Embed Size (px)
DESCRIPTION
Intelligence Manual for Joint use by multiple agencies
Citation preview
1
Intelligence Manual
2
Index of Subjects
1- Intelligence Definition........................................................................................................... 3 What is Intelligence?............................................................................................................... 3 What Should Intelligence Do? ................................................................................................ 4
2- Types of Intelligence Services............................................................................................. 5 Types of Intelligence Services ................................................................................................ 5
3- The Intelligence Cycle .......................................................................................................... 9 How Is Intelligence Produced? ............................................................................................... 9 The Intelligence Cycle, summing up:.................................................................................... 14
4- Intelligence Collection........................................................................................................ 15 Intelligence Collection Management..................................................................................... 16 Collection Priorities ............................................................................................................... 17
5- Human Intelligence (HUMINT)............................................................................................ 19 What is an agent? ................................................................................................................. 19
6- Imagery Intelligence - IMINT .............................................................................................. 24 Geospatial Intelligence - GEOINT ........................................................................................ 25
7- Measurement and Signatures Intelligence - MASINT...................................................... 27 8- Signals Intelligence - SIGINT ............................................................................................. 28 9- Intelligence Categories....................................................................................................... 30
Biographic Intelligence.......................................................................................................... 32 Economic Intelligence........................................................................................................... 33 Sociological Intelligence........................................................................................................ 34 Transportation and Telecommunications Intelligence .......................................................... 34 Military Geographic Intelligence............................................................................................ 34 Armed Forces Intelligence .................................................................................................... 34 Political Intelligence .............................................................................................................. 35 Scientific and Technical Intelligence..................................................................................... 35
10- Military Intelligence........................................................................................................... 35 Military Intelligence Analysis................................................................................................. 37
11- Open Source Intelligence - OSINT................................................................................... 38 12- Intelligence Analysis ........................................................................................................ 41
Improving Analysis................................................................................................................ 42 Analysis that Fits the New Environment ............................................................................... 44 The Old Analysis vs XXI Century Analysis ........................................................................... 46
13- Counterintelligence .......................................................................................................... 47 Security ................................................................................................................................. 48 Counter-espionage ............................................................................................................... 49 Deception and Counter-deception ........................................................................................ 51
14- Covert Action..................................................................................................................... 52 Introduction ........................................................................................................................... 52 Covert Action tradecraft ........................................................................................................ 52
15- The U.S. Intelligence Community.................................................................................... 58 The Intelligence Community: Rising up to the Challenge..................................................... 61
16- Measuring Intelligence Results ....................................................................................... 63 Metrics: How will we know we’re headed in the right direction?........................................... 65
17- Reasons for Intelligence Failure...................................................................................... 67 18- The New Threats ............................................................................................................... 68
The New Threats .................................................................................................................. 69 Transnational Organized Crime (TOC)................................................................................. 71 Proliferation of WMD............................................................................................................. 71 Transnational Terrorism........................................................................................................ 73 Cyberterrorism ...................................................................................................................... 74
19- The New Intelligence Paradigm....................................................................................... 75 The New Paradigm: Collaborative Intelligence..................................................................... 76 Building an agile intelligence community .............................................................................. 80 The Need for New Approaches to Intelligence ..................................................................... 81 Problems and Limits of Intelligence ...................................................................................... 84
Bibliography ............................................................................................................................ 88
3
1- Intelligence Definition
What is Intelligence? The simplest and clearest definition is: information plus analysis equals intelligence. It clarifies the distinction between collected information and produced intelligence, namely: Without analysis, there is no intelligence. Intelligence is not what is collected; it is what is produced after collected data and information is evaluated and analysed. More precisely, intelligence is data and information that has been subjected to the intelligence process of collection, collation, evaluation, analysis and assessment with the aim to produce the knowledge needed for national decision-making on security policy and strategy. What makes intelligence unique is its use of information that is collected secretly and prepared in a timely manner to meet the needs of policymakers. In more general usage, intelligence can be seen as an umbrella term denoting five things:
• A particular knowledge.
• The organisation producing that knowledge.
• The activities pursued by this organisation.
• The process guiding these activities.
• The products resulting from these activities and processes. The purpose of intelligence is to inform government: telling best truth unto power providing knowledge and understanding upon which national decisions can be made. Intelligence produces that particular knowledge that a state must possess regarding the strategic environment, other states and hostile non-state actors to assure itself that its cause will not suffer nor its undertakings fail because its statesmen and the organisations and means for implementing security policy plan, decide and act in ignorance. Intelligence is production of – in theory – unbiased information about risks, dangers and threats to the national vision, the state and its population, as well as chances and opportunities for the advancement of national interests.
4
The more accurate and timely the intelligence, the more it will allow for limited resources to be applied efficiently towards national security goals and policies. The lion's share of the financial and human resources devoted to intelligence comes under Defense Department programs devoted to intelligence collection in general and support for military operations in particular. We can say now that intelligence is:
• Dependent upon confidential sources and methods for full effectiveness.
• Performed by officers of the state for state purposes (this implies that those officers receive direction from the state's civilian and military leaders).
• Focused on foreigners—usually other states, but often foreign subjects, corporations, or groups (if its objects are domestic citizens, then the activity becomes a branch of either law enforcement or governance).
• Linked to the production and dissemination of information.
• Involved in influencing foreign entities by means that are inattributable to the acting government (if the activities are open and declared, they are the province of diplomacy; if they utilize uniformed members of the armed forces, they belong to the military).
What Should Intelligence Do? Missions for intelligence are listed below: ⇒ Identify points of opportunity for intervention that might change the state of affairs
in some way, especially before a conflict (in fact, if a military solution ensues, that often indicates an intelligence failure).
⇒ Help states attain a comparative advantage in decision-making, thus the term
actionable intelligence. ⇒ Protect the state and its citizens to maximize security.
⇒ Optimize resources.
⇒ Integrate information to enhance understanding.
The goals of intelligence are heavily dependent on the foreign policy objectives of a country, which vary from the broad commitments of the United States to the narrow focus of New Zealand.
5
2- Types of Intelligence Services
Intelligence services exist to: 1) Support the national decision- and policymaking process.
2) Ensure early warning.
3) Assist good governance.
4) Provide long term expertise.
5) Support national and international crisis management.
6) Support national defence and, in case of conflict or war, military operations.
7) Maintain and protect secrets.
Also, all intelligence services have three basic functions: Collection, analysis and counterintelligence. Covert action, the more occasional fourth function, may be performed by external intelligence services or, as is increasingly the case also domestically, in disruptive actions by the police.
Types of Intelligence Services Four different categories of intelligence can be distinguished that have spawned separate intelligence services or agencies: Foreign, domestic, military and, more recently in some countries, criminal intelligence: • Foreign or External Intelligence Services
⇒ Collect, analyse and produce intelligence relevant to external security and for
warning purposes.
⇒ Protection of external security requires knowledge of the risks, dangers, threats, opportunities and chances, of the possibilities and probabilities of developments and the likelihood of events and outcomes.
⇒ Intelligence is therefore needed on intentions, plans, capabilities and activities of foreign powers, organisations, non-state groups and their agents that represent actual or potential threats to the state and its national interests.
6
• Domestic or Internal Intelligence Services
⇒ Often called Security Services, collect, analyse and produce intelligence
relevant to internal security and for warning.
⇒ Internal security aims to protect the state, sovereignty, territory, critical infrastructure, society and people against malicious acts and hostile activities.
⇒ What Foreign Intelligence covers externally Domestic Intelligence does
internally, depending on the situation with different priorities:
- Uncovering terrorism; espionage; sabotage; subversion; political, ethnic and religious extremism; organised crime, narcotics production and trafficking; money faking and laundering; proliferation of WMD; illegal arms dealing; arms, human, contraband and other smuggling; illegal immigration; electronic and cyberattacks, hacking and data theft; and dissemination of pornography, etc.
• Military or Defence Intelligence Services
⇒ Collect, analyse and produce intelligence relevant for defence planning, the armed forces and support of military operations.
⇒ Support to defence planning entails intelligence on foreign military capabilities;
vulnerabilities; doctrines; order-of-battle; operational concepts; tactics; and weaponry performance in order to shape the size, types and deployments of the armed forces, to guide military R&D and future defence acquisitions.
⇒ Support to military operations encompasses intelligence for force projection and
targeting support; to ensure transparency of the battle space, localising the centres of gravity and decisive points; and to enable through network-centric and effects-based operation decision dominance and the achievement of strategic and operational objectives.
• Criminal Intelligences Services
⇒ A more recent institutional development in response to the growth of organised
crime since the end of the Cold War – collect, analyse and produce intelligence on TOC groups, corruption and criminal activities with the aim to prosecution.
Different collection methods with sophisticated technical means can give rise to more specialised intelligence agencies.
• Such entities include imagery, signals and cryptology intelligence agencies.
• The US NSA, NGA, NRO, and NAO, the Australian DSD and DIGO, the successor organisation of FAPSI in Russia, the British GCHQ and the Canadian CSE, for example, are the biggest and most expensive of their intelligence agencies.
Together with the Foreign or External Intelligence Service, the Domestic or Internal Intelligence Service, the Security Agency, the Military and Defence Intelligence Services
7
and the Criminal Intelligence Service, they constitute the national intelligence community. Countries with larger intelligence communities often have some additional central or functional bodies for coordinating assessments or – a post-9/11 development – for the fusion of intelligence, such as the National Counterterrorism Center, the National Counterproliferation Center, the National Counterintelligence Executive, the National Center for Medical Intelligence, the National Cybersecurity Center, and the National Intelligence Council in the US; the Joint Terrorism Analysis Centre and the Joint Intelligence Committee in the UK; and the Office of National Assessments in Australia.
US:
• National Security Agency (NSA) responsible for SIGINT and CRYPINT.
• National Geospatial Agency (NGA) responsible for earth information, IMINT and mapping.
• National Reconnaissance Office (NRO) responsible for operating SIGINT,
IMINT and other reconnaissance satellites.
• National Applications Office (NAO) within the Department for Homeland Security, responsible for centralising and sharing of imagery for domestic purposes.
Australia:
• Defence Signals Directorate (DSD) responsible for SIGINT, communications
and computer security.
• Defence Imagery and Geospatial Organisation (DIGO) responsible for IMINT.
Russia:
• Successor organisation of FAPSI, together with GRU 6th Directorate responsible for SIGINT and communications.
UK:
• Government Communications Headquarter (GCHQ) responsible for SIGINT.
Canada:
• Communications Security Establishment (CSE), together with the Canadian
Forces Supplementary Radio System (SRS) responsible for SIGINT. The distinction between internal and external intelligence services has never been absolute.
• There are states with a single agency having both internal and external roles.
• Since risks, dangers and threats are of expanding transnational reach, impact and consequences, ever more intelligence is collected by the different services on the same subjects.
8
• The traditional limits between external, internal and also criminal intelligence are
becoming increasingly blurred. Missions and objectives overlap, enhancing the opportunities for misunderstandings and rivalries.
• There is convergence, notably in countering the pre-eminent threats of
transnational terrorism, Transnational Organized Crime (TOC) and proliferation of WMD.
• Hence, the separation of external and internal intelligence services is becoming
more artificial and thus questionable. • While separation might still be the best practicable solution for great powers like
the US with 16 huge intelligence bureaucracies, it requires an ever greater effort of coordination and control, better regulated access to each other’s information and assurance of the production of joint assessments and estimates.
• This is why smaller countries with fewer resources might prefer to have just one
intelligence service. It avoids wasting efforts, resources and time; solves the risk of unhealthy competition and rivalry between the different agencies; simplifies contacts, liaison, information exchange and cooperation with intelligence services of other countries; facilitates high subordination of intelligence in the state’s hierarchy and also cooperation and coordination with other ministries and agencies; and it alleviates control and oversight of intelligence.
Today, the tasks assigned to intelligence services have become more complex, more volatile and more numerous than they ever have been in the past. Because of the expanding need to serve a much broader range of government and other clients with a growing variety of requirements, and this ever more speedily, intelligence services have become too demand-driven. The result is that the intelligence services can no longer do everything at once and do it all well.
9
3- The Intelligence Cycle
Intelligence Cycle, from identifying the need for data to delivering an intelligence product to a consumer.
How Is Intelligence Produced? Intelligence is produced in a process by which the government, the military leadership, other agencies and customers request the intelligence needed, and by which intelligence services respond to these needs in six steps of activities of the intelligence cycle: (or Intelligence Process). 1) Defining the needs, planning and direction.
2) Collection.
3) Processing and exploitation.
4) Analysis and production.
5) Dissemination of finished intelligence products.
6) Feedback.
1) Defining the needs, planning and direction:
Involves the management of the entire intelligence production effort, from initiation by requests or requirements* for intelligence on subjects based on the needs of decision of policymakers.
The identification of the need for data that is derived from the threat assessment or from the priority listing of unsolved strategy and policy issues.
Deciding which states or non-state actors warrant intelligence surveillance and collection.
* Requirements
10
• Things we need to know, questions to which policy makers need answers. In the Federal Government of the United States, requirements can be issued from the White House or the Congress.
• In NATO, a Commander requirements are sometimes called Essential Elements of Intelligence - EEIs -.
• In practice, intel collectors in the field usually know what the requirements are without much guidance.
2) Collection:
Is the procurement of data and information pertinent to decision and policymakers, the military leadership, other agencies or intelligence customers.
Collection management systems of a variety of methods and means are used in the following intelligence collection disciplines:
• Open source intelligence (OSINT) – is the assembling of all openly
available data and information from radio, television, journals and printed news sources, books, grey literature, studies, official reporting, from Internet search and conversations, the deep web, as well as facts and forecast from businessmen, think tanks, universities, travellers, etc.
• Human intelligence (HUMINT) – is information collected by humans: From spies, agents, insiders or informers; gleaned from defectors, turncoats, walk-ins; or elicited from diplomats, businessmen, travellers, academics; as well as information gained by debriefings, interrogation, from discussions with foreign personnel; or resulting from counterintelligence operations, etc.
• Signals intelligence (SIGINT) – is data and information collected through intercepts, monitoring and localising of radio, microwave, radar and other electromagnetic emission, including laser, visible light and electro optics, gathered by overt or clandestine ground sites, ships, submarines, aircraft, UAVs or satellites, all generally recording and reporting what has happened. SIGINT can provide data on intentions, plans, activities or events related to threats as well as on the characteristics of materials and weapon systems.
• Imagery intelligence (IMINT) – data and information collected via photography (PHOTINT), film, video, high-definition TV or radar by satellites, aircraft, UAVs and ships. It is imagery and satellite signals – data streams captured and reconstructed as images from the reflections of several bands, including infrared, ultraviolet or other image-capturing technologies – all more often recording and telling what may happen. Cartography and mapping have come to depend ever more heavily on IMINT.
• Measurement and signatures intelligence (MASINT) – is straddling both IMINT and SIGINT, using visible light, infrared, ultraviolet, multi- (2-100 bands), hyper- (100-1,000 bands) and ultra-spectral (1,000 + bands) data
11
derived from spectral analysis of reflections across the spectrum of light and exploitation of physical or magnetic properties, emitted and reflected energy of radio frequencies, lasers, shockwaves, acoustics of mechanical sound, vibration or motion, as well as materials sampling of soil, water, and air. It enables one to detect the shape, material composition, density, temperature, brightness, movement and chemical composition of objects.
3) Processing and Exploitation
Its the conversion of data and information collected into a more suitable form for analysis and production of intelligence, such as language translation, decryption, rendering texts readable and translating film or digital signals into visible imagery. Examples *
Data and information not directly analysed is tagged, sorted and made available for rapid computer retrieval.
Processing also refers to sorting by subject matter, as well as data reduction – interpretation of the information stored on film or tape through use of highly refined photographic and electronic processes.
*Exploiting imagery; decoding messages and translating broadcasts; reducing telemetry to meaningful measures; preparing information for computer processing storage and retrieval; placing human-source reports into a form and context to make them more comprehensible, these are all processing tasks, and all collection agencies in the IC are engaged in it to a significant degree.
4) Analysis and production
Evaluation and interpretation of raw intelligence and the conversion of data and information into finished intelligence products.
It is done in the CIA’s Directorate of Intelligence, the National Geospatial Intelligence Agency (photo interpretation), the State Dept’s Bureau of Intelligence and Research, amongst other places in the US Intelligence Community.
Drawing mostly on open source material, it comprises collation, correlation, integration, analysis and evaluation of all available data and its transformation into a variety of intelligence products.
Analysis establishes the significance and implications of processed intelligence, integrates it by combining disparate pieces of information to identify collateral information and patterns, then interprets the significance of any newly developed knowledge.
Data and information collected are frequently fragmentary and at times contradictory, requiring the human mind and specialists to give it meaning and significance.
Good analysis depends upon assembling the best brains possible to evaluate events and conditions, drawing upon a blend of public knowledge and secrets purloined from adversaries.
12
The subjects involved may concern intentions, events and activities, capabilities and vulnerabilities, possible and probable future developments, different regions and problems, and personalities in various contexts – political, geographic, economic, scientific, military or biographic.
Analysis draws on the collection disciplines to provide data and information for evaluation and the tailoring of the products precisely for the users’ needs.
5) Dissemination
Involves the distribution of the finished intelligence product**, e.g. the President’s Daily Brief, a Senior Executive Intelligence Brief, or ad hoc studies and papers, to the customer or policymakers whose needs triggered the intelligence cycle.
A product must have four essential characteristics for it to be useful:
• Relevance.
• Timeliness.
• Accuracy.
• Purity – meaning that it is free of political spin, disinformation, propaganda, deception, etc.
The products should contain what is known – the facts; how it is known – the sources where possible; what drives the judgments – linchpin assumptions; the impact if the drivers change – alternative outcomes; and what remains unknown.
Raw intelligence is also disseminated, e.g., terrorist threat reports. Policy makers need to treat raw intelligence far more cautiously than finished intelligence.
The key issue for intelligence services is how to present the collected, processed and analysed information in a manner which meets the requirements of the customer, both in content and presentation, while ensuring that it highlights the limitations of the intelligence to answer the questions adequately.
Five categories of finished intelligence are available to the consumer:** 1) Current intelligence • Addresses day-to-day events, seeking to apprise consumers of new developments
and related background, to assess their significance, to warn of their near-term consequences, and to signal potentially dangerous situations in the near future.
• Current intelligence is presented in daily, weekly, and some monthly publications, and frequently in ad hoc written memorandums and oral briefings to senior officials.
2) Estimative intelligence • Looks forward to assess potential developments that could affect US national
security.
