The Information War

Wednesday, April 30, 2003

When Al Qaeda terrorists attacked New York and Washington in September 2001, the U.S. intelligence community was in the midst of a major study of its organization and operations. George W. Bush, who had taken office just a few months before, had ordered the review. According to press reports, this review was developing proposals for a reorganization of the intelligence community. It was effectively cut short when the administration and the intelligence community both turned their attention to the war against terrorism.

It may be just as well that these proposals for reform were deferred. September 11 suggests that, unless we develop new ideas about how intelligence organizations are supposed to work, we will likely see additional intelligence failures. Indeed, abandoning many traditional ideas will be as important as formulating and adopting new ones.

The Nature of New Threats

One factor that is presenting new requirements for intelligence organization is the changing nature of the threats we face. During the Cold War, U.S. intelligence focused on a single threat that was all-important to national security officials, namely, the Soviet Union. Because the Soviet Union changed incrementally, intelligence questions usually involved issues with two or three decades of history behind them.

For example, the intelligence community continually analyzed Soviet strategic forces. The details of the analysis might vary, but the basic issues were the same: How many missiles and bombers do the Soviets have, and what are their destructive capabilities?

Because the questions were evolutionary, the intelligence community could change incrementally, too. Most new threats, on the other hand, are much more dynamic. Terrorism is currently the most pressing threat, but it is just one example. There are other geopolitical forces that could also threaten the United States and its allies, and these could be equally dynamic. Examples include

• Ethnic conflict. The conflict in the Balkans (a clash of Catholic, Orthodox, and Muslim civilizations), which preoccupied the attention of U.S. leaders from the early 1990s to the end of the war in Kosovo, is a case in point.
• Religious conflict. In addition to the now-familiar Islamic militant groups, other religious nationalists will likely have significant effects on regional affairs (e.g., Hindus in India, Jewish fundamentalists in Israel).
• Economic conflict. Originally pundits warned about the rise of competitive economies in Asia during the 1980s; now they are concerned about economic woes in Latin America, stagnation in Japan, and the continuing failure of economies in Africa.
• Regional conflict. In several locales competition between and among countries such as China, India, Pakistan, Iraq, and Iran have threatened political stability and peace.
• Transnational threats. In addition to terrorist groups, international criminal organizations, narco-traffickers such as FARC in Colombia, rogue international financial institutions such as BCCI, militant environmentalists, and anti-growth organizations threaten violence and political disorder.

In short, there are a greater number and variety of targets for intelligence to watch. Threats can appear and mutate much more quickly today. Many organizations have networked, decentralized structures that make them hard for U.S. intelligence to track.

Al Qaeda is a prime example. The organization’s assets were scattered in banking accounts around the world. Its members were scattered in numerous loosely linked cells. The network could operate independent of a fixed infrastructure because members often used satellite telephones and the Internet to communicate with one another. In the future this kind of structure will be the norm, not the exception.

Moreover, many of these actors can generate military power quickly. The ingredients for some weapons of mass destruction (e.g., chemical and biological weapons) are widely available. During the Cold War, a new ICBM might require four or five years from the time analysts first detected a new weapon to the time the weapon was operational. Today, a reasonably advanced country—or nonstate actor—could develop a chemical or biological weapon in months.

When actors can organize so quickly and the means of destruction are so readily available, threats can emerge literally overnight. Each of these threats may require a different set of assets for collection and analysis; thus intelligence organizations must be more agile. That is, they need to be able to draw on new talent and reallocate resources as threats change.

The Information Revolution and Intelligence

A second factor that will shape intelligence is at least as important as the first: the information revolution. This “revolution” refers not just to the rapid advancements under way in information technology but also to the changing ways people use information.

The basic technology trends behind the current information revolution are growing capabilities, falling costs, and greater connectivity. It is impossible to overstate the improvements that have occurred in information technology during the last third of the twentieth century. Yet it is not just that the best computers are getting better. As information technology filters down to lower strata of organizations and the economy, what was previously available only to the few and the well funded is now available to all.

For example, 15 years ago computers with the capability to process and manipulate satellite imagery were scarce and expensive. As a result, there were only a few facilities where one could analyze this imagery. Today, such computers are so inexpensive that, in principle, almost any analyst can have one. In many other instances, such information technology has become commonplace.

