Moving Targets

In a small room in a super-secure building, a young intelligence analyst surrounded by a bank of computers practices a primitive sort of information sharing. He rolls in an office chair from screen to screen, harvesting top-secret information produced by several of America's finest spying operations. This "wheeled fusion" is the only way the analyst can combine, compare and manipulate information from across the intelligence community. During the 10-year lull between Cold War and terror war, intelligence budgets declined and agencies' deep expertise on the Soviet Union dispersed. At the same time, intelligence agencies needed new customers and new missions. They found customers, especially in economic agencies like the Commerce Department. But they were interested in immediate support, rather than long-term analysis. With more customers and fewer resources, intelligence agencies were hard-pressed to keep up with the flood of short-term questions they were asked. Intelligence agencies are in the service business, so turning away new customers or shucking off old ones is painful. Rather than refusing some requests, intelligence agencies reduced their focus on and thereby their capacity for deep analysis. The needs of the future are not lost on U.S. intelligence agencies. Yet the press of the present is so intense, and the legacy of the past is so powerful, that innovations have been piecemeal, though promising. Several examples suggest the range. In one case, the CIA's Sherman Kent Center, an in-house think tank for intelligence analysis, has been working with the RAND Corp. to apply techniques of alternative analysis to terrorism and other transnational issues. Alternative analysis seeks to challenge assumptions and to broaden the range of possible outcomes considered. Its purpose is to hedge against "group think," or premature consensus, and the natural tendency for analysts to search too narrowly, looking more intently for information to confirm their prior hypotheses than for data to discredit them. There's certainly no shortage of tool building for analytic tasks within the intelligence community. The CIA has In-Q-Tel, a high-tech venture capital fund, and the Advanced Technology Programs, a seed-bed for new technology in analysis. ATP's counterparts at the level of the intelligence community are the Advanced Research and Development Activity, for technology broadly, and the Intelligence Information Innovation Center, for information technology in particular. The biggest kid on the technology block is the Defense Advanced Research Projects Agency, whose projects run well beyond intelligence. Its intelligence initiatives are focused on mining large data sets, remembering discarded hypotheses and seeing new patterns, and providing analysts with better ways of working together. So far, however, these efforts have been scattered and too often driven by technology. Some of these beginnings are hopeful, even exciting. But they are small and scale remains an issue. Some, such as multi-INT, probably have to remain relatively circumscribed to no more than several dozen analysts and a total team of fewer than 100. If they became much larger, then security managers might cease to tolerate them, and they would run the risk of becoming less innovative and more like the bigger, more bureaucratic traditional processes.

Terrorists are everything the Soviet Union was not, and intelligence agencies are struggling to get a bead on them.

As the threat of terrorism advances and the Cold War recedes further into memory, America's intelligence agencies are struggling to adapt to a world different in every way from the one they had known. Everything has changed: the nature of the threat, the sources of information, the technology they use and the "customers" they serve. So far, the innovations to address those changes, especially in analyzing intelligence, are being pursued gingerly by small groups that are more tolerated than encouraged by senior leadership.

During the Cold War, intelligence agencies focused on nation-states; nonstate or "transnational" actors were secondary. Now the priority is reversed and the principal targets are nonstates such as al Qaeda. States are of interest as facilitators of terrorism, willingly or because they lose control of their territory.

We know what states are like, even states that are very different from our own. They are organized in hierarchies. Intelligence and policy officials share an understanding of states. There is much less shared understanding of nonstates, which come in many sizes and shapes and combine network and hierarchy. As a result, understanding them is more elusive and more outcomes are possible than was the case for states.

Many state targets were, like the Soviet Union, secretive. Information was in short supply, so pride of place went to secret sources of intelligence. Terrorist groups today are hardly open about their plans, so secrets still matter. But signals about terrorists and their weapons can be ferreted out of the vast databases of customs declarations, motor vehicle records and the like, as well as from the noise of Web chat rooms.