• Like all kinds of intelligence, estimative intelligence starts with the available facts, but then explores the unknown, even the unknowable.
13
• Estimative intelligence helps policymakers to think strategically about long-term threats by discussing the implications of a range of possible outcomes and alternative scenarios.
• National Intelligence Estimates, which are estimative reports produced by the National Intelligence Council, are the DCI's most authoritative written assessments of national security issues.
3) Warning intelligence
• Sounds an alarm or gives notice to policymakers.
• It connotes urgency and implies the potential need for policy action in response. Warning includes identifying or forecasting events that could cause the engagement of US military forces, or those that would have a sudden and deleterious effect on US foreign policy concerns (for example, coups, third-party wars, refugee situations).
• Warning analysis involves exploring alternative futures and low probability/high impact scenarios.
• The National Intelligence Officer (NIO) for Warning serves as the DCI's and the IC's principal adviser on warning.
• All agencies and intelligence staffs have designated warning components, and some have specific warning responsibilities:
- NSA maintains the worldwide CRITIC system for the simultaneous alerting of US officials within minutes of situations that may affect US security.
- DIA manages the Defense Indications and Warning System (DIWS) to provide accurate and timely warning of developing threats to US and Allied military interests.
4) Research intelligence • Is presented in monographs and in-depth studies by virtually all agencies. Research
underpins both current and estimative intelligence; there are also two specialized subcategories of research intelligence:
⇒ Basic intelligence: Consists primarily of the structured compilation of geographic, demographic, social, military, and political data on foreign countries. This material is presented in the form of maps, atlases, force summaries, handbooks, and, on occasion, sand table models of terrain. The Directorate of Intelligence in CIA, NGA, and the Directorate for Analysis in DIA are major producers of this material.
⇒ Intelligence for operational support: Incorporates all types of intelligence production-current, estimative, warning, research, scientific and technical; it is tailored, focused, and rapidly produced for planners and operators.
5) Scientific and technical intelligence
• Includes information on technical developments and characteristics, performance, and capabilities of foreign technologies including weapon systems or subsystems.
14
• This information is derived from analysis of all-source data, including technical measurements.
• Generally, such technical analysis and reporting responds to specific national requirements derived from the weapons acquisition process, arms control negotiations, or military operations.
• It covers the entire spectrum of sciences, technologies, weapon systems, and integrated operations.
• This type of intelligence is provided to consumers via in-depth studies, detailed system handbooks, executive summaries, focused assessments and briefs, and automated databases.
6) Feedback
Its what the customers must provide, expressing satisfaction or discontent and convey new requirements for answers to new questions.
The user of intelligence then ideally provides additional direction to the collectors and intelligence producers, who should in turn provide more and better intelligence.
Feedback may also be used to guide new areas of inquiry, to identify gaps in information, and to adjust priorities or emphasis.
The Intelligence Cycle, summing up: Through planning and direction by both collection and production managers, the process converts acquired information into intelligence and makes it available to policymakers, military commanders, and other consumers. The whole process depends on guidance from public officials. Policymakers -- the President, his aides, the National Security Council, and other major departments and agencies of government -- initiate requests for intelligence. Issue coordinators interact with these public officials to establish their core concerns and related information requirements. These needs are then used to guide collection strategies and the production of appropriate intelligence products. A substantial portion of US intelligence resources is devoted to processing and exploitation the synthesis of raw data into a form usable by the intelligence analyst or other consumers and to the secure telecommunications networks that carry these data. Collection of intelligence cannot be done effectively without analysis that provides guidance or tasking to collectors. Counterintelligence is necessary to protect collectors from becoming known, neutralised and exploited by adversaries. Similarly, a successful programme of covert action must be grounded in effective collection, analysis and counterintelligence. Thus, the nature of intelligence is such that the several elements of intelligence are parts of a single unified system whose success depends on all parts working effectively.
15
4- Intelligence Collection
Collection is the bedrock of intelligence: The acquisition of data and information that forms the basis for refined intelligence and knowledge creation. Without collection, intelligence is little more than guesswork. The collection process involves open and secret sources, who provide information that is obtainable in no other way, as well as a number of secret technical collection disciplines using a variety of collection methods and means. There are six basic intelligence sources, or collection disciplines:
Signals Intelligence (SIGINT):
• The interception of communications and other signals.
• Involves intercepted signals from communications and electronic emissions; the National Security Agency (NSA) is responsible for SIGINT collection and reporting.
Imagery Intelligence (IMINT):
• Satellite photography or imagery.
• Involves the representation of objects reproduced by optically or by electronic means from a variety of sources including radar, infrared sources and electro-optics.
• The National Geospatial-Intelligence Agency (NGA) is responsible for all imagery intelligence collection activities.
Measurement and Signature Intelligence (MASINT):
• Involves a highly technical, multi-disciplinary approach to intelligence collection to provide detailed characteristics of targets including radar
16
signatures of aircraft and telemetry of missiles and enhancing understanding of physical attributes of intelligence targets.
• The Directorate for MASINT and Technical Collection (DT) at the
Defense Intelligence Agency (DIA) is responsible for MASINT.
Human-Source Intelligence (HUMINT):
• Reports from human sources. Involves people on the ground, typically overseas, gathering information from human sources.
• The National Clandestine Service (NCS) is responsible for coordination and deconfliction of clandestine HUMINT operations across the Intelligence Community.
Open-Source Intelligence (OSINT):
• Information gathered from non-classified, non-secret sources including news media, the internet and commercial databases, to name a few.
• The Open Source Center (OSC) in the Office of the Director of National Intelligence (ODNI) and the National Air and Space Intelligence Center (NASIC) are the major collectors of open-source intelligence.
Geospatial Intelligence (GEOINT):
• Involves the collection of information related to the earth from imagery, imagery intelligence, and geospatial information.
• The National Geospatial Agency (NGA) is responsible for geospatial intelligence collection management.
Intelligence Collection Management The process of managing and organizing one or more of the six intelligence disciplines above is called Intelligence Collection Management. Collection Management is the art and science of managing and organizing the collection or employment of tactical, analytic or operational tradecraft objectives. To become an adept intelligence collection manager, you need to develop a deep understanding of intelligence studies and analytic tradecraft in addition to intelligence operations. From understanding the broad disciplines of clandestine or covert operation activity, to preparing candidates for the effective management of intelligence professionals, intelligence collection management helps ensure that the people and processes involved in these national security efforts are effective and germane. While other government agencies (ex: CIA) deal primarily with intelligence analysis, a valuable collection manager focuses on developing and using a broad understanding of intelligence studies, analytic tradecraft and intelligence operations.
17
The threat posed by non-state actors and terrorist groups has challenged world intelligence agencies to organize and respond effectively. Precise methods of collection management and analytic tradecraft are continually reviewed by all intelligence agencies to counter terrorism and related illicit networks. Any successful intelligence operation requires, among many other critical elements, the support of intelligence analysts trained in operational concepts and planning. To expand your understanding of intelligence operations and demonstrate your capabilities as an intelligence student or intelligence professional, you need to deepen your knowledge of intelligence collection and its role within the intelligence process.
Collection Priorities Collection Priorities are not the same as vital national interests or even priorities for national security policy. Intelligence collection priorities, while reflecting both national interests and broader policy priorities, need to be based on other considerations:
• First, there must be a demonstrated inadequacy of alternative sources; except in rare circumstances, the intelligence community does not need to confirm through intelligence what is already readily available.
• Second, devoting resources to intelligence can be justified more easily when the
efforts of the intelligence community are likely to produce a specific benefit or result for the policymaker or consumer.
In short, collection priorities must not only be those subjects that are policy-relevant but also involve information that the intelligence community can best (or uniquely) ascertain. Throughout most periods of the Cold War, the intelligence community had the responsibility (one might almost say luxury) of focusing the bulk of its resources and efforts on collecting and analyzing information related to the Soviet Union and Eastern Europe. The above emphasis was both understandable and necessary given the nuclear and conventional military strength of the Soviet Union and its Warsaw Pact allies and their ability to threaten the United States and vital U.S. national interests anywhere in the world. In the post-Cold War world, the intelligence community will need to adjust to the reality that the United States faces a less structured world, one in which power in all its forms - economic, political, and military - is more diffuse. It will also have to contend with a world that not only is more open and transparent than ever but also one that contains large and important areas that remain virtually closed to those dependent on normal means of transportation and communication. What, then, are the higher priorities likely to be for intelligence collection in the foreseeable future? • The status of nuclear weapons and materials throughout the former Soviet Union.
• Political and military developments in Afghanistan, Iraq, Iran, and North Korea.
18
• Potential terrorism against U.S. targets in the continental United States and overseas.
• Unconventional weapons proliferation.
• Political-military developments in China.
• Political developments in Russia and relations between Russia and the former Soviet republics.
• Mexican stability.
• The stability of Egypt and Saudi Arabia.
• Indo-Pakistani relations.
• Developments affecting Middle East peace negotiations.
• The activities of international criminal organizations. We would not include on this list such subjects as environmental protection, population growth, or general political and economic developments, where open sources are normally sufficient. The above list (or any such list) is necessarily illustrative, as near-term priorities can change at any moment. Recent experience has shown that unexpected developments in areas of low inherent significance to U.S. national security can suddenly assume considerable but still temporary importance to policymakers. The correct response to such cases is not to expect the intelligence community to be prepared for everything, everywhere. This would waste resources, leave high-priority targets with inadequate coverage, and still not be enough given the unlimited potential for the unexpected. Instead, the President and the DNI should consider creating a formal intelligence reserve corps for dealing with so-called "pop-up" issues. Such a corps could consist of former intelligence professionals, academics, and others with particular geographic and functional expertise. Working with a point of contact in the intelligence community, they would be asked to collect data, provide reports, and be available to work full time if a crisis suddenly developed in their area and if their expertise were required.
19
5- Human Intelligence (HUMINT)
Human intelligence (HUMINT) is derived from human sources. To the public, HUMINT remains synonymous with espionage and clandestine activities; however, most of this collection is performed by overt collectors such as diplomats and military attaches. It is the oldest method for collecting information, and until the technical revolution of the mid to late twentieth century, it was the primary source of intelligence. Human intelligence can also help shed light on intentions as well as capabilities. Such knowledge is likely to prove crucial in tracking the activities of terrorists and in determining the status of unconventional weapons programs. The CIA is the primary collector of humint, but the Defense Department also has responsibilities filled by defense attaches at embassies around the world and by other agents working on behalf of theater commanders. HUMINT Collection includes:
Clandestine acquisition of photography, documents, and other material.
Overt collection by personnel in diplomatic and consular posts.
Debriefing of foreign nationals and US citizens who travel abroad.
Official contacts with foreign governments.
What is an agent? An agent is a member of a target organization (e.g., foreign government, terrorist cell) who clandestinely passes secrets to the USG (United States Government).
In the eyes of the target organization, the agent is a traitor. The agent is recruited and handled by a case officer. Protection of the agent’s identity is crucial.
Types of Agents:
i. Classic recruitment
• Case officer convinces person to commit espionage. ii. Walk-in
20
• Shows up and offers his services. Historically some of the best agents were in this category, e.g. Oleg Penkovsky (British/US agent), John Walker (Soviet agent), Aldrich Ames (Soviet agent), Jonathan Pollard (Israeli agent).
iii. Access agent
• Does not have access to intel, but knows others who do. Important against terrorist targets.
iv. Double agent
• Side A thinks the agent is a penetration of side B, but agent is really a penetration of side A working for side B (or even side C). Is often a channel for disinformation.
v. Support agent
• E.g., safehouse keeper vi. Covert Action agent
• E.g., foreign journalist who can do press placements. vii. Agent of Influence
• Someone who can affect policy of a foreign entity. Agent Recruitment:
• Classic steps one goes through to recruit a spy. Used by intelligence services around the world. Has limitations when used against Islamist terrorist organizations like al Qa'ida.
Step 1: Spot
⇒ Looking for people with access to information of interest. Techniques: Mixing in target-rich environments, classically the diplomatic circuit, attending conferences, meetings, professional functions, surveillance.
⇒ Problem: Where do you go to spot al Qa'ida affiliates?
Step 2: Assess
⇒ Once a potential spy is identified, his exploitable vulnerabilities and motivations are scrutinized. Lonely? Looking for a friend? Low salary? Needs money to send children to school? Ideological motivation? Hates his system, admires ours? Passed over for a promotion? Not appreciated by peers and superiors? Seeking praise and recognition? Egomaniac? Wants to prove he can get away with it?
⇒ Problem: What can you exploit with an al Qa'ida terrorist?
21
Step 3: Recruit
⇒ Case officer builds a relationship with potential agent, who at this stage is called a developmental. Drawing on his knowledge of the developmental’s vulnerabilities, the case officer builds trust and solves problems for the developmental.
⇒ Case officer moves the developmental toward treason. Starts by asking for
innocent information, gradually moving into more sensitive and confidential areas.
⇒ May request documents — open source at first, then classified. Case officer
moves the meetings into more private settings.
⇒ Case officer is building psychological control, helping the developmental justify to himself his treasonous behaviour. When the time is right, the case officer ‘pitches’ the developmental, offering cash in return for an unambiguous espionage relationship.
⇒ Problem: Social environment of an al Qa'ida developmental makes this phase
difficult.
Step 4: Test
⇒ Compare agent’s information to known facts, both secret and overt. Watch for red flags, e.g.: Does agent’s reporting contradict other intelligence accepted as true? Do the verifiable portions seem to have appeared in the open press? Does much of the agent’s reporting focus on past events, with his behind the scenes commentary thrown in?
⇒ Check information for internal coherence — it’s much harder to lie than to tell
the truth. Pay special attention to predictions. Possible use of the polygraph.
⇒ Problem: With little internal knowledge of terrorist organizations, testing is problematic.
Step 5: Train
⇒ Ideally done in a safehouse somewhere outside the agent’s home country. Spy gear, e.g.: Subminiature cameras, concealment devices, secret writing, radio and computer devices.
⇒ Tradecraft, e.g.: Impersonal communication, dead drop, car toss, signalling for
clandestine meeting, surveillance detection, escape and evasion.
⇒ Problem: How does a member of a terrorist cell find an excuse to go abroad for training without arousing suspicion?
Step 6: Handle
⇒ Good agent can run for years, even decades. Even with the most sensitive agents, occasional personal meetings are important in maintaining psychological control. Regular salary. Psychological rewards are also important.
22
⇒ ‘Guarantee’ safety of the agent and family.
⇒ Psychology of control — agent must respond to direction.
⇒ Pass the agent to new case officer.
⇒ Problem: Risk of detection makes personal meetings with terrorist agents
difficult.
Step 7: Terminate
⇒ All good things must come to an end. Prime goal is to ensure the agent’s
espionage never becomes public. Spies often have psychological or emotional problems, and this can complicate termination. Use of termination bonuses, sometimes even retirement programs.
Many observers have argued that inadequate humint has been a systemic problem and contributed to the inability to gain prior knowledge of the 9/11 plots. In part, these criticisms reflect the changing nature of the international environment. During the Cold War, targets of U.S. humint collection were government officials and military leaders. Intelligence agency officials working under cover as diplomats could approach potential contacts at receptions or in the context of routine embassy business. Today, however, the need is to seek information from clandestine terrorist groups or narcotics traffickers who do not appear at embassy social gatherings. Humint regarding such sources can be especially important as there may be little evidence of activities or intentions that can be gathered from imagery, and their communications may be carefully limited. Contacts with individuals or groups who may have knowledge about terrorist plots present many challenges. Placing U.S. intelligence officials in foreign countries under nonofficial cover (NOC) in businesses or other private capacities is possible, but it presents significant challenges to U.S. agencies. The responsibilities of operatives under non-official cover to the parent intelligence agency have to be reconciled with those to private employers, and there is an unavoidable potential for many conflicts of interest or even corruption.
Any involvement with terrorist groups or smugglers has a potential for major embarrassment to the U.S. government and, of course, physical danger to those immediately involved. A major constraint on humint collection is the availability of personnel trained in appropriate languages. Cold War efforts required a supply of linguists in a relatively finite set of foreign languages, but the Intelligence Community now needs experts in a wider range of more obscure languages and dialects. Various approaches have been considered: Use of civilian contract personnel, military reservists with language qualifications, and substantial bonuses for agency personnel who maintain their proficiency.
23
Human intelligence is no panacea - contacts and networks take years to develop, if they can be developed at all - but it holds the often unique potential to provide an integrated look at a subject's thinking and capability. To improve HUMINT throughout the IC in response to the recommendations made by the WMD Commission, the CIA, working closely with the Office of the Director of National Intelligence (ODNI) established the National Clandestine Service (NCS):
The NCS serves as the national authority for coordination, de-confliction, and evaluation of clandestine HUMINT operations across the Intelligence Community, both abroad and inside the United States, consistent with existing laws, executive orders, and interagency agreements.
While the ODNI establishes policy related to clandestine HUMINT, the NCS executes and implements that policy across the IC.
The Director of the CIA has become the National HUMINT Manager. He has delegated his day-to-day responsibilities in this role to the Director of the NCS (D/NCS), and has appointed the current Deputy Director for Operations at CIA to be the first D/NCS.
This individual is and will remain an undercover officer. The D/NCS is assisted by a Deputy Director of the NCS (DD/NCS/CIA), a Deputy Director of NCS for Community HUMINT (DD/NCS/CH), and an Associate Deputy Director of the NCS for Technology (ADD/NCS/T).
The DD/NCS/CIA is responsible for managing CIA's clandestine service.
The DD/NCS/CH is responsible for facilitation, coordination and de-confliction of clandestine HUMINT across the Community.
In coordination with the ODNI, the DD/NCS/CH is empowered to implement community-wide authorities and, in conjunction with CIA's NCS and IC partners, drafts standards, doctrine, and guidelines for training, tradecraft, and general conduct of clandestine HUMINT operations.
The ADD/NCS/T is responsible for managing use of advanced technologies related to clandestine HUMINT.
24
6- Imagery Intelligence - IMINT
Imagery Intelligence or IMINT includes representations of objects reproduced electronically or by optical means on film, electronic display devices, or other media.
Imagery can be derived from visual photography, radar sensors, infrared sensors, lasers, and electro-optics. The National Imagery and Mapping Agency (NIMA) was established in 1996 to manage imagery processing and dissemination previously undertaken by a number of separate agencies. NIMA was renamed the National Geospatial-Intelligence Agency (NGA) by the FY2004 Defense Authorization Act (P.L. 108-136).
