Fusion centers…threat or joke?

It was with a great deal of amusement I found this video on YouTube.  Jesse Ventura, apparently attempting to reprise his role as the Man in Black from the most excellent episode of the X Files Jose Chung’s From Outer Space had started a TV show titled ‘Conspiracy Theory’.

In any case, in this particular segment, Jesse takes on fusion centers.  Ah, apparently they’re secret, unaccountable government agencies paving the way for the introduction of a totalitarian police state (is that redundant?).

This is actually a really good case study of how you can take one set of facts and twist them into an alternate explanation.  Allow me to demonstrate…

This clip does point out many truths about fusion centers.  They do lack decent oversight.  They do lack good policies, clear missions, trained personnel, and combine both intelligence collection and law enforcement powers under one roof.  They have exceeded their mandates (such as they are) and, at times, have collected information on people not suspected of criminal activity.

But, dear reader, that does NOT mean they’re fulfilling some grand design to institute a police state.

No.  Rather, it’s an indicator of their incompetence.  Remember Occam’s razor.  If a phenomenon has multiple explanations, the least complicated is the most likely.  Which is more likely:  an organization planning (and successfully hiding) a conspiracy to enslave the entire population or an organization staffed by people whose only exposure to intelligence involves masturbating to reruns of 24 and the Die Hard series?

Case in point.  Allow me to take the liberty of sharing a story an analyst told me recently (let’s call him/her ‘analyst X’).

Upon being hired to work in a fusion center, analyst X was given an orientation to the center by his/her new supervisor.  Wanting to be a motivated employee, X asked:

Analyst X:  Do you have any policies, procedures, standards, etc. that I can review so that I can make sure I’m doing things the proper way?

Supervisor:  We’re actually a ‘seat of our pants’ operation.  We’d sure love to have all that stuff but we just don’t have the time.*

Analyst X:  But how do you decide what you’re going to work on, which requests you’ll address or how you’ll create your products?

Supervisor:  Oh, we just give things a ‘sniff test’.  If it seems to make sense we just go with it.

*It is worth noting that this particular fusion center has been in existence for several years now not to mention the fact that you’d probably expect things like policies and procedures to be developed before you actually started actually doing stuff.

And that, ladies and gentlemen, is why you shouldn’t worry too much about fusion centers over the long term.  With more than 70 of the things active now in the nation it is only a matter of time before someone clearly oversteps their bounds, gets caught and the entire edifice comes crashing down.  Most places still don’t understand the difference between information and intelligence or information sharing and intelligence analysis.

You see, while many people see fusion centers and think this, I think fusion centers and see this.

It’s all a matter of perspective, I suppose.

I’m convinced that’s ultimately a shame because I think there is a role for a domestic intelligence agency that need not infringe upon the rights of citizens.

Getting to that place would be a complicated affair and I don’t want to pretend it’s simply a matter of a tweak here or there to fix this problem but I could recommend some pretty big steps forward:

1. Strip law enforcement powers from the intelligence agency (the two are incompatible once you get beyond crime analysis and investigative analysis)
2. Give the centers a clear mission.  None of this ‘all crimes-all hazards’ crap.  That’s designed to scoop up all the federal grant money possible without actually being responsible for anything.  “He who defends everything defends nothing.”
3. Require intelligence training and/or experience to run these centers…or fill a supervisory role.  And no, the fact that you bought an ounce of weed from a stoner 20 years ago does NOT count as intelligence experience.
4. It’s a fusion center.  It’s not NORAD or the Puzzle Palace.  Everything need not be treated like nuclear launch codes.  How about actually releasing some information to the public?  There are a number of products (yes, even intelligence products) whose release would be a public service.

Anyway, here’s the clip.  I hope no one is actually taking this nonsense seriously.  The pathetic attempts to manipulate the audience coupled with the cognitive biases and outright sexism are pretty shocking (Oh, look, it’s a girl!  How could a girl possibly be a danger to anyone?)

 

What an intelligence product should NOT look like

Will Potter over at Green Is the New Red has a couple of posts about a recent Pennsylvania Intelligence Bulletin that has been released.  There’s a lot to talk about here to get comfy…

Ok, first.  The Pennsylvania Office of Homeland Security has hired a private agency to produce intelligence products like this.  Without knowing all the details of the agreement, oversight, etc. this is bad, on the whole.  The whole homeland security industry depends on the existence of a continual series of threats to keep the money rolling in.  After the post 9/11 ‘glory days’ of blank checks to anyone and everyone who could cram the word terrorism or security into their resume or business description, politicians began to want some return on their security investment dollars and so the domain of homeland security agencies and fusion centers began to expand to the monstrosity that is ‘All crimes, all hazards’.  I’m beginning to think we’d be better off with an “Agency for Infinitesimally Unlikely but Really Scary Events”.