The growth of communication and networking capabilities is following a similar pattern. Despite the telecom meltdown of 2000, the volume of interstate telephone calls has increased threefold since 1984 (the breakup of the Bell System) and the cost of the average interstate telephone call has dropped by about 60 percent.

Yet an even more interesting trend is the growth of opportunities to form information networks. As Robert Metcalfe, the inventor of Ethernet and the founder of 3Com Corporation, once pointed out, the power of a network grows exponentially with the number of members who link into it. As each new member joins a network, an exponentially increasing number of potential combinations of information contributors and recipients can put the information to use.

This principle—Metcalfe’s Law—explains much of the impact of the Internet and other networks on both scholarly research and the economy. But an important qualification to keep in mind when applying it to intelligence is that Metcalfe’s Law assumes an open architecture in which any connection between a listener and contributor is possible. This, of course, is the antithesis of the intelligence tradition of compartmentation, isolation, and “need to know.”

One should not be surprised that the intelligence community and key parts of the information revolution are antithetical. When current intelligence organizations were established—and, with them, the basic organizational framework for the agencies and departments that remain with us today—information and information technology were scarce and expensive. Today they are plentiful and cheap.

There are also less tangible, but no less real, social effects at work. The information revolution is changing how society and individuals plan, use, and interact with information. People have come to expect information on demand and often prefer to be in direct contact with whatever sensor or human reporter is collecting information for them. This, too, is anathema to traditional intelligence operations, which kept users at arm’s length.

Traditional Approaches to Planning Intelligence

Today’s process for planning intelligence is slow, centralized, and bureaucratic. Ironically, most intelligence reform in the recent past has accelerated the trend toward centralization; some joke that, since the collapse of the Soviet Union, the U.S. intelligence community is the second-largest centrally planned economy in the world—led only by the Department of Defense. And we all know what happened to the Soviet economy.

Intelligence planning, then, needs to become less rigidly centralized. Technology and threats change too quickly for even the most dedicated and determined officials to keep pace, and centralization, instead of improving efficiency, becomes a choke point.

Ideally, intelligence planners would delegate planning and spending authority to the most appropriate level and give intelligence users a direct say in planning. They would allow intelligence users to tailor intelligence systems to their own needs. They would be able to use private-sector expertise and investment more easily and effectively. And decentralization would encourage competition—in effect, an artificial market—among government organizations in those cases in which only the government can provide a technology or a service.

One way to allow intelligence planning to gravitate to its most efficient level would be to shift some of the money currently given to central intelligence planners directly to intelligence users, either by reallocating actual funds or in the form of vouchers.

Consider satellite imagery again, for example. If an organization had the required cash or a voucher, it might decide to buy its own satellite. Such a satellite would likely be less capable than current satellites, but the organization would enjoy the advantage of having a dedicated system tailored to its specific needs. Many agencies—especially those that believe they do not currently receive adequate support—would likely prefer such an arrangement.

Alternatively, the organization could return its voucher to the National Reconnaissance Office (the agency currently responsible for most imaging satellites) and contribute to the cost of centrally planned, centrally operated systems. Or the organization could buy commercial satellite imagery if it were adequate for its needs.

The most important role for the Director of Central Intelligence (DCI) in these matters would be to impose standards for interoperability and facilitating—not forcing—clusters of agencies to work together. For example, two military commanders’ requirements might complement each other, and if they were on opposite sides of the world, both could share the use of the satellites with little interference.

Most of the time, however, intelligence officials would let the market work to decide what the overall mix of satellites would look like. No one could predict what the resulting constellation might be or, for that matter, where the decisions would be made—just as no one can predict what the final distribution of goods in a market economy might be. But a constellation designed by such an invisible hand could provide an overall level of capability and reliability better than that of a centrally planned architecture.

The same approach could also be used in other forms of intelligence. For example, intelligence consumers frequently complain that they are not satisfied with the kind or amount of human-source intelligence (HUMINT) they get. One solution would be to transfer some funding for HUMINT to intelligence consumers (or other agencies that collect intelligence but rely on access by human agents) themselves.

