ABSTRACT: In reorganizing homeland defense after 9/11, the government had three options: White House control, power sharing between agencies, or congressional control. The option pursued – reorganizing twenty-two separate agencies under a Department of Homeland Security (DHS) reporting to Congress – has resulted in a dysfunctional organization that is understaffed and underfunded, while the missions of the agencies involved have been displaced. Many see the biggest failing of DHS as the failure to establish connections within the intelligence agencies. Billions of dollars have been spent to improve intelligence and first responder capabilities, but the most effective measures taken to improve our national security in the event of terrorist attacks have actually occured outside of the DHS reorganization.
Perrow, Charles. “The Disaster after 9/11: The Department of Homeland Security and the Intelligence Reorganization.” Homeland Security Affairs 2, Article 3 (April 2006). https://www.hsaj.org/articles/174
September 11, 2001 presented a challenge to our government that went way beyond any challenges that natural disasters had presented in decades. The terrorist attack suggested possible future ones that would involve more of society than a natural disaster might, and we had few institutional structures to cope with it. Our last major effort was President Jimmy Carter’s amalgamation of agencies to form the Federal Emergency Management Agency (FEMA), but it was small and its terrorist concerns were limited to threats from domestic political radicals. 1 Something far beyond the recombination of disaster agencies that produced FEMA was needed.
The first thing required was a change in the mental model that our top officials in the White House were using to address threats to the nation. Years of preoccupation with state-sponsored threats of nuclear missile attacks would be hard to set aside. Second, we needed a new institutional capacity for dealing with the new terrorist threat. Should this capacity reside primarily in the White House, or in Congress? Without a convincing change in its threat model, the White House, I argue, was unable to mobilize support for allowing it to control the effort, and control passed to Congress. But so many interests were impacted by such a huge project that it became unwieldy. Furthermore, the institutional framework chosen for protecting homeland security followed a cultural script that organizational designers such as Congress most easily revert to — namely, centralized control — even though the problem would be more amenable to the empowerment of diverse, decentralized units, with central coordination rather than central control. The many organizational difficulties we will examine that flowed from the central control format, coupled with distracting wars and lack of urgency, make the failure of the reorganization seem almost inevitable.
Finally, the same format was used to attempt a restructuring of the intelligence agencies and once again powerful interests, this time in the Pentagon as well as Congress, appear to have thwarted this effort as well. Compared to our restructuring response to the 9/11 tragedy, the creation and shaky evolution of FEMA thirty-five years ago, for all its problems, begin to look like a piece of cake.
The Threat Model
Why was the administration of George W. Bush so unprepared for a terrorist attack upon our homeland? The answer to this question is one part of the explanation for the dismal performance of the Department of Homeland Security. (The other part of the answer is that we expect too much of our organizations and the matter of predictable organizational failures, which we will come to later.)
It is a truism that the military is always prepared to fight the last war. Given the difficulty of predicting which adversary will strike next and how it will strike, this may be the best the military can do. There are many conditions that will reinforce a similar mind set, or world view, in other areas of life, when we live for decades under the threat of foreign attack. All our major institutions, not just the military and diplomatic corps, become firmly configured to meet this threat. The political area develops scripts and slogans to mobilize defense; a candidate or party cannot be weak on defense. Parts of business and industry thrive on defense expenditures and gain more power than those parts that are hurt by defense expenditures. The media builds appropriate images of heroes and villains; the judicial system and social institutions such as education are altered to reflect the world view. (Early in the Cold War university Russian Studies programs were quickly staffed with faculty without PhDs, contrary to university policy; Black Studies programs had a hard time getting started when they came along because they recruited faculty without PhDs, which was declared to be contrary to university policy.) A Cold War that ran for some four decades can build up an impressive institutional support system confident that the next engagement will be similar to those anticipated for the last four decades. Many ways of life are elaborately, and sometimes comfortably, built around this sensible hypothesis.
But it was beginning to erode in the 1990s, when no obvious enemy nation was apparent after the collapse of the Soviet Union. Since institutions, by their nature, change slowly and reluctantly, there remained a physical, organizational, and ideological infrastructure that could be mobilized by any president who argued that we remained threatened by foreign states.
