You know I haven’t been particularly enthusiastic about the fusion center experiment but I’ve always said that while they don’t do a very good job at intelligence analysis they do a reasonable job of information sharing.
Well, it appears someone disagrees with me. The National Infrastructure Advisory Council (which sounds like a total snoozefest) just put out a report titled Intelligence Information Sharing. I’m not going to pretend that I read the entire 227 pages of rock ’em sock ’em action but I did go through the section about fusion centers.
The fusion center model appears to be effective for law enforcement and first-responder engagement with State, regional, and local communities. The use of fusion centers for sharing intelligence information with the private sector varies dramatically across locations and sectors, but overall seems comparatively modest.
Not exactly a rousing endorsement considering fusion centers have sucked a lot of money from the federal teat* over the past decade.
Of 72 current fusion centers, eight are identified as success stores in infrastructure protection.
Now, to be fair, this report focuses on information sharing with private sector entities as opposed to law enforcement. Still, not the sort of thing you want to hear ten years into this thing but it shouldn’t be that surprising. After all, it wasn’t until 201o that DHS conducted any sort of evaluation of fusion center capabilities and performance.
DHS put together a single set of generic guidelines and sent those to companies in all seven market segments…Then it sent out the non-cybersecurity-specific security guidance to all seven segments….Then it sent even more non-specific cybersecurity guidance out.
Which led to…
… a mess of information that made it difficult for the security staffs who should have been able to use the guidance to even find the parts that were relevant to them.
The unspecific download swamped both the IT and non-IT security staffs in information that came from an agency important enough companies felt they had to deal with it, but useless enough that few companies could figure out a way the guidance could actually be useful.
The observation from that by Derek Bambauer over at Concurring Opinions is:
Much of this information is repetitive or simply wrong – as with the water pump report. Bad information can be worse than none at all: it distracts critical infrastructure operators, breeds mistrust, and consumes scarce security resources. The pendulum has swung too far the other way: from undersharing to oversharing. Finding the “just right” solution is impossible; this is a dynamic environment with constantly changing threats. But the government hasn’t yet made the effort to synthesize and analyze information before sounding the alarm. It must, or we will pay the price of either false alarms, or missed ones.
To all that I agree. Too often (as I believe I’ve mentioned before) fusion centers (and the wider homeland security community) seem focused on staying in the echo chamber. Summaries of what the 24 hour news channels both in terms of ‘analysis’ -ahem- AND subject matter are what dominate disseminated products that are completely redundant if you spend 30-45 minutes (and usually much less) reviewing a moderately comprehensive selection of world news.
Now, in the community’s** defense, there really isn’t much to encourage individuals or agencies to break the mold. The safe money is on you (and your agency) keeping your head down and sticking to the party line.
*$327 million in direct funding and more than $800 million in more general funding according to Secretary Napolitano
**My standard disclaimer applies: I’m talking sub-federal level here.