The goal of NGA is, according to the agency, to use imagery and other geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the Earth. NGA is the manager for all imagery intelligence activities, both classified and unclassified, within the government, including requirements, collection, processing, exploitation, dissemination, archiving, and retrieval. Imagery, is facing profound changes, which will be detailed below. Imagery is collected in essentially three ways: Satellites, manned aircraft, and unmanned aerial vehicles (UAVs) such as the Global Hawk, which provide surveillance capabilities that overlap those of satellites.
⇒ Cold War was heyday for manned recon (SR-71, U-2), but most of today’s are Unmanned Aerial Vehicles (UAVs).
⇒ Technical systems were built for Cold War, designed for use against big, slow-moving, relatively visible targets; e.g., armies, military bases, government ministries; not designed for use against small units, terrorist cells.
The satellite program that covered the Soviet Union and acquired highly accurate intelligence concerning submarines, missiles, bombers, and other military targets is perhaps the greatest achievement of the U.S. Intelligence Community.
25
Subsequent experience has demonstrated that there are now a greater number of collection targets than the ones that existed during the Cold War and that more satellites are required, especially those that can be maneuvered to collect information about a variety of targets. The availability of high-quality commercial satellite imagery and its widespread use by federal agencies has raised questions about the extent to which coverage from the private sector can meet the requirements of intelligence agencies.
Geospatial Intelligence - GEOINT ⇒ This is the analysis and visual representation of security related activities
on the earth. It is produced through an integration of imagery, imagery intelligence, and geospatial information.
⇒ The NGA defines GEOINT as information about any object – natural or man-made – that can be observed or referenced to the Earth, and has national security implications.
⇒ For example, an image of a city includes natural objects (rivers, lakes, and so on) and man-made objects (buildings, roads, bridges, and so on) and can have overlaid on it utility lines, transport lines, and so on.
⇒ It may also include terrain or geodetic data. Thus, a more complete picture is drawn that may be of greater intelligence value.
The war against terrorism led to three major developments in the use of imagery:
First, the government greatly expanded its use of commercial imagery. In October 2001, NGA (then known as NIMA) bought exclusive and perpetual rights to all imagery of Afghanistan taken by the IKONOS satellite, operated by the Space Imaging Company.
This satellite has a resolution of 0.8 meter (approximately 31.5 inches).
The agency’s actions expanded the overall collection capability of the United States and allowed it to reserve more sophisticated imagery capabilities for those areas where they were most needed, while IKONOS took up other collection tasks.
The use of this commercial imagery makes it easier for the United States to share imagery with other nations or the public without revealing classified capabilities.
At the same time, foreign governments that may be hostile to the United States or may see the Afghanistan campaign as a means of gauging U.S. military capabilities were denied access to imagery.
A second major imagery development has centered on UAVs. The use of pilotless drones for imagery is not new, but their role and capability have expanded greatly. UAVs offer two clear advantages over satellites and manned aircraft:
26
• First, unlike satellites, they can fly closer to areas of interest and loiter over them instead of making a high-altitude orbital pass.
• Second, unlike manned aircraft, UAVs do not put lives at risk, particularly from surface-to-air missiles (SAMs). Not only are UAVs unmanned, but operators also can be safely located great distances (even thousands of miles) from the area of operation, linked to the UAV by satellite.
A third advantage is that the UAVs produce real-time images – they carry high
definition television and infrared cameras – that is, video images are immediately available for use instead of having to be processed and exploited first. This capability helps obviate the snapshot problem. In 2006, the Senate Intelligence Committee stated that it wanted NGA to be able to provide video and images to troops via laptop computers, thus increasing tactical imagery support.
The United States currently relies on two UAVs, the Predator and the Global Hawk.
The Predator operates at up to twenty-five thousand feet, flying at the relatively slow speeds of 84 to 140 miles per hour. It can be based as far as 450 miles from a target and operate over the target for sixteen to twenty-four hours. It provides real-time imagery and has been mated with air-to-ground missiles, allowing immediate attacks on identified targets instead of having to relay the information to nearby air or ground units. In the war on terrorism, Predators have been armed with Hellfire missiles, which are guided to the target by a laser.
Global Hawk operates at up to sixty-five thousand feet at a speed of up to four hundred miles per hour. It can be based three thousand miles from the target and can operate over the target for twenty-four hours. Global Hawk is designed to conduct both broad area and continuous spot coverage.
In 2005, Secretary of Defense Donald Rumsfeld talked about building fifteen Predator squadrons (twelve UAVs per squadron) over the next five years, emphasizing both the intelligence collection and the hunter killer missions in which the UAVs carry missiles as well.
The third major imagery development related to the war on terrorism has been the use of NGA imagery platforms on potential terrorist targets within the United States.
These have included the 2002 Olympics in Utah, the 2004 political conventions, and other public events that would attract large crowds or locations (such as nuclear power plants) that might be targets.
27
7- Measurement and Signatures Intelligence - MASINT
Measurement and Signatures Intelligence is technically derived intelligence data other than imagery and SIGINT. The data results in intelligence that locates, identifies, or describes distinctive characteristics of targets. This type of Intelligence is obtained by quantitative and qualitative analysis of data derived from specific technical sensors for the purpose of identifying distinctive features. Metric data can provide information on the dynamic capabilities of targets and the tactics for their use. Signature data allows the unique identification of targets. Examples of this might be the distinctive radar signatures of specific aircraft systems or the chemical composition of air and water samples. Measurement and signatures analysis has received greater emphasis in recent years. A highly technical discipline, MASINT involves the application of complicated analytical refinements to information collected by SIGINT and IMINT sensors. It also includes spectral imaging by which the identities and characteristics of objects can be identified on the basis of their reflection and absorption of light. It employs a broad group of disciplines including nuclear, optical, radio frequency, acoustics, seismic, and materials sciences. A key problem has been retaining personnel with expertise in MASINT systems that are offered more remunerative positions in private industry. MASINT practitioners think of their INT has having six disciplines:
Electro-optical: the properties of emitted or reflected energy in the infrared to ultraviolet part of the spectrum, including lasers and various types of light - infrared, polarized, spectral, ultraviolet, and visible.
Geophysical: the disturbance and anomalies of various physical fields at, or near, the surface of Earth, such as acoustic, gravity, magnetic, and seismic.
Materials: the composition and identification of gases, liquids, or solids, including chemical-, biological, and nuclear-related material samples.
Nuclear Radiation: the qualities of gamma rays, neutrons, and x-rays.
Radar: the properties of radio waves reflected from a target or objects, including various types of radars such as line-of-sight and over-the-horizon and synthetic apertures.
28
Radio frequency: the electromagnetic signals generated by an object, either narrow- or wide band.
MASINT can be used against a wide array of intelligence issues, including WMD development and proliferation, arms control, environmental issues, narcotics, weapons developments, space activities, and denial and deception practices. MASINT has suffered as a collection discipline because of its relative novelty and its dependence on the other technical INTs for its products. Often analysts or policy makers look at a MASINT product without knowing it. MASINT is a potentially important INT still struggling for recognition. It is also more arcane and requires analysts with more technical training to be able to use is fully. At present, policy makers are less familiar – and probably less comfortable – with it than they are with GEOINT or SIGINT. Responsibility for MASINT is shared by the Defense Intelligence Agency (DIA) and NGA; it is not a separate agency. Some of its advocates believe that MASINT will never make a full contribution until it has more bureaucratic clout. Others, even some sympathetic to MASINT, do not believe this INT needs the panoply of a full agency.
8- Signals Intelligence - SIGINT
Signals intelligence – SIGINT – is the generic term given to the process of deriving intelligence from intercepted electromagnetic waves, generally referred to as signals. SIGINT has five subsets of collection disciplines: i. Communications intelligence (COMINT) – is data and information collected through intercepts of communications, direction finding, traffic analysis and monitoring of the changes in volume, pattern and other characteristics of communications like burst, frequency hopping, spread spectrum, etc. ii. Electronic intelligence (ELINT) – is electromagnetic pickup and signals monitoring of electronic emissions of events, activities, relationships, frequency or scale of occurrence, modes, sequences, patterns, signatures as well as content; or intercepts of emissions
29
from tracking, radar and weapons systems for gauging their capabilities such as frequencies and the range on which they operate. iii. Foreign instrumentation signals intelligence (FISINT) – is the pickup and monitoring of data relayed by weapons or beacons and video links, etc. Non-imaging radar can detect and track missile launches and gather data on missile characteristics. One category therein is telemetry intelligence (TELINT) – data obtained from intercepting the signals transmitted during missile tests, enabling the performance of missiles to be evaluated. iv. Cryptology intelligence (CRYPINT) – is code-breaking and decryption of ciphered messages, which requires supercomputers and mathematicians. v. Computer network exploitation (CNE) – is data and information collected from network and traffic analysis or by monitoring, mail and messages interception, computer intrusion and penetration of databanks. The NSA, at Fort Meade, Maryland is responsible for collecting, processing, and reporting SIGINT. The National SIGINT Committee within NSA advises the Director, NSA, and the DNI on SIGINT policy issues and manages the SIGINT requirements system. The US National Security Agency – NSA – and the GCHQ – Government Communications Headquarters – Britain, both have offensive and defensive functions:
⇒ Offensive: The interception of the communications of others (states, armies, companies, etc).
⇒ Defensive: Has to do with information assurance – protecting the state’s own communications from interception and disruption by others.
Historically, those two agencies developed out of code-breaking efforts in wartime. During the Cold War they were the cutting edge of technological developments in cryptography. Currently they face major problems, such as the huge increase in the volume of communications overloads the ability of the agencies to process information despite the development of sophisticated technology for selecting messages of interest. Also digitization, fibre optics and commercial encryption make interception harder. Since the late 1990s a process of change in NSA’s culture and methods of operations has been initiated, a change required by the need to target terrorist groups and affected by the proliferation of communications technologies and inexpensive encryption systems. SIGINT operations are classified, but there is little doubt that the need for intelligence on a growing variety of nations and groups that are increasingly using sophisticated and rapidly changing encryption systems requires a far different SIGINT effort than the one prevailing during the Cold War. In fact, during the Cold War the agencies had one central target - Soviet military capabilities -; these services have now been enlisted in the surveillance of other more
30
mobile security threats: Terrorism, WMD proliferation and Transnational Organized Crime.
9- Intelligence Categories
Liza Krizan in her study Intelligence essentials for everyone, tells us that intelligence products may be described both in terms of their subject content and their intended use.
A nation’s power or a firm’s success results from a combination of factors, so intelligence producers and customers should examine potential adversaries and competitive situations from as many relevant viewpoints as possible. A competitor’s economic resources, political alignments, the number, education and health of its people, and apparent objectives are all important in determining the ability of a country or a business to exert influence on others.
31
The eight subject categories of intelligence are exhaustive, but they are not mutually exclusive. Although dividing intelligence into subject areas is useful for analyzing information and administering production, it should not become a rigid formula. Characterization of intelligence by intended use applies to both government and enterprise, and the categories again are exhaustive, but not mutually exclusive. The production of basic research intelligence yields structured summaries of topics such as geographic, demographic, and political studies, presented in handbooks, charts, maps, and the like. Current intelligence addresses day-to-day events to appraise decisionmakers of new developments and assess their significance. Estimative intelligence deals with what might be or what might happen; it may help policymakers fill in gaps between available facts, or assess the range and likelihood of possible outcomes in a threat or opportunity scenario. Operational support intelligence incorporates all types of intelligence by use, but is produced in a tailored, focused, and timely manner for planners and operators of the supported activity. Scientific and Technical intelligence typically comes to life in in-depth, focused assessments stemming from detailed physical or functional examination of objects, events, or processes, such as equipment manufacturing techniques. Warning intelligence sounds an alarm, connoting urgency, and implies the potential need for policy action in response. How government and business leaders define their needs for these types of intelligence affects the intelligence service’s organization and operating procedures.
Blair Seaborn, on the other hand, in his paper Intelligence and Policy: What Is Constant? What Is Changing? divides intelligence into the following categories:
Commercial intelligence:
• Related to the capabilities and intentions of one's commercial rivals and competitors, often to the acquisition of confidential or proprietary information about their strategies, e.g., bid information, processes, finances or markets.
Military intelligence
• Could be either tactical-relating to the disposition of the enemy's troops and equipment in the field - or strategic, relating to longer-term capabilities in the light of total military strength and the capacity to maintain it.
Security intelligence applied to threats both from within and without, to the basic security of a state and to the integrity of the state system.
Criminal intelligence
• Applied to that which the police should know in order to counter and apprehend those engaged in organized crime, smuggling, extortion, terrorism and the like.
32
Foreign intelligence was probably the broadest category, in that it related to the defence of a country and the conduct of its foreign affairs in the widest sense.
Finally, the Field Manual 34-52 details the Components of Strategic Intelligence:
Information gathered as strategic intelligence may be categorized into eight components. An easy way to remember these components is through the use of the acronym BEST MAPS:
B -- Biographic intelligence
E -- Economic intelligence.
S -- Sociological intelligence
T -- Transportation and telecommunications intelligence
M -- Military geographical intelligence.
A -- Armed forces intelligence.
P -- Political intelligence.
S -- Scientific and technical intelligence.
Each of these components can further be divided into a number of subcomponents. These components and subcomponents are neither all-encompassing nor mutually exclusive. This approach is merely a means to enhance familiarization with the types of information included in strategic intelligence.
Biographic Intelligence Biographic intelligence is the study of individuals of actual or potential importance through knowledge of their personalities and backgrounds.
This component can be divided into a number of subcomponents:
• Educational and occupational history - including civilian and military backgrounds of individuals.
• Individual accomplishment - notable accomplishments of an individual in
professional or private life.
• Idiosyncrasies and habits - including mannerisms and unusual life styles.
• Position, influence, and potential present and future positions of power or influence.
• Attitudes and hobbies – significant interests that may affect the individual’s
accessibility.
33
Economic Intelligence Economic intelligence studies the economic strengths and weaknesses of a country. Its subcomponents are:
• Economic warfare: Information on the diplomatic or financial steps a country may take to induce neutral countries to cease trading with its enemies.
• Economic vulnerabilities: The degree to which a country's military would be hampered by the loss of materials or facilities.
• Manufacturing: Information on manufacturing processes, facilities,
logistics, and so forth. • Source of economic capability: Any means a country has to sustain its
economy.
Collection of secret economic information can be by several means -mostly SIGINT and HUMINT, in rare cases through imagery - and involve such questions as trade policy, foreign exchange reserves, the availability of natural resources and agricultural commodities, money laundering, and virtually any aspect of another country's economic policy and practices and those of its major corporations. Analysis can be used to support specific negotiations and to understand better what might be termed strategic or political-economic trends involving emerging technologies, markets, or the policies of major economic actors. There is no need for the intelligence community to replicate what is already done by the private sector or other government agencies in the accumulation of statistics and other forms of basic information. Economic intelligence should not be used offensively, that is, to help a particular U.S. firm with a narrow commercial purpose, such as winning a contract against foreign competition. But it is appropriate for intelligence to be used defensively so that policymakers can act if bribes or other unfair practices are being used against an American firm. Levelling the playing field is acceptable.
34
Sociological Intelligence Sociological intelligence deals with people, customs, behaviors, and institutions. Its subcomponents are:
• Population-rates of increase, decrease, or migrations.
• Social characteristics-customs, mores, and values.
• Manpower-divisions and distribution within the workforce.
• Health, education, and welfare.
• Public information-information services within the country.
Transportation and Telecommunications Intelligence Transportation and telecommunications intelligence, studies the role of transportation and telecommunications systems during military emergencies and during peacetime.
Military Geographic Intelligence Military geographic intelligence studies all geographic factors (physical and cultural).
Armed Forces Intelligence Armed forces intelligence is the integrated study of the ground, sea, and air forces of a country-often referred to as OB. It is concerned with:
• Strategy - military alternatives in terms of position, terrain, economics, politics, and so forth.
• Tactics - military deployments and operations doctrine.
• OB - location, organization, weapons, strengths.
• Equipment - analysis of all military materiel.
• Logistics - procurement, storage, and distribution.
• Training - as carried out at all echelons to support doctrine.
• Organization - detailed analysis of command structures.
• Manpower - available resources and their conditioning.
35
Political Intelligence Political intelligence studies all political aspects which may affect military operations. Its subcomponents are:
• Government structure - organization of departments and ministries.
• National policies - government actions and decisions.
• Political dynamics - government views and reactions to events.
• Propaganda - information and disinformation programs.
• Policy and intelligence services - organizations and functions.
• Subversion - subversive acts sponsored by the government.
Scientific and Technical Intelligence Scientific and technical intelligence studies the country's potential and capability to support objectives through development of new processes, equipment, weapons systems, and so forth. The subcomponents are:
• Weapons and weapon systems.
• Missile and space program.
• Nuclear energy and weapons technology.
• NBC developments.
• Basic applied science.
• Research and development systems.
10- Military Intelligence
Information is the key commodity in the battlefield, so useful that it can even lift the fog of war. Some forms of intelligence are obtained through space, near-space, and ground-based sensing technologies. The United States Department of Defense defines intelligence as:
36
Information and knowledge obtained through observation, investigation, analysis, or understanding. Surveillance and reconnaissance refer to the means by which the information is observed. Intelligence gives commanders the knowledge of the battlefield (battlespace awareness) and the understanding of their foe to focus their forces at the right place and time to win when, in all probability, they should have been defeated. Intelligence reduces the unknowns that planners must face and forms the basis for both deliberate and crisis action planning, the Naval Doctrinal Publication points out. Successful employment of modern weapons systems, new operational concepts, and innovative combat techniques — particularly those involving forces that are lighter, faster, more agile, and more lethal — also depends on rapid, precise, accurate, and detailed intelligence. The primary function of military intelligence officers is the collection, analysis, production, and dissemination of intelligence at both the tactical and strategic levels: • Through the deployment of intelligence collection assets.
• Combination and preparation of all-source intelligence estimates.
• Preparation of intelligence plans in support of combat operations.
• Coordination of aerial and ground surveillance.
Information about a new development in Baghdad is known in Washington within minutes. Decisions about a response are made in Washington within minutes. These decisions are implemented in Baghdad within minutes. The total intelligence-decision-implementation cycle time can be as short as 15 minutes. It is operational and tactical intelligence, not necessarily numbers, technology, or tactics, that can have the most decisive impact on how forces are employed and how success is achieved in wartime operations. History repeatedly has demonstrated that numerically inferior forces, armed with less capable technologies, can win when leaders are armed with accurate intelligence they believe they can act upon. Such intelligence can be a force multiplier. Therefore, considering the value of force employment, technology, and mass without placing a corresponding value on intelligence is a mistake. Intelligence can help lead to victory also through clandestine intelligence operations designed to provide indications and warning information of impending attacks or operations. Another way is through the support intelligence gives to planning, when it provides information on the adversary’s capabilities and vulnerabilities — the intelligence preparation of the battlespace concept.