But, before I get too deep into this allow me to throw some props to Pennsylvania.

• The bulletin is unclassified!  That, quite frankly, is amazing.  I can’t find a recognizable classification caveat anywhere in the document.  They’d be my heroes if they didn’t have to end the document with the weasley:

This document is provided to organizations/stakeholders associated with the security of Pennsylvania critical
infrastructures, key resources and significant special events. It is not to be distributed beyond those Pennsylvania stakeholders without the express permission of the Pennsylvania Office of Homeland Security.

• While the PA Office of Homeland security website is by no means perfect, it isn’t the worst I’ve seen and seems to indicate an intent to provide some information to the public.  Given the abysmal performance of most such agencies in this arena, they do deserve a nod for that.

Ok…in the words of Benjamin J. Grimm, ‘It’s clobberin’ time!’

The first part of the report is a ‘Dates of Interest’ section.  This entire part of the document is a HUGE red warning flag that calls into question the analytical capabilities, political orientation, ethical standards and understanding of U.S. law of the Institute of Terrorism Research and Response.  It also calls into question the judgment and competence of whoever is approving and evaluating these products with the Pennsylvania Office of Homeland Security.  Yes, my friends, the rot runs deep.

This section really speaks more to the writers (and, perhaps their perceived audience) than it does about actual threats.  So, you’ll find a lot of warnings about Muslims, anti-war activists, environmentalists, animal rights activists and left leaning groups.  There is not one incident where ‘right wing’ groups or individuals are noted.  This is particularly problematic given the time frame of this portion of the report which covers 31 August to 4 October.  Remember all that hoopla about the ‘Ground Zero Mosque’?  No one had any concern that there might be violence or protests aimed at Muslims?  Apparently not.  The fine folks at ITRR seemed to only see the threat coming from teh Muslims.  Were there no Tea Party rallies planned during this time period?  You know, the ones where people talk about watering the tree of liberty with blood?  Apparently not.

I suspect the writers of the report knew that they were peddling crap and so attempted to create the illusion of credibility by peppering in phrases like ‘increased risk of escalation’, or ‘Targeting communications indicate a focus on evading or sabotaging law enforcement’ but they see no need to substantiate anything and so such phrases are meaningless.

Quite frankly, there’s nothing in those first three pages that should be anywhere near a law enforcement intelligence product without a lot more context and a clear explanation of the link to criminal activity.  The analysts involved need a great deal of remedial training and whoever is in charged probably needs to be moved to accounts receivable.

But let me not stop at the first three pages.  The best place for the whole document would be the crapper if the paper it was printed on was super soft and absorbent.  The rest of the bulletin is more bullshit trying to conflate political activism, civil disobedience and terrorism.  Really, the authors should be ashamed of themselves for producing this nonsense.  Unfortunately, I don’t think we can say it’s an outlier.  This sort of non-intelligence intelligence is quite common and (in my opinion) the result of weak, unqualified leadership of agencies that 1) don’t understand intelligence 2) don’t understand analysis and 3) have no idea what a ‘homeland security’ agency or fusion center is actually supposed to do.  Rather, these yahoos are just winging it based upon what they gathered from watching Jack Bauer or reading Tom Clancy.

The (sort of) good news is that the public release of this document got the governor to reject it in pretty strong terms and ordered the cancellation of the contract with ITRR.  That’s a nice start but they problem remains, the people that thought ITRR was producing a quality product are still running the ship and will face no consequences for their actions.  Is there a stronger way to demonstrate that you think intelligence issues aren’t important and high standards aren’t needed?

It’s even more problematic when the guy in charge doesn’t recognize that Timothy McVeigh was a terrorist (although that might explain the dearth of ‘right wing threats’ in the bulletin).

But here’s the real important bit of information that might have gotten missed.  As outrageous as these bulletins are, they don’t mean much (in the short term at least).  The fact of the matter is many agencies have been producing such voluminous amounts of crap since 9/11 that most of it goes directly from inbox to trash without being read.  So, while many people within the state government may have known about the garbage IRTT was producing, the head of the PA State Police may have summed up best why this may not be as nefarious as it sounds at first blush:

State Police Commissioner Colonel Frank E. Pawlowski was aware of the bulletins; at least, they were distributed to the State Police and Rendell said Tuesday that Pawlowski told him nothing in the bulletins “was of any value to the State Police.”

In short, it might just be that nobody was really reading these things (Really, how many times can you read ‘While we have no evidence of a threat, we recommend everyone remain alert’ which just translates to ‘Hey, if something happens, we’re going to use this as proof that we gave you the dots and you didn’t connect them’?)

