9/11 interregnum cutbacks in the nation's intelligence capability, were a recipe for more shallow analysis. Since 9/11, intelligence budgets have increased, and policymakers are making efforts to address the resource shortfalls - but this does not alleviate the problems of focus. A Different Kind of ‘Indications and Warning It is not enough simply to look at the problems of analysis without regard to its purposes, one of the most important of which is providing indications and warning, or ‘I&W,’ Here, too, the fundamental change of the security environment from the cold war to today has profound effects. Faced with traditional, symmetric military force threats, the I&W problem was relatively straightforward. The massing of armored forces on a border, the forward deployment of long-range bombers, or the sortie of naval forces were more readily observable and relatively simple to analyze. Over time, the IC learned to discriminate among indicators that signified normal training or operations versus those that were truly unique. Even with this simplified problem, better-suited collection, and long experience, the IC's record on even this symmetrical military force-warning problem was not perfect. This fact alone should color the expectations of intelligence critics.

Examining the I&W problem for homeland security counter-terrorism shows that expectations of perfection are impossible to satisfy. In addition to the plurality of new threats, their nature poses significant challenges to I&W. First, the indicators available to analysts are more difficult to collect than those for military forces. Furthermore, they are even more equivocal. How can sophisticated spy satellites detect a handful of conspirators creating backpack bombs? Is that Saudi flying school student seeking to become a genuine airline pilot or a potential terrorist? In the old paradigm, the IC could indeed brief a policy maker that such-and-such armored division was massed at such-and-such


location, along with sustaining logistics forces, arrayed in a manner consistent with preparations for an attack. Does anyone believe the IC can reliably deliver similarly detailed information about a terrorist attack? Yet, the current suggestions that the IC must ‘penetrate’ terror cells via improved HUMINT seem to indicate just such an expectation.

As other authors have pointed out, there are different levels of warning - from the fine-grained tactical to the more general or strategic (Rovner and Long, 2006). Our ability to do either is largely determined by the nature of the threat and not simply by our own intelligence capacity. As such, a starting point for effective reforms must realize that the best warning we are ever likely to get will be of the strategic variety. Seen in this light, the intelligence available on the 9/11 plot before the actual attack is instructive. When pundits and commission members talk of the failure to ‘connect the dots,’ the dots they are referring to are indicators. Even if pre-9/11 intelligence sharing had been perfect, taken together, these indicators do not, indeed cannot, provide tactical warning. Both the intelligence community and the policy makers it serves must therefore adjust their expectations.

So far, the remedies offered for this failure have focused mainly on the collation of indicators, while some have emphasized their increased collection. A full spectrum of homeland security strategy is required - not just the prevention of attacks, but the mitigation of their potential effects, the response to their actual effects, and the eventual recovery. In these efforts, strategic warning can offer useful, ‘actionable’ information. For example, this brand of intelligence can profitably analyze information about previous attacks in order to drive planning for future possibilities. Though each attack is unique, many share similarities in planning, target selection, tactics, techniques, and effects. Instead of just notifying policy makers that an attack has occurred, analysts should seek to conduct a full ‘post mortem’ of the event in order to divine intelligence useful to prevention, mitigation, etc. To do this adequately, our intelligence professionals will necessarily be in the position of analyzing not just enemy tactics and techniques, but how those apply to our own techniques and vulnerabilities. However, many analysts have been acculturated only to examine the enemy and loathe looking at ‘blue’ issues. This must change if analysts are adequately to advise decision-makers.

One way of thinking about this type of I&W is to recognize its emphasis on affecting planning. Instead of merely trying to predict a specific attack, this strategic warning seeks to anticipate decision makers' evolving needs for information across the spectrum of homeland security activity. This has implications for the organization of the IC, in particular its degree of centralization. In order to provide this more anticipatory, vice predictive, intelligence, analysts must be close enough to their customers to understand their intelligence needs. Though this comes with some risk of what's become known as ‘clientism’ (Lowenthal, 2006), a centralized analytical capability would be poorly adapted to serving the wide variety of agencies responsible for preventing, mitigating, responding, and recovering from threats to homeland security. ‘Connecting the Dots’ Versus ‘Groupthink’ - Collaborative and Competitive Analysis The popular explanations for the back to back intelligence failures on 9/11 and Iraqi WMD offer some insight into the extreme challenges of estimative intelligence. Ironically, the problems cited in each of these cases are contradictory in essence. In the first case, that of 9/11, the problem was simply not ‘connecting the dots,’ which seems to assume that enough required information was available, but was just not put together, like an unassembled puzzle. In the second failure, that of Iraqi WMD, the IC seemed to have invented ‘dots’ which did not exist. This was attributed to ‘group think’ - apparently the IC that could not work together to connect the dots for 9/11 had now done such an excellent job of connecting imaginary (or exaggerated) dots on Iraqi WMD that the entire community thought essentially the same thing. Now, not only was the IC sharing information, it was sharing an entire mindset, as well.