37
As an example, Israeli intelligence was, indeed, outstanding in the Six-Day War. It demonstrated how strategic intelligence can be used in conjunction with operational intelligence to provide senior decisionmakers information necessary to make well-informed national security decisions and to give leaders opportunities to mitigate the numerical superiority of an adversary. Employment of force is hollow without an understanding of where, in what conditions and geography, and against whom to employ force. Success in the physical act of battle requires well-trained soldiers who are properly equipped, led by strong leadership willing to use force against a clear objective, employing it correctly, and sacrificing when necessary. But it also requires foresight, analysis, eyes and ears, and the development of a playbook on how to win — it takes intelligence. Therefore, just as Keegan correctly states that Knowledge of what the enemy can do and of what he intends is never enough to ensure security so too, having superior forces equipped with better technology is no insurance for victory when opposing an enemy that invests in intelligence. Intelligence failures too, tell of the significance intelligence plays. Pearl Harbor, Tet, or, for that matter, the attacks of September 11th, do not diminish the importance of intelligence but rather demonstrate the impact of not placing sufficient emphasis on it. In the present, three intelligence principles can be put forward: The first combines steadying command and magnifying strength by optimizing resources. When commanders do not have enough intelligence, they must replace it with their own forces and their will. Logically, the implication of insufficient intelligence is enemy surprise. The second principle holds that intelligence is an auxiliary, not a primary, factor in war. It is indeed a force multiplier and facilitator of command, but it cannot always make up for insufficient strength or inadequate leadership. The third principle maintains that intelligence is essential to the defense but not to the offense. A commander must know an enemy will attack in order to defend. The attacker imposes his will on the defender, reducing the attacker’s uncertainty, and so his need for information.
Military Intelligence Analysis Military intelligence analysis produces numerous categories of finished intelligence for the different levels of operations. For each level, the Defense intelligence agencies and Service intelligence organizations produce and maintain a specific array of standard finished intelligence products and electronic databases, which they must be able to disseminate in electronic or computerized formats to DOD elements, the Combatant Commands, and Operational Forces in near real time. Here is a list of some of those products:
Current Intelligence reports on recent world events.
38
Basic Intelligence studies on the geography, topography, weather conditions, military bases, economic resources, communications systems, and lines of communication of potential adversaries.
The Order-of-Battle data on all major foreign armies.
Estimates of enemy military strategy, plans, and capabilities.
Analyses of enemy military budgets and economic resources.
Scientific and technological assessments and forecasts of:
⇒ Enemy weapon systems.
⇒ Military equipment.
⇒ Critical military technologies.
⇒ Physical vulnerability assessments of enemy surface and underground facilities.
⇒ Analyses of enemy C4 systems and networks.
Operational Intelligence (OPINTEL) data, and analyses derived primarily from technical systems.
Target intelligence on all categories of enemy military and civilian objectives and infrastructure.
Counterintelligence and counterterrorism threat assessments.
Prisoner of war and missing in action assessments.
Biographies of foreign military personnel.
11- Open Source Intelligence - OSINT
39
Open-Source Intelligence is publicly available information appearing in print or electronic form including radio, television, newspapers, journals, the Internet, commercial databases, and videos, graphics, and drawings.
It is estimated that roughly 90% of valuable intelligence comes from open sources. This category of information, open source information, is increasingly important given requirements for information about many regions and topics (instead of the former concentration on political and military issues affecting a few countries).
At the same time, requirements for translation, dissemination, and systematic analysis have increased, given the multitude of different areas and the volume of materials. Many observers believe that intelligence agencies should be more aggressive in using OSINT; some believe that the availability of OSINT may even reduce the need for certain collection efforts. In fact, the availability of OSINT raises questions regarding the need for intelligence agencies to undertake collection, analysis, and dissemination of information that could be directly obtained by user agencies. While open-source collection responsibilities are broadly distributed through the Intelligence Community, the major collectors are the Foreign Broadcast Information Service (FBIS) and the National Air and Space Intelligence Center (NASIC).
The process begins with open source data (OSD), the raw information from the primary source, and must then be assembled through an editing process to filter and validate.
The IT revolution has dramatically increased the access to and value of open sources, allowing for faster and cheaper collection and analysis.
The new environment is one in which an analyst is faced with an abundance of information that can be obtained quickly and cheaply.
In effect the problem is no longer how to get information, but what to do with the mass amount that is available.
The process of creating OSINT products is similar yet distinct from the production of other methods of intelligence, and relies on four key elements to create consumer oriented products:
Reports, Link Tables, Internet Based Distance Learning Centers, and the use of Expert Forums.
Commercial online premium sources offer access to edited information that has been at least partially validated, cataloged, and formatted.
OSINT also relies on grey literature and information, encompassing all legally and ethically available information that is obtained through specialized channels and is not controlled by commercial publishers, booksellers, or subscription agencies, e.g. working papers, technical reports, white papers, data sets, conference summaries, etc.
40
Perhaps the OSINT source with the broadest application is the commercial imagery industry. The rapid growth of the commercial satellite imagery industry has to some extent been so successful as to endanger the discipline of overhead imagery intelligence – IMINT – as a covert entity.
As images become available, states that previously did not have the technical means to launch satellites are able to gain access to imagery, as well as various non-governmental organizations.
The real revolution in OSINT and IT is the networks of experts that can be developed.
The human contribution to OSINT is separated into three levels: internal experts, external experts, and local knowledge.
The separate pieces of information that can be gathered through a network of observers, experts, and even amateurs can result in a product that is superior to one prepared by a security cleared analyst.
A network of human sources not limited by classification is huge; case officers are in short supply.
Too many policymakers and intelligence officers mistake secrecy for intelligence and assume that information covertly acquired is superior to that obtained openly.
Open sources often equal or surpass classified information in monitoring and analyzing such pressing problems as terrorism, proliferation, and counterintelligence.
We must put to rest the notion that the private sector is the preferred OSINT agent. The Intelligence Community (IC) needs to assign greater resources to open sources. The CIA includes an OSINT service that produces the lion’s share of its intelligence.
Most resources in the Intelligence Community go to such IMINT and SIGINT activities as developing reconnaissance satellites, collecting signals, and analyzing the take. OSINT’s share of the overall intelligence budget has been estimated at roughly one percent.
Information hidden behind walls of classification and special access programs may prove no more than equal in value to material available to the public.
Open sources, while they may not tell us where the next bomb will explode, do allow us to understand the terrorist agenda and act thereby to address grievances or launch competing campaigns for hearts and minds.
41
12- Intelligence Analysis
Intelligence analysis is the Integration, evaluation, and analysis of all available data and the preparation of a variety of intelligence products, including timely, single-source, event-oriented reports and longer term, all-source, finished intelligence studies. Intelligence analysis reflects conclusions or judgments reached by individuals with access to information from many sources, of which secret information made available by the intelligence community collection systems is only part. If collection is dominated by smart technology, analyses still reflect the perspicacity of the human mind. No amount of data and information can substitute for an insightful analyst able to discern the critical policy or operational significance of an event, action or trend which may be hidden within a mass of confusing and contradictory information. Assessment is the final step in the analytical process, and strategic assessment is the final all-source intelligence product of actionable knowledge provided to government to anticipate risks and reduce uncertainty in its pursuit of furthering or protecting national political, economic and security objectives. Most intelligence organizations assign analysts to a particular geographic or functional specialty. Analysts obtain information from all sources pertinent to their areas of responsibility through the collection, forwarding, and processing systems. Analysts absorb incoming information, evaluate it, produce an assessment of the current state of affairs within an assigned field or substantive area, and then forecast future trends or outcomes. Analysts are encouraged to include alternative futures in their assessments and to look for opportunities to warn about possible developments abroad that could either threaten or provide opportunities for US security and policy interests. The analyst also develops requirements for collection of new information. For example, if the nuclear program of a country was being assessed, the analysis probably would involve technical experts and country specialists from several agencies, including the CIA, the Bureau of Intelligence and Research (INR) of the State Department, DIA, the Department of Energy (DOE), and perhaps others. While analysts must prove their capability to connect the dots, the overarching goal of analysis is to minimise uncertainty with which policymakers must grapple in making decisions about national security and foreign policy.
42
Furthermore, analysis must help to make sense of complex issues and to call attention to emerging problems or threats to national interests. The importance thereby is not only to determine what is accurate, but foremost what is relevant to the decision - and policymaker’s needs. One of the most important functions of various components of the intelligence community is to provide analysis gleaned from all sources, open and secret, and to package it in a timely and useful manner to policymakers and other U.S. government or even nongovernmental actors. Counterintelligence and counterterrorism analyses provide strategic assessments of foreign intelligence and terrorist groups and prepare tactical options for ongoing operations and investigations. The National Counterterrorism Center (NCTC) was established in accordance with Presidential guidance as the federal government's focal point for analyzing and integrating all available information on terrorist threats to our Nation and providing that information to the senior leadership of the Nation, other elements of the federal government, and state and local officials through its mission partners. NCTC partners include Departments of Defense (DoD), State, and Homeland Security, the Central Intelligence Agency (CIA), and the Federal Bureau of Investigation (FBI). Longer range, more intractable intelligence challenges are addressed by grouping analytic and operational personnel from concerned agencies into closely-knit functional units. The DCI Weapons Intelligence, Non-proliferation and Arms Control Center (WINP AC), DCI Crime and Narcotics Center, and Counterintelligence Center all provide assessments and support for the policy and enforcement communities. Some intelligence information is sent directly to consumers, usually by electronic means, because it is self-explanatory. More often, analysts check information to see how it relates to other information they have received. They evaluate the information and make comments. When information has been reviewed and correlated with information available from other sources, it is called finished intelligence.
Improving Analysis Many current and former policymakers are critical of the analysis they receive, and both intelligence consumers and producers often share a frustration over its perceived lack of utility and impact. The best way to ensure high-quality analysis is to bring high quality analysts into the process. Here it helps to think of the challenge as one of improving both the stock and the flow of personnel. Certain career personnel need to be encouraged to specialize in a geographical area or function and rewarded for excellence. The CIA in particular needs to place much more emphasis on formal management and leadership training as well as demonstrated competence as a prerequisite for promotion for those headed for senior levels.
43
But better analysis will also require reducing the isolation of the intelligence community. A greater flow of talented people into the agency from academia and business is essential. Greater provision ought to be made for lateral and mid-career entry as well as for short-term entry (measured in weeks, months, or years) or even for just a single, short-duration project. In this way the intelligence community could attract and exploit some of the best minds from academia and other sections of society that would otherwise not be available. It is also necessary to change the relationship between intelligence producers and consumers. Intelligence professionals must understand the needs of policymakers and vice versa. One way to do so is through regular rotation of career intelligence officers into positions in the policymaking departments (State, Defense, Treasury, etc.) and the NSC. The same logic argues for assigning careerists normally in the policymaking realm to periodic tours inside the intelligence community. The danger of politicization - the potential for the intelligence community to distort information or judgment in order to please political authorities - is real. The challenge is to develop reasonable safeguards while permitting intelligence producers and policymaking consumers to interact. Only the president, senior officials involved in national security, and Congress can help guard against politicization - though they too can try to politicize intelligence. Perhaps most important, the leadership of the intelligence community should reinforce the ethic that speaking the truth to those in power is required - and defend anyone who comes under criticism for doing so. Intelligence analysis rarely impresses itself upon policymakers, who are inevitably busy and inundated with more demands on their time and attention than they can possibly meet. Intelligence officials must draw attention to their product and market their ideas. This is especially true in the case of any early-warning or intelligence-related development that has potentially significant consequences Another serious problem to be avoided is mindset or groupthink. Any organization, and the CIA or any intelligence agency is no exception, can fall into the trap of not questioning basic assumptions that affect much subsequent analysis. It is essential that competitive or redundant analysis be encouraged. One other aspect of analysis merits mention, namely, the balance between current intelligence and long-term estimates. For years the culture of the intelligence community, in particular that of the CIA, has favored the latter. Many estimates are likely to be less relevant to busy policymakers, who must focus on the immediate. All this suggests that the emphasis placed on such estimates should be reduced. To the extent long-term estimates are produced, they ought to be concise, written by individuals, and sources justifying conclusions ought to be shown as they would in any academic work. If the project is a group effort, differences among participants ought to be sharpened and prominently acknowledged.
44
Analysis that Fits the New Environment • Analysts today have to add value in an era of information abundance. The policymaker, an intelligence consumer, has many more ways of staying informed about recent developments, intelligence-related or not. Policymakers today also read raw intelligence reports on a regular basis. Twenty to thirty years ago, analysts in the DI - CIA Directorate of Intelligence - had the fastest access to incoming intelligence information and could count on seeing particularly critical cables before policymakers. Today, thanks to information technology, policymakers often read the raw traffic at the same time as, if not before, analysts. • Analysts today have to dig deep to surpass the analytic abilities of their
customers. • Analysts today have to reach beyond political analysis, an area in which it is
particularly hard to provide value to policymakers. So, how does the DI, or anyone, do intelligence analysis in an era of information abundance, well connected policymakers, and non traditional issues? First, we need new assumptions:
Assumption -1: Most of the time, policymakers have a good sense of what is going on in their areas of concern.
Assumption -2: Policymakers frequently understand the direct consequences of events and their immediate significance.
Assumption -3: The CIA - and particularly the Directorate of Intelligence DI - often lacks unique information about developments, especially in the political and economic spheres. Raw intelligence is ubiquitous and can get to policymakers before it reaches the analysts.
Assumption - 4: Policymakers need the greatest help understanding non-traditional intelligence issues. There is still a market for political analysis and certainly for related leadership analysis, but to be successful in traditional areas the DI must generate unique insights into relatively well-understood problems.
How would the practice of intelligence analysis change?
Analysts must focus on the customer.
• For many analysts, particularly those involved in political work, the focus would shift from tracking developments in their particular accounts to addressing the specific, hard questions of policymakers.
45
• An analyst, for example, would often start the day by reviewing feedback and tasking from customers, instead of first reading the morning traffic.
• We need to use technology and a network of high-caliber representatives at policy agencies to create stronger links between analysts and customers.
Analysts must concentrate on ideas, not intelligence.
• Policymakers do in fact often need help deciphering technical reports on such issues as proliferation and information warfare.
• In many substantive fields, the analyst can best serve the policymaker by tackling the hard questions and trying to develop more reliable ways of identifying and understanding emerging issues.
• To do this kind of work well, the DI or any other similar structure will need keen critical thinkers open to unconventional ideas, perhaps even more than it will need regional experts.
Analysts must think beyond finished intelligence.
• Analysts are schooled in the need to produce validated, finished intelligence — finished, meaning that it has been carefully considered, officially reviewed, coordinated with colleagues, and sent out under official cover.
DI officers who deal frequently with customers — including those who carry the President’s Daily Brief to the most senior officials — report that many products short of finished intelligence often satisfy the needs of policymakers, such as:
Annotated raw intelligence.
Quick answers to specific questions.
Informal trip reports.
Memoranda of conversation.
Too many intelligence analysts and managers remain fixated on formal products even as policymakers move further away from them in their own work.
46
The Old Analysis vs XXI Century Analysis
To really help smart policymakers, there is the need to adopt new practices, new habits of thinking, and new ways of communicating analysis There must be an increase of investment in analysis. Long-term analysis and basic research is in decline. The daily demand to support immediate policy needs exceeds existing analytic capabilities. Resources, therefore, are unavailable for the long-term analysis required for the accumulation of substantive capital. Absent long-term analytic programs, analysts are not developing core skills and in-depth familiarity. The strategic pursuit and elimination of terrorists, for example, has proven to require much more than nominal name checks and border watches. Any systemic attack on sophisticated command, control, logistic, and financial support structures requires at least as sophisticated and intense analytic support. There is a lack of satisfactory capability to analyze a substantial body of material on:
Foreign and security policy.
Domestic policy.
Crime and Corruption.
Space and Aerospace technology.
Advanced Materials.
47
Biographic Information.
Military Doctrine and Strategy. In the future, knowledge of culture, history, and language will be even more critical as the amount of open-source material increases. Inadequate American foreign language skills are a mismatch for the exponential growth in foreign language materials.
13- Counterintelligence
Counterintelligence is intelligence designed to uncover hostile operations against the nation – the national effort to prevent foreign intelligence services and foreign-controlled political movements or groups from infiltrating the state’s institutions at home and abroad in order to engage in espionage, subversion, sabotage and terrorism. Counterintelligence is intelligence on foreign intelligence: Getting information on all foreign intelligence threats – not just espionage ones – by any means (SIGINT and other sources, as well as agents and defectors). It was SIGINT’s breaking of enciphered intelligence messages that provided the essential leads into high-level Soviet espionage in Britain and the United States in the late 1940s. Similarly, Soviet espionage later in the Cold War penetrated Western SIGINT. Counterintelligence is about the multi-disciplinary effort to penetrate the many different disciplines of the adversary. In resource terms, counterintelligence in this wide sense has always been small in the West, but its penetration of the KGB and GRU was a key activity in the Cold War, while penetration of Western intelligence was always the highest Soviet priority. Counterintelligence consists of offensive and defensive measures of protection:
• Defensively by inquiries and vetting of civil servants and employees, through investigations, monitoring of known or suspected agents, and surveillance activities to detect and neutralise the foreign intelligence service’ presence.
• Offensively through the collation of information about foreign intelligence services and their modus operandi, recruiting agents, and initiating operations to
48
penetrate, disrupt, deceive and manipulate these services and related organisations to own advantages.
Counterintelligence is, moreover, an integral part of the entire intelligence process: to make sure that what is collected is genuine through continuous evaluation of the reliability of sources and the credibility of information. It differs from intelligence collection in that it exists to counter a threat and is to some degree reactive. Results are not generally produced in the short term, and counterintelligence investigations cannot be limited to arbitrary time periods.
Security Security measures are steps taken to obstruct a hostile intelligence service’s ability to collect intelligence. Such measures are designed to prevent a hostile intelligence service from either gaining access or exploiting any access it may have to personnel, documents, communications, or operations to gain important information; they constitute the wall surrounding classified information. Personnel Security
Personnel security involves procedures for screening potential employees before hiring them for jobs that give access to information a hostile intelligence service might wish to collect, and for ensuring that current employees continue to meet the standards for access to such information.
