Sections

Commentary

Testimony

Consolidating Intelligence Analysis: A Review of the President’s Proposal To Create a Terrorist Threat Integration Center

James B. Steinberg
JBS
James B. Steinberg Former Brookings Expert, University Professor, Social Science, International Affairs, and Law - Maxwell School, Syracuse University

February 14, 2003

Good Morning, Madame Chairwoman, and members of the Committee. My name is James Steinberg and I am Vice President and Director of the Foreign Policy Studies Program at the Brookings Institution. Prior to coming to Brookings, I served for four years as Deputy National Security Advisor under President Clinton, and Director of the State Department’s Policy Planning Staff.

Today this Committee is considering perhaps the single most important issue in the fight against terrorism—how best to mobilize information and intelligence to protect our security.

The Joint House Senate Inquiry into the September 11 attacks vividly illustrates the crucial challenges that we as a nation face. In particular, their report found that “the US government does not presently bring together in one place all terrorism-related information from all sources. While the CTC [Counter-Terrorism Center] does manage overseas operations and has access to most Intelligence Community information, it does not collect terrorism-related information from all sources, domestic and foreign. Within the Intelligence Community, agencies did not adequately share relevant counterterrorism information.”

Before I turn to the specifics of the Administration recent proposal to create a Terrorist Threat Integration Center (TTIC), I would like to take a minute to discuss the nature of the intelligence challenge in dealing with counter-terrorism. Only by understanding the dimensions of the problem can we develop an appropriate “architecture” or organizational structure suitable to the task.

The intelligence challenge has four key components—first, collecting timely, relevant and in the best case, actionable information; second, collating or bringing together information from the full spectrum of sources; third, analyzing the information—”connecting the dots”; and finally, disseminating that information to those who need to act on it—policymakers, law enforcement officials, and the public—in a form that allows them to use that information to accomplish their mission.

In the fight against terrorism, these tasks are in many ways far more difficult than the intelligence challenge we faced during the Cold War. At that time, we faced a known enemy. We knew generally what to look for, and where to look for it, although we had to deal with our adversaries’ attempt to conceal crucial information from us. For the most part, the information we needed was overseas, and largely concerned military activities, limiting our need to collect information in the United States, or about US citizens. Most of the expertise and knowledge resided in the federal government, and the actions needed to be taken rarely involved the public, the private sector or state and local officials.

All of this has now changed. Today, terrorists threaten us both at home and abroad. They have no fixed address, and only occasionally are their identities—or their targets—known. Technology and globalization have made it easier for would-be terrorists to bring dangerous people and weapons into the United States and to conceal their activities. Key information that we need to detect and prevent terrorist attacks lie in the private sector—at airlines and flight schools, with operators of chemical plants and high rise buildings, with local police and community doctors—and we must increasingly count on the private sector to take the actions necessary to prevent attacks or deal with their consequences. We must adapt our intelligence efforts and the organization of our intelligence “community” to meet this radically different challenge.

Most of the discussion about reforming the use of intelligence in the fight against terrorism has focused on problems of information sharing in the federal government—problems highlighted in the Joint Inquiry. To date, some modest but positive steps have been taken. Prior to September 11, the Director of Central Intelligence strengthened the Counter-terrorism Center (CTC), staffed by analysts from the CIA, FBI and other Federal agencies. After September 11, the rigid barriers against sharing law enforcement information with the intelligence and policy communities were softened in the USA Patriot Act. Improvements have been made to permit sharing of databases such as watch out lists among federal agencies. The FBI has placed new priority on the domestic security mission.

More recently, but only after sharp prodding by Congress and governors, mayors and police chiefs, the FBI has begun to expand its information sharing with state and local law enforcement and public health and safety officials. Lack of funds, technical problems in acquiring and deploying new information systems and problems of classification have limited the effectiveness of these efforts to date.

Although there is a tendency to focus primarily on the role of the federal government in carrying out these tasks, in reality we see that a wide variety of actors are crucial—foreign governments, state and local officials, business and private citizens all have access to information that may be relevant to the terrorist threat, have expertise that can help transform raw “information” into meaningful intelligence, and perhaps most important, are the key players who must act on the intelligence—to apprehend a suspect, to prepare public health facilities in the event of an attack, to secure critical infrastructures, etc.

I’ve stressed the importance of understanding the different functions in the counter-terrorism intelligence process because they provide key guidance for the crucial question of how to organize the intelligence effort. The key necessary elements are first, a strategy for identifying the kinds of information we need to collect on threats and vulnerabilities, second, a network designed to permit sharing of information among the widest possible group of collectors, analysts and “implementers”; third, a focal point for bringing together, integrated and analyzed, and fourth, an accountable organization that assures that the right information is being collected and that the results of collection and analysis are shared in a timely, usable way with those who need to act on it.