Following each of these failures, blue-ribbon panels investigated, reported, and suggested fixes to the perceived problems. Perhaps inevitably, the widely different problems spawned widely different recourses that are meant to be applied to the same analytical community. It is therefore essential to examine how both of these broad fixes - first, the increased collaboration among analysts and, second, the increased competition among them - apply to the analysis and production processes. What are the implications? Arguably the primary solution offered for the problem of collaboration was the establishment of the National Counter Terrorism Center (NCTC), the idea being that by placing analysts from the various agencies into a single organization, you therefore overcome the policy, technological, and cultural barriers that impede information sharing. (Information sharing here means not just the sharing of finished intelligence products, which is more a dissemination issue, but the sharing of more raw data among analysts prior to a product's creation). This in turn enables analysts (at least those found within the Center - an important caveat) to obtain all the requisite data they need in order to make informed assessments. In practice, however, this solution can engender problems of its own. Designed to ensure information flow into the center, less attention may be paid to ensuring the equally important subsequent information flow out of the center. This would seem to be the case for the NCTC. By establishing it at the level of the ODNI, it gains a broad level of authority, but simultaneously risks an inherent bias towards only providing intelligence to senior decision-makers. In this way, these centers run the very real risk of becoming a sort of information black hole. To do this ignores the fact that a significant consumer for all intelligence analysis is the IC itself, and that without this internal distribution of intelligence, true collaboration is not possible.

How then to spur the necessary analyst to analyst exchange of information and ideas? Currently within the IC is another model of interagency collaboration, that of embedding liaisons within sister agencies. To be effective, agencies must take care in whom they choose to represent their interests. Such a person must have sufficient authority and expertise within their parent agency in order to facilitate collaboration. Because they are often small in number, even in some cases alone, their individual personalities can be decisive in determining their effectiveness. As this practice applies to analytical exchange, these liaisons can be immensely valuable not just as conduits for intelligence (both finished products and unfinished data), but as matchmakers between analysts working similar issues. At one extreme, these analytical meetings of the mind can result in jointly produced, multi-agency products - a concrete example of collaboration. At the very least, these exchanges can aid an individual analyst's understanding of an issue. With our fragmented IC structure, there is naturally a surfeit of ‘seams’ between agencies. Centers span the existing seams, but as discrete entities themselves, they also create the potential for new ones. Effective liaisons represent a sort of glue that can bond the seams themselves.

Liaisons are not the only means by which analysts in one organization can know about colleagues with similar interests in another. Technology, in the form of the IC's secure Intranet known as ‘Intelink,’ also aids community self-awareness (Thomas, 1999). To the extent that authorship information is included with intelligence products posted online, analysts can readily contact those with relevant knowledge. Whether via email, telephone, or video teleconference, these issue-specific links can be thought of as virtual centers. Not needing alterations to existing bureaucratic structures, separate budgets, or additional physical space, these communities of interest are free to rapidly form, collaborate, expand, contract, and even dissolve. Aside from the suggestion of forming centers, it seems clear that a responsibility of those managing the analytical community is enabling this ephemeral sort of cooperation. However, not all issues are as transient. Another significant management question is deciding which issues are so permanent, so challenging, and so broadly applicable to multiple agencies, that they warrant ‘real’ centers (while remaining cognizant of the attending risks) and not just the ad hoc variety. (The recognition of this dilemma seems evident in the creation of the so-called ‘mission managers’ within the ODNI. These people can serve as leaders to communities of interest formed around certain enduring intelligence problems, such as Iran. In this, they would seem to represent an in-between solution somewhere on a spectrum between new organizations, like centers, and self-organizing ad hoc groups).


As mentioned, the failures in the Iraqi WMD case were largely attributed to the cognitive pitfall of groupthink. The Robb-Silberman Commission report made the suggestion, later legislated by the subsequent Intelligence Reform and Terrorism Prevention Act, of requiring the ODNI to conduct alternative analysis (Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, 2005). Given the loose confederation of intelligence agencies, analytical differences may be more common than not. Even in the Iraqi WMD case, there were examples of disagreement. One example was the Department of Energy's (DoE) assessment of Iraq's procurement of specialized aluminum tubes which held they were not intended for an enrichment program.

The question is how should the IC leadership handle such dissenting assessments? The mandate to produce alternative assessments would seem to offer an outlet for just that. Even if dissent does not arise as a matter of course, the use of ‘red teams’ to engage in devil's advocacy, intentionally trying to craft a competing assessment, would seem to guarantee that the IC comprehensively presents all sides of a given issue - but is this indeed the case, and if so, is that necessarily a good thing?

Ironically, one of the causal factors in skewing the pre-war intelligence was the creation of this sort of ‘red team,’ with a mission to challenge the IC's collective judgment - that of the Office of Special Plans (OSP) within the Office of the Secretary of Defense. Seen as an antidote to the IC's (particularly the CIA's) assumed, inherent analytical timidity, the OSP boldly sought alternative analysis and found it. By giving more credence to information that the mainstream IC considered questionable, this competitive analytical team indeed came to a stronger conclusion on the question of Iraq's WMD (Pollack, 2004). Far from ensuring a more thorough examination of all the relevant facts, this instance of competitive analysis enabled what critics deride as ‘cherry picking’ of intelligence to suit the administration's purposes.

