Tag Archives: intelligence analysis

Intelligence led? Quiz!

So, here are three hypothetical organizational structures.  Assume the orange blocks represent intelligence analysts.  Which organizational structure do you think would best allow for analysts to reflect the descriptions below?

  • are responsible for “connecting the dots” and producing finished intelligence products required for influencing decision-makers.
  • regularly engaged  and formally requested to produce appropriate analytical intelligence support for ongoing operations
  • Develop and maintain in-depth awareness of, and familiarity with evolutions in the criminal environment throughout the region, and, as needed, throughout the world.
  • Assist strategic and operational leaders with formulation and production of collection plans

Organization 1

Organization 2

Organization 3

Tip top secret

When the Washington Post released their Top Secret America in July it was met with almost universal yawns.  They released another part in their series yesterday and while not exactly packed with new information (particularly for readers of this humble endeavor) it’s worth a look.

This article focused on the proliferation of state and local agencies in the intelligence business.

Among their findings:

  • Technologies and techniques honed for use on the battlefields of Iraq and Afghanistan have migrated into the hands of law enforcement agencies in America.
    • Perhaps expecting the same, cracker-jack results?  Read Sven’s post on this for more.
  • The Department of Homeland Security, for example, does not know how much money it spends each year on what are known as state fusion centers, which bring together and analyze information from various agencies within a state.
    • Are you kidding me?  How hard can it be to count all those flat screen TVs?
  • Napolitano has taken her “See Something, Say Something” campaign far beyond the traffic signs that ask drivers coming into the nation’s capital for “Terror Tips” and to “Report Suspicious Activity.”…In her speeches, she compares the undertaking to the Cold War fight against communists.
    • Uh…you mean the system where we threatened to blacklist people unless they started naming other ‘sympathizers’?
  • there were 161,948 suspicious activity files in the classified Guardian database, mostly leads from FBI headquarters and state field offices. Two years ago, the bureau set up an unclassified section of the database so state and local agencies could send in suspicious incident reports and review those submitted by their counterparts in other states. Some 890 state and local agencies have sent in 7,197 reports so far.
    • And the results?  Five arrests and NO convictions.

    “Ninety-nine percent doesn’t pan out or lead to anything” said Richard Lambert Jr., the special agent in charge of the FBI’s Knoxville office. “But we’re happy to wade through these things.”

    • No, it’s not 99% doesn’t pan out…It’s 99.99997% that doesn’t pan out

There’s also a discussion on the rather poor state of analysis at that level with the tendency to throw the term around like it’s going out of style.

“The CIA used to train analysts forever before they graduated to be a real analyst,” said Allen, the former top CIA and DHS official. “Today we take former law enforcement officers and we call them intelligence officers, and that’s not right, because they have not received any training on intelligence analysis.”

This is the result of an assumption (despite what you hear about how important analysts and analysis is) that intelligence work generally and analysis specifically is something any reasonably bright (or not so bright) person can do.

Actually qualified personnel to do analysis?  Bah!  That’s for sissies!

Training gets a long overdue hit as well.

In their desire to learn more about terrorism, many departments are hiring their own trainers. Some are self-described experts whose extremist views are considered inaccurate and harmful by the FBI and others in the intelligence community

Yeah, let’s be clear.  This isn’t only true of terrorism.  Way, way back I did training that I was unqualified to do.  I didn’t know I was unqualified.  I thought I knew what I was talking about but now I shudder when I think about some of the things I said.  Fortunately, the consequences of my actions were minimal.

And there’s plenty of space left for my old bugbear, fusion centers.

The vast majority of fusion centers across the country have transformed themselves into analytical hubs for all crimes and are using federal grants, handed out in the name of homeland security, to combat everyday offenses.

‘Analytical hubs’ seems a bit generous but the jist of the statement is about right.  Many centers prioritize their capabilities and work to the availability of funds rather than any assessment of threat.  That’s why we’ve ended up with the concept of ‘all crimes, all hazards’ which really is just the fusion center equivalent of that dopey color coded threat level thing.

The DHS also provides local agencies a daily flow of information bulletins.These reports are meant to inform agencies about possible terror threats. But some officials say they deliver a never-ending stream of information that is vague, alarmist and often useless.

And, local agencies, suffering from IC envy produce their own useless junk.  But, when your metric for success is how big your mailing list is and how many bulletins you distribute you really don’t care if it’s useless.  Which leads to another problem…no system for evaluating the usefulness and accuracy of published products.  Instead, you see a ‘fire and forget’ mentality in which review and reflection play no role in the intelligence process.

