Spying in the Post–September 11 World

Thursday, October 30, 2003

Forty years ago Roberta Wohlstetter wrote the definitive analysis of the 1941 Japanese attack on Pearl Harbor—until recently the nation’s most costly intelligence failure. The problem, she said, was “signal-to-noise” ratio. Various government agencies had information warning of the Japanese attack on the U.S. naval base, but that information got lost in day-to-day events.

This problem of signal-to-noise ratio is so fundamental in the intelligence business that today, if one refers to the “Roberta Wohlstetter problem,” almost everyone knows exactly what you are talking about. Indeed, it was one reason that the Central Intelligence Agency was created after World War II. The idea was like aiming an antenna and tuning in to a particular radio station. By collecting as much data as possible and centralizing all of it in a single place, analysts would be able to separate the warnings from background noise.

During the Cold War the focus of U.S. intelligence was the Soviet Union rather than imperial Japan, but U.S. leaders believed the Soviets presented a similar problem: surprise attack. The solution was the same, too: focus intently on the target, centralize data collection, and wait for the sign of an imminent strike. Because Soviet military forces practiced attacking the West in frequent exercises, American intelligence officials believed they knew what to look for and where.

Some people have likened the failure of U.S. intelligence to anticipate the September 11 terrorist attacks to the Pearl Harbor intelligence failure and have proposed a similar solution. For example, the White House has created a Terrorist Threat Integration Center to concentrate all relevant information about terrorism into a single place. The joint inquiry into the September 11 terrorist attacks, sponsored by the House and Senate intelligence committees, proposed creating a “director of national intelligence,” with authority over all U.S. intelligence efforts.

Yet a closer look suggests that these efforts are—however well intended—misguided, mainly because the September 11 intelligence failure was really a new problem, reflecting the emergence of a new kind of threat. Solving this new problem requires a new kind of solution. Most of the proposals offered so far would not provide this new solution and likely would not have prevented the September 11 intelligence failure.

This becomes clear when one considers some of the specific findings of the joint inquiry, which was completed in December 2002 and, after an extended negotiation between Congress and the executive branch, released in declassified form in July 2003:

• The director of central intelligence “declared war” on Al Qaeda in a memo issued after the October 1998 bombings of U.S. embassies in Kenya and Tanzania. He said that “no resources are to be spared.” Yet many top CIA officials now report that they never heard of such a memo until after the September 11 attacks. Few, if any, analysts were shifted from their existing duties to assist in the “war.”

• Although the CIA was to have moved to a wartime footing, in most cases it was business as usual at the agency; for example, no one changed security rules so that various organizations (e.g., analysts tracking financial networks) that might have had information about Al Qaeda could pitch in.

• Organizations remained tightly compartmented. For example, the director of the Counterterrorist Center (CTC) actually turned down offers from other agencies to help track Al Qaeda, claiming that they might compromise sources—even though one of the offers came from the Defense Intelligence Agency, where analysts have essentially the same clearances as their CIA counterparts. The CTC also turned down a similar offer from the Federal Aviation Administration, which had most of the nation’s expertise on airline security.

• On the collection front, it was also business as usual. The CIA’s Directorate of Operations did not change its criteria for recruiting human sources. No one resolved disagreements between CIA and NSA offices over who had authority to collect certain data.

True, some money was shifted to counterterrorism in 1999 and 2000, and the CIA did create a team to track bin Laden. But in broad terms, this effort was underwhelming. After September 11 the CIA moved more than 400 people to the CTC. And that’s the point—should it require a major terrorist attack on New York and Washington to trigger the CIA to take action?

One often hears that the director of central intelligence does not have enough authority because so much of the U.S. intelligence budget is in the Department of Defense and so many agencies are staffed by personnel from that department or other agencies. But the director of central intelligence controls the CIA completely, and, according to the Joint Inquiry, even the CIA did not respond to the “declaration of war.” What’s going on here?

The Need for Organizational Agility

Threats such as Al Qaeda—and rogue states that use terrorist tactics—present a new problem for intelligence organizations, as do narco-traffickers and states that use covert networks to develop weapons of mass destruction.

The old Soviet threat changed incrementally, came from a known geographic location, and was most likely to follow a well-understood attack plan. To contend with that threat, various analysts were assigned to monitor targets (weapons plants, missile sites, army bases, the Kremlin) in the Soviet bloc. The targets did not change much, and neither did the job of analysis—nor, for that matter, did the analysts. Experience helped—indeed, was a key factor in success.

An analyst could spend an entire career tracking a single target—say, Soviet intercontinental ballistic missiles (ICBMs). Collection requirements did not change much, and when they did, they changed incrementally. For example, most of our intelligence on Soviet ICBMs came from satellite imagery of Soviet missile plants and launch sites and from signals intelligence. Throughout the Cold War, U.S. intelligence improved its imagery satellites to collect better data. In the 1960s and 1970s we used ground stations in Iran to intercept telemetry from missile tests; after the shah fell in 1979, we began to rely more on intercepts from satellites to collect the same signals.

In this environment, secrecy was almost always a friend of the intelligence planner. There were just a few collection assets, and most were highly specialized and often incredibly sensitive. If the Soviets knew what we were watching or listening to, it was easy for them to take countermeasures. So tight compartmentation made sense, and because, as we have seen, the analysts who followed the Soviet threat did not change much, it did not matter if this secrecy limited the analysts who could work on a problem to a small number with a “need to know.”