In addition to this rather straightforward example, devil's advocacy can also lead to unintended consequences, which can solidify analysts' position on an issue rather than cause them helpfully to reevaluate it. As a recent article in the CIA's Studies in Intelligence points out, analysts can react to a red team analysis by becoming further wedded to their assessments, seeking to defend, rather than question, them. Additionally, assessments that undergo critical, competitive analysis can attain a certain unassailability through the impression that they have passed the test posed by analysis meant to upend them (Rieber and Neil Thomason, 2006). This impression is present whether or not that is in fact true. So is this the final verdict on competitive analysis? Perhaps not. Given certain standards, alternative analysis may be made more reliable. Additionally, this method may not be the only fruitful one in enhancing analytical rigor. Policy Recommendations for Analysis and Production What is needed is a concerted effort to conceive and evaluate potential antidotes to groupthink, implementing those that prove successful. The authors of the Studies in Intelligence article suggest that this be done in a ‘National Institute for Analytical Methods’ (Rieber and Neil Thomason, 2006), a sort of think-tank for thinking. Another idea that could also be brought to bear on this problem is the suggestion of creating a ‘National Intelligence University’ (Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, 2005), presumably with the intent of ensuring all IC analysts receive common training. Not only could this provide a baseline level of expertise, but also ensure a common set of analytical standards. The Robb-Silberman commission report, in particular, pointed out the fact that the IC did a poor job of adequately communicating levels of uncertainty in its prewar National Intelligence Estimate (NIE) on Iraqi WMD (Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, 2005). Indeed, it is an open question as to whether or how well the IC understood this uncertainty itself. It is these types of self-aware, self-critical practices that reformers intend to incubate in an intelligence institute or university.


The IC leadership, constituted by those professionals inside the community and those policy makers responsible for it, would do well to seriously consider these suggestions. Enhanced training, whether through an institute, university, or some combination thereof, also holds the promise of simultaneously enhancing collaboration and competitive analysis to good effect. Some commentators have suggested intelligence community reform that seeks to emulate the military reforms spurred by the Goldwater-Nichols Act of 1986, which enhanced cooperation among the armed services. A prescient recognition of that legislation was the culturally transformative effect of education. By creating or enhancing joint professional military education while at the same time creating opportunities and incentives for exchanging personnel, Goldwater-Nichols helped effect a profound cultural change on the US military. By following a similar path, professional intelligence education and personnel exchanges could transform cooperation from an interagency phenomenon to an interpersonal one. In fostering mutual knowledge of one another's areas of responsibility and expertise, mutual professional respect, and awareness of other agencies' missions, this education could go a long way toward establishing a ‘need to share’ culture. Challenges to Counter-Terrorism Intelligence Dissemination and Sharing for Homeland Security It is the last step of the intelligence cycle, dissemination, which most proponents of intelligence reform are referring to when they speak of ‘sharing.’ As mentioned earlier, the IC as it exists today was not cut out of whole cloth, but is the result of an evolutionary process where agencies sprouted and grew up to address either a specific collection discipline or a specific customer. While this dynamic explains the splintered structure of the intelligence community, there are other categories of barriers that impede the effective sharing between the splinters. As was the case with collection, barriers to effective sharing are also found in the realms of policy and technology. The Tyranny of Stovepipes: Structural Barriers Just as the fragmentation of the IC reflects the fragmentation of the government as a whole, so too do the effects of this fragmentation mirror and reinforce one another. The net effect is to hamper reform from any quarter, whether the bureaucracy, the executive, or the legislature. In her insightful article ‘September 11 and the Adaptation Failure of US Intelligence Agencies,’ Zegart illuminates the particularities of each to show how the institutions of government themselves stymie meaningful reform. First, the bureaucracies in question are torn among competing demands that do not often have coherent solutions. Additionally, the national security bureaucracies are in a particularly precarious situation due to the manifold agencies with overlapping areas of responsibility, thus constituting a zero-sum competition for influence and resources (Zegart, 2005). Such competition raises the potential cost of reform, thereby making it less likely. Although presidents have incentive to ensure a competent bureaucracy, public attention and support is often lacking in the absence of a problem. Presidents and members of Congress alike have a much greater incentive to focus their limited attention to policy areas that promise concrete achievements and immediate rewards for constituents, rather than expend political capital on issues sure to threaten entrenched interests (Zegart, 2005). When reform does threaten those interests, the fragmented policymaking structure of the government allows them multiple opportunities to prevent such reform. In the words of Philip Zelikow, the executive director of the 9/11 Commission, ‘the most powerful interest group in Washington is the status quo’ (Zegart, 2005).

The attacks of September 11, however, did focus public attention on the performance of the bureaucracy. Consequently, though there had been previous blue-ribbon panels investigating the intricacies of the IC, none has the weight of the 9/11 Commission. In its examination of the intelligence structure that it believes proved incapable of predicting or preventing the attacks, the 9/11


Commission pointed out numerous aspects of the IC's internal organization that contributed to the failures. This focus on what political scientists would term ‘endogenous order’ revealed particular shortcomings in the distribution of power within the IC (March and Olsen, 1984).