The problems with hierachy…

One of my recurring themes is that intelligence analysis is hampered through institutional inertia, particularly the desire of many (all?) organizations to cram their analytical staffs (both physically and functionally) into the existing structure’s hierarchy.  While this makes the organizational flunkies comfortable (everyone has a nice, neat place on the line and block chart) I argue that this hampers inter-and intra- analyst communication and collaboration.  Madcap results usually follow.

One of the ways people tried to overcome such problems has been to create fusion centers.  I haven’t been too fond of them for a number of reasons, one of which is that it only pretends to address this problem.  Analysts assigned to fusion centers still belong to their home agencies and you can’t really achieve the same unity of command that you can get in military organizations.  Worse, there’s no guarantee that the people running your fusion centers will have more than a passing knowledge of intelligence matters.  In many cases, post 9/11 fusion centers were seen as hot commodities making leadership positions there more a function of organizational patronage than an understanding of what intelligence does.  As one fusion center supervisor told me ‘Intelligence work doesn’t require any special qualifications.  Anyone who’s a good manager in one area can be a good manager of an intelligence section.’

Right, so maybe we should hire the manager at our local McDonald’s since the skill sets required for success are identical.

This set up creates two obstacles.

1. the reluctance to share information
2. the reluctance to share knowledge

Now, post 9/11 everyone has been fired up to address #1 either assuming #2 was synonymous with it or not being aware of the difference.  So what is the difference?  Well, over the weekend (god help me) I was reading “Knowledge Sharing as a Contingency in the Design of Counterterrorism Organizations” from the International C2 Journal.  The put the distinction this way:

…knowledge enables action, whereas information provides meaning and context for action…

Yeah, I didn’t care for that either but they seemed to imply a better formulation later on that I liked much better.  Information addresses the ‘Who, what, where, when’ questions while knowledge addresses the ‘why, what’s next, and so what’ questions.

I’d say, despite recent headlines, we’re doing an ‘ok’  job at intelligence sharing (at least among law enforcement agencies).  We are, however, not doing much of a job at knowledge sharing and continue to work within systems that are structurally unsound for intelligence work.  That, according to the authors of this paper, is a bad thing.

The authors design and test an experiment comparing the analytical abilities of groups using a traditional hierarchical structure against an ‘Edge’ system (defined in the experiment as having ‘no pre-assigned leaders or functional groups established in advance’ and ‘without formal leaders, functional groups or restricted communications’.  You can almost hear the screams of ‘Anarchy!’ from the old guard).  They evaluated the systems on their speed and accuracy.  And here are their results:

1. Persons working in an Edge organization, on average, perform their work faster [than in a hierarchy]. However, persons working in Edge and Hierarchy configurations produce comparably accurate result
2. Persons sharing knowledge, on average, perform their work more slowly [than those just sharing information].  However, persons sharing knowledge produce more accurate results.  These results imply an interesting trade space for organizational designers: the sharing of knowledge results in more accurate but slower performance.

And therefore…

…knowledge sharing within Edge organizations signals benefit without cost: accuracy improves with no speed degradation. With the Hierarchy, however, costs and benefits in terms of speed and accuracy must be traded off against one another. This suggests that the Edge organization may have a performance edge over the Hierarchy. Moreover, when knowledge is shared, the Edge is considerably faster (0.47 vs. 0.25) and more accurate (0.75 vs. 0.69) than the Hierarchy is.

So, now that we know this (or at least can recognize the possibility that hierarchical organizations with an obsession with information sharing to the exclusion of everything else may not be the best way to address intelligence concerns in a complex environment) what will the future of intelligence organization look like?

My bet is it’ll look exactly like it looks now.  Oh, we might get better at talking about it and claiming we’re making changes but scratch the surface and you’ll see it’s the same old stuff in new, shiny packaging.  As  long as nothing goes wrong, nobody gets hurt.  Agencies get to run in their old, comfortable ways, the public thinks it’s getting some sort of new, improved security and everyone is happy.  And if something does go wrong, everyone can rush to the nearest TV camera and claim ‘We had no way of knowing!  This was totally unforeseen!’

Cue useless government fact finding report in 3…2…1….

Product versus process

As I slowly (oh, so slowly) try to climb out of this deep, deep hole otherwise known as pursuing a graduate degree I’m mildly surprised how much I miss blogging.  So, I’m up for a quick breath of air…

I’ve seen a lot of attempts to ‘reboot’ the intelligence process in organizations.  One reason why I think I’ve seen so many is that all of the previous attempts have failed.  It struck me as I was listening to a pitch for yet another attempt (Once more into the breach!) that these attempts have shared some common characteristics.