The Soviet Union was not only hierarchical but also ponderous and predictable. Al Qaeda has shown itself to be nimble and unpredictable. New groups, new weapons and new modes of attack crop up frequently. In the circumstances of the Cold War, the way intelligence agencies are organized made some sense. Collection and analysis were "stovepipes," the collectors organized by intelligence source, or "INT" (signals intelligence, or SIGINT; espionage, or HUMINT; and imagery, or IMINT), and the analysts by function or geographic region. In effect, all were asked what they could contribute independently to solving the puzzle of Soviet behavior. In understanding terrorism, by contrast, the need for collaboration is much greater, not only across sources or specialties in federal intelligence agencies, but also with foreign partners and with state and local officials.

Similarly, during the Cold War, the customers of intelligence agencies typically were limited to federal government officials, and intelligence mostly contributed to broad policy choices. Now intelligence must serve a much wider range of customers-ranging from foreign partners of the United States, to state and local law enforcement authorities, to private citizens-many of whom need continuous intelligence as a basis for their ongoing operations.

Cold War to Terror War

The dominance of question-answering is pervasive, even where it would not be expected. Military intelligence agencies, for instance, report spending as much as half their time answering specific, usually short-run, questions instead of doing their traditional job of assessing potential U.S. foes. The CIA's crown jewel of analysis, the President's Daily Brief, is jokingly referred to as "CNN plus secrets." It is very current, often little more than a new piece of secret information with some analyst commentary to put it in context.

The intelligence community must continue answering immediate questions, but it also must open space for long-term thinking. In an era of terrorism, both will require dramatic changes in the way intelligence agencies do business. They must reach out to a much wider variety of sources. In a world of secret sources, analysts had to be separated from intelligence collectors; in the world of the Internet, analysts have become collectors. In the world of secret sources, analysts were mostly passive users of information that was delivered to them. Now, they must actively search for and question data, something that comes naturally to people who have grown up using Google.

In solving puzzles about the Soviet Union, analysts worked alone or in small groups. In trying to understand terrorism, they have to work in large virtual networks across specialties and agencies. Answering questions from a variety of customers might best be done by generalists such as intelligence agencies employ, but long-term understanding requires interaction with deep specialists who often work outside the intelligence community. Analysis of the Soviet Union did not make much use of formal tools or methods, except in some technical areas. Analysts tended to operate on the basis of their experience or that of their immediate work unit. Previous assessments or patterns were the point of departure and analysts tended to look for information to confirm those patterns. This tendency was abetted by time pressure, which drove analysts toward rapid conclusions.

Today, analysts have to make more extensive use of method and technology-from aggregating expert views to Internet searching, data mining and pattern recognition. Data has to be scoured not only for confirming evidence, but to find what is out of the ordinary. The key analytic choices remain with analysts, but technology holds in memory rejected hypotheses and previously discarded data. It also notices what analysts are watching and what questions they are asking, and will use that information to suggest sources of information and to refine searches.

Piecemeal, but Promising

The CIA's initiative has engaged experts not only in trans-national issues (from both inside and outside the intelligence community) but also from a range of fields, such as cognitive psychology, psychiatry, organizational decision-making, product innovation, investment analysis and diplomatic history. In the case of Iraq, alternative analysis might have leaned explicitly against the preconceptions of analysts (not to mention policy officials) by trying to assemble the best case that Iraq did not have weapons of mass destruction.

Instead of the traditional analytic process, understanding terrorism involves what Karl Weick, an eminent psychologist at the University of Michigan, calls "sense-making." Knowledge is not something people possess in their heads; rather, it is something members of an organization do together, perhaps even by sharing hypotheses aloud. The objective is to connect the dots on a continuing basis, knowing all the while that the nature and position of the dots are in constant flux. Instead of deep expertise in a particular slice of a problem, sense-making requires lots of eyes examining data for emerging threats. For instance, while radiologists saw evidence of broken bones in children for many years, only when social workers teamed with radiologists and pediatricians in the 1960s did child abuse become a diagnosis.

A compelling example of innovation at the tactical end of analysis is called multi-INT, merging information from more than one intelligence source, and doing this again and again quickly. In one sense, multi-INT is not conceptually different from what intelligence agencies call "fusion" or "all source analysis." But recently, in Afghanistan and Iraq, it has involved analysts from the National Security Agency, handling signals intelligence, and the National Geospatial Agency, handling images, working in networks to permit very rapid responses to questions about the locations of possible foes or surprises.