One aspect of the IC's internal distribution of power examined by the commission was its lack of centralization, which has a resultant impact on the budget process. The commission cited the fact that it was the Secretary of Defense, and not the Director of Central Intelligence (DCI), who ultimately maintained the ability to hire or fire the directors of several key intelligence agencies such as NSA, NGA, and DIA (National Commission on Terrorist Attacks Upon the United States). Additionally, the triune intelligence budget, with its separate accounts for the National Intelligence Program (NIP), Tactical Intelligence And Related Activities (TIARA), and Joint Military Intelligence Program (JMIP), was likewise largely in the hands of the defense secretary and only partly controlled by the DCI. This remained the case even after President Bush signed Executive Order 13355, substantially strengthening the DCI's influence, without altering budget authority (Executive Order 13355, 2004). With the passage of the Intelligence Reform and Terrorism Prevention Act in December 2004, titular responsibility for managing the IC passed to the new post of Director of National Intelligence (DNI). However, even today the DNI only maintains control of the NIP portion of the budget and has an ‘advice and consent’ role concerning the appointments of the directors of the NSA, NGA, and DIA (Public Law 108-458, ‘Intelligence Reform and Terrorism Prevention Act of 2004’).

One last structural manifestation of this lack of centralization is found in the realm of legislative oversight of intelligence. Particularly because of the split within the IC between civilian agencies and defense agencies, both houses of Congress have multiple committees to which the IC reports. Noting that this inhibits the effective oversight of the IC, the 9/11 Commission recommended Congress establish a Joint Intelligence Committee, much like the Joint Atomic Committee of the early Cold War years (National Commission on Terrorist Attacks Upon the United States). Paved with Good Intentions: Policy Barriers The reality that US intelligence agencies do not share information well should come as no surprise - it is both the direct and unintended consequence of policymaker action. Ironically, the problems that necessitate reforms today are themselves in part the result of previous reforms. Revelations in the early 1970's of the abuses committed by the US intelligence community, such as COINTELPRO, prompted public outrage and congressional investigations. The Church and Pike committees uncovered a pattern of abuses committed by the IC in the name of national security, particularly the illegal monitoring of dissidents. Congress passed the aforementioned Foreign Intelligence Surveillance Act in order to interject judicial oversight of intelligence collection)Morgan, 1980). One criterion used by the Foreign Intelligence Surveillance Court to review and approve applications for electronic surveillance was that intelligence officials had to certify that ‘the purpose of the surveillance was to obtain foreign intelligence information’ [italics added].

This straightforward requirement would, in its implementation, become the foundation of the so-called ‘wall’ between intelligence and law enforcement. In interpreting the act, lower federal courts construed the meaning of ‘purpose’ to mean primary purpose. This implied test assumed that intelligence collection for criminal prosecution was fundamentally incompatible with that collected for intelligence purposes. Given this interpretation, Justice Department policymakers further cleaved intelligence from law enforcement in its implementing directives, which had the effect of hermetically dividing agents investigating foreign intelligence threats from those conducting law enforcement (Seamon and Gardner, 2005).

Aside from these barriers, perhaps the most significant factor impeding the sharing of intelligence between various agencies, particularly those at the state and local levels of government, is security classification policy. These policies, and their resulting practices, hobble sharing in two ways: first, the over-classification of material prevents wide dissemination and second, the lack of provisions


for state and local officials to obtain security clearances prevents them from accessing information that is classified. Over-classification can be attributed to a particular institutional attribute of intelligence collection agencies - the primacy of protecting their intelligence sources and methods. Two techniques employed by collection agencies to accomplish this are compartmentalization and originator controls. The first keeps information ‘stovepiped’ within narrow channels, while the other requires that intelligence users obtain the approval of the originating organization before sharing the information further. The result is an intelligence community focused on keeping information under its control. It was this focus that the 9/11 Commission referred to when it wrote that ‘the culture of agencies feeling they own the information they gathered at taxpayer expense must be replaced by a culture in which the agencies instead feel they have a duty to the information - to repay the taxpayers' investment by making that information available’ (National Commission on Terrorist Attacks Upon the United States, 2005). Building a Tower of Babel: Technological Barriers Any policies intended to facilitate the sharing of intelligence are useless without the technical means to accomplish them. Until the mid-1990s, the methods of disseminating information reinforced the stovepipes of intelligence. Intelligence agencies produced paper copies of their own reports, which had to be conveyed physically to their end users. While this system was adequate for non-crisis situations, the 1991 Gulf War exposed its weaknesses. Intelligence intended for military units deployed to the theater had to compete for space on transports with other war materiel. In some cases, stateside intelligence agencies literally shipped pallets of paper copy intelligence half way around the globe. The IC clearly needed a better system, and the practice of storing intelligence on electronic media represented only an incremental improvement (Thomas, 1999). This description of the problems encountered by intelligence users in the military in 1991 is in many respects resonant with the experience of the homeland security community in 2001. Though by 2001 the technology existed, there was no network to exploit that technology. Redrawing the Org Chart: Structural Changes In examining some of the relevant structural changes made to the IC by recent reforms, two theoretical models are helpful. The first is a model of institutional learning, while the second describes informal institution change. In the institutional learning model, organizations ultimately redefine their conception of success by first altering their strategy or decision-making, then developing the requisite competencies to accomplish the new strategy. The resulting new concept of success alters the organization's motives and incentives, producing lasting change (March and Olsen, 1984). For changes to informal institutions, political scientists contend that there is a variety of sources. The two most applicable to intelligence reform are changes in the design or effectiveness of formal institutions, and changes in the distribution of power and resources. Of these, formal changes in institutional design typically have the fastest efficacy (Helmke and Steven Levitsky, 2004).