• Sense of urgency – It’s eight years after 9/11, and nobody wants to hear that our intelligence work isn’t up to snuff or that we need to go back to the drawing board and do all the foundational work that wasn’t done initially.  In short, no one wants to have to answer the questions “Well, what have you been doing for the past 8 years?”  So, once the determination has been made that the intelligence/analytical process needs help, there’s the follow on demand that change occur NOW.  The underlying assumption is that all of the foundational work must be correct and any shortfalls must be superficial in nature (software applications, training deficiencies, etc.)
• Product fetish – The demand to see immediate results leads to an expectation to see a ‘quick win’ (a phrase which should result in immediate flogging if ever uttered again) in the form of some sort of intelligence product.  The stated reason for such a product is that it will build momentum.  I suspect the real reason for such a product is that it allow the sucker who was roped into this new responsibility a way to get higher ups off his/her back with the appearance of progress and the ability to leap to the next higher wrung on the ladder before the edifice crumbles yet again.
• Process avoidance – What doesn’t happen is an examination of what processes are needed to build an effective intelligence system and the development of a strategy to implement such a system.  I am hard pressed to find an analyst below the federal level who can claim to have a working planning and direction process in their agency.  Collection plans?  Who has time for that.  Analytical standards?  Hey, this isn’t some ivory tower.  The pathological avoidance of processes means that intelligence efforts will remain ad hoc and require constant reinvention.  (I’ll admit the possibility that such a system may be in the best interest of the institution by creating an ever renewing opportunity for ‘rising stars’ to make their mark by delivering such ‘quick wins’.  Such a position would be valuable for a person to have within his/her pervue within a system which allows for the distribution of promotional opportunities based upon patronage rather than merit.)
• Lack of appropriate expertise – If you ask analysts about the people put in charge of them or their agencies and specifically inquire about the backgrounds of their leadership you’ll often find a lack of training or experience in intelligence and analytical work.  I attribute this to two primary factors:
  • patronage – ’nuff said.  These jobs tend to be high profile and often on the ‘fast track’.  Leaders like to put their favorites in those positions.
  • Tom Clancy – Well, maybe it’s not really his fault but since I don’t like the guy I’m going to blame him.  What I mean here is the increasing access of information over the past decade or so along with a reoccuring narrative that everyone’s opinion is just as valid and insightful as everyone else’s.  As a result intelligence and analysis are viewed as no big deal and something that can easily be picked up.  Just watched season 1 of ’24’?  Sure you’re qualified to run a counter-terrorism center.  I exaggerate, to be sure.  But not by much.

This is all facilitated by the fact that analysts remain the red headed step children in virtually all (I’d say all but I haven’t spoken to people in every agency) sub-federal level agencies.  In part this is because analysts are relative newcomers to the field, encompass such a wide range of duties (from data entry to investigative support to ‘true’ analysis) to almost make the title ‘analyst’ useless, and have no real institutional power (control of resources or the ability to make policy).

If you can get your hands on an organizational chart for an agency with analysts in it, see how many levels of non-analyst leadership a product or idea would need to go through to get to the top of the food chain.  Then try to see how many of those intervening levels have a familiarity with intelligence issues.  In most cases you’ll see that a lot of talk about ‘breaking down information silos’, ‘intelligence fusion’ or ‘intelligence led’ whatever really boils down to security theater.

What has improved (marginally) over the past eight years has been in information collation and distribution.  Many more people get information they wouldn’t have otherwise received.  The problem is that information almost never is evaluated in a meaningful way, analyzed, placed into context or combined with other information to answer questions that analysts should be paid to answer.  We need to stop obsessing on the ‘who, what, and where’ questions (which investigators, law enforcement officers and other currently do very well on their own) and work on the ‘why, so what and what’s next’ questions (which nobody is doing).  After all, if we aren’t answering those, what exactly is the job of an analyst?

Fusion center blues

CNN had this spot on this morning as part of a report about potential intrusions on your privacy.  The focus here was on fusion centers.  The report itself isn’t particularly insightful (part of the problem of trying to cram an issue that requires 10 minutes into a 2 minute slot) but the chit chat between the reporter and the anchor afterwards was very interesting.  The report raised the concern that fusion centers might be collecting and distributing information about citizens without any reasonable suspicion of criminal activity apart from their political affiliation or history in engaging in constitutionally protected activities.

So when the report ends, the anchor says something to the effect of ‘Everyone should really make sure they check their privacy settings on all their web pages, blogs, etc. to make sure only the people you want to see your stuff actually see it.’