One would likely not want to decentralize all intelligence planning and spending. It usually helps to have an official with a bird’s-eye view of requirements and the money to fund programs that no single agency has the incentive or wherewithal to support. This is especially true for requirements or opportunities that lie in the distant future. The DCI could use a reserve of discretionary funds to support programs that he thought were important but seemed apt to fall between the cracks.

The other crucial role for the DCI in making intelligence organizations more agile is to ensure that intelligence personnel and organizations can exchange information easily. This is partly a matter of building information systems with compatible technical standards, but, even more, it is a matter of managing security better.

If the process of “reading in” people—that is, giving them access to information—is cumbersome, it is hard to reallocate them to new assignments. If organizational boundaries arbitrarily define who has access to information, agencies are unable to work together.

Striking the right balance between security and openness—that is, risk management—is vital. The DCI holds much of the statutory authority for protecting intelligence sources and methods; so ultimately whether security impedes the ability of intelligence organizations to do their work and provide their products to their customers is his responsibility.

Traditional Approaches to Producing Intelligence

A parallel situation exists with respect to the intelligence community’s current production process. This intelligence community operates like a classic bureaucracy in two specific features of the intelligence process as it is traditionally understood: the intelligence cycle and the coordination process.

The intelligence cycle assumes that intelligence is produced through five steps: (1) Consumers make known their needs for information to intelligence managers. (2) Intelligence managers develop a list of “validated requirements” on respective organizations responsible for collection. (3) The collected information is processed and analyzed. (4) The community coordinates the analyses of various analysts into a consistent product. (5) The finished product is delivered to the intelligence consumer.

The intelligence cycle reflects the best thinking of how an information service should work in the late 1940s and 1950s, when current intelligence organizations were first being established. It has been a durable concept and pervades our thinking about intelligence. For example, publications offered by the intelligence community still frequently refer to the intelligence cycle.

Admittedly, the intelligence cycle and coordination process are both idealizations of procedures that are subtler and more complex in practice. But that is exactly the problem. An idealization is supposed to be an aim point, or what the process should look like if everything went as planned. How can we expect intelligence to be effective if we teach intelligence officers to learn one set of tradecraft principles but expect them to abandon those principles when it really matters?

Today, even if the traditional intelligence process worked as planned, it would probably not provide the kind of modern information that consumers want. It is ill suited for today’s world, where intelligence users are highly varied and conditions are often changing. No static organization or standardized production process could succeed in such a situation.

Writers who have described the intelligence cycle in recent years almost always note that it breaks down in crises or other special situations. Thus when a really important issue comes along, intelligence officials do not allow themselves to be constrained by a formal organization table. Instead, they establish ad hoc task forces and bring together the analysts and collectors needed to address a specific issue.

The intelligence community’s response to the September 11 attack was a case in point. But this raises the question, Why can’t the intelligence community provide this kind of support routinely and for all consumers?

In fact, it can. Part of the solution is information technology. But technology alone cannot guarantee that an organization develops an information-age operation. The intelligence traditions of hierarchy, compartmentation, and isolating consumers from producers are currently limiting the effectiveness of this technology.

The New Intelligence Model

Such a decentralized, fluid model for intelligence flouts convention. The new model is not without risks, and one ought to be careful when multimillion- dollar systems are at stake—as well as the nation’s security.

Nevertheless, the inability of the U.S. intelligence to respond effectively to the threat presented by Al Qaeda in the months leading up to September 11 demonstrated that business as usual is no longer enough. Stronger action is essential.

Congressional investigators who analyzed the September 11 intelligence failure during the summer of 2002 observed that, although many officials were aware of the threat of Al Qaeda and the DCI had instructed the intelligence community to follow the group more closely, intelligence organizations did not respond effectively.

Some critics believe that this was because the Director of Central Intelligence lacks effective authority. Yet the investigators reported that even within the CIA itself—which the DCI controls in toto—offices were slow to reallocate people to the emerging threat. This suggests that it is not a lack of authority or culture that is the problem.

Rather, it is more likely that the lack of agility is because of ineffective management procedures, combined with excessive security barriers between agencies—not because of how boxes are arranged on an organization chart or a lack of formal authorities. Without such a rethinking of these issues, failures of similar scale and cost to those we witnessed on September 11 may be inevitable.