Bearing these in mind, we can now evaluate three examples of recent structural reform: the creation of the ODNI, the founding of the NCTC, and the proliferation of JTTF's. Recommended by the 9/11 Commission Report and formally established by the Intelligence Reform and Terrorism Prevention Act of 2004, the Office of the Director of National Intelligence is an example of both a formal institution change and a change in the distribution of power. As a new office with the express purpose of providing executive coordination of the IC, the ODNI is clearly a new institution. However, it is not unprecedented - many, if not most, of its functions were intended for the DCI by the National Security Act of 1947 (Zegart, 2005). As such, much of the DNI's authority came at the expense of the DCI, who lost his role as the titular head of the IC, but remained as simply one agency head among several (in recognition of this, the DCI is more and more referred to as the ‘DCIA’). An even more salient power distribution is the aforementioned relationship between the DNI and the Secretary of


Defense. Though the DNI does have influence over defense intelligence policy and funding, many argue that the balance of power is clearly in favor of the defense secretary who ultimately remains directly responsible for some of the jewels of the IC: the NGA, NSA and the National Reconnaissance Office (NRO). One other relevant power-sharing arrangement exists between the DNI and the Attorney General. To the extent that the FBI is both a law enforcement and an intelligence organization, it is similarly divided between the ODNI and the Department of Justice. For the FBI, however, an internal formal institutional change enabled more effective oversight by the ODNI - the establishment of the National Security Branch, which conglomerates the bureau's counter-terrorism, counter-intelligence, and intelligence directorates into a single administrative organization (White House, 2005).

One of the roles performed by the DNI is the head of the NCTC. Established by Executive Order 13354, the NCTC is responsible for being the single focal point for all IC counter-terrorism intelligence (except for that subset of terrorism which is purely domestic). Perhaps the most fundamental institutional change represented by the center is its authorization to collect and disseminate information from ‘any Federal, State, or local government, or other source’ [italics added] (Executive Order 13354, 2004). As predicted by the institutional learning model, this change in strategy is leading to new competencies in the sharing of information. To the extent that the participating organizations' measure of success is dependent on the success of the center, individual agencies' aspirations are evolving to include information sharing. The timeframe for this evolution is not instantaneous, however. As noted by a report by the National Academy of Public Administration, there are still foot draggers among the agencies, specifically the NSA, which the report identifies as not sharing adequately (National Academy of Public Administration, 2005).

While the NCTC is the central node for counter-terrorism information sharing, the JTTF's represent distributed nodes that specialize in the sharing of intelligence between levels of government. According to the FBI, which manages the program, there are currently 100 JTTF's throughout the nation, each with its own mix of federal, state, and local participants. A typical JTTF involves organizations as diverse as the FBI, Customs and Border Protection, Immigration and Customs Enforcement, Secret Service, State Department Diplomatic Security Service, State Police, and local police departments, and county sheriff offices (FBI Denver Field Office website, 2005). The geographic distribution of the JTTF's enables the FBI to act as a backbone for the sharing of intelligence information between widely separated jurisdictions - a police department in rural Ohio has a potential means of getting information from the NYPD. Though these represent a significant advancement, there is a danger that this particular manifestation of institutional learning will come to have unintended consequences. When considering that the FBI has recently established JTTF's in such locales as Helena, Montana; Bloomington, Indiana; and Lubbock, Texas, there seems to be a very real danger that the FBI's aspiration to prevent terrorism could overwhelm its responsibility for combating other forms of crime (FBI official website, 2005). While terrorism may not be the highest concern in Bloomington and Lubbock, policy makers must weigh whether the effort expended is commensurate with the threat. Rewriting the Rules of the Game: Policy Changes Some of the most promising changes to aid intelligence dissemination are those that reduce the ‘wall’ between law enforcement and intelligence, and those that reform security guidelines. In the first case, the USA PATRIOT Act is significant. Though it is in fact an amalgam of many different measures, one particular provision directly addresses the ‘wall.’ Along with redefining the FISA Act's ‘purpose’ test, the PATRIOT Act also explicitly authorizes cooperation between law enforcement and intelligence for specific circumstances related to terrorism or espionage (Seamon and William Gardner, 205). Such cooperation can even include coordinating the collection of intelligence prior to an attack occurring, thereby enabling the prevention of terrorism and not just its criminal prosecution.

Such sharing must still overcome the barriers erected by overzealous security classification. Recognizing this, the third part of a trifecta of executive orders signed on 27 August 2004, Executive


Order 13356, sets ambitious guidelines for the classification of intelligence. First, it mandates that collection agencies devise ways of protecting sources and methods that allow for lower levels of classification. Secondly, analysts must write intelligence reports in formats that allow for degrading classification - the so-called ‘write for release’ policy. One practice cited by the order is the use of ‘tear lines,’ which refer to multiple versions of the same information, each having less specific details, which allow the watered-down versions to be released more widely. Two other mandates of the order require the IC to minimize use of compartmentalization schemes that serve to ‘stovepipe’ information in narrow channels and the use of originator controls. Lastly, though it does not specify how, EO 13356 enjoins the management of the IC to create incentives for intelligence sharing (Executive Order 13356,2005).