The reporter replies:  ‘Yes, you really have to watch what you say and do now because you never know when the government or your employer may be watching.’

Whoa…I thought, ‘Did she really just say that?’  How in the world did we get to a place where a reporter can say something like that and then cut to the weather as if they just showed a clip of a water-skiing squirrel?

“Conjecture without evidence of imminent harm…”

“…simply fails to meet the board’s burden of proof.”

That was part of a quote by a federal district judge rejecting the argument by the Federal Reserve that releasing the names of financial institutions which received assistance would cause harm and instability to the financial system.  (You can hear a little more on this Planet Money podcast)

I thought about this quote and how it could equally appeal to the over classification of information, particularly in law enforcement circles.  Don’t get me wrong, over classification is a big problem in the military (and I assume throughout the rest of the national security system) as well but that deserves it’s own treatment by someone more familiar with the subject than I.

Law enforcement, however, seems to fetishize the classification of information and do it for particularly poor reasons.  Now, there are some very good reasons for keeping some information generated by law enforcement and sub-national intelligence organizations (in which I’ll lump fusion centers and state or regional ‘homeland security’ agencies in addition to others).  Information about confidential informants and ongoing operations need to be kept secure lest investigations and the safety of people involved become compromised.  Likewise, some information about the understanding of the threat and vulnerabilities that can be exploited should be kept secret.

That does not mean, however, that the default position for all information generated or intended for consumption by these agencies needs to have a classification label attached to it.  Yet, far too often, information that is either publicly available or of an entirely trival nature is festooned with some many security caveats that you’d think that it contained the nuclear launch codes.

I think there are three basic reasons for this, two of which are never stated when defending the current practice but which, I believe, exert a considerable force in preventing any real reform to the system.

1. The criminals will know what we know. By far, this is most often cited as the reason by information has to be classified.  It assumes that criminals (and there is no distinction made about criminal groups with this argument, both the street level addict ripping off hubcaps for his next fix and the highly sophisticated international criminal network are viewed as equal here) are all conducting intense counter-intelligence operations with advanced collection plans and analysis of their own.  In short, agencies argue that criminals are doing a better job of intelligence work than they are.  The fact that such operations are exceedingly rare makes no matter.  The fact that anyone has done such work anywhere means that we need to act as if everyone is doing it everywhere.  This is where the judge’s quote comes into play.  Just because you can conceive of a possible threat doesn’t mean that threat is likely.  Life isn’t a Tom Clancy novel or an episode of ’24’.
2. Look, ma!  I’m important.  Unfortunately, regional, state and local agencies have absorbed the lesson from the federal intelligence community that the only information that is worth looking at is information which is restricted in some way.  In many cases this whole thing is a bit of a game since caveats like ‘Law enforcement sensitive’ are useless in their lack of clear definition and sanctions if violated.  As a result, agencies put these restrictions on products no so much because of any harm which would result in the event of their unauthorized disclosure but as a badge designed to impart some authority on the product.  It’s not uncommon to see media reports, copies at length without additional commentary labeled law enforcement sensitive for no reason other than a lazy and pathetic attempt to generate an aura of authority and expertise.
3. Well, I actually forgot the third reason while writing this but I’m sure it was brilliant.  Until I can remember it and update this post, these first two reasons should be enough to support my argument.

The key in the above is that they are the victim (or, I guess, beneficiary) of unexamined assumptions.  And when there are questions about the validity of these arguments, where does everyone turn?  To the very people who propagate and operate under these systems.  Very frustrating.

We need to get away from fantastical scenarios of how criminals operate and begin to consider that, in fact, there are many benefits to making more information available to the general public.  We already release raw crime data to the public (in the form of UCR data).  Some states do a very good job of putting that data in formats that can searched in multiple ways and can be compared to other data sources.  Other states just publish a pdf document, which in todays information saturated world seems, to me at least, a lot like through a stack of papers at someone, giving them the middle finger salute and daring them to actually do anything with the data.

The public should not only know what sorts of criminal activities are occurring in their neighborhoods but they should also be able to get informative assessments of threats.  Why shouldn’t people be allowed to know if the authorities have determined a particular area is at low risk for terrorist attack but, let’s say, moderate risk for hate crimes, as well as how such a determination was made?  I fear the wrong lessons were learned earlier this summer when the DHS report on political extremism got leaked and created a PR firestorm.  Rather than caving into criticism, the DHS could have started a real dialog about their methodology and findings, using the incident to explain to the public how analysis works and what it is.  I’m sure there still would have been strong disagreements about the conclusions by many and even a bit of paranoid hysteria among the fringe but really, what a lost opportunity to educate the public.