The result, though, was what have come to be called “organizational stovepipes”: a tightly compartmented flow of information from the target, through the collection process, through the analyst, to the consumer. Not much information got out of the channel, and not much outside information (or scrutiny) could get in. And since the collection systems and analysts all remained static, the stovepipes could remain unchanged for decades.

No one planned to create these stovepipes, but that was the result. And since the mission did not change much, there was no need to change the organizational arrangements—or security rules. In fact, these stovepipes were the intelligence community’s solution to the Roberta Wohlstetter problem—focus on the target.

The problem is that today’s terrorist organizations (and states’ using terrorist methods) can attack from many directions, disperse their assets worldwide, and use a variety of unconventional tactics to both evade U.S. intelligence and attack us. To detect these new threats, one must collect information from a variety of sources that are likely to vary over time. To analyze these data, one must share the available facts with as many experts as possible and hope someone sees the pattern—“connects the dots,” to use the recent parlance. Also, because it is impossible to look everywhere at once and maintain a high level of alert indefinitely, intelligence organizations today must be able to respond more effectively to strategic warnings. When the first signs of a threat are detected, intelligence organizations must “surge” and concentrate their resources.

In other words, where the old intelligence problem required organizations to focus in order to separate signal from noise, the new intelligence problem depends more on intelligence organizations’ agility, their ability to adapt and deal effectively with a changing threat. An intelligence organization might need one set of people, information sources, and methodology to solve a problem today and perhaps a different set tomorrow, when conditions change. And since potential adversaries are too numerous for us to cover everywhere, all the time, intelligence organizations must be able to increase their efforts when the danger seems to be greater and shift their efforts to the most dire threats of the moment.

The September 11 intelligence failure resulted from a fundamental lack of organizational agility by the CIA and other agencies. During the past decade many intelligence officials and scholars have talked about the need for this kind of agility, but not much was done to achieve it. Since the September 11 attacks, the idea of agility has gained greater popularity in intelligence circles. Yet even officials who now agree that U.S. intelligence needs greater agility rarely define precisely what an intelligence organization requires to achieve it—which is, of course, one reason why U.S. intelligence currently lacks it.

For an intelligence organization, agility can be defined as having four features. First, the organization needs to be able to move people and other resources quickly and efficiently as requirements change. Second, it needs to be able to draw on expertise and information sources from around the world. Third, it needs to be able to move information easily so that all of the people required to produce an intelligence product can work together effectively. And, fourth, it needs to be able to deliver products to consumers when needed and in the form they require to do their job. Taken together, these features provide a benchmark for measuring proposals to make U.S. intelligence more agile.

Agility and Intelligence Reform

Those critics who were looking for a “smoking gun”—a key piece of intelligence that would have tipped off officials to the September 11 plot—are missing the bigger picture. The failure wasn’t committed by our dedicated, motivated analysts and case officers. The problem is that these people were locked into an organization that is too slow, too inflexible, and too stuck in its ways to deal with today’s threats.

Agility has little to do with reorganizing the intelligence community, creating a czar or director of national intelligence, or giving intelligence officials new authorities—the usual recommendations by blue-ribbon commissions. Rather, agility depends on unglamorous, mundane things, such as

• Procedures ensuring that, when someone gives a command, a feedback loop tells her or him whether it has been carried out. According to the report, many intelligence officers—even senior ones—say they never heard of the 1998 memo until after the 2001 attack.

• A management system that links specific people and resources to specific assignments. No battlefield commander would go to war without knowing how his or her forces are deployed—basic information CIA managers currently lack.

• Procedures that tell everyone when the stakes are high and they should take more risks and act more aggressively—despite the potential costs. The Defense Department has these procedures—the “Defense Condition,” or DEFCON, system. The CIA does not.

• Standardized clearances so that everyone with a Top Secret/Codeword clearance can more easily talk to one another. Rethink security so that those inside the intelligence community can speak with those on the outside. In the war on terrorism and other modern threats, you never know who will have a need to know.

• Opportunities so that entrepreneurs in the organization can try out new ideas for analysis and penetrating targets. Unfortunately, most additional intelligence spending for the war on terrorism has been for “more of the same”—programs that didn’t make the cut in the last budget cycle.

Of all these capabilities, the ability to manage risks appropriately and effectively may be most important—and the most challenging. Taking too many risks at the wrong moment will result in lost intelligence sources and create flaps that undercut the intelligence community’s credibility. But taking greater risks when an intelligence organization receives strategic warning is the essence of agility. An intelligence organization needs to shift analysts to cover a pressing threat, even if that means leaving lesser threats uncovered. It needs to recruit the less reliable asset because that might be the only one available. It needs to tap lines more often, even if that may give away the fact that the tap has been made. It needs to reduce security barriers that prevent organizations from sharing information effectively, even if that means potentially losing sources. And it needs to do all of this before a terrorist attack, when it will do some good. Top officials must be able—and, even more important, willing—to take such chances and to communicate their decisions to the troops.

Fixing America’s intelligence organization—the basics about how it operates—is the real challenge today. Thanks to September 11, we are doing better with the terrorist problem. But what about North Korea and Iranian proliferation? The nuclear standoff between India and Pakistan? An epidemic a government tries to conceal, such as SARS? That’s why we need agility. Without it, we can expect more failures like September 11—or worse—in the future.