In principle, multi-INT could be done within a single form of intelligence, or even a single organization. In the summer of 2001, for instance, the FBI agents in Phoenix who were interested in Zacarias Moussaoui's flying lessons did not know that their colleagues had been monitoring the same school two years earlier on suspicion that Osama bin Laden's pilot had trained there. The FBI did not know what it knew. In this case, multi-INT might quickly have brought to bear on the Phoenix office investigation what the FBI already knew about the school.

Sucking Up Data

With no clearinghouse for matching what analysts want and what technology can provide, there is the risk that innovations will not be fused to provide real advances in analytic methods. And intelligence agencies will have to recognize, as Silicon Valley has, that technical innovations that confer advantage are fleeting. If advantage is to be maintained, then the cycle for producing innovations must not only be more efficient, it must be shorter.

On the intelligence collection side, the terrorist threat is compelling agencies, the FBI and the Homeland Security Department in particular, to think of their officers as "embedded collectors," that is, as employees performing other jobs, such as pursuing criminals or patrolling the border, but also in position to gather information about what is out of the ordinary. Before Sept. 11, FBI agents collected a lot of information, but concentrated on the portion that was immediately relevant to the specific case they were investigating. As embedded collectors, they would recognize that the information they collect has value beyond a single case and to others, if not immediately to them. In addition to the FBI, DHS has 18,000 agents in Customs and Border Protection, 15,000 employees in Citizenship and Immigration Services, and 39,000 full-time and 6,700 part-time screeners in Transportation Security-all potential intelligence collectors. And that's not including the 600,000 officers in state and local law enforcement.

Homeland Security has no mandate to gather intelligence, indeed the word "collection" remains taboo-but the capacity is there. To be sure, the notion of embedded collectors raises a host of civil liberties issues: When does unusual behavior become grounds for suspicion, let alone recording? Moreover, collectors must know what to look for and how to pass on what they see. Gilman Louie, president of In-Q-Tel, likens the idea to having a soda straw extending from intelligence analysts all the way down to the cop on the beat. So far, there is no infrastructure for the straw, let alone guidance and policy to govern what should be pushed or pulled through it, in either direction.

Yawning Gap

Nevertheless, the need to work broadly across organizations to understand terrorism runs into existing stovepipes. A proposed solution is to create "edge organizations," which would be virtual networked centers created around the edges of existing structures. But how can such edge organizations be formed and empowered? Most of the intelligence community pays lip service to the proposition that analysis should be organized around problems or issues, not agencies or functions or sources. But the big analytic agencies, the CIA and the Defense Intelligence Agency, resist thinking of themselves as providers of analytic troops who could be deployed to do their work elsewhere in issue-oriented and perhaps virtual centers.

Intelligence collectors such as NSA and NGA have begun to reshape their missions from only gathering to hunting and gathering data. They are re-examining the makeup of their workforces, and they've discovered that data hunters might have to be different from gatherers in background, temperament and training. Traditionally, the two agencies' initial processing and analysis of data were driven by the type of information they collected. Data gathering will continue in order to populate databases, for example. But the hunters, those who will reach out for data across data sets and various types of intelligence, will need different skills.

In the end, the biggest obstacle to change will be the intelligence community's security policy, which tightly compartmentalizes information and shares it only among those who have a need to know. Understanding terrorism requires sharing information, not cosseting it, and giving it to precisely those who don't have a need to know. For security reasons, some of the most interesting multi-INT experiments have not been virtual, but rather have depended on place in the manner of "wheeled fusion." Only when small and experimental could they could get license to operate within the security fence, sharing information in ways that the originating agencies probably would not have permitted on a larger scale.

From the outside, the security issues look daunting, but insiders seldom mention them. They are so used to them that they hardly notice, a sad indicator of how hard change will be. In one sense, the problem of security is less pressing now, at least in principle. During the Cold War, intelligence was very dependent on a small number of collectors, so exposure of any one of them was deeply damaging. Arguably, that is less true now with much more information available and many, varied targets of intelligence gathering. Yet there remains a yawning gap between diagnosing the problem and framing solutions to reshape intelligence to understand the terrorist threat.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.