• Investigations
⇒ In the United States, the screening investigation determines whether an individual is to be granted a security clearance – that is, authorized access to classified information.
⇒ For a number of reasons, however, background investigations of this sort are probably not very effective in ascertaining the loyalty and character of personnel to be granted access to classified information.
⇒ One method of augmenting the background investigation as a protection against unsuitable personnel is the use of the polygraph machine, commonly known as the lie detector.
⇒ This technique has been used primarily by U.S. intelligence agencies; neither other Western intelligence services nor non-Western ones place as much faith in it.
⇒ Within the United States, the CIA has placed the greatest emphasis on the polygraph. The agency requires that any candidate for employment take a polygraph test and that all personnel be subject to periodic retesting as a condition of continued employment.
⇒ Perhaps the strongest publicly available evidence of the inadequacy of the polygraph comes from the case of Aldrich Ames. On two occasions he passed polygraph examinations.
49
• The Changing Nature of the Threat
⇒ Since the mid-1970s, a succession of espionage cases involved employees of U.S. government agencies or contractors.
⇒ In these cases, the motivation has been primarily financial, occasionally associated with emotional instability.
⇒ These cases differ markedly in this respect from the famous American and British espionage cases of the 1940s and 1950s - e.g. the Rosenberg’s and Kim Philby), in which the motivation was primarily ideological -.
⇒ This pattern suggests additional steps that could be taken to improve personnel security, such as developing detailed psychological profiles and instituting a system for alerting security officials when individuals with access to classified information either run into financial difficulties or appear to be living beyond their means of support.
⇒
Physical Security Physical security refers to the steps taken to prevent foreign intelligence agents from gaining physical access to classified information.
It deals with such matters as the strength of safes in which classified information is kept, and the features of alarm systems to detect unauthorized intrusion into the areas in which officials deal with classified information and sophisticated systems involving passwords to protect classified data kept in computers.
However physical security seeks to safeguard not only the material objects, such as documents that contain information but also the information itself. This requires much stricter controls on access to the relevant areas and the equipment used there, since an intruder can quickly and unobtrusively implant a bugging device that would give a hostile intelligence service access to what was being said within the classified work area.
So, it is important to have some means of “sweeping” an area to detect any bugging devices so they can be removed. This in turn leads to the development of less detectable systems for monitoring conversations.
Counter-espionage Counterespionage has to do with more active measures that try to understand how a hostile intelligence service works in order to frustrate or disrupt its activities and ultimately to turn those activities to one’s own advantage.
Surveillance Operations
An obvious way to learn about the activities of a hostile intelligence service is to mount surveillance operations against its officers (keep them under constant observation) wherever they operate.
50
Such surveillance tries to determine where the officers go and with whom they communicate or are in contact; these contacts can then be used as leads for further investigation.
Because this sort of surveillance is cumbersome and expensive, it is important to target it against actual intelligence officers. One place to look is at the kinds of official cover positions available to the hostile intelligence service: diplomats, consular officials, trade representatives, journalists working for government-owned media, and employees of international organizations such as the UN, when the employees are selected by their own government. The problem is to determine which individuals holding these sorts of positions are really intelligence officers.
The more learned about that service and the way it operates, the more effectively surveillance can be targeted. Finally, double agents may be able to determine the identities of hostile intelligence officers.
Intelligence Collection
The most direct way to achieve counter-espionage’s goals is to collect intelligence directly from the hostile service, either by human or technical means.
For example, in the years immediately following World War II, Soviet agent Kim Philby, working within MI6, was able to provide his KGB handlers timely information on U.S. and British covert operations in the Baltic states, the Ukraine, Russia, and Albania.
As this and other examples suggest, counterintelligence does not is this respect differ much from intelligence collection in general; its target, however, would be the adversary’s intelligence service rather than the governmental leadership, armed forces, or other institutions.
Defectors and Double Agents
In the past, the United States and other western countries relied heavily on defectors from Soviet intelligence services for counterespionage information.
A prominent example was Vitaliy Yurchenko, the deputy chief of the KGB department responsible for espionage against the United States and Canada. After defecting in the summer of 1985, he provided information about Soviet espionage successes against the United States. Although he did not know their real names, personal and operational details he provided led to the arrest of Ronal Pelton, a former employee of the NSA, and the indictment of Edward Lee Howard, a former CIA employee.
The other major method of conducting counterespionage is through double agents. They are agents who, while pretending to spy for a hostile service, are actually under the control of the country on which they are supposed to be spying.
Such agents may have originally been real spies who upon being detected were “turned”, or converted into agents of the country that caught them. Or they may be dangles, agents who pretend to volunteer to spy for the hostile intelligence service but in fact remain loyal to their country.
In between would be individuals who, having been approached by a hostile intelligence service, report the recruitment attempt to their own countries´ authorities and are encouraged by them to play along.
51
These types of double agent operations all serve the same counterintelligence purposes. At the simplest level, they allow the counterintelligence organization to penetrate the adversary’s cover mechanisms and identify officers of the hostile intelligence service engaged in running agents.
As a result surveillance can be concentrated on the actual intelligence officers, while less attention need be paid to the other officials who really are the diplomats, trade officials, and so on, that they appear to be.
In addition to identifying the hostile intelligence officers, these operations also enable counterintelligence officers to learn their adversaries´ operational methods.
Deception and Counter-deception As the treatment of double agent operations has indicated, however, one can try to counter the adversary’s intelligence operations more ambitiously by targeting his intelligence analysis capability – that is, by taking steps to mislead him.
What is Deception?
Deception is the attempt to mislead an adversary’s intelligence analysis concerning the political, military, or economic situation he faces, with the result that, having formed a false picture of the situation, he is led to act in a way that advances one’s interests rather than his own.
Deception and intelligence failure are related concepts. Indeed, one side’s successful deception implies the other side’s intelligence failure. The reverse, of course, need not be true.
As an example, during the 1950s and early 1960s, the Soviet Union engaged in deception operations to convince the United States that the USSR possessed larger offensive strategic nuclear forces than it actually did.
The content of deception – the false view one wishes one’s adversary to adopt – obviously depends on the situation and on how one wishes one’s adversary to react. In wartime, for example, one might whish to launch a surprise attack on the enemy, in which case the deception would be devoted to convincing him that no attack is on the way.
Sometimes, as in the case of the Normandy D-day landings, the enemy fully expects to be attacked, and it is unlikely one could convince him otherwise. In such a case, the deception tries to convince him that the attack is coming at a time, in a place, or in a manner other than what is actually planned.
Counter-deception
Experience shows that defeating every attempt an adversary might make at deception is very difficult. For example, even as they were running Double-Cross, the British were being similarly tricked by the Germans with respect to their intelligence and guerrilla-type operations in the Netherlands.
52
In any case, understanding deception is the first step toward figuring out how to avoid being deceived; by understanding the factors that facilitate deception, one can at least be alert to the possibility of deception and recognize some warning signs.
One is particularly vulnerable to deception when one is dependent on a small number of channels of information and when the adversary is aware, at least in general terms, of the nature of these channels and their mode of operation. For example, a heavy dependence on photographic reconnaissance satellites, whose identities and orbits most likely will become known to those whom they are photographing, may make one vulnerable to being deceived.
14- Covert Action
Introduction Covert action is fundamentally different from intelligence collection and analysis. It is intelligence used as an instrument of foreign policy. Its actions seek to influence the political, economic, or military situation in a foreign country, thus comprising activities to influence political, military or economic conditions, situations and developments abroad, where it is intended that the role of the government will not be apparent or acknowledged publicly.
These may consist of propaganda measures, support to political or military factions within a specific country, technical and logistical assistance to foreign governments to deal with problems within their countries, or actions to disrupt illicit activities that threaten the own national interests or security such as terrorism, proliferation, organised crime or narcotics trafficking. Historically, covert action has included such activities as channeling funds to selected individuals, movements or political parties, media placements, broadcasting, and paramilitary support. Covert action is an option short of military action to achieve objectives which diplomacy and other means of security policy alone cannot. A limited policy tool, covert actions are often carried out in conjunction with other tools of statecraft or, domestically, in disruptive actions by law enforcement or the police. So, the capability to undertake such tasks - be it to frustrate a terrorist action, intercept some technology or equipment that would help a rogue state or group build a nuclear device, or assist some group trying to overthrow a leadership whose actions threaten U.S. interests - constitutes an important national security tool.
Covert Action tradecraft At the soft end of the covert action spectrum are agents of influence, covert political finance and media operations of all kinds, forgery and black propaganda.
53
On the hard end are covert support for opposition groups, resistance forces, insurgents and terrorists, and the active conduct of sabotage and other paramilitary operations. All governments need to do some things in peacetime that fall outside diplomatic and other official channels. Humint agencies with their secret skills and contacts tend to be natural organizers, as in the successful western operation with Pakistani military intelligence tom supply military assistance to the Mujaheddin resistance to the Soviet occupation of Afghanistan. Covert Action usually involves only a small part of the Humint agencies, not Intelligence as a whole. It does not have to be done by intelligence. In the Second World War British covert action was under the separate Special Operations Executive, and covert propaganda under the Political Warfare Executive. In the mid-1980s the US Administration deliberately kept the Iran-Contra affair out of CIA to evade Congressional oversight. Some paramilitary operations such as the attempt to rescue the US embassy hostages from Iran came under straightforward military control. Whether covert action is an inherent part of intelligence can be regarded as a matter of semantics. US writers have argued that collection, analysis, counterintelligence and covert action are intelligence’s four major interrelated elements. Examples of Covert Action • Covert Support of a Friendly Government:
⇒ In many cases, covert action is carried out through a tacit alliance with individuals or groups with whom one shares common objectives
⇒ It is least difficult to do this when the ally in question is a friendly government. In this instance, covert action can be limited to such un-sensational activities as secretly assisting the allied nation with personal security for its leader or equipment for secure (encrypted) communications.
• Influencing Perceptions of a Foreign Government:
⇒ The more common and characteristic covert action tries to influence perceptions so as to change foreign behaviour, events, or circumstances to further one’s interests.
⇒ This is done either by influencing the foreign government’s actions or by influencing the foreign society, or groups or sectors of it, independently of its government’s actions and often against its government’s wishes. The ultimate goal is to influence the government’s policy or to create the conditions for a change of government.
⇒ Agents of Influence
The simplest and most direct method of affecting a foreign government’s actions is to use an agent of influence - an agent whose task is to influence directly government policy rather than to collect information.
For example, Soviet intelligence in the 1930’s and 1940’s ran a number of agents who worked for the U.S. government. Among the most important of these was Harry Dexter White at the Department of the Treasury.
54
In time, White rose to become assistant secretary of the Treasury, the department’s second-highest position. In addition to supplying Soviet intelligence with Information and secrets, White acted as an agent of influence.
Using categories devised by the intelligence and international departments of the former Soviet Union as a general guide, one can distinguish the different kinds of agents of influence by measuring the degree and type of control exercised by the intelligence service.
First, there is the trusted contact - that is, someone who is willing to work with a foreign government to advance goals he shares with it but who is not receptive to detailed instruction and would typically not be paid.
He may be contrasted with a controlled agent, who receives and executes precise orders and who would normally be compensated financially.
At the other end of the spectrum would be someone who is manipulated (for example, via aides or his social contacts) to act in a way that serves the foreign government’s interests but is unaware of this manipulation.
⇒ Use of Information and Disinformation
Another method of influencing a government’s actions is by providing it with bits of information (or misinformation) designed to induce it to act in a desired manner.
An example of this is the reported case in which the United States in 1983 passed to Ayatollah Khomeini specific information about Soviet agents and collaborators operating in Iran. This resulted in as many as two hundred executions and the closing down of the communist Tudeh party which dealt a major blow to KGB operations and Soviet influence in Iran.
Another technique for propagating misinformation is called silent forgery, which is a forged document that is passed privately to a foreign government but is not made available to the media. This sort of disinformation effort may be directed specifically against the target’s intelligence service rather than the government as a whole. In this case, the misinformation, instead of being given to the target, is, so to speak, left lying around for its intelligence services to discover; for example, deliberately misleading conversations may be held over telephone lines the target government’s intelligence is known to have tapped.
• Influencing Perceptions in a Foreign Society
⇒ The techniques discussed below are predominantly directed at influencing currents of thought within a foreign society rather than its government.
⇒ This is a more amorphous task, and it is harder to measure what effect some of these techniques have in any given case.
⇒ Agents of Influence
55
Agents whose main task is to affect a foreign country’s public opinion. According to a former KGB officer, France was an especially fertile ground for these types of activities: A majority of the most highly rated French agents in the mid-1970s…..were journalists or involved with the press.
Stanislav Levchenko, a KGB major who defected to the United States in 1979, has recounted several examples of the Soviet use of agents of influence to affect the Japanese media and politics.
⇒ Unattributed Propaganda
One of the more direct ways of attempting to influence a society is by disseminating opinions, information, or misinformation through the available media – that is by propaganda (as it is pejoratively called.
For example, nations with active foreign policies usually have radio stations (such as the Voice of America, Radio Moscow, and so forth) that openly express their views on international questions, much as newspaper editorials express the views of the newspaper’s editor or publisher.
At times, however, a government may wish not to be officially associated with the material contained in its propaganda. In these cases, it may put certain opinions or facts into circulation in a manner that does not make their origin apparent.
This may be accomplished either by planting them in news media it does not own or control, or by means of media that appear to the public to be independent but that are in fact controlled by the government.
There are two major reasons a government might resort to such unattributed or black propaganda: First, the target audience may be more disposed to believe the propaganda if its origin is disguised and the ulterior motive of the propagandist is not evident.
A second reason for using black propaganda mechanisms is that for diplomatic reasons, a government may not wish to be associated with certain opinions it nevertheless wishes to propagate to a given audience. For example, during the Iranian hostage crisis of 1979-81, the Soviet government took a diplomatically correct position by condemning the hostage-taking at the UN, while its black radio station, the National Voice of Iran, implicitly approved it and sought to inflame anti-American opinion in Iran.
Another method of conducting propaganda in an unattributed fashion involves planting stories in independent news media or arranging for books to be written and published by authors and publishing houses that have no visible connections with the government or its intelligence agencies. One of the most famous CIA activities of this sort was the publication in various non-U.S. newspapers of a CIA-supplied copy of Khruschev’s 1956 secret speech attacking Stalin’s cult of personality.
56
⇒ Forgeries
Another technique for putting material into circulation without taking any responsibility for it is the preparation and circulation of forged documents.
As with those discussed above, this technique serves the same general purpose: to influence a target audience’s perceptions so it will take desired actions.
The material used to do this – the arguments advanced by an agent of influence; the content of the propaganda, attributed or unattributed; or the text of the forgery – must be plausible to those whom one is attempting to influence.
• Support for Friendly Political Forces
⇒ Another way of influencing events in foreign countries is the provision of material support to friendly political forces, such as political parties, civic groups, labour unions, and media.
⇒ While this can be, and sometimes is, done openly, covert aid may be more palatable to the recipient groups, since it is less likely to lead to politically damaging charges of foreign interference in the target country’s internal affairs.
⇒ This was the case with American covert assistance to the independent Polish labor union Solidarity in the 1980s. Working in conjunction with the Catholic Church and American labor, the U.S. government developed a program intended to help keep the labor organization and Poland’s democratic movement alive after Poland’s communist government declared martial law in December of 1981. Among the kinds of support secretly provided Solidarity were money, printing presses, and clandestine communication equipment.
⇒ A more controversial U.S. program was conducted in Chile following the inauguration of the Marxist Salvador Allende as president in 1970. This program was designed to provide opposition political parties and media with the financial resources to survive the country’s economic chaos and hostile regulatory action by the government.
• Influencing Political Events by Violent Means
⇒ As we have seen so far many nonviolent techniques can be covertly employed to influence political behaviour, events, and circumstances in foreign countries.
⇒ But, in addition to these activities, which make up the vast majority of covert action operations, there are also techniques that involve the supporting or use of violence.
⇒ Support for Coups, Wars of National Liberation, and Freedom Fighters:
Support for political groups need not to be limited to the peaceful opponents of a foreign government but can be extended to groups that seek either to influence that government’s policy through violent means or to overthrow it.
57
This could involve the support of an existing group or the creation of a puppet group to carry out these activities.
The two large, basically overt, covert actions undertaken by the United States during the Jimmy Carter and Ronald Reagan administrations (support for the guerrilla struggle against the Soviet-supported Afghan regime and support for the Contra resistance in Nicaragua) exemplify this type of covert action.
⇒ Paramilitary
At the borderline between real covert action and military action are cases in which a government uses irregular (or volunteer) forces in a military conflict, either alone or in alliance with similar groups or indigenous forces.
⇒ Specific Acts of Destruction or Violence, including Assassination
Finally, covert action can take the form of specific acts of violence, directed against individuals (such as the assassination of foreign government officials, key political figures, or terrorists) or property.
Wet affairs, a euphemism for assassination and sabotage, were, at various times, a regular element in Soviet intelligence operations. Perhaps the most famous instance was the murder of Leon Trotsky in Mexico in 1940.
For the U.S. part we could mention the numerous CIA’s attempts to assassinate Fidel Castro, as well as its involvement with the political forces responsible for assassinating Patrice Lumumba of the Congo and Rafael Trujillo of the Dominican Republic.
One of the better-known covert actions involving violence against property was the blowing up, by French intelligence agents, of the ship Rainbow Warrior, owned by the Greenpeace, in 1985.
Clandestine operations, whether for collection of foreign intelligence, counterintelligence, or covert action, will often require associating with individuals of unsavory reputations who in some instances may have committed crimes. Clandestine operations for whatever purpose currently are circumscribed by a number of legal and policy constraints. Maintaining and enhancing clandestine capabilities takes time and resources; creating and nurturing such capabilities ought to be a high priority of the intelligence community given the importance of targets that otherwise cannot be reached.
58
15- The U.S. Intelligence Community
The Intelligence Community has been built around major agencies responsible for specific intelligence collection systems known as disciplines. Three major intelligence disciplines or INTs — signals intelligence (SIGINT), imagery intelligence (IMINT), and human intelligence (HUMINT) — provide the most important information for analysts and absorb the bulk of the intelligence budget. The U.S. Intelligence Community consists of the following: • Central Intelligence Agency (CIA).
• Bureau of Intelligence and Research, Department of State (INR).
• Defense Intelligence Agency (DIA).
• National Security Agency (NSA).
• National Reconnaissance Office (NRO).
• National Geospatial-Intelligence Agency (NGA).
• Federal Bureau of Investigation (FBI).
• Army Intelligence.
• Navy Intelligence.
• Air Force Intelligence.