State and local authorities have a lot to learn from this incident.  If they’re serious about conducting intelligence at all, they’d be much better off laying the groundwork and making the process as transparent as possible now, before they have to scramble to explain a potentially embarrassing conclusion or product.  The goal isn’t to get unanimous agreement with the conclusions but, as Prof. Roberto says, you need to achieve an understanding that the decision or analytical process is legitimate and fair.  Otherwise, you open yourself up to all sorts of criticism that you’re paving the way for a Socialist (or fascist, authoritarian, extraterrestrial, anti-christ, etc.) takeover of mom’s apple-pie business.

Fusion Centers – Part 2

Part 1.

Prosecution vs. prevention:  The prosecution/prevention dynamic is one of the key reasons that I’m generally pessimistic of the ability of law enforcement agencies to handle intelligence operations.  Law enforcement and elected officials are all about demonstrating their effectiveness in keeping society safe.  Their primary methods for doing that have been the domestic equivalent of body counts used in the Vietnam War to demonstrate progress:  arrests and contraband seized.  The problem is that while those metrics have a certain common sense appeal, they don’t necessarily point to any particular progress without a whole host of contextual information that in many cases just isn’t available.  So, if we hear that $10 million is cocaine has been seized or 50 people arrested what exactly does that mean?  Will drugs be harder to get on the street?  Did crime rates decline as a result?  Have the operations of criminal network A been seriously disrupted?  In short, the problem is that we’ve internalized bad metrics to determine how successful we are.  It’s become so bad that many can’t even conceive any alternative methods of determining success which then gives us quotes like this:

“The more successful you are, the less you have to show for it.”

When a state director of homeland security says something like that, you’ve got problems.  Assuming that just because planes aren’t flying into buildings means you’re successful is setting yourself up for future failure.  This is one area where lessons learned from our counter insurgency campaigns in Iraq and Afghanistan can be helpful.  We’ve recognized that body counts aren’t effective and so some within the military have begun looking at the problem of terrorism and insurgency obliquely through many different quantifiable measures.  How many tips come in from high risk populations?  How engaged is the local population in the existing government (requiring a whole host of additional metrics like voting, using government services, etc.)?  The prevalence of anti-government graffiti/leaflets in a specific area.  There’s no reason why domestic agencies couldn’t take a bit of time and come up with their own metrics, test them for validity, and use those to determine progress rather than the old standbys of arrests and seizures.  Yes, there might be dozens of metrics, it might be difficult to summarize them in a ten word sound bite but assuming the goal is to understand the environment we’re operating in and reducing the probability of being surprised by some sort of catastrophic event in the future this would be a big step forward.

My other problem with the quote above is that it makes the assumption that a lack of terrorist attacks is the result of work by the homeland security sector.  Perhaps there are other reasons why terrorists haven’t launched attacks that have nothing to do with our attempts to thwart them.  Unfortunately, if we aren’t looking, we’ll never know.

The Gravy Train:

“Many local administrators will be loathe to give up their big-ticket equipment items, previously paid for by grants in exchange for information or intelligence that may or may not prevent an attack that may or may not happen.”

Probably not unique to fusion centers but the drive to chase grant money and buy big ticket items first and then figuring out what role they might play in operations being a secondary consideration definitely makes intelligence work difficult.  I was once asked to make a recommendation on a software system which would be purchased with eagerly anticipated grant money.  I actually found a couple of alternatives that were superior to the proposed software that cost nothing.  I actually expected that finding to be welcomed but instead was greeted as if I kicked the family dog.  If we went with the free alternative after all, we wouldn’t be eligible for the grant money.  I suspect that the phrase “Oversaw the purchase and installation of a $40,000 computer system” looked better on an evaluation than “Installed freeware and avoided the need for time spent on a needless grant application.”

The nature of the threat:  Because of the lack of metrics of success (as currently defined) in the homeland security field, there is a tendency to exaggerate threats.  Since we have so many fusion centers and state and local offices of homeland security everyone has to justify their existence by pointing out that the next big terrorist attack might just occur within their area of operations.

“His position was that many of the domestic plots that have been uncovered nationwide were unsophisticated, and considered to have minimal potential by some.  Who would have thought, however, that nineteen guys with box cutters could have done what they did prior to 9/11?”

Utter nonsense.  The 9/11 hijackers were not ’19 guys with box cutters’.  They were a trained, well-funded group with a long logistical tail and chain of command .  To compare them with the amateurs and weekend warriors who have been arrested domestically since then either reflects a fundamental misunderstanding of the threat or is intentionally misleading.  In either case, it’s not the sort of statement a state director of homeland security should be making.