Even events that challenge the lingering world view need not shake it. The U.S. was repeatedly attacked by terrorists with no apparent state support in the 1980s and 1990s, sometimes on its own homeland. By the mid-1980s al Qaeda, a terrorist organization not supported by a foreign state, was identified as a serious threat to our security at home. The Soviet Union had collapsed in 1989, and there was irrefutable evidence that the U.S. was the only superpower left. But this did not prompt any adjustment in our defense strategy, even after the first Twin Towers attack in 1993 was laid at the door of terrorists not sent by a foreign state.
Regardless of our superpower status, the mind-set and the associated institutional direction led the Bush administration, soon after 9/11, to place something as difficult and expensive as an expansion of a missile defense system on a high priority list. In keeping with this, Iraq, Iran, and North Korea were declared an “axis of evil” requiring a conventional military buildup on our part, while counter-terrorism funds appropriated under President Clinton were actually cut. This was not a case of institutional lethargy or drift, or even maintaining a steady state. Compared to the two previous administrations, the new administration vigorously reinstated and refurbished the subsiding Cold War ideology. It was a trajectory, built upon a mind set that had powerful institutional traditions. These can be mobilized. (For evidence of the Cold War ideology, see former CIA Bin Laden unit head Michael Scheuer’s Imperial Hubris.2 )
Our vulnerabilities, in the administration’s eyes, were not symbolic, crowded skyscrapers like the Twin Towers, or the hearts of the beast, the Pentagon (attacked on 9/11) and the White House (almost attacked). The administration saw our vulnerabilities as the thousands of miles of open skies through which a nuclear missile could fly from a ship at sea that only North Korea was remotely able to launch. This vision is also a way of not seeing.
Before 9/11, the administration virtually ignored numerous warnings about our lack of preparedness for terrorist attacks. They came from two independent commissions, security experts such as Richard Clarke and Rand Beers, and members of the intelligence transition team who advised the new administration that further attacks on our soil were quite possible. (We had been repeatedly attacked abroad, in coordinated attacks upon two of our African embassies, our base in Saudi Arabia, the U.S.S. Cole, and at home, in the first attack upon the Twin Towers in NYC.) As late as March 2004 the White House was continuing to say that it had made counterterrorism its top priority upon coming into office in January 2001. For example White House spokesman Scott McClellan, echoing similar comments from top Administration officials, said that “this Administration made going after al Qaeda a top priority from very early on,” according to a press briefing on March 22, 2004.
But the White House admitted that in the face of increased terror warnings before 9/11 it only once convened its task force on counterterrorism before 9/11. President Bush himself admitted that he “didn‘t feel the sense of urgency” about terrorism before 9/11, despite repeated warnings that Al Qaeda could be planning to hijack airplanes and use them as missiles. 3 This negligence came at roughly the same time that the vice president held at least ten meetings of his Energy Task Force and attended at least six meetings with Enron executives, presumably more pressing business than convening the task force.
Similarly, Newsweek reported that internal government documents disclosed that, before 9/11, the Bush Administration moved to “de-emphasize” counterterrorism. As one of many pieces of evidence Newsweek notes that when “FBI officials sought to add hundreds more counterintelligence agents” to deal with the problem, “they got shot down” by the White House. 4 The very day before the 9/11 attack, Attorney General John Ashcroft rejected an increase of fifty-eight million dollars the FBI requested to finance 149 new counterterrorism agents, 200 analysts, and fifty-four more translators. He also proposed that a Department of Justice program designed to provide equipment and training for first responders in the event of a terrorist attack be cut by sixty-five million dollars. 5 The president’s national security leadership met formally nearly 100 times in the months prior to the September 11 attacks, yet terrorism was the topic during only two of those sessions. Richard Clarke’s “urgent” memo asking for a meeting of top officials on the imminent al Qaeda threat was not acted upon for almost eight months.
