Terrorists are everything the Soviet Union was not, and intelligence agencies are struggling to get a bead on them.
As the threat of terrorism advances and the Cold War recedes further into memory, America's intelligence agencies are struggling to adapt to a world different in every way from the one they had known. Everything has changed: the nature of the threat, the sources of information, the technology they use and the "customers" they serve. So far, the innovations to address those changes, especially in analyzing intelligence, are being pursued gingerly by small groups that are more tolerated than encouraged by senior leadership.
During the Cold War, intelligence agencies focused on nation-states; nonstate or "transnational" actors were secondary. Now the priority is reversed and the principal targets are nonstates such as al Qaeda. States are of interest as facilitators of terrorism, willingly or because they lose control of their territory.
We know what states are like, even states that are very different from our own. They are organized in hierarchies. Intelligence and policy officials share an understanding of states. There is much less shared understanding of nonstates, which come in many sizes and shapes and combine network and hierarchy. As a result, understanding them is more elusive and more outcomes are possible than was the case for states.
Many state targets were, like the Soviet Union, secretive. Information was in short supply, so pride of place went to secret sources of intelligence. Terrorist groups today are hardly open about their plans, so secrets still matter. But signals about terrorists and their weapons can be ferreted out of the vast databases of customs declarations, motor vehicle records and the like, as well as from the noise of Web chat rooms.
The Soviet Union was not only hierarchical but also ponderous and predictable. Al Qaeda has shown itself to be nimble and unpredictable. New groups, new weapons and new modes of attack crop up frequently. In the circumstances of the Cold War, the way intelligence agencies are organized made some sense. Collection and analysis were "stovepipes," the collectors organized by intelligence source, or "INT" (signals intelligence, or SIGINT; espionage, or HUMINT; and imagery, or IMINT), and the analysts by function or geographic region. In effect, all were asked what they could contribute independently to solving the puzzle of Soviet behavior. In understanding terrorism, by contrast, the need for collaboration is much greater, not only across sources or specialties in federal intelligence agencies, but also with foreign partners and with state and local officials.
Similarly, during the Cold War, the customers of intelligence agencies typically were limited to federal government officials, and intelligence mostly contributed to broad policy choices. Now intelligence must serve a much wider range of customers-ranging from foreign partners of the United States, to state and local law enforcement authorities, to private citizens-many of whom need continuous intelligence as a basis for their ongoing operations.
Cold War to Terror War
The dominance of question-answering is pervasive, even where it would not be expected. Military intelligence agencies, for instance, report spending as much as half their time answering specific, usually short-run, questions instead of doing their traditional job of assessing potential U.S. foes. The CIA's crown jewel of analysis, the President's Daily Brief, is jokingly referred to as "CNN plus secrets." It is very current, often little more than a new piece of secret information with some analyst commentary to put it in context.
The intelligence community must continue answering immediate questions, but it also must open space for long-term thinking. In an era of terrorism, both will require dramatic changes in the way intelligence agencies do business. They must reach out to a much wider variety of sources. In a world of secret sources, analysts had to be separated from intelligence collectors; in the world of the Internet, analysts have become collectors. In the world of secret sources, analysts were mostly passive users of information that was delivered to them. Now, they must actively search for and question data, something that comes naturally to people who have grown up using Google.
In solving puzzles about the Soviet Union, analysts worked alone or in small groups. In trying to understand terrorism, they have to work in large virtual networks across specialties and agencies. Answering questions from a variety of customers might best be done by generalists such as intelligence agencies employ, but long-term understanding requires interaction with deep specialists who often work outside the intelligence community. Analysis of the Soviet Union did not make much use of formal tools or methods, except in some technical areas. Analysts tended to operate on the basis of their experience or that of their immediate work unit. Previous assessments or patterns were the point of departure and analysts tended to look for information to confirm those patterns. This tendency was abetted by time pressure, which drove analysts toward rapid conclusions.
Today, analysts have to make more extensive use of method and technology-from aggregating expert views to Internet searching, data mining and pattern recognition. Data has to be scoured not only for confirming evidence, but to find what is out of the ordinary. The key analytic choices remain with analysts, but technology holds in memory rejected hypotheses and previously discarded data. It also notices what analysts are watching and what questions they are asking, and will use that information to suggest sources of information and to refine searches.
Piecemeal, but Promising
The CIA's initiative has engaged experts not only in trans-national issues (from both inside and outside the intelligence community) but also from a range of fields, such as cognitive psychology, psychiatry, organizational decision-making, product innovation, investment analysis and diplomatic history. In the case of Iraq, alternative analysis might have leaned explicitly against the preconceptions of analysts (not to mention policy officials) by trying to assemble the best case that Iraq did not have weapons of mass destruction.