In addition to tackling the classification of information, new policies are attempting to widen the audience by allowing more officials to have access. Following 9/11, and to enhance the effectiveness of the JTTF's, the FBI established the State and Local Law Enforcement Executives and Elected Officials Security Clearance Initiative, which provides such officials with the opportunity to be cleared for intelligence up to the Top Secret level. This affords the advantage that even if particular intelligence cannot be downgraded or watered-down, an official with need-to-know can indeed know. In addition to the involvement of the FBI within the Department of Justice, Executive Order 13311 delegates authority to the Secretary of Homeland Security actually to determine state and local clearance eligibility (Executive Order 13311, 2003). In this implementation, a process intended to aid access sadly contributes to crossed lines of authority and bureaucratic confusion. Can You Hear Me Now? Technological Changes The current information revolution affects the IC as much as it has affected every other collective human endeavor. Though it predates 9/11 by seven years, the DoD-created Intelink is relevant to this discussion for two reasons: first, as the earliest example of a government secure network for the purpose of disseminating intelligence, it is a model for all subsequent networks, and secondly, the network architecture is now being used by new users, particularly in law enforcement. Conceived as a secure Intranet for the IC, Intelink has grown to include multi-level networks at both the Secret and Top Secret levels. Under the mantra ‘closed system, open architecture,’ Intelink has evolved over time to include promising collaborative and search tools adopted from the worldwide web. Today, when an analyst on Intelink wants to find information on a particular topic, a simple Google search is often the first stop, just as it is for millions of Internet users (Dizard, 2005). However, no search engine, no matter how effective, can make up for a lack of information. One criticism of Intelink is that it does not always have all relevant information held by intelligence agencies. A reason for this is agencies' incentive to maximize its opportunity for ‘face time’ with policymakers. If agencies post essential information for anyone with access to see, such face time is reduced. There is therefore a reluctance on the part of some agencies fully to support Intelink (Titelbaum, 2005).

The FBI is one of the newest agencies to join Intelink, both at the Secret and Top Secret level (Bidd, 2005). However, security requirements prevent state and local agencies from similarly adopting Intelink. To fill this need, both the FBI and the Department of Homeland Security (DHS) are creating additional networks. The first, the Homeland Security Information Network, or HSIN, will connect all 50 states and US territories at the Secret level (Department of Homeland Security fact sheet, 2005). For strictly law enforcement users, the FBI created Law Enforcement Online (LEO), which is likewise a secure network linking 40,000 users among federal, state, and local agencies. This proliferation of networks, all intended to link disparate agencies, points out the systemic challenge of linking those networks. Today, the state of the art often consists of having multiple, separate connections, leaving the network integration to the ‘wetware’ between analysts' ears.


Policy Recommendations for Dissemination and Sharing Any reforms must contend with the fundamental characteristics of American government, particularly its fragmentation. As such, efforts to centralize the American government's intelligence agencies can only achieve limited success. In accepting this limitation, reformers must therefore focus efforts on measures to enhance the practice of intelligence dissemination, rather than seeking some sort of fundamental redesign of the community as a whole. Recent developments, such as the establishment of the ODNI, are an example of measures that facilitate cooperation through providing a framework that connects the disparate elements of the community. However, this reform is still something of a half-measure. Though the DoD, as perhaps the largest intelligence consumer, requires intelligence resources of its own, national agencies with broad applicability to the entire IC and responsibility for major collection INTs, such as the NGA and NSA, would more logically be placed wholly under the purview of the ODNI. No procedural change can obviate the need for this structural one. The intelligence reform does not require further major structural changes. The organization chart designers have contributed all they can.

An easier, and oftentimes even more promising category of reforms, though, are those which reflect the notion of fundamental, formal institutional change. In this category, the procedural changes that alter the relationship of intelligence and law enforcement, of the military and civilian sides of the IC, and fundamentally alter the handling of intelligence are the model for effective reform. As these do not threaten the existence of agencies or well-established lines of authority among agencies, and between the bureaucracy and the executive and legislative branches, these reforms are arguably the easiest to implement and represent a fruitful frontier of further progress. Conclusion - and a Warning In essence, the intelligence reform, especially since 9/11, has been focused too much on the reform of structures and too little on the alteration of processes. Rather than belabor the arrangement of the boxes and lines on organization charts, I chose to examine intelligence reform from the perspective of process, namely, the doctrinal intelligence ‘cycle’ consisting of planning/direction, collection, processing/exploitation, analysis/production, and dissemination. In so doing, many of the problems identified are systemic, meaning they are broadly applicable to all intelligence agencies engaged in a certain process, regardless of organization, intelligence discipline (INT), or even focus area. Therefore, the solutions to these national-level problems must likewise be systemic and broadly applicable to all agencies, disciplines, and focus areas. The question then becomes, how best to do this? The optimum strategy is to start from scratch and design totally new intelligence structures to mirror the process. However, we do not have a blank slate with which to work, so the best opportunity for effective reform lies with the newly created ODNI - ODNI meaning the office not just the individual director or DNI.

Organizing the ODNI to mirror the process of intelligence, thereby bridging the disparate agencies and ‘stovepipes’ into a more cohesive whole, is at least partially reflected in the current organization of the ODNI. The oddly-named ‘Deputy Director of National Intelligence (DDNI) for Customer Outcomes’ seems to be the branch concerned with obtaining user requirements, though it is not clear whether or how this body coordinates or tasks for their satisfaction. The more conventionally named ‘DDNI for Analysis’ and ‘DDNI for Collection’ also reflect a process orientation. Though a DDNI for dissemination seems to be lacking, the DNI’s Program Manager for Information Sharing Environment (ISE) fulfills the function. Another requirement spawned by the Intelligence Reform and Terrorism Prevention Act which created the ODNI, the ISE is defined as ‘the combination of policies, procedures, and technologies linking the resources (people, systems, databases, and information) of Federal, State, local, and tribal entities and the private sector to facilitate terrorism information sharing, access, and collaboration among users to combat terrorism more effectively’ (DNI Program Manager Information Sharing Environment official website, 2006). Whether this person's status as a ‘program manager’ vice ‘DDNI’ is material or not remains to be seen.