Judged by these tests, the Administrations proposed Terrorist Threat Integration Center represents a partial step forward in helping to build a network linking foreign and domestic information collection and analysis, and in providing a place where these various sources of information can be integrated. But it fails to meet the other key tests, particularly in developing a structure that will increase the chances that we will collect the right information, and that we will link the collection and analysis to those responsible for taking the actions necessary to prevent attacks, protect our people and critical infrastructures, and mitigate the consequences of any attack that does take place. In this respect, the TTIC is a step backwards from the approach contained in Homeland Security Act of 2002, which created the Department of Homeland Security. Let me explain my conclusions in a little more detail.

By creating the TTIC, the Administration has recognized the importance of “closing the seam” between domestic and foreign intelligence, and to have access to all sources of intelligence—from raw reports to finished intelligence. But this effort was already underway under the current Counter-Terrorism Center. It also recognizes the need to draw on expertise from across the federal government and to develop a process for an integrated approach to “tasking” intelligence collection. These are welcome developments.

Unfortunately, by placing the TTIC under the direction of the DCI, rather than the Secretary of Homeland Security, and disconnecting it from those with direct responsibility for safeguarding homeland security, the Administration’s proposal falls far short of what is necessary to develop an effective, integrated approach to countering the terrorist threat to the United States, and risks creating more duplication that could harm homeland security efforts.

In creating the Department of Homeland Security, the Congress gave the Department the mission to “prevent terrorist attacks within the United States; reduce the vulnerability of the United States to terrorism, and minimize the damage, and assist in the recovery, from terrorist attacks that do occur in the United States” (Sec. 101(b)(1)). To carry out that mission, the Congress chose to bring together most of the key elements of the mission—protecting our borders against dangerous people and materials, protecting critical infrastructures, and responding to emergencies. In organizing the Department, the legislation recognized the key roles played by the private sector and by state and local authorities, and specifically tasked the Secretary with coordinating the Department’s activities with them. The legislation also recognized that to carry out these functions, the Department would depend critically on having actionable intelligence, and having the expertise to analyze that information and get it to the people in and out of government who need them. This responsibility was entrusted to the Under Secretary for Information Analysis and Infrastructure Protection.

As a result of this structure, the Department truly lies at the hub of the homeland security effort. Many of its employees are critical “collectors” of information relevant to the homeland security mission—be they Customs and INS officials, or the TSA and the like. Even more important, the agencies within the DHS have the central responsibility to act on intelligence—by, for example heightened protection of our borders, screening airline passengers, securing critical infrastructure and working with state and local officials. Unlike any other official, the Secretary of Homeland Security’s sole responsibility is to see that the necessary actions are taken. In order to do so, he must be able to link decisions about what information we collect, and what information we share, with his responsibilities to take necessary action. Thus, while the TTIC represents a step forward in the middle stage of the process—collating and analyzing all source intelligence, it fails to link that process to two equally critical tasks—deciding what information to collect to the needs based on the requirements of those who must act on it, and making sure that once the information is collected and analyzed, it gets to those people—in and out of government—who need it.

This importance of this linkage is most evident in the case of protecting our critical infrastructure. Only by matching analysis of the “threat” against analysis of our vulnerabilities can we know how to prioritize both what intelligence we collect and what protective measures we must take. If, for example, our threat analysis lead us to conclude that terrorist are focusing on attacking chemical production plants, that helps us decide to focus our efforts on protecting those plants. Conversely, if we conclude that attacks on chemical plants could cause widespread casualties, we will want our threat “collectors” to be particularly attuned to any intelligence that might suggest that terrorists are considering such an attack.

The synergy created by linking intelligence collection, analysis and operational responsibility can lead to better quality, more actionable intelligence—and create greater incentives for the intelligence to flow to those who need it, in a form that they can use. Only by locating the key intelligence tasking, analysis and dissemination functions in the DHS can these synergies be achieved.

By taking these functions away from the Department of Homeland Security, we will have a Secretary, and a Department, with accountability but no authority. This has been the consistent problem in dealing with threats to the homeland, with responsibility widely dispersed throughout the federal government and has seriously hampered our efforts.
Only a system that links these various aspects of the intelligence challenge will have the accountability and authority that will enhance the chance that what needs to be done will be done.

Along with this authority comes a responsibility to assure that the collection, analysis and dissemination of information is consistent with fundamental civil liberties. The homeland security challenge will rely heavily on information collected from the private sector and from a wide range of activities conducted here in the United States Moreover, to carry out the homeland security challenge, vital information will need to be widely disseminated. It will therefore be all the more important to develop clear, public guidelines for the acquisition, retention and dissemination of information, particularly personally identifiable information. Whether the new threat integration center is placed under the authority of the DCI, or as I have suggested, under the Secretary of Homeland Security, the long-term acceptability to the American people of our heightened intelligence effort will depend on our ability to demonstrate that we are undertaking these new tasks with due regard to privacy and individual liberty. Formal guidelines, subject to public comment and congressional oversight, and accountable mechanisms to make sure those guidelines are adhered to, are essential to this goal.

Thank you for the opportunity to appear before you today, and I look forward to your questions.