• Marine Corps Intelligence.
• Department of Homeland Security (DHS).
• Coast Guard (CG).
• Treasury Department.
• Energy Department.
59
• Drug Enforcement Agency (DEA).
Each of the members of the IC works internally at the business of intelligence and each has its own area of expertise and responsibility. Personnel from the IC member organizations also collaborate together extensively, both to meet their own organizations' missions and to satisfy overall Community objectives. This collaboration takes many forms, including electronic communication from desk to desk, shared information technology resources, ad-hoc joint working meetings, and set-term task forces composed of personnel from multiple agencies.
Except for the CIA, intelligence offices or agencies are components of cabinet departments with other roles and missions.
The CIA remains the keystone of the Intelligence Community. It has all-source analytical capabilities that cover the whole world outside U.S. borders. It produces a range of studies that cover virtually any topic of interest to national security policymakers. The CIA also collects intelligence with human sources and, on occasion, undertakes covert actions at the direction of the President.
Three major intelligence agencies in DOD — the National Security Agency (NSA), the National Reconnaissance Office (NRO), and the National Geospatial-Intelligence Agency (NGA) — absorb the larger part of the national intelligence budget.
The NSA is responsible for signals intelligence and has collection sites throughout the world.
The NRO designs, builds and operates the nation's reconnaissance satellites. The NGA focuses on geospatial intelligence processing — ranging from maps and charts to sophisticated computerized databases — necessary for targeting in an era dependent upon precision guided weapons.
In addition to these three agencies, the Defense Intelligence Agency (DIA) is responsible for defense attaches and for providing DOD with a variety of intelligence products.
The State Department’s Bureau of Intelligence and Research (INR) is one of the smaller components of the Intelligence Community but is widely recognized for the high quality of its analysis. INR is strictly an analytical agency.
The key intelligence functions of the FBI relate to counterterrorism and counterintelligence.
• The former mission has grown enormously in importance since September 2001, many new analysts have been hired, and the FBI has been reorganized in an attempt to ensure that intelligence functions are not subordinated to traditional law enforcement efforts.
• Most importantly, law enforcement information is now expected to be forwarded to other intelligence agencies for use in all-source products.
The intelligence organizations of the four military services concentrate largely on concerns related to their specific missions. Their analytical products, along with those of
60
DIA, supplement the work of CIA analysts and provide greater depth on key technical issues.
The Homeland Security Act (P.L. 107-296) provided DHS responsibilities for fusing law enforcement and intelligence information relating to terrorist threats to the homeland.
• The Office of Information Analysis in DHS participates in the inter-agency counterterrorism efforts and, along with the FBI, has focused on ensuring that state and local law enforcement officials receive information on terrorist threats from national-level intelligence agencies.
• The Coast Guard, now part of DHS, deals with information relating to maritime security and homeland defense.
The Energy Department analyzes foreign nuclear weapons programs as well as nuclear non-proliferation and energy-security issues. It also has a robust counterintelligence effort.
The Treasury Department collects and processes information that may affect U.S. fiscal and monetary policies. Treasury also covers the terrorist financing issue. The National Centers
⇒ More permanent collaborative structures are the National Centers, created to address specific non-traditional threats.
⇒ Personnel from organizations across the IC staff these Centers, together with substantive operational personnel, on a long-term basis. In most cases they are physically located together in specially designated Center facilities.
All members of the IC work together in operations, studies, and reports of national importance. But the IC often reaches out to industry and academia for assistance on joint projects.
The Strategic Assessment Group at CIA is a case in point. This organization collaborates not only with professionals selected from IC member ranks, but also with an extended family of outside experts. Coalitions of very senior expertise enable the group to address complex issues of broad scope such as regional security dynamics, foreign military strategy and innovation, the global economy, and the long-term strategic environment.
Through external collaboration of this sort, the IC provides senior US policymakers broad vision, creative thinking, and a long-term perspective.
The US national security community— and the Intelligence Community (IC) within it—is faced with the question of how to operate in a security environment that, by its nature, is changing rapidly in ways we cannot predict.
All major restructurings are based on the assumption that we can take the recent past and predict the future. Such assumptions may have been reasonable in previous centuries, but not in this one.
By and large, the IC has to deal with environmental systems (political, social, economic, security systems) that exhibit the characteristics described by Complexity Theory and are known as complex adaptive systems.
61
The six critical components of a complex adaptive system are:
- Self-organization; emergence; relationships; feedback; adaptability; non-Linearity.
We must transform the Intelligence Community into a community that dynamically reinvents itself by continuously learning and adapting as the national security environment changes.
Complexity Theory tells us that we can only achieve this objective if several conditions exist:
⇒ Intelligence officers must be enabled to act more on their own.
⇒ Intelligence officers must be more expert in tradecraft.
⇒ Intelligence officers must share much more information.
⇒ Intelligence officers must receive more feedback from the national security environment.
⇒ Intelligence managers must be more persuasive about strategic objectives.
The Intelligence Community: Rising up to the Challenge The IC must promote willing cooperation and collaboration across a community that has departmental responsibilities as its first priorities. This is a huge cultural change, and that is why it is taking a long time. A significant achievement was to attain an agreement on joint duty. Now, senior leaders in intelligence agencies must serve a tour of duty outside of their parent organizations. This helps breed appreciation for other elements of the community and enhances engagement among intelligence organizations. The community has improved in many key areas, including information sharing across boundaries. Analysis quality has improved. In addition to increased sharing, new methodologies have generated processes for challenging hypotheses, using academic standards for training, conducting alternative analysis and red-teaming results. The community also is better at collecting information. In a system “left on automatic,” everyone wants to know about the same subject at the same time. However, that approach narrows collection in areas that are related to that topic. Broader collection benefits all users, and the community now is better at coordinating collection than before. Another effort entails bringing the entire community into the post-Cold-War era. The Intelligence Reform and Terrorist Prevention Act of 2004 established the current intelligence structure. Executive Order 12333, which was signed by President Ronald Reagan in late 1981, governs the community. Updating this Cold War document is the goal of an interagency process to generate recommendations for its modernization. The intelligence community has not been able to keep pace with the commercial sector in the Web 2.0 revolution. The intelligence community’s attempts to ride that wave are stymied by two challenges.
62
One is security. If the community becomes fully connected, interactive and integrated, that will introduce a vulnerability and a set of counterintelligence concerns that must be addressed. Sources and methods must be protected in any type of collaborative environment. The same for protecting sources and sharing information. Traditionally, the community would default to source protection, and the underlying philosophy was need-to-know. But now, community analysts have a responsibility to provide information, and they must know both their sources and their customers. The other challenge is cultural. Any organization with mature personnel tends to be resistant to rapid change. However, half of the intelligence community joined after 9/11. In stations like Baghdad, Kabul and Islamabad, many of the people there are young, highly motivated and integrated across agency lines. They are demanding and receiving the best tools possible. They must be credited with many of the successes achieved in their assigned countries. Those young people will be returning to the United States, where the community must capture their lessons, enthusiasm, commitment, values and experiences. These people also will receive credit for joint duty under the new doctrine, which will give them an advantage in rising through the ranks of the intelligence community. They will reach senior levels more quickly, where they will apply their new approaches to the cultural change underway. The scattered and episodic nature of today's threats, requires much more precise and constant monitoring. Today, our needs are more disparate and numerous. We must recruit in more places and against more targets. Terrorist groups, in particular, are small and physically dispersed, but have tight, almost family-like cohesion. These new realities all increase significantly our need for a larger, broadly deployed, and well supported clandestine service. The increasingly multi-polar nature of international affairs and the ability of minor actors to have major impact place a premium on detailed understanding as well as actionable intelligence. US intelligence has relied upon our possession of advanced technology and our opponents' ignorance of our actual capabilities. Both sides of this equation have now changed. Virtually all the technical capabilities developed over the last several decades are now public knowledge. What we can do, and how we do it, is effectively in the public domain. Already, two of our most important collection capabilities have been seriously affected. Satellite imagery is now commonly understood. Commercial interests, convinced that they can do a better job and provide necessary services to a wider customer base, have increasingly challenged the government's traditional dominance of imagery. Signals and communications intercept capabilities have been degraded by the digital and fiber optic revolution and the marked increase in commercially available and effective encryption.
63
The public availability of secure communications means that security is now affordable and accessible to terrorists, organized criminals, and others. Our ability to maintain advantages in intelligence collection systems will diminish, however, as the rest of the world gains greater access to technology through advanced, commercial, off-the-shelf tools. Three technologies offer potentially high rewards for intelligence, but even greater danger if developed and used by others:
⇒ Parallel processing and quantum computing have tremendous implications for cryptography, real-time translation, and transcription of intercepted communications.
⇒ Nanotechnology offers new ways to get closer to targets. Undetected
penetration of a terrorist camp, for example, enables both collection and attack. Potential applications include labs on a chip to provide long-term detection of biological, chemical, radiological, or other weapons of mass destruction, and miniature cameras for real-time video used in precision targeting.
⇒ Maxwell's Rainbow — referring to the spectrum beyond the visual and
electromagnetic bands — provides thermal, atomic, and other signatures. Properly used, it may be possible to look through camouflage, identify the function of underground facilities, and find chemical, biological, or nuclear weapons.
16- Measuring Intelligence Results
Three dimensions can be used for measuring success:
1. The first is a policy dimension:
• Success here is measured in the Intelligence Community’s ability to support policy and avoid surprise.
• With a list of policy priorities, intelligence could optimize resources to meet these priorities, and then determine whether or not those objectives could have been achieved.
• Unfortunately, there are neither lists of policies and priorities, nor a handy set of measures of effectiveness.
2. The second is the bureaucratic and organizational dimension:
64
• Setting government priorities produces some winners and some losers. The main issue here is that if success can be measured and found, what happens to the budget of an organization?
• Will more funds be appropriated for success or will achievement result in reduced budgets?
• Moreover, if funding changes based on success, will books get cooked to provide measures of effectiveness to justify current or increased budget requests?
3. The third is a political dimension, related to accountability and effectiveness:
• Does the U.S. have an oversight that can address accountability and effectiveness?
• What would be the political backlash that might result from out of control spies?
• Can the U.S. Intelligence Community be too effective?
• Does the American public really want a highly effective Intelligence Community?
• Politicization will become an issue. Again, was Clinton policy successful on the WMD issue?
• Was it possible for analysts in the Bush administration to conclude that a Democratic administration had managed to cobble together policies that curtailed Iraq’s WMD programs?
• Could that type of analysis be accepted in current policy circles?
Metrics can be developed for operational and tactical intelligence. For example, were targets identified by military planners the right ones? Were they hit and destroyed?
Beyond that, however, measuring success is difficult. Imagine trying to establish metrics for academia!
Theories are critical for metrics because intelligence failures are a result of failed theories. A theory that predicts nine of ten events is a very good theory. But the one failure may be significant. For those who believe that metrics have some utility in evaluating intelligence, some candidates might be:
• Customer satisfaction — was intelligence timely and/or was the level of detail adequate? • What was the impact of intelligence? Did it lead to significant changes in or re-evaluation of policy? • How well is the information flowing through the system?
65
• What level of access does the IC have to policymakers and are they listening (a credibility measurement)? • Has risk been reduced for decisionmakers?
Metrics: How will we know we’re headed in the right direction? The United States must resist the temptation to interpret certain tactical victories, especially those enabled by a convenient but perhaps unique ally like, the Northern Alliance, as evidence that it has solved the problem. An adversary intent on surprising us will be comfortable with long lulls in its fight against the United States. Any metric the intelligence community employs to gauge progress — and it must use metrics — needs to make room for intelligent risk taking. In fact, the keys to any successful business community revolution are experimentation, capitalization, management, competition, and consolidation. The mid-1980s creation of the Counterterrorist Center as the critical first innovation in the fight against terrorism was an improvement, but one that did not go far enough. Its mission was almost solely intended to augment the collection of human source intelligence — not to deepen expertise and produce breakthroughs in intellectual capital that might enable us to outwit the adversary. The intelligence community needs a more risk-taking and failure-tolerant management approach.
In the medium term, three broad metrics should suggest progress:
1) Connectivity is well established.
2) Multidisciplinary analysis is diverse and prospering.
3) Individual initiative reigns supreme. 1) Progress Improving Connectivity The successful intelligence enterprise, like its adversary, will be networked and agile. One indicator is the development of strong ties between intelligence community entities working on counterterrorism issues. Professionals in the counterterrorist community who work in different buildings, different cities, and different agencies and on different local computer networks will have the ability to create their own collaborative ties. A connected community will be one that knows immediately where to find the specialized bit of expertise or the arcane fact that makes the difference in a piece of analysis or in a clandestine collection program.
66
One critical step is integrating the Office of Homeland Security into the intelligence community’s information networks. 2) Strengthening Multidisciplinary Analysis Multidisciplinary analytic approaches to counterterrorism are new, and they will take time to establish and capitalize intellectually. If all goes well, managers of counterterrorism analysis will make room for research and teamwork under the press of daily deadlines. Perhaps the most telling measure of the health of the intelligence analysis function will be how the transition from the current war to the longer-term fight is handled and whether analysts are given the chance to take the time to dig deep and think creatively. If developments are moving along the right track, the more creative approaches to analysis will be well staffed, reasonably funded, and institutionalized within the counterterrorism community. No approach would remain untested for its applicability to the counterterrorism problem. The output would be reports and briefings based on research, workshops, conferences, games, red teams, advanced data processing, advanced analytic software, and collaboration across agencies and institutions — not to mention the improved collection of raw intelligence that all of this may help to make possible. Eventually, clever approaches must produce both actionable products and new intellectual capital, which would be shared within the community at large. 3) Fostering Individual Initiative The successful intelligence enterprise can be sufficiently agile if, like its adversary, the terrorist network, it is driven largely by individual initiative rather than commanded entirely from the top. Senior intelligence community leaders need to engage in creative delegation and promote initiative and creative thinking (including the so-called out of the box thinking) by the workforce. Another reason to empower individuals is the efficiency gains produced by reducing layers of supervision. The intelligence community is not only stovepiped, it is riddled with layers of management designed to provide redundancy in an effort to avoid mistakes. Although there has been an effort to streamline the review process in recent years, there remain abundant economies to be realized by placing the individual analyst closer to the decisionmakers who are the end users of the product and relying on individual accountability to ensure quality. Emphasis on the individual would represent a sharp break with the past. Intelligence community senior leaders are accustomed to being the authors of new initiatives rather than their enablers. The tendency to confine risk taking to the top and to constrain individual initiative because it might lead to a mistake is one of the things that must change if the fight against terrorism is to succeed.
67
17- Reasons for Intelligence Failure
After looking at a series of apparent analytic failures to foresee events such as the Aum Shinrikyo nerve gas attack in 1995, North Korea’ s ballistic missile test in 1999, or the bombing of the USS Cole in 2000, Bruce Berkowitz concluded that the intelligence analytical community showed organizational rigidity, poor planning, insufficient use of outside sources, and isolation of intelligence providers and consumers. Ten Reasons for Intelligence Failure: 1. Overestimation -- this is perhaps the most common reason for failure, and one which, if uncorrected, can lead to the continuation of error for a long time. Examples include the long Cold War period in which the U.S. consistently overestimated the missile gap between the U.S. and Soviet Union. Critics of the Iraq War say this was the main kind of error that happened in estimating Saddam Hussein's capabilities. 2. Underestimation -- this occurs when intelligence or political leadership seems unwilling to be receptive to warnings, or completely misread the enemy's intentions. A classic example is Stalin in 1941, who didn't want to hear about the possibility of Hitler invading Russia, even thought the British and Americans tried to tip him off. 3. Subordination of Intelligence to Policy -- this happens when judgments are made to produce results that superiors want to hear instead of what the evidence indicates. It is the most widely discussed and analyzed type of intelligence failure, although some discussions talk about a related error, bias. 4. Lack of communication -- the lack of a centralized fusion office often creates this problem, but it more typically results from when you have different officials from different agencies with different rules, different security clearances, and different procedures on who and how they communicate. 5. Unavailability of Information -- regulations and bureaucratic jealousies are sometimes the cause of this, but the most common problem involves restrictions on the circulation of sensitive information. 6. Received Opinion -- this is also called conventional wisdom and consists of assertions and opinions that are generally regarded in a favorable light, but have never been sufficiently investigated.
68
Sometimes the people in a bureaucracy are forced to make best guesses on the basis of limited information. 7. Mirror-Imaging -- this is technically defined as the judging of unfamiliar situations on the basis of familiar ones, but most often involves assessing a threat by analogy to what you (your government or a similar government) would do in a similar position. It is also the problem of having too many area specialists. 8. Over-confidence -- this occurs when one side is so confident of its ability that it projects its reasoning onto the other side and believes that since it would not do something itself, neither will the other side. The classic case is the Yom Kippur war of October 1973. 9. Complacency -- this happens when you know the enemy might do something, though you are not sure what or when, and yet you do nothing anyway. The classic example is the British who did nothing in the weeks leading up to the Falkland War of 1982. 10. Failure to connect the dots -- this occurs when the connections between bits of intelligence are not put together to make a coherent whole. It is most easily observed in hindsight, and is perhaps the main cause behind how the 9/11 attacks caught American officials by surprise.
18- The New Threats
The following developments dramatically enhanced the number and diversity of risks, dangers and threats:
• Globalisation.
• Accelerating technological innovation.
• Growing interdependence.
• Vulnerability of modern states. The world is now confronted with a host of border-spanning trends that challenge our traditional intelligence and law enforcement practices:
• International organized crime.
• Narcotics trafficking.
• Illicit sales of weapons — WMD as well as conventional —.
69
• The spread of disease.
• Internet-driven jihadist and other militant forms of radicalization.
• The geo-political implications of climate change.
This is particularly true for the unholy trinity of transnational terrorism, proliferation of weapons of mass destruction (WMD) and transnational organised crime (TOC) that have become the pre-eminent security challenges confronting the world and the new intelligence priorities. TOC is growing in volume, geographic reach and profitability, and is well positioned for further growth because it does, in many ways, have the most to gain from globalization. Growth and spread of TOC increase the risks of proliferation of WMD and, with it, of catastrophic transnational terrorism as proliferants and terrorists collude ever more symbiotically with TOC groups to move money, men and materials around the globe. The more the international order is threatened by asymmetric warfare of Islamist terror networks, the more the threat perception will become multifaceted and chaotic if more actors can acquire WMD. These developments not only diminish the predictability of risks and dangers. The more diffuse and unpredictable the situation and the threat perception, the more difficult it will become to clearly distinguish between external and internal, civilian and military threats to a country, and between the strategic, operational or tactical levels of risks and dangers. More than ever before intelligence is the pre-requisite for all measures that aim at the effective prevention, disruption and suppression of these threats. But countering the pre-eminent threats from multiplying non-state actors that operate clandestinely requires more than just intelligence services. These threats can only be effectively counteracted, disrupted, pre-empted and prevented when the operations of all security sector organisations that are mandated to deal with them are intelligence-driven or intelligence-led. This requires a paradigm shift in national security strategy that not only entails a whole of government approach and multilateral engagement, but a radical new approach with more intensive collaboration, interaction and information exchange by these organisations with the agencies of the intelligence community.
