Outside View: Fixing intelligence

  • Bruce Schneier
  • UPI
  • October 14, 2003

A joint congressional intelligence inquiry has concluded that 9/11 could have been prevented if our nation’s intelligence agencies shared information better and coordinated more effectively. This is both a trite platitude and a profound proscription.

Intelligence is easy to understand after the fact. With the benefit of hindsight, it’s easy to draw lines from people in flight school here, to secret meetings in foreign countries there, over to interesting tips from informants, and maybe to INS records. Connecting the dots is child’s play.

Doing it before the fact is another matter entirely and, before 9/11, it wasn’t so easy. There’s a world of difference between intelligence data and intelligence information. Some data did, before the fact, point to 9/11, but it was buried in an enormous amount of irrelevant data leading to blind alleys, false conclusions, and innocent people.

Most of the time intelligence gets lucky and connects the dots correctly. Sometimes it doesn’t. To carefully select bits of intelligence after the fact and demand why they weren’t understood before the fact misses the point.

The 9/11 report was absolutely correct in asserting that better coordination could have prevented the terrorist attack.

Security decisions need to be made as close to the problem as possible. This has many implications: protecting potential terrorist targets should be done by people who understand the targets; bombing decisions should be made by the generals on the ground in the war zone, not by Washington; and investigations should be approved by the FBI office closest to the investigation.

This mode of operation has more opportunities for abuse, so competent oversight is vital. It is also more robust, and the best way to make security work.

Security analysis also needs to happen as far away from the sources as possible.

Intelligence involves finding relevant information amongst enormous reams of irrelevant data, and then organizing all those disparate pieces of information into coherent predictions about what will happen next.

It requires smart people who can see connections, and who have access to information from many disparate government agencies. It can’t be the sole purview of anyone, not the FBI, CIA, NSA, or the new Department of Homeland Security. The whole picture is larger than any single agency, and each only has access to a small slice of it.

The implication of these two truisms is that security will work better if it is centrally coordinated but implemented in a distributed manner. We’re more secure if every government agency implements its own security, within the context of its department, with different strengths and weaknesses. Our security is stronger if multiple departments overlap each other.

It is therefore a good thing that the institutions best funded and equipped to defend our nation against terrorism aren’t part of this new department: the FBI, the CIA, and the military’s intelligence organizations.

All these organizations have to communicate with each other. One organization needs to be a single point for coordination and analysis of terrorist threats and responses. One organization needs to see the big picture, and make decisions and set policies based on it.

The administration has countered the report in part by saying that the Department of Homeland Security has the job of centralizing counter-terrorism. But because the DHS centralizes rather than coordinates, the security benefits will be minimal. Centralizing security responsibilities has the downside of making our security more brittle, by instituting a commonality of approach and a uniformity of thinking.

The human body defends itself through overlapping security systems. It has a complex immune system specifically to fight disease, but disease fighting is also distributed throughout every organ and every cell. The body has all sorts of security systems, ranging from your skin to keep harmful things out of your body, to your liver filtering harmful things from your bloodstream, to the defenses in your digestive system. These systems all do their own thing in their own way. They overlap each other, and to a certain extent one can compensate when another fails.

It might seem redundant and inefficient, but it’s more robust, reliable, and secure.

The biological metaphor translates well to the terrorism discussion. It is hard to defend against because it subverts our institutions and turns our own freedoms and capabilities against us. It invades our society, festers and grows, and then attacks.

It’s hard to fight, in the same way that cancer is hard to fight. If we are to best defend ourselves against terrorism, security needs to be pervasive. It can’t be in just one department; it has to be everywhere. Every federal department needs to do its part to secure our nation. Fighting terrorism requires defense in depth. This means overlapping responsibilities to reduce single points of failures, both for the actual defensive measures and for the intelligence functions.

Our nation may actually be less secure if the Department of Homeland Security eventually takes over the responsibilities of existing agencies. The last thing we want is for the Department of Energy, the Department of Commerce, and the Department of State to say: “Security; that’s the responsibility of the DHS.”

Security is the responsibility of everyone in government. We won’t defeat terrorism by finding a single thing that works all the time. We’ll defeat terrorism when every little thing works in its own way, and together provides an immune system for our society. Unless the DHS distributes security responsibility even as it centralizes coordination, it won’t improve our nation’s security.

Categories: National Security Policy, Terrorism

Sidebar photo of Bruce Schneier by Joe MacInnis.