Strategic vs. Tactical:  As many agencies are beginning to flirt with the idea of incorporating intelligence into their operations their is a lot of confusion about what it exactly entails.  One of the fundamental divisions within intelligence is between strategic and tactical focuses.  Just as with the concept of intelligence generally, it is not at all clear how broad or deep the understanding of those focuses are.  As discussed in Part 1, most regional/state/local agencies with a new (or not so new) intelligence capability are skewed towards tactical (case support) intelligence since that is what the agencies and the bulk of their personnel are most comfortable with.  It is also the type of intelligence most likely to lead to those metrics of success I mentioned earlier (arrests, seizures, opportunities for photo ops).

Counter Terrorism vs. All Crimes, All Hazards:  I’m not a fan of the idea of ‘All Crimes, All Hazards’ in fusion centers.  It’s basically a sign that the leadership of the center couldn’t or wouldn’t make any decisions about what priorities the center should be working on and so punted.  They may have done it because they don’t understand how intelligence works or an effort to wring more resources from elected officials by promising to do everything but it’s a bad idea.  Remember:  When everything is a priority, nothing is a priority.  That is why fusion centers (like all organizations) need a clear, explicit mission statement which identifies a limited number of priorities which can be adequately addressed with the resources at hand.

“…50 percent of the fusion centers felt that there was not enough purely counterterrorist activity to consistently support a fully staffed fusion center.”

I suspect that’s probably correct but I wonder if that statement is based on anything other than a gut feeling.  If fusion centers are spending the bulk of their resources on case support or passing along bulletins and alerts from other agencies, how clear a picture of the operating environment do they really have?  Perhaps, this should stimulate debate about whether we need so many fusion centers rather than build them and then try to figure out a mission for them.

“…everyday crimes can turn up information, especially crimes that can support terrorist operations.”

Sure, a lot of crimes can support terrorist operations but the idea of centers going through everyday crime data to uncover terrorist plots seems a bit of a reach.  I just don’t see how the overwhelming amount of data that would have to be sifted through can be vetted and analyzed by the relatively small analytical staffs.

“Another potential hazard of following a purely terrorist approach is that if there were an insufficient level of meaningful work and analysts were not being challenged, not only would their skills erode but they might seek other opportunities.  It is already very difficult for fusion centers to meet their staffing requirements; analysts often leave if they find the work unrewarding.

So now we need to keep fusion centers as a jobs program for analysts?  If good, clear requirements are set and intelligence products are incorporated into policy and operations decision making analysts will be knocking down the door to work.  In my experience, analysts jump ship when there doesn’t appear to be anyone at the till and the office is adrift (how’s that for some nautical imagery) or perceived to be irrelevant.

“…one way for fusion centers to show value is to “catch the bad guy.””

Again, this misses the point and seems to be saying that case support is the only value fusion centers can provide.  How about intelligence for helping policy makers make informed decisions?

Prioritization:  Very interesting concept of triage of tips and leads.  I’m suspicious about its practicality in the face of bureaucratic interitia and excessive ‘CYA’ activities but worth looking into further.

Leadership:  Leadership in fusion centers can be seen as an exercise in bureaucratic empire building especially when the center was formed from an existing agency, drawing heavily upon their personnel, leadership and management style.  Fusion centers would indeed benefit from intelligence professionals who are skillful managers and possess excellent networking skills but it is very easy to view centers as additional opportunities to promote those who have no intelligence background, perspective or other useful skill apart from loyalty to the existing leadership and/or a desire to further the goals of their organization.

Analysts:  The fundimental problem with analysts in fusion centers is that very often, those staffing centers aren’t sure what they’re looking for.  They aren’t clear on what sorts of products are to be produced, what type of work is to be done or what skills are needed.   This has led to analyst positions being filled by administrative staff, those looking to get a foot in the door in their quest to become a law enforcement officer, and others.  Usually, hiring criteria for analysts includes a requirement to have an undergraduate degree in criminal justice, or some other specific major.  I’m convinced that limiting analysts to specific majors is mistaken and that I could find people who could be brilliant analysts with degrees in literature, chemistry or geography.  Critical thinking, intellectual curiosity, writing ability and comfort with technology are critical skills applicants should bring to the table and the rest can be taught.

Additionally, analysts usually go through no or minimal training after being hired, resulting in a generally low reputation among those who have had to go through lengthy training in academies or have extensive work histories.  In the Army I had to go through 14 weeks of training to be an entry level analyst.  Is it reasonable to expect people with no experience to jump right in and offer analysis on complex issues?