The New Threats The threats of “yesterday” were predominantly of the symmetric type:
• Static.
• Predictable.
• Homogeneous.
• Hierarchical.
70
• Rigid and resistant to change.
The new threats are more of the asymmetric type:
• Dynamic.
• Less predictable.
• Networked.
• Fluid.
• Self-organising.
• Constantly adapting and evolving. The old strategic approach of risk avoidance, which served states relatively well in terms of ensuring national security against predictable state adversaries no longer works. Risk avoidance is no longer financially affordable; it is also no longer adequate against the threats posed by the growing number of less predictable, more evasive and clandestinely operating non-state actors. Old concepts of threat analysis have to be supplemented by risk analysis and vulnerability analysis. This means that resources for ensuring national security are now allocated on the basis of threats or risks and national vulnerabilities. Threats are measured in terms of the likelihood and severity of the consequences, while risk is accepted as equalling threat divided by vulnerability. The activities of the unholy trinity of the new threats are transforming the international system, upending the rules, creating new players, and reconfiguring power in international politics and economics. The changes in the last decade of the 20th century not only empowered terrorists, proliferants and criminals, but at the same time weakened the agencies in charge of fighting them. The networks of transnational terrorists, proliferants and TOC thrive on international mobility and their ability to take advantage of the opportunities that flow from sanctuaries and separate marketplaces into sovereign states with borders. For terrorists, proliferators and TOC, frontiers create opportunities and convenient shields. But for the government officials chasing them, borders still too often represent obstacles. The privileges of national sovereignty are turning into burdens and constraints on governments. Because of this asymmetry in the global clash between governments, transnational terrorists, proliferators and TOC, governments are systematically losing – everywhere.
71
Transnational Organized Crime (TOC) Transnational Organized Crime (TOC) is the most organised. What makes it more dangerous than other criminality is its highly organised or entrepreneurial method in the following widely varying activities:
⇒ Corruption, intimidation, theft, kidnapping, arms trafficking, smuggling, labour racketeering, illicit telemarketing, sex exploitation, pornography, bribery, coercion, robbery, piracy, drug trafficking, counterfeiting, and so on.
The decline in totalitarian states, and the peace dividend that has enabled the rapid drawdown of military and security forces, has driven many former members of security and intelligence services and of specialists in the armed forces into the TOC business. For TOC, this influx of professional security, intelligence, police and military know-how has meant a quantum jump in sophistication.
TOC poses a threat to all nations and is a fundamental threat to democracy, the rule of law and human rights. TOC disrupts free markets, drains national assets and inhibits the development of stable societies. When it escalates, economic development, political independence, the environment, as well as human and global security are all threatened. TOC undermines civil society, political systems and the sovereignty of states by normalizing violence, graft, and by introducing a corruptive cancer into political structures. TOC undermines the integrity of the banking and financial systems, the commodities and securities markets as well as cyberspace. It degrades environmental systems through the evasion of environmental safeguards and regulations. It burdens societies with the enormous social and economic costs of illegal drugs. TOC hinders the progress of, and foreign investments in, economies in transition and developing countries. TOC poses strategic threats that can affect or destabilise strategically important states.
Proliferation of WMD Proliferation refers to the diffusion of weaponry and technology. It is a process in which a new type of weaponry is introduced into an area where it was previously not available. The most dangerous is the proliferation of WMD. There is no treaty or customary international law that contains an authoritative definition of WMD. Instead, international law has been used with respect to the specific categories within WMD, and not to WMD as a whole. The term WMD is customarily used to embrace all nuclear, biological and chemical weapons, irrespective of particular characteristics, potency and possible application. Some years ago radiological weapons have been added.
72
But there are important differences among these weapons. So much so that lumping together all of these weapons in one category of WMD is misleading, since nuclear weapons, in view of their tremendous destructive potential, are in a class all to themselves. The development and use of WMD is governed by international conventions and treaties, though not all countries have signed and ratified them. The proliferation of WMD and their means of delivery such as ballistic missiles constitute a threat to international peace and security and a growing danger to all states. While the international treaty regimes and export controls arrangements have slowed down the spread of WMD and delivery systems, a number of states and non-state actors have sought or are seeking to develop such weapons. The risk that terrorists will acquire nuclear, chemical and biological weapons, radiological or fissile materials and means of delivery adds a new critical dimension to this threat. Opportunities for mass-casualty terrorist attacks using chemical, biological or nuclear weapons will increase as technology diffuses and weapons programmes expand. Nuclear weapon designs and related technology can spread from one country to another, either directly from state to state, from state to non-state actor, from non-state actor to state, or through clandestine or criminal supplier networks – such as the notorious activities of Abdul Qader Khan,35 the ‘father’ of the Pakistani nuclear bomb, who was at the centre of two illicit supplier networks Other concerns challenging the intelligence services are the buyers of uranium ore, the activities of shipping companies that might be transporting weapons parts or fissionable materials, and the governments of powers known to sell missiles and related materials. Until recently, the major concern was the movement of material and expertise from Russia’s cooperation in the development of Iran’s nuclear, weapons and missile programmes, and China’s sale of missiles to Pakistan and Iran. Today, the most immediate concerns are North Korea’s sales and Iranian delivery of missiles and related technology. US intelligence assessments have highlighted biological weapons proliferation concerns about such nations as North Korea and Syria. However, apart from Russia, Iraq is the only other country confirmed in recent years to have had an offensive biological weapons programme. Inspectors from UNSCOM uncovered sufficient evidence of a covert bio-weapon programme to compel Iraq to admit that it had produced and weaponised biological agents – anthrax, aflatoxin and botulinum toxin. A related concern is that a state might decide to share its biological weapon capabilities with non-state actors. Concern also arises from the possible misuse or negative impact of biodefense programmes, such as their potential to provide cover for the illegal development or maintenance of biological weapons-related expertise.
73
Yet another risk of biological weapons proliferation is occasioned by the prevalence, and in some cases the lack of control over the circulation, trade and transfer of components for acquiring these weapons – strains of causative agents of dangerous infectious diseases, dual-use equipment, nutritive media, and technological information. A few countries have pursued the development of radiological military weapons, only to abandon these efforts in favour of more practical and effective weapons. So far, Chechen militants are the only known group that has attempted to use a Radiological Dispersion Device (RDD). While nuclear waste is a less likely proliferation option for weapon source material, potential radiological weapons materials exist in hundreds of thousands of locations worldwide. There are an estimated 10 million radioactive sources in existence around the world. Hundreds of plutonium, americium and other radioactive sources are stored in dangerously large quantities in university laboratories and other facilities. In all too many cases they are not used frequently, resulting in the risk that attention to their security will diminish over time.
Transnational Terrorism
There is not just one form of terrorism but many, often with few traits in common. There are more varieties today than existed some 30 years ago, and many are so different from those of the past and from each other that the term terrorism no longer fits some of them. Continued terrorist acts have compelled individual states to develop their own definitions for the purpose of enacting legislation to counter the terrorist threat.
The politically charged term of terrorism has been used to describe a variety of acts and methods of violence. But in practice, the attempts have neither amounted to an internationally recognised classification nor to a coherent legal definition.
Previously, terrorism operated within limits and usually had easily identifiable ends: territory, the release of prisoners or political concessions. Now we face a terrorist threat quite different from anything experienced in the past.
Since the beginning of 1990s, terrorism began to outgrow its former national and regional dimensions, has become more international and global in reach, more ideological and more strategic in its objectives. With the advent of 4th generation terrorism we witnessed with 9/11, the Bali, Madrid, London and other recent attacks, the aim is to maximise the number of casualties. This reflects a shift in the goals of the new terrorists from trying to make a political statement through violence to maximising damage to the target as an end in itself.
Of all the terrorist groups, religiously motivated ones are the most likely to resort to mass-destructive terrorism. Because such groups perceive violence to be part of an all-encompassing struggle between good and evil, religious extremism is converging with three other factors:
74
⇒ The deliberate quest to acquire or develop WMD.
⇒ A willingness to accept martyrdom.
⇒ A perception that the only ‘audience’ of worth is that of a deity – with the result that jihadist groups, in particular, lack the moderating influence of an external ‘audience’ or constituency, are more detached from ‘moral norms’ and other social constraints, thus are less constrained in using WMD, and more difficult to deter.
Limitless in the scale of their ambitions, the new terrorists are not interested in extracting concessions from victims or negotiating with governments, and they will not compromise over their goals. The new terrorism in its various forms wants to convince a target population and its leadership that the stakes of a conflict are not worth the current and potential future costs. It deliberately targets the non-combatant civilian population, icons and other symbols associated with the state, the ruling government’s power base or the critical national infrastructure. What they want is to destroy the way of life and the social fabric of the target society. Transnational terrorism has manifold dimensions: security, economic, political, environmental and others that can affect the future of the planet. Today, transnational terrorism is being perpetrated in the name of an extremist Muslim cause. But it is a type which, in a future world order, could be applied by others. It signals a new era of conflict. While the numbers of lives lost due to terrorist acts in the recent past have been small by comparison to the lives lost from other causes, this can change dramatically if transnational terrorists obtain and use WMD. Senior Al Qaeda members have threatened to use, and have demonstrated the will to carry out attacks with WMD. This is also the desire of various other terrorist groups. A further danger remains: terrorists could attack nuclear facilities, provoking a nuclear incident. However, successfully causing a large release of radiation through a terrorist attack on a nuclear power plant requires knowledge of the plant’s physical design and layout, security measures and weaknesses. Thus, terrorists may find it easier to gain access to radioactive materials in order to build a dirty bomb, or use hazardous radioactive materials, spent nuclear fuel or attack nuclear materials in transit, which is a serious problem, calling for high standards of physical protection. Also, Mass-transit rail and subway systems in major cities remain vulnerable to Madrid style attacks with chemical weapons. Improvised Explosive Devices (IED) containing a chemical agent can be detonated, dispersing toxic chemicals causing mass casualties.
Cyberterrorism The advent of the computer age has opened up possibilities of yet another kind of mass-disruption: information- or cyberterrorism. Generally, cyberterrorism is a result of the convergence of technology and terrorism, and consists of two mutually dependent elements:
75
(1) It refers to attacks against computers, networks and the information stored within them, for the purpose of intimidating or influencing a government or society to further political or social objectives.
(2) The attack results in violence against persons or property, or at least causes enough harm to generate fear.
Progress in computer networking technology has blurred the boundaries between cyberwarfare, cybercrime and cyberterrorism. Hence, labelling a cyberattack as cybercrime or cyberterrorism is problematic because of the difficulty in determining with any certainty the identity, intent, or the political motivations of an attacker. Cybercrime and cyberattack services are now available for hire from TOC groups are a growing threat to national security as well as to the economy. A terrorist cyberattack could actually prove more damaging because it could involve disruptive technology that might generate unpredictable consequences that give terrorists unexpected advantages. What makes cyberterrorism different is the ease with which an immense amount of damage can be inflicted on IT systems of government, the armed forces and the critical national infrastructures of a country, from almost any point on earth by very few terrorists, at low personal risk and costs. Computers seized from Al Qaeda indicate that its members are becoming more familiar with hacker tools and services that are available over the Internet. However, cyberterrorists would probably need to attack multiple targets simultaneously for longer periods of time to gradually create terror, achieve strategic goals, or to have any noticeable effects. It is more likely that any severe cyberattacks that take place in the near future will be used by terrorist groups to simply supplement the more traditional physical terrorist attacks.
19- The New Intelligence Paradigm
The opportunity now exists to tap into a vastly larger amount of expertise than was previously available to US intelligence. However, this will require working from a very different paradigm from that which characterized much of our Cold War history.
76
The New Paradigm: Collaborative Intelligence The key features of the traditional paradigm were:
• Secrets.
• Classified channels of information flows.
• A focus on a few hard targets (e.g., the Soviet Union, other so-called “denied area” Communist Bloc countries, their military forces and technologies and other observables).
• Very limited contact with outside experts who were almost always US citizens.
• Focus on key facts and finished intelligence products.
The new paradigm, in contrast, will focus on “open source” information and reach out to a wide variety of experts who are non-intelligence professionals drawn from different sectors and often non-Americans. As the 21st century is expected to be far less predictable and dynamic, the objective is to scan the horizon for emergent issues and so-called weak signals that are harbingers of futures for which few governments have begun preparing. While it cannot begin to replace the old model, it surely can complement it and build knowledge that can be used by those still working largely within the traditional secrets-driven paradigm. This new collaborative paradigm is more than simply an open source collection model. Indeed, it is an approach that attempts to synthesize knowledge found in various academic, business, and other private sectors with government expertise. While the traditional paradigm would focus on specific hard targets for specific facts (also known as plans, intentions and capabilities), the collaborative model is scanning for interesting interconnections among issues, anomalies from what experts might normally expect to see, and other insights, which in the traditional paradigm would be considered irrelevant or too unconventional to be of use.
77
The world has changed and with it the meaning and content of security. We have become vulnerable in new and often unforeseen ways. The traditional intelligence systems have displayed, after the cold war, an inability to deliver in terms of warning, comprehension, and management support. The tsunami disaster in 2004 and the September 11 attacks are not isolated events but, rather, are part of a string of similar, known and unknown, symptoms of an existing and possibly growing intelligence crisis. Is there a revolution in intelligence affairs? So far the answer is no. However, there is a crisis, something that could be described as an approaching revolutionary situation, when circumstances will make drastic changes in the concepts and conduct of intelligence unavoidable. Part of the problem — the fact that intelligence systems as we know them are based on WWII and the Cold War — is very difficult to do anything about. Still more basic, however, are the dominating concepts, or misconceptions, in intelligence that must be put in question and perhaps overturned: This diagnosis leads to three propositions: 1. Abolish the intelligence cycle as the fundamental model for thinking about intelligence and constructing intelligence systems.
78
2. The prime task of qualified national and international intelligence bodies should be defined not in terms of production but rather of innovation. In this regard, intelligence could learn a lot from other fields of enquiry in society.
3. Analysis and collection are not two different activities but two names for the same search for knowledge. A number of key assumptions, widely accepted as conventional wisdom among intelligence reformers, are simply wrong:
• First, academics cannot help.
⇒ Actually, intelligence theory done by academics can provide important insights about the strength and weaknesses of intelligence systems.
⇒ Business is ahead of government in understanding the importance of using theory to improve intelligence and thus enhance profits.
• Second, intelligence necessarily involves secrecy.
⇒ This assumption is important because it implies that the most important
information about our adversaries is secret and must be stolen.
⇒ In fact, that may give them too much credit. They may not be securing information about their greatest assets and vulnerabilities.
⇒ For example, if the Japanese had been collecting open source information during WWII, they would have learned from American newspapers that their code was broken before Midway and changed their encryption methods.
⇒ As another example, a prototype of the Nazi’s famous encryption device, the Enigma machine, was first exhibited at an open trade show in Germany.
⇒ Focusing on clandestine collection diminishes the perceived value of technologies related to processing and exploitation, which are regarded as more mundane and thus less critical to the enterprise.
⇒ There is also an analytical bias toward intelligence that comes with higher classification. The more secret some piece of information is, the “better” and thus the weightier it is assumed to be. After all, what is harder to get must have been more “hidden” by the adversary and thus more crucial to understanding the threat. This is wrongheaded. The sensitivity of the collection method, a key determinant of classification, does not necessarily correlate with the quality of the product.
⇒ Assuming that good intelligence involves information collected principally through secret means renders the United States particularly vulnerable to manipulation and deception.
• Third, intelligence is a service.
⇒ The implication here is that the decision-maker is not part of the process, but rather a master to be served.
79
⇒ In fact, decisionmakers must play a role in identifying critical policy decisions that require intelligence support, inform collectors of the pace of policy and requirements for timeliness, provide feedback on where intelligence is helping and where it needs improvement; also they must be educated to their role in the intelligence process and assume their share of responsibility for both its successes and failures.
⇒ Instead of thinking that they speak truth to power, intelligence analysts should help policymakers improve their understanding of reality, recognizing that cognitive biases exist in any human appreciation of events — including their own.
⇒ The process is best understood as a matter of adjustment in perceptions and a deepening of knowledge among all those involved.
⇒ The notion that intelligence holds “the truth” (and policymakers do not) undermines the process of intelligence support.
⇒ Policy decisions by their very nature exclude some options and thus involve narrowing the set of helpful and relevant information for the next decision. To this extent, useful intelligence will be somewhat subjective.
⇒ This does not mean, however, that intelligence analysts, striving for relevance, should refrain from examining past assumptions.
⇒ They should simply retain a degree of humility with respect to ownership of truth.
• Fourth, bureaucracy and bureaucratic culture are bad.
⇒ Intelligence bureaucracies reasonably adopt cultures that reflect their businesses — espionage operations, the mathematics of encryption, translation of foreign language, and the intellectualism associated with analysis.
⇒ In fact, few intelligence professionals believe case officers should act and think like intelligence analysts.
⇒ Recruiting for and reinforcing the qualities that contribute to these different skills reinforces those cultures.
⇒ The Intelligence Community, which has been criticized for groupthink, should seek to encourage diversity and a cross-agency appreciation of that diversity — not to shed it or deny its worth.
⇒ At the same time, bureaucracy should be recognized as crucial to intelligence accountability in the United States, even as managers seek to streamline and make it more efficient.
80
Building an agile intelligence community The intelligence community must at last dispense with the internal barriers that stifle communications and collaboration. Building an agile intelligence capability will require:
• That internal communications improve.
• That robust and perhaps formal alliances with external centers of expertise be constructed.
• That a genuine multidisciplinary analytic effort blossom and achieve a creative flair that is not typical of bureaucratic enterprises.