More than its value as a suggested template for organization, the real contribution of the process view of intelligence lies in the systemic insights it affords. With benefit of the process perspective, the ODNI could fulfill the vital function of enabling those all-important activities at the national level through policy guidance, national-level coordination, and advocacy for the IC as a whole. All issues cited in this paper result in whole or in part from a deficit of this direction. This trinity of functions - guidance, coordination, and advocacy - has been notably lacking at the community-wide level in all previous efforts at intelligence reform in the US, even those which reflected the contours of the intelligence cycle.

The most recent example was the ‘community management staff’ within the Office of the Director of Central Intelligence (ODCI). Founded in the post-Cold War interregnum, this staff had positions for heads of collection, analysis, and administration. In these rough outlines, it is indistinguishable in form from the current arrangement of the ODNI. The reasons for the earlier incarnation's failure are thus very instructive. Foremost among these was its utter lack of authority to affect the order it sought to impose. As previously mentioned, though the DCI was the titular head of the IC, the real levers of authority - the ability to control hiring/firing and budgets - were outside his grasp. Inevitably, the community management staff experiment was doomed to fail (Kaplan, 2004).

This mandate-without-authority arrangement is not new in the intelligence community, rather, it has been a constant feature since at least the National Security Act of 1947 which established a DCI to be the functional head of the IC without the concomitant power (especially relative to the military) to effectively fulfill that role. This failure is a major reason why at least one present-day commentator regards the CIA as ‘flawed by design.’ Inexorably, this flaw led the CIA to transform from erstwhile manager to just another producer. As the vicious circle tightened, this management failure led to the creation of competing agencies to fulfill functions the CIA was incapable of performing (Zegart, 1999). The lack of unifying guidance, coordination, and advocacy had thus birthed the current confederation of agencies - a ‘community’ in name only. Today, the ODNI's disadvantages versus the DoD and its nascent steps towards being a producer of intelligence, such as assuming responsibility for the President's Daily Brief, seem to echo this descent. Our government's success in stepping back from these errors will determine whether or not past is indeed prologue and the Intelligence Reform and Terrorism Prevention Act of 2004 will simply prove to be the 1947 National Security Act redact.

Viewing the conclusions of this paper's examination of the intelligence cycle, it is clear that true reform lies in processes, and not just organization. Unless and until the ODNI has the mandate and authority to address the activities of the IC, it will remain only another bureaucracy among many. Particularly concerning homeland security, the United States intelligence ‘community’ is neither monolith nor machine, but symphony. The success or failure of the current spate of intelligence community reforms will hinge upon the answer to this question - will its appointed director become the conductor or just another first chair violin?


References [1] Bald, Gary M., Executive Assistant Director, National Security Branch, FBI, testimony before

the United States Senate Committee on the Judiciary, September 21, 2005, http://www.fbi.gov/congress/congress05/bald092105.htm (accessed September 22, 2005).

[2] Blackwill, Robert D. and Davis, Jack. ‘A Policymaker's Perspective on Intelligence Analysis.’ In Strategic Intelligence: Windows Into a Secret World, ed. Loch K. Johnson and James J. Wirtz, 120. Los Angeles, CA: Roxbury, 2004.

[3] Central Intelligence Agency Fact sheet, ‘Creation of the National HUMINT Manager,’ October 13, 2005. http://www.cia.gov/cia/public_affairs/press_release/2005/fs10132005.html (accessed October 14, 2005).

[4] Department of Homeland Security fact sheet, ‘Homeland Security Information Network,’ http://www.dhs.gov/dhspublic (accessed June 18, 2005).

[5] Dizard, Wilson P. ‘Intelligence Networks Go for Google,’ Government Computer News online, http://www.gcn.com/vol1_no1/daily-updates/24358-1.html (accessed November 16, 2005).

[6] DNI Program Manager Information Sharing Environment official website, http://www.ise.gov/ (accessed June 14, 2006).

[7] Executive Order 12333, ‘United States Intelligence Activities,’ December 4, 1981. [8] —— 13311, ‘Homeland Security Information Sharing,’ July 29, 2003. [9] —— 13354, ‘National Counterterrorism Center,’ August 27, 2004. [10] —— 13355, ‘Management of the Intelligence Community,’ August 27, 2004. [11] —— 13356, ‘Strengthening Terrorism Information Sharing,’ August 27, 2004. [12] FBI Denver Field Office website, http://denver.fbi.gov/inteterr.htm (accessed October 25,

2005). [13] FBI Official Website, http://www.fbi.gov/ (accessed October 25, 2005). [14] —— http://www.fbi.gov/intelligence/process.htm (accessed October 25, 2005). [15] Foreign Intelligence Surveillance Act of 1978, 50 U.S.C. Chapter 36

http://www.law.cornell.edu/uscode/html/uscode50/usc_sup_01_50_10_36.html (accessed November 11, 2005).