There is one well-travelled course for intelligence analysts called Foundations of Intelligence Analysis Training (FIAT).  The course is well intentioned but it doesn’t do much to produce intelligence analysts.  I won’t go into an in depth critique of the course here but it leaves graduates far from ready to perform analytical tasks.  What FIAT and similar training does do is allow agencies to think they have trained analysts.

Lack of good training and ineffective selection procedures lead to analysts that don’t have the confidence to make judgements and predictions.  In my experience, many analysts working within the law enforcement community (and I include fusion centers here) are so eager to please the powers that be that they often try to tailor their assessments to fit the party line.  This is usually an unconsious process and many analysts have difficulty even conceiving that a different perspective might be more accurate or useful.

Fusion Centers – Where are they now? Part 1.

1. A little while ago I came across this thesis from the Naval Postgraduate Institute about fusion centers.  I’ve written about them before and my opinion of them is pretty low.  I do think they have enormous potential for either good or ill but generally have just been wallowing in oceans of mediocrity and bureaucratic self interest.  They are important to follow though because of their potential and so I try to keep current on their latest (d)evolutions. 

I’m not a total masochist so I didn’t bring the entire report with me to read on vacation, but just the most interesting looking chapter titled:  Analysis of Current Practice for Fusion Centers.  I recommend checking it out, even if you read nothing else because it raises some interesting issues (I suspect some unintentionally) that are in desperate need of discussion .

So, here are my comments on what I’ve read so far.  I’ll try to give enough context from the original paper to give you an idea of what prompted my comments without quoting the paper at length.  My perspective on this issue is based on work I did with one fusion center (rather extensive but more than a year ago) as well as regularly reviewing the products of several fusion centers.  I feel I have a pretty good picture of the analytical capability and internal operating environment of fusion centers generally and that is responsible for my generally pessimistic outlook on them.  That being said, I have had some contact with a member of one center who leads me to believe that there may be hope out there. We’ll have to wait and see.

Customer Identification: 

1. Who are the customers for fusion center products?  The thesis says that one survey “overwhelmingly identified investigators and law-enforcement as their primary customer” yet a discussion with analysts in those centers revealed confusion about who their customers were supposed to be and what they should be producing.  Fusion centers are often run by state law enforcement agencies, usually by people who understand how to run criminal investigations but have a weak grasp of what intelligence is and how it can be used.  As a result, fusion centers tend to flail about and can’t seem to claify what their mission is or how they intend on doing it.  What they do is hide their confusion in a bunch of management speak gibberish and throw around words like ‘symatry’, ‘paradigm’, or ‘value added’ without having the slightest idea of what they’re talking about.  The confusion drips down to lower levels and before you know it, no one knows what they should be doing.
2. This jives with my experience where fusion centers, anxious to be the ‘one stop shop’ for every conceivable issue (so that they can stick their hand into every possible funding source) sell themselves as having a focus on ‘All threats, all hazards’.   Fusion centers don’t want to turn away any potential customer so they promise everything to everyone. 
3. Since fusion centers have a heavy investigative bent in their management and a weak grasp of intelligence they, de facto, overwhelmingly become case support focused in their production.  There are many ways to look at potential customers for a fusion center and as far as I know, very little time is spent on identifying who they should be before the center opens its doors (the best time to figure out what you’re going to do is before you start).  Are you going to target police makers, managers, line supervisors or rank and file?  Perhaps you want to focus on one component;  law enforcement, EMS, fire, etc.  Maybe it’s some combination of those.  Still, that needs to be clearly  articulated and far too often, it is not.
4. This is also a difficult problem because many (most?  all?) of the potential customers out there are unfamiliar with the concept of intelligence in their operations and decision making processes and so fusion centers have to take it upon themselves to educate potential customers about what they can and can’t do and given #1 above, that’s a pretty tall order if the leadership doesn’t know itself.

Tasking:

• The author cites an unnamed analyst who seems brilliant and I really want to buy him/her a beer.  In one quote (s)he says:
  • “One of the biggest problems facing fusion centers is getting law enforcement administrators to establish standing requirements.  Law enforcement administrators cannot become effecient consumers of intelligence if they do not take an active part in establishing what requirements are established or why.  The standing requirements of a fusion center should not be established in an ad hoc fashion.” 
• I think law enforcement is loath to establish standing requirements, in part, because they fear repurcussions if they don’t pick the ‘right’ requirements.  What happens if some criminal or  crime type grabs the headlines and sparks fear in the population and it turns out that our brave little fusion center wasn’t tracking that particular threat.  I think the perception is that could end a career.  Better to not establish any priorities so that when times are good you can claim to be tracking every possible threat to mankind and when times are bad you can hope no one will notice.

I don’t want this post to get too unwieldy so I’m going to have to break it up.  Stay tuned for part 2.