Metrics will be needed for measuring progress in the effort. They should include measures of improved communication within the intelligence community, structures that connect the intelligence community to the best and the brightest outside the world of intelligence, and indicators of true analytic innovation. Osama bin Laden founded the structure that became al-Qaeda during the Afghan war against the Soviets, and it took him two decades to achieve his present notoriety. Terrorists are also becoming more operationally adept and more technically sophisticated in order to defeat counterterrorism measures. For example, as we have increased security around government and military facilities, terrorists are seeking out “softer” targets that provide opportunities for mass casualties. The devil is partly in the details: it is impossible to pre-empt a threat without knowledge of the specific plot or plots, and it is almost impossible to unearth all of them. The likelihood is that terrorist threats against the United States will be here for a generation or more, and what is different and novel about the challenge at hand should be considered. That challenge is considerable. What we are seeing is not the more familiar state-supported terrorism, which has been in gradual decline for two decades. Rather, the terrorism we face is decentralized, self-generating, and tied to the existence of failed states and the battle for the soul of Islam. Important Questions to be asked: • Has the U.S. intelligence community yet imagined the full range of models of
weapons development that the adversary may employ? • Is it sensitive to the right signals of the alternative development paths as they may
appear in raw intelligence reporting over the next several years? • Does this analytic challenge — and others that demand similarly unconventional
imagination — reside only on the drawing board of the intelligence community, and if so why?
81
The Need for New Approaches to Intelligence The magnitude of the threat and the fact that the new terrorist groups bear little resemblance to either conventional armies or state sponsored terrorist organizations, ensure that al-Qaeda and its follow-on movements will demand innovations in U.S. intelligence. Changes in the intelligence craft must go beyond redrawing the intelligence organizational chart and redesigning its chain of command. The collection of raw intelligence will remain critical, but it will also remain insufficient against an adversary that is a dynamic, evolving force. No central authority within the network of terrorist organizations can control, or has the responsibility for designing, future operations against our interests. The intelligence community will win small battles against terrorism, but it is still at risk of losing far larger ones. In addition to gathering even more raw intelligence, we need to counter the adaptable adversary with our own adaptation. Hierarchies are handicapped when confronted by flexible, highly adaptable, and networked enemies. Breaking Down Barriers ⇒ The U.S. intelligence community remains handicapped by internal barriers and
walls meant to protect intelligence sources and methods — at a time the outside world, by interesting contrast, apparently sees the value in making unprecedented investments in getting connected (connectivity).
⇒ Stovepipes have persisted for years and prevent many of the people working
against terrorist targets from effectively communicating with each other. At times, the stovepipes even prevent organizations from becoming aware of each other’s existence.
⇒ U.S. intelligence components working against terrorist targets need the ability to
share data and analyses spontaneously (as academic experts do when communicating routinely over the Internet); they should not be forced to deal with a maze of bureaucratic and security-derived obstacles.
⇒ The intelligence community’s electronic connectivity in addressing the non-state-sponsored terrorist threat is ironically held hostage to counterintelligence concerns that emanate from threats from state actors — who, unlike al-Qaeda, have ample budgets to staff their own intelligence apparatus and target it against Washington.
⇒ It is no coincidence that most multidisciplinary intelligence analysts and collectors
function in largely separate electronic compartments. ⇒ The need to know principle, of course, cannot be jettisoned entirely, but the trade-
off between protecting security and promoting collegiality certainly bears recalibration.
82
⇒ The current stovepipe approach — which erects barriers to lateral collaboration by restricting communications and rewarding only bureaucratic loyalty within the organization — makes it possible for unrelated intelligence components in different institutions to do essentially the same work against terrorist targets — wasting resources and preventing many professionals from leveraging the efforts of counterparts who remain outside their immediate circle.
⇒ Good academics invest considerable energy in finding out about the research
efforts of their colleagues in other institutions; intelligence community professionals would reap dividends from similar efforts that at least match those of their academic counterparts.
⇒ The people fighting terrorism need to break down barriers to their ability to form
alliances with external centers of expertise. In recent years the intelligence community has improved analysts’ access to all of the resources made available by the information revolution.
⇒ It is safe to say that intelligence community data systems are unparalleled. Some
elements of the analytic community have created outreach programs to get beyond the walls protecting classified data.
⇒ But more needs to be done to create connections with substantive experts who do
not yet have all the security clearances. No organization, not even one large and deep, can have a monopoly on expertise — especially on a subject as complex as the Islamic Reformation.
⇒ Creative alliances with think tanks, academics, and other centers of expertise
should be a force multiplier. Intelligence community business practices should promote rather than impede informal and mutually beneficial contact between the analyst and the business community. With the stakes as high as they are, some of those prospective relationships even deserve to be formal, institutionalized partnerships.
Bolstering In-House Analysis ⇒ U.S. intelligence must integrate operational intelligence (intelligence that supports
operational planning and covert action), with true multidisciplinary expertise, thus capitalizing on expertise in politics, demographics, economics, and culture.
⇒ The intelligence community needs and deserves an unparalleled center of
excellence on the roots and substance of terrorism — one that makes the time to do its own research while routinely exchanging insights with a well-developed network of allies on the outside.
⇒ The intelligence community needs an analytic effort that carries great prestige
rather than one subordinated to supporting operational planning and covert action. ⇒ In the course of bolstering analysis, there is considerable room for more creative
approaches. These approaches include assembling red teams whose purpose is to simulate adversary strategy and doctrine, perhaps replicating, to the extent feasible, the decentralized nature of the threat.
83
⇒ The intelligence community should be practiced at exploring adversary strategy, especially that of an evolving, adapting enemy whose future stratagems are not yet on the drawing board.
⇒ Other measures are targeted at institutionalizing alliances between experts in and
outside the intelligence community and at fostering creative analytic approaches. ⇒ Still other steps are meant to sharpen the collection of raw intelligence by taking
advantage of deeper analytic expertise, thus better focusing human source intelligence, signals, imagery, and other intelligence collection systems.
Modelling and Simulation
⇒ The intelligence community should develop new software tools to support both data processing and analysis.
⇒ The intelligence community should be using new techniques to explore the
evolution of terrorist networks and their adaptability.
⇒ Agent-based modeling, focuses on bottom-up computer simulation of human interaction and generates exactly the form of decentralized, spontaneous organization of social networks that we observe in the formation of political movements and in the world of terrorism.
⇒ As agent-based modelling shows, with recent advances in computing power and
software, synthetic adversary networks can be built in digital space and their evolution simulated harmlessly.
⇒ The intelligence community should routinely adopt the best practices of DoD and
the private sector for modeling and simulation.
⇒ The intelligence community should prod DoD to create new warfare models that go beyond evaluating conventional weapons systems.
⇒ The art of analytic gaming remains a uniquely effective tool for assessing the
interplay of competing strategies. A properly framed game can shed light on the calculations of both adversaries and coalition partners.
⇒ Those techniques might illuminate many examples of adversary strategy that could surprise us next time. Their strategy may depend on how much the terrorists have learned from the strikes against the United States and the war in Afghanistan.
The intelligence community should continue to counter denial and deception efforts by terrorist networks. Denial and deception analysis is a relatively new element in the intelligence tool kit and refers to measures to counteract the efforts of U.S. adversaries to escape detection by U.S. intelligence satellites and other collection means, as well as measures to counteract adversary efforts to purposefully mislead U.S. intelligence by generating data that point in the wrong direction. The intelligence community must determine the magnitude of the threat to the economy and the strategies likely to be used in an attack aimed solely at economic destruction.
84
Until shortly after September 11, the intelligence community was not in the traditional multidisciplinary analysis business, but the creation of the Office of Terrorism Analysis within the CIA’s Counterterrorism Center changed that. This kind of initiative in analytic methodology holds promise, and efforts to reinvigorate the long-term effort to generate more creative raw intelligence collection are in the works. The war on terrorism will place intense pressure on all intelligence collection systems, and it may do so for a generation or more. Although more resources would help, even with more data the intelligence community is likely to be frustrated by its failure to prevent every attack on U.S. interests. The adaptable adversaries who will make up the future terrorist threat will have the incentives and the means to “game” Western intelligence collection systems. Collection needs to be sharp and focused on what counts rather than too broad. In the long run, it is the job of the intelligence community to develop both analytic expertise and classified data sources on issues of interest to the national security community. The intelligence community must give priority to collecting the information that the policymakers most need and want. There are still important but hard to learn facts about targets - including the intentions and capabilities of rogue states and terrorists, the proliferation of unconventional weapons, and the disposition of potentially hostile military forces - that can only be identified, monitored, and measured through dedicated intelligence assets. Toward these ends, one of the most important functions of the intelligence community is to provide analysis gleaned from all sources (open and secret) and to package it in a timely and useful manner. Only the intelligence community performs this essential integrative function. While good intelligence cannot guarantee good policy, poor intelligence frequently contributes to policy failure. The United States will have to continue to devote significant resources if it desires a significant capability. No amount of redesign or regulation can compensate for poor leadership. It will fall upon current and future senior officials of the intelligence community to make the development of management skills a priority and promote a culture in which excellence is rewarded, talent is developed, quality is valued, legitimate risk-taking is encouraged, and respect for the law is unquestioned.
Problems and Limits of Intelligence The nature of modern terrorism makes it difficult to defeat. The first line of defence against terrorists is the attempt to find out who they are, and what they are up to. This can be done by agents that infiltrate terrorist groups, by using paid informants or through eavesdropping, surveillance and communications monitoring. Controls on financial transactions can be used to discourage money laundering and transfers of illicit funds.
85
But the most important limits to collecting information on terrorists are inherent to the subject and the way they operate. These limits are permanent and cannot be eradicated. Only a few of the conspirators know the intentions. Though they might get help from others, nobody whom they cannot trust completely is informed about their plot. Plans are no longer communicated in a form that can be easily intercepted and interpreted. Terrorists do not expose any materials that would betray their intentions to others. They do not purchase, procure or build anything that is suspicious. They live and move inconspicuously, and any preparations that cannot be done behind closed doors are done as part of those movements. Moreover, the bull’s-eye of this intelligence target – an individual terrorist plot – lacks the size and signatures of most other targets. The conspirators may not have had any prior involvement in terrorism or be members of a previously known terrorist group. Thus, the target for intelligence is anyone who might commit terrorism in the future. Hence, terrorism is a fundamentally different and more difficult object than the great majority of other topics the intelligence community is asked to cover. There can be no guarantee that intelligence services can provide a foolproof warning of an impending terrorist attack so that it can either be avoided or adequate preparations made. Though the safeguards against non-proliferation are weaker today than 15 years ago, intelligence coverage of proliferation is still somewhat easier than that of transnational organized crime (TOC) and transnational terrorism. Proliferation from state to state dominates, as does that from state to non-state actor, which was the case of the Semtex that Libya had acquired and passed to the IRA, and the rockets fired against Israel by Hezbollah in the Lebanon conflict of 2006, which Iran and Syria have provided. Intelligence collection on proliferation may require less transformation of intelligence services as is the case with TOC and terrorism. Efforts are needed to more comprehensively reunite, integrate and fuse the disparate intelligence disciplines of analysis of WMD and proliferation; the monitoring of treaties, international organisations, and agencies engaged in proliferation issues; while concomitantly striving to cooperate much more intimately with those engaged in combating terrorism and TOC. It is obvious that there are limitations in intelligence on WMD. Even before the serious questions raised by the Iraq experience, there were long-standing concerns about the capabilities of intelligence services to track WMD programs and identify required reforms. The track record of intelligence is a mixed one. In key areas related to nuclear, biological and chemical weapons, there continue to be large gaps in knowledge and understanding of both suspect programmes and technology trends. Since 2003, a number of western intelligence communities began conducting gap attacks that focus attention on the most serious and difficult of these intelligence deficits.
86
It is, however, important to have realistic expectations. Determined, adaptive proliferators skilled at deception and denial will find ways to conceal at least some of their activities from even a greatly improved WMD intelligence enterprise. To some degree, uncertainty will always outweigh certainty. Policymakers, therefore, must accept that there are inherent limits to WMD intelligence, while intelligence services are challenged to improve their ability to convey uncertainty in ways that policymakers can understand and apply. As they work to reduce uncertainty, the intelligence services must sharpen their focus on the softer elements of the proliferation problem – people, plans and intentions. Far too much of intelligence’s intellectual and financial resources remain targeted against the harder elements of facilities, technology and systems. Additionally, intelligence services must continue to transition from simply reporting on proliferation to sustained engagement in the proactive fight against WMD. Finally, intelligence organisations responsible for setting strategic direction and coordinating community-wide efforts, must work more closely with the operational communities to ensure that collection and analysis directly support planning and execution of counterproliferation missions. Countering TOC is qualitatively different from fighting proliferation and terrorism. TOC is embedded within economies in ways that proliferation and terrorism are not. Police resources will hardly ever be such that they can do more than investigate a small proportion of TOC. The process of determining targets and priorities is therefore crucial to the intelligence process. A number of problems make this no easy task, for example, should TOC groups be targeted based on the suspected sums of money involved, the degree of occurrence of violence, or the degree of political corruption existing or suspected? There is always the dilemma of whether to continue surveillance in order to develop intelligence or to act to disrupt TOC activities and to arrest the actors. More and sustained intelligence efforts are needed for anticipating major activities of TOC groups, their operational methods for moving various forms of contraband, innovations in money laundering, the development of new markets and, in particular, the measures they are taking to counter law enforcement operations. The latter is of increasing significance, because eluding national law enforcement control is the most important working principle of criminal groups. TOC is becoming ever more adept at concealment and disguise and exhibits a degree of flexibility and adaptability in methods and modes that pose an increasing challenge to law enforcement and society at large. Unlike the traditional threats to national security from rival nation-states, the threats posed by non-state actors are more difficult to anticipate, assess and combat. Clandestinely operating conspiratorial groups of often unknown non-state actors make intelligence services central to the security of the state. More than ever, intelligence is the prerequisite and most important tool for the prevention of, and timely counteraction against, these new threats. The fact that terrorists, proliferants and TOC groups seek to hide their intentions, plans, capabilities and activities and engage in disinformation, denial and deception operations
87
to mislead the authorities, creates a need for a national organisation with secret and covert capacities. Such knowledge cannot be acquired better, more safely or more cheaply by any other organisation or means. Thus, intelligence services are a key factor for combating the new threats and have become the first line of defence. There are five basic principles all organisations that engage in intelligence collection and conduct the so called intelligence-led operations must follow: 1) To provide effective intelligence essential to the security of the nation.
2) To have an adequate legal framework.
3) To have an effective management and tasking system.
4) To be effectively accountable.
5) To be open to internal and external review, supervision and control, and to parliamentary oversight.
To address the challenges facing the U.S. Intelligence Community in the 21st century, congressional and executive branch initiatives have sought to improve coordination among the different agencies and to encourage better analysis. In December 2004, the Intelligence Reform and Terrorism Prevention Act (P.L. 108-458) was signed, providing for a Director of National Intelligence (DNI) with substantial authorities to manage the national intelligence effort. The legislation calls for a separate Director of the Central Intelligence Agency. Making cooperation effective presents substantial leadership and managerial challenges. The needs of intelligence consumers — ranging from the White House to cabinet agencies to military commanders — must all be met, using the same systems and personnel. Intelligence collection systems are expensive and some critics suggest there have been elements of waste and unneeded duplication of effort while some intelligence targets have been neglected. Breaking down agency stovepipes that keep information from consumers who legitimately need it, continues to be a challenge for senior policymakers and Members of Congress. The new DNI will have substantial statutory authorities to address these issues, but the organizational relationships will remain complex, especially for Defense Department agencies. Techniques for acquiring and analyzing information on small groups of plotters differ significantly from those used to evaluate the military capabilities of other countries. U.S. intelligence efforts are complicated by unfilled requirements for foreign language expertise.
88
Improved analysis, while difficult to mandate, remains a key goal. Better human intelligence is also essential. Intelligence support to military operations continues to be a major responsibility of intelligence agencies. The use of precision guided munitions depends on accurate, real-time targeting data; integrating intelligence data into military operations will require changes in organizational relationships as well as acquiring the necessary technologies. Counterterrorism requires the close coordination of intelligence and law enforcement agencies including the Department of Homeland Security. Another problem has been barriers between foreign intelligence and law enforcement information. These barriers derived from the different uses of information collected by the two sets of agencies — foreign intelligence used for policymaking and military operations and law enforcement information to be used in judicial proceedings in the U.S. A large part of the statutory basis for the “wall” between law enforcement and intelligence information was removed with passage of the USA PATRIOT Act of 2001 (P.L. 107-56), which made it possible to share law enforcement information with analysts in intelligence agencies, but long-established practices have not been completely overcome. The Homeland Security Act (P.L. 107-296) and the subsequent creation of the Terrorist Threat Integration Center (TTIC) established offices charged with combining information from both types of sources. Finally, Section 1021 of the Intelligence Reform Act made the new National Counterterrorism Center specifically responsible for analyzing and integrating all intelligence possessed or acquired by the United States Government pertaining to terrorism and counterterrorism.
Bibliography • Warner, Michael; Wanted: A Definition of Intelligence - Understanding Our Craft.
• Medina, Carmen A.; What To Do When Traditional Models Fail - The Coming
Revolution in Intelligence Analysis. • Pappas, Aris A; Simon Jr, James M.; The Intelligence Community: 2001-2015 -
Daunting Challenges, Hard Decisions. • George, Roger Z.; Meeting 21st Century Transnational Challenges: Building a
Global Intelligence Paradigm. • Elder, Gregory; Intelligence in War: It Can Be Decisive - Winning with Intelligence.
• Treverton, Gregory F.; Jones, Seth G.; Boraz, Steven; Lipscy, Phillip; RAND CF 219: Toward a Theory of Intelligence.
• Harris, James W.; Building Leverage in the Long War - Ensuring Intelligence
Community Creativity in the Fight against Terrorism. • Ackerman, Robert K.; Future Threats Drive U.S. Intelligence; April 2008.
89
• Schreier, Fred; Fighting the Pre-eminent Threats with Intelligence-led Operations.
• Best, Jr, Richard A; Intelligence Issues for Congress Foreign Affairs, Defense, and
Trade Division. • Krizan, Liza; Intelligence Essentials for Everyone.
• Seaborn, Blair; Commentary No. 45: Intelligence and Policy: What Is Constant?
What Is Changing? • Field Manual 34-52; Chapter 7; Strategic Debriefing. • Herman, Michael; Intelligence Power in Peace and War.
• Shulsky, Abram N.; Schmitt, Gary J.; Silent Warfare – Understanding the world of
Intelligence. • Gil, Peter; Phytian, Mark; Intelligence in an insecure world.
• Lowenthal, Mark M.; Intelligence: From Secrets to Policy.
• George, Roger Z.; Bruces, James B.; Analyzing Intelligence – Origins, Obstacles
and Innovations.