And let’s bring it all home with the inevitable warning that it’s not if another attack happens…but when:

“We have our own terrorists, and they are taking lives every day,” Godwin said. “No, we don’t have suicide bombers – not yet. But you need to remain vigilant and realize how vulnerable you can be if you let up.”

I’ve been listening to people tell me that we’re six months away from a wave of suicide bombers in the U.S. for at least six years now.  While I’m sure we’ll see them some day, as they say:  even a broken clock is right twice a day.


And the wikileaks confusion continues…

It’s worthwhile to remember that of the 250,000 documents in Wikileaks is slowly releasing, more than half (130,000) are unclassified.  So what’s the deal with them?  Well, the Congressional Research Service is asking for guidance as to whether their analysts could use the unclassified cables for their work.   According to the director:

“…it seems clear that the republication of known classified information by CRS in an unclassified format (e.g., CRS reports or congressional distribution memoranda) is prohibited. We believe this prohibition against the further dissemination of classified information in an unclassified setting applies even if a secondary source (e,g., a newspaper, journal, or website) has reprinted the classified document. The laws and applicable regulations are decidedly less clear, however, when it comes to referencing and citing secondary sources that refer to, summarize, or restate classified information.”

How about a little common sense and explicitly stating that people need not worry about losing their clearances or being subject to criminal penalties for reading the unclass stuff?

Bone-headed security decsions (wikileak edition)

Hey…Wikileaks is in the process of releasing 250,000 diplomatic cables written over the past four decades.  They’ve had the information for months now and have given at least some of it to the press.  What’s the U.S. government do?

Attempt to keep the information from U.S. government employees.  Never mind everyone else and their brother has access to it.  The U.S. government position is:

Classified information, whether or not already posted on public Web sites or disclosed to the media, remains classified, and must be treated as such by federal employees and contractors, until it is declassified by an appropriate U.S. government authority.

Now, I can certainly understand the forbidding of the downloading and viewing of these documents on work computers.  After all, it there are pretty clear rules about the storing of classified information of work computers and having these on unclassified machines would make accountability difficult.  Besides, what the hell are you doing screwing around with Wikileaks at work anyway?  The fact that they’re extending the edict to include the personal computers of employees and contractors is what I don’t understand.

The information is out there.  Government policy does NOT prohibit people from viewing media accounts of classified information.

This requirement does not restrict employee or contractor access to non-classified, publicly available news reports (and other non-classified material) that may in turn discuss classified material, as distinguished from access to underlying documents that themselves are marked classified (including if the underlying classified documents are available on public websites or otherwise in the public domain).

So, if a media report quotes one of these documents at length do you have to report yourself or is that OK?  How much of the underlying document can you see without violating this rule?  How would you know?

A completely unenforceable rule which does nothing except further the exact opposite of what they intend.  Rules like this erode the idea of classified information rather than strengthen it.  After all, are we really to believe that the government will compare a list of everyone who has viewed or downloaded these documents (assuming you could do such a thing) against the list of every government employee or person who has a security clearance?  There are so many ways to see this information in unedited form that making rules like this only encourage dishonesty.  They’re going to encourage people to make up their own rules on the fly which will set the precedent to do the same in the future when thinking about secure information that isn’t out in the public domain.

The Social Security Administration has raised the possibility of criminally prosecuting government employees who access the data.

Individuals may be subject to applicable federal criminal statutes for unlawful access to or transmission of classified information.”

And what about foreign nationals that we give security clearances to?  Should we expel British diplomats if we find out they’ve downloaded the documents from embassy or their personal computers (after all, that’s espionage!)?

Guys, the information has been released.  No amount of sticking your fingers in your ears and screaming “La La La” is going to change that.  Thousands (millions?) of people are going to have access to and read some of these documents.  Deal with it.

Oh…but that’s not all.  Now, we’re trying to frighten college students.

Columbia University confirmed…that the Office of Career Services had emailed students at the university’s school of international and public affairs, a recruiting ground for the state department.

The office said it had received advice from an alumnus who “recommends that you do not post links to these documents nor make comments on social media sites such as Facebook or through Twitter. Engaging in these activities would call into question your ability to deal with confidential information, which is part of most positions with the federal government.”

Ah…what a great plan.  I can almost imagine hearing it at some brain-dead meeting.

Flunky 1:  What are we going to do about Wikileaks?  We don’t want people to read our classified material.

Flunky 2:  I know!  Let’s encourage people to ignore the leaks.  We’ll do this by drawing an incredible amount of attention to them and make all sorts of unenforceable threats if they look at them.  Because, you know, people are never tempted by forbidden things.

