Fixing Intelligence Failures
By Bruce Schneier
San Francisco Chronicle
January 15, 2010
President Obama in his speech last week rightly focused on fixing the intelligence failures that resulted in Umar Farouk Abdulmutallab being ignored, rather than on technologies targeted at the details of his underwear-bomb plot. But while Obama's instincts are right, reforming intelligence for this new century and its new threats is a more difficult task than he might like.
We don't need new technologies, new laws, new bureaucratic overlords, or - for heaven's sake - new agencies. What prevents information sharing among intelligence organizations is the culture of the generation that built those organizations.
The U.S. intelligence system is a sprawling apparatus, spanning the FBI and the State Department, the CIA and the National Security Agency, and the Department of Homeland Security - itself an amalgamation of two dozen different organizations - designed and optimized to fight the Cold War. The single, enormous adversary then was the Soviet Union: as bureaucratic as they come, with a huge budget, and capable of very sophisticated espionage operations. We needed to defend against technologically advanced electronic eavesdropping operations, their agents trying to bribe or seduce our agents, and a worldwide intelligence gathering capability that hung on our every word.
In that environment, secrecy was paramount. Information had to be protected by armed guards and double fences, shared only among those with appropriate security clearances and a legitimate "need to know," and it was better not to transmit information at all than to transmit it insecurely.
Today's adversaries are different. There are still governments, like China, that are after our secrets. But the secrets they're after are more often corporate than military, and most of the other organizations of interest are like al Qaeda: decentralized, poorly funded and incapable of the intricate spy versus spy operations the Soviet Union could pull off.
Against these adversaries, sharing is far more important than secrecy. Our intelligence organizations need to trade techniques and expertise with industry, and they need to share information among the different parts of themselves. Today's terrorist plots are loosely organized ad hoc affairs, and those dots that are so important for us to connect beforehand might be on different desks, in different buildings, owned by different organizations.
Critics have pointed to laws that prohibited inter-agency sharing but, as the 9/11 commission found, the law allows for far more sharing than goes on. It doesn't happen because of inter-agency rivalries, a reliance on outdated information systems, and a culture of secrecy. What we need is an intelligence community that shares ideas and hunches and facts on their versions of Facebook, Twitter and wikis. We need the bottom-up organization that has made the Internet the greatest collection of human knowledge and ideas ever assembled.
The problem is far more social than technological. Teaching your mom to "text" and your dad to Twitter doesn't make them part of the Internet generation, and giving all those cold warriors blogging lessons won't change their mentality - or the culture. The reason this continues to be a problem, the reason President George W. Bush couldn't change things even after the 9/11 commission came to much the same conclusions as President Obama's recent review did, is generational.
The Internet is the greatest generation gap since rock 'n' roll, and it's just as true inside government as out. We might have to wait for the elders inside these agencies to retire and be replaced by people who grew up with the Internet.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..