[16] Gardner, William and Seamon, Richard, ‘The PATRIOT Act and the Wall Between Foreign Intelligence and Law Enforcement,’ Harvard Journal of Law & Public Policy Vol. 28, Issue 2 (Spring 2005).

[17] Griset, Pamela L. and Mahan, Sue. Terrorism in Perspective. Thousand Oaks, CA: Sage Publications, Inc., 2003.

[18] Helmke, Gretchen and Levitsky, Steven, ‘Informal Institutions and Comparative litics: A Research Agenda,’ Perspectives on Politics Vol. 2, No. 4 (Dec. 2004).

[19] Heuer, Richards. (1999). Psychology of Intelligence Analysis. Washington, DC: CIA Center for the Study of Intelligence.

[20] Kaplan, David E., with Whitelaw, Kevin and Ekman, Monica M. ‘Mission Impossible.’ US News & World Report, Vol. 137, No. 3 (2004).

[21] Kerbel, Josh. ‘Thinking Straight: Cognitive Bias in the US Debate about China.’ Studies in Intelligence Vol. 48, No. 3 (2004), http://www.cia.gov/csi/studies/vol48no3/article03.html (accessed May 28, 2006).

[22] Klaidman, Daniel and Isikoff, Michael. ‘Lost in Translation.’ Newsweek, October 27, 2003. [23] Koops, Bert-Jaap. The Crypto Controversy. The Hague: Kluwer Law International, 1999. [24] Long, Austin and Rovner, Joshua. ‘How Intelligent is Intelligence Reform?’ International

Security Vol. 30, No. 4 (Spring 2006): 200-201. [25] Lowenthal, Mark M. ‘Intelligence Analysis: Management and Transformation Issues.’ In

Transforming U.S. Intelligence, ed. Jennifer E. Sims and Burton Gerber, 220. Washington, DC: Georgetown University Press, 2005.

[26] ——Intelligence From Secrets to Policy, Third Ed. Washington, DC: CQ Press, 2006.


[27] March, James G. and Olsen, Johan P., ‘The New Institutionalism: Organizational Factors in Political Life,’ The American Political Science Review Vol. 78, No. 3 (Sep. 1984): 744.

[28] McConnell, Michael, ‘Overhauling Intelligence.’ Foreign Affairs July/ August 2007. [29] Morgan, Richard E. Domestic Intelligence. Austin, TX: University of Texas Press, 1980. [30] National Commission on Terrorist Attacks Upon the United States, The 9/11 Commission

Report. Washington, DC: Government Printing Office, 2004. [31] National Academy of Public Administration, Transforming the FBI: Progress and Challenges.

(Washington, DC: NAPA, 2005. [32] National Security Agency official website, http://www.nsa.gov/sigint/index.cfm (accessed

November 11, 2005). [33] NATO Open Source Intelligence Handbook. Norfolk, VA: SACLANT Intelligence Branch,

November, 2001. [34] Office of the Director of National Intelligence News Release, ‘ODNI Announces Establishment

of Open Source Center’, http://www.ODNI.gov/release_letter_110805.html (accessed November 9, 2005).

[35] Pollack, Kenneth M. ‘Spies, Lies and Weapons: What Went Wrong,’ The Atlantic Monthly, January/February 2004, 88-89.

[36] Public Law 108-458, ‘Intelligence Reform and Terrorism Prevention Act of 2004’, December 17, 2004.

[37] Report of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. Washington, DC: Government Printing Office, 2005.

[38] Rieber, Steven and Thomason, Neil. ‘Creation of a National Institute for Analytic Methods,’ StudiesinIntelligence,Vol.49,No.4(2005),http://www.cia.gov/csi/studies/vol49no4/Analytic_Methods_7.htm (accessed May 28, 2006).

[39] RSA Laboratories Website, http://www.rsasecurity.com/rsalabs/node.asp?id=2349 (accessed November 13, 2005).

[40] Thomas, Frederick M. Top Secret Intranet: How US Intelligence Built Intelink. Upper Saddle River, NJ: Prentice Hall, 1999.

[41] Titelbaum, Lorne. The Impact of the Information Revolution on Policymakers' Use of Intelligence Analysis. Santa Monica, CA: RAND, 2005.

[42] United States House of Representatives, 109th Congress, 1st Session. House Resolution 2293. May 11, 2005.

[43] United States Intelligence Community Official website, http://www.intelligence.gov/2-business.shtml (accessed October 25, 2005).

[44] White House official website, ‘Bush Administration Implements WMD Commission Recommendations,’ http://www.whitehouse.gov/news/releases/2005/06/20050629-2.html (accessed November 18, 2005).

[45] Wikipedia.Online.Encyclopedia..Export.of.Cryptography’,http://en.wikipedia.org/wiki/Export_of_cryptography (accessed November 13, 2005).

[46] Zegart, Amy B. Flawed By Design: The Evolution of the CIA, JCS, and NSC. Palo Alto, CA: Stanford University Press, 1999, 188-192.

[47] —— ‘September 11th and the Adaptation Failure of US Intelligence Agencies,’ International Security Vol. 29, No. 4 (Spring 2005).

Documents

Applying the Intelligence Cycle Model to Counterterrorism Intelligence for Homeland Security