Flunky 3:  And better still!  I’m sure this won’t encourage tech-savvy, information freedom activists  to spread the information further.

All together now:  Brilliant!

Perhaps the government could better spend it’s time by reviewing these documents and seeing if they could declassify at least some of them.  Keeping them classified at this point is really just silly.  They were classified when leaked so criminal charges against anyone responsible should still stand but c’mon.

Analytical training

I just spent a week teaching analytical techniques to a group of analysts (the same group that I wrote about here).  It was a very motivating experience and I was very impressed by the engagement and motivation of the group.  I’ve often written how much I enjoy teaching soldiers and this group gave the troops a real good run for their money.  In fact, I might even go so far as to say they edged them out since in the military I outrank most of my students and I have more tools at my disposal to compel participation.  I know I write cynically about the field more often than not but meeting people like this fills up my optimism well.

So, some thoughts based upon discussions, observations and repressed memories:

  • Teaching structured analytical techniques is one thing but getting them to be used is another entirely.  That’s because:
    • they’re unfamiliar (remember, there’s little to no standardized training required in the field) and when under stress of some sort, everyone will fall back on the familiar.
    • they aren’t hard-wired into the analytical process of most agencies.  As long as their perceived as something extra that’s added on to ‘real’ analysis we’re going to have an uphill battle.  I think this can be addressed through a combination of formal, entry level training, training for personnel who are going to supervise analysts and (maybe most importantly) requiring these processes be done at the agency level.  In short, products should not be considered complete without the use of some structured techniques.
  • there continues to be a tension between what analysts can do and what they’re frequently called upon to do.  So, do you make products that customers (many of whom aren’t familiar with intelligence and its uses) think they want or do you try to force feed them products you think they need (and yes, I understand this is a false choice and there are various options that straddle these two extremes but this is my blog and if I want to present you with an either/or choice I’m going to do it).  I probably need to get into a bit more detail about the first option since it sounds a bit pretentious (Oh, you know what’s best for your customer?  Don’t you think they might know what they need?).  I can’t emphasize enough that the field of intelligence analysis within the law enforcement field (even nearly a decade after 9/11) is still new and we haven’t done a particularly good job of explaining what success looks like in terms of its implementation.  Ultimately, however, I fall in the second camp.  After all, if you’ve got a kid and they ask for candy for dinner do you give it to them?  It might be best to explain the essentials of nutrition to them and get them to understand why they should eat healthy food but if they don’t buy it and threaten a tantrum you still don’t give in.  You can offer them some dessert if they finish their veggies but they still have to get through the veggies.  Unfortunately, in my analogy, your kid is also your boss at work and if you don’t give him candy you’ll be fired…I’m still working on resolving this.  Give me a couple of days…
  • Many times, what passes for product is (as they say) ‘all sizzle and no steak’.  Pretty pictures, fancy graphs tables of numbers or narratives that aren’t particularly rigorous or don’t describe what they claim to can interpreted as ‘impressive’.  I’ve termed one manifestation of this the ‘heft test’, where the size of the product is a metric to assess it’s quality (hint:  it helps to have color graphics to catch the eye while the customer flips through it).
  • Scenario based training is the way to go.  In fact, for analysts, it’d be nice to see periodic (annual?) scenario ‘war-games’ to refine and reinforce processes and skills as well as identify training needs.  Does anyone do this?
  • I’ve been thinking about riffing off of the idea of ‘Google time‘ where engineers there get to use 20% of their time on self-generated products.  After seeing about 20 analysts produce a wide ranging and fascinating set of such products as part of this course I think this idea has some merit and is worthy of some testing.  One function of intelligence analysis should be (in military parlance) to help the commander shape future operations.  In the law enforcement realm that means they should attempt to describe what the operating environment will look like in the future.  What will the threats be?  What will the challenges and opportunities be?  We simply don’t have a good process for that. While the idea of 20% time isn’t a silver bullet for the problem, I suspect it could allow analysts to devote time to subjects that they see as interesting but which might not yet be on the radar of those who allocate resources or set priorities.

Wikileaks and ‘cablegate’

First…can we please STOP putting ‘gate’ on the end of everything?