Instead of the traditional analytic process, understanding terrorism involves what Karl Weick, an eminent psychologist at the University of Michigan, calls "sense-making." Knowledge is not something people possess in their heads; rather, it is something members of an organization do together, perhaps even by sharing hypotheses aloud. The objective is to connect the dots on a continuing basis, knowing all the while that the nature and position of the dots are in constant flux. Instead of deep expertise in a particular slice of a problem, sense-making requires lots of eyes examining data for emerging threats. For instance, while radiologists saw evidence of broken bones in children for many years, only when social workers teamed with radiologists and pediatricians in the 1960s did child abuse become a diagnosis.
A compelling example of innovation at the tactical end of analysis is called multi-INT, merging information from more than one intelligence source, and doing this again and again quickly. In one sense, multi-INT is not conceptually different from what intelligence agencies call "fusion" or "all source analysis." But recently, in Afghanistan and Iraq, it has involved analysts from the National Security Agency, handling signals intelligence, and the National Geospatial Agency, handling images, working in networks to permit very rapid responses to questions about the locations of possible foes or surprises.
In principle, multi-INT could be done within a single form of intelligence, or even a single organization. In the summer of 2001, for instance, the FBI agents in Phoenix who were interested in Zacarias Moussaoui's flying lessons did not know that their colleagues had been monitoring the same school two years earlier on suspicion that Osama bin Laden's pilot had trained there. The FBI did not know what it knew. In this case, multi-INT might quickly have brought to bear on the Phoenix office investigation what the FBI already knew about the school.
Sucking Up Data
With no clearinghouse for matching what analysts want and what technology can provide, there is the risk that innovations will not be fused to provide real advances in analytic methods. And intelligence agencies will have to recognize, as Silicon Valley has, that technical innovations that confer advantage are fleeting. If advantage is to be maintained, then the cycle for producing innovations must not only be more efficient, it must be shorter.
On the intelligence collection side, the terrorist threat is compelling agencies, the FBI and the Homeland Security Department in particular, to think of their officers as "embedded collectors," that is, as employees performing other jobs, such as pursuing criminals or patrolling the border, but also in position to gather information about what is out of the ordinary. Before Sept. 11, FBI agents collected a lot of information, but concentrated on the portion that was immediately relevant to the specific case they were investigating. As embedded collectors, they would recognize that the information they collect has value beyond a single case and to others, if not immediately to them. In addition to the FBI, DHS has 18,000 agents in Customs and Border Protection, 15,000 employees in Citizenship and Immigration Services, and 39,000 full-time and 6,700 part-time screeners in Transportation Security-all potential intelligence collectors. And that's not including the 600,000 officers in state and local law enforcement.
Homeland Security has no mandate to gather intelligence, indeed the word "collection" remains taboo-but the capacity is there. To be sure, the notion of embedded collectors raises a host of civil liberties issues: When does unusual behavior become grounds for suspicion, let alone recording? Moreover, collectors must know what to look for and how to pass on what they see. Gilman Louie, president of In-Q-Tel, likens the idea to having a soda straw extending from intelligence analysts all the way down to the cop on the beat. So far, there is no infrastructure for the straw, let alone guidance and policy to govern what should be pushed or pulled through it, in either direction.
Nevertheless, the need to work broadly across organizations to understand terrorism runs into existing stovepipes. A proposed solution is to create "edge organizations," which would be virtual networked centers created around the edges of existing structures. But how can such edge organizations be formed and empowered? Most of the intelligence community pays lip service to the proposition that analysis should be organized around problems or issues, not agencies or functions or sources. But the big analytic agencies, the CIA and the Defense Intelligence Agency, resist thinking of themselves as providers of analytic troops who could be deployed to do their work elsewhere in issue-oriented and perhaps virtual centers.
Intelligence collectors such as NSA and NGA have begun to reshape their missions from only gathering to hunting and gathering data. They are re-examining the makeup of their workforces, and they've discovered that data hunters might have to be different from gatherers in background, temperament and training. Traditionally, the two agencies' initial processing and analysis of data were driven by the type of information they collected. Data gathering will continue in order to populate databases, for example. But the hunters, those who will reach out for data across data sets and various types of intelligence, will need different skills.
In the end, the biggest obstacle to change will be the intelligence community's security policy, which tightly compartmentalizes information and shares it only among those who have a need to know. Understanding terrorism requires sharing information, not cosseting it, and giving it to precisely those who don't have a need to know. For security reasons, some of the most interesting multi-INT experiments have not been virtual, but rather have depended on place in the manner of "wheeled fusion." Only when small and experimental could they could get license to operate within the security fence, sharing information in ways that the originating agencies probably would not have permitted on a larger scale.
From the outside, the security issues look daunting, but insiders seldom mention them. They are so used to them that they hardly notice, a sad indicator of how hard change will be. In one sense, the problem of security is less pressing now, at least in principle. During the Cold War, intelligence was very dependent on a small number of collectors, so exposure of any one of them was deeply damaging. Arguably, that is less true now with much more information available and many, varied targets of intelligence gathering. Yet there remains a yawning gap between diagnosing the problem and framing solutions to reshape intelligence to understand the terrorist threat.