Ok, If I can come up with an interesting plan I intend on going through some of the numerous cables that Wikileaks is releasing into the world .  At this point however, I don’t have anything to say of the substance of the materials.  I do have some thoughts however:

  • Is it established that Bradley Manning is the source of these leaks (and the Afghan ones AND the original Iraq ones)?
  • We’re well into the information age.  Perhaps we shouldn’t be asking how is this happening but why isn’t it happening more often.  It also seems like we should expect things like this to happen in the future and plan accordingly.
  • I have to admit I find the issue fascinating.  We’ve been talking about non-state actors for years now but now we have a new sub-category.  Despite outrage from the U.S., Julian Assange isn’t a terrorist and having the CIA send out a hit team (which they’d probably screw up in any case) just isn’t appropriate.  Still, I think you could argue that he’s causing an amazing amount of disruption (at least in the short term).
  • Wikileaks is in desperate need of someone with web development skills.  Their search options, quite frankly, suck.  And now that they’ve been the victims of some DOS attacks, it’d be nice if they’d throw the stuff out on a torrent somewhere for download.

I agree with J that I don’t really see this as shaking the foundations of international relations.  Yes it’ll cause some embarrassment but, quite frankly, I don’t think that’s necessarily a bad thing.  Elected leaders lying to an elected representative body with the approval of the United States (beacon of democracy)?  Yeah, forgive me for not crying over that.  Continuing to give cover to Saudi Arabia who privately asks us to attack Iran yet continues to fund radical Islamism around the world?  No sympathy for the boys in State for that.

MSNBC has done a really crap job covering this issue.  Yesterday, while waiting to go to the airport I was watching Morning Joe (mea culpa!) as they were remarking (in astonishment) how such a low level soldier could access such information.

Their answer?

We need to restrict access to information!  Yeah…remember the 9/11 commission and their description of information stovepipes and agencies refusing to share with each other.  Absolutely…let’s go back to that!

And then this nonsense story about how much of a boon the information dump is to terrorists.  Ladies and Gentlemen, may I introduce Red Herring:

For example, a cable from Abu Dhabi describes a dinner hosted by Abu Dhabi’s Crown Prince and Deputy Supreme Commander of the United Arab Emirates Armed Forces Sheikh Mohammed bin Zayed Al Nahyan.He was having the dinner party for the former American CENTCOM Cmdr. John Abizaid. The cables listed a half-dozen senior UAE military officials who attended the dinner.

This is not just a guest list. WikiLeaks exposed the inner circle of the UAE’s military and intelligence command. The guest list identified the power players, information that could be useful to someone who wants to harm the UAE, or change the nation’s policy.

While the names and titles of the security officials are known (they can be looked up on Google), revealing who gathers for a top-level meeting shows who is really important. There are many security officials in the UAE.  The dinner list identifies which ones are critical.

Yes, because terrorists looking for targets will use google, look at the top result (hopefully it’s not an ad!) and stop right there.  They’d never even think about doing a good, thorough open source search or (gasp) a covert information gathering operation.

What if we were under a missile attack and no one noticed?

So I got back to my unit from lunch today and everyone started asking me “What’s going on with that missile launch off of California?!”  While I appreciated the vote of confidence in my abilities to stay informed any every potential national security issue AND have access to sources that they don’t (all while eating a veggie burrito at the local Mexican place) I’m afraid I was left in the lurch a bit.

I made a quick assessment however that since I hadn’t heard klaxons ringing, the base hadn’t been locked down and I didn’t see people freaking out everywhere Los Angeles probably hadn’t fallen victim to a nuclear assault.

Still, the sparse information during the afternoon opened up an interesting opportunity to talk about ACH.  We only considered the incident for a few moments (I was hovering around a post lunchtime coma which required at least a 50kt explosion to rouse me). Still, this is the sort of event that’s just perfect for demonstrating the technique.

Check out the video at the bottom of the CBS story.  I have a couple of observations.

I’m no expert but that video doesn’t look like what appears to shaping up to be the ‘official explanation‘ (a jet contrail).  Looks like a rocket to me.
If the government wanted to cover up this event either because it was

  1. an immense screw up by the U.S. navy or
  2. a secret North Korean/Iranian/alien demonstration of some sort of super weapon that we have no defenses against and Uncle Sam doesn’t want us to panic or
  3. we have no freakin’ clue and just want it to go away since we’re heading into the holiday season and don’t want to miss all those Black Friday sales worrying about this nonsense

    Well, they’d probably give us the same reaction (Missile?  What missile?)

    The bench was apparently pretty thin if they had to go to Robert Ellsworth for expert analysis.  He’s kinda creepy looking too.

    Look, I don’t think this is the Chinese, North Koreans, or other rogue nation.  There’s just too much risk.  I suspect the mole people have finally decided to rise up and make a move to push us from the surface world.