Finally, the White House threatened to veto efforts putting more money into counterterrorism, tried to cut funding for counterterrorism grants, delayed arming the unmanned airplanes that had spotted Bin Laden in Afghanistan, and terminated a highly classified program to monitor al Qaeda suspects in the United States. Many of these failures are cited by the report of the 9/11 Commission, but one surprising admission did not make it into the report: Scott McClellan, while saying al Qaeda was a top priority from the beginning, in the same press briefing on March 22, 2004 mentioned a previously forgotten report from April 2001 (four months before 9/11) that shows the Bush Administration officially declared it “a mistake” to focus “so much energy on Osama bin Laden.” 6 Even when warned of imminent attacks in August of 2001, President Bush did not say “this is very serious; I want daily briefings on this and let the other relevant agencies know how seriously this must be taken.” Instead, he told the 9/11 Commission that he was “heartened” to learn that seventy full field office investigations were underway, and presumably that would take care of things and was the end of the matter. 7
In contrast, in 1999, fearing a “millennium” attack (with much less evidence than we had in the months prior to 9/11), President Clinton shared his Presidential Daily Briefings with up to twenty-five people (while President Bush limited it to six), activated resources abroad, foiling some attacks, and activated resources at home. Airlines and airports were kept on alert, the border guards alerted, and one terrorist was apprehended and linked to Al Qaeda. 8 At least some dots were connected as a result of attention from the White House.
A flurry of documents, including White House press releases dug up by the press and critics of the administration and released in the spring of 2004, indicated that immediately after the 9/11 attack there were three major initiatives by the White House. The first was an invasion of Afghanistan, to destroy bin Laden’s base and training ground; next was preparation for an invasion of Iraq, which had been on the agenda since the Bush administration took office in January 2001, according to many commentators. Protection from terrorist attacks here in the U.S. was a distant third. Even the pursuit of bin Laden in Afghanistan was not aggressive.
The concern with terrorism after 9/11 seemed eerily distant. Journalist Dana Milbank reported:
In the early days after the Sept. 11, 2001, attacks, the Bush White House cut by nearly two-thirds an emergency request for counterterrorism funds by the FBI, an internal administration budget document shows. The document, dated October 12, 2001, shows that the FBI requested $1.5 billion in additional funds to enhance its counterterrorism efforts with the creation of 2,024 positions. But the White House Office of Management and Budget cut that request to $531 million. Attorney General John D. Ashcroft, working within the White House limits, cut the FBI‘s request for items such as computer networking and foreign language intercepts by half, cut a cyber-security request by three quarters and eliminated entirely a request for ‘collaborative capabilities.’ 9
This background sets the stage for the homeland defense initiative that eventually resulted in the Department of Homeland Security. Despite the politically powerful rhetoric of the president and the White House about “eliminating” the terrorist threat, it was not high on the agenda. In the first nine months after 9/11, the invasion of Afghanistan was planned and carried out, planning for an Iraq invasion stepped up, and massive tax cuts for the wealthy moved forward, but only a small office of fifty or so professionals was set up in the White House to deal with homeland security. This gave Congress, and especially the Democrats, the chance eventually to foster a response in their own terms.
The Homeland Defense First Option: White House Control
Political scientist Charles Wise lays out three options available to the government to cope with the threat to homeland security. The threat was acknowledged years before 9/11, of course, and the three options had been considered in various governmental reviews and task forces. Wise labels the option first undertaken by President Bush in the month after the attack as “executive order coordination.” 10
This option was to coordinate and stimulate homeland defense from the White House by establishing an Office of Homeland Security and appointing an assistant to the president to run it (Tom Ridge, former governor of Pennsylvania, and widely respected). While this might suggest a minimalist response, as compared to the new Department of Homeland Security that we eventually got, it was in many respects the most promising option, since it emphasized coordination rather than centralization. It had the advantages of rapid response and flexibility and would give the president more direct authority than he or she would have with a Department of Homeland Security, which gave much control to Congress. But while it was in place, from October 2001 to July 2002, it had an uncertain status and achieved little. As noted, the White House was cutting terrorist-related funds a month after 9/11.
This option, a White House Office, would require exceptional activism from the White House, whereas a Department would not. The presidential assistant for homeland security would have to be strongly supported by the president in struggles with the Office of Management and Budget to reallocate funds, and in struggles with the all-important intelligence agencies, particularly the CIA and the FBI, who were not sharing information. For example, using the threat of personnel replacements and budget cuts, the assistant would have to demand concrete evidence that the FBI changed it priorities from catching and prosecuting criminals, especially the purveyors of illicit drugs (it’s top priority), to investigating terrorist activity and sharing information with the CIA.
It is true there are laws on the books governing Cabinet bureaus and congressional actions that would prevent the president or the head of the Office of Homeland Security from running roughshod over them, but presidents have been able to do a great deal despite these laws. 11 The theme of the “imperial presidency” mobilizing political and economic resources is a strong one in our history.
Executive order coordination has the virtue of preserving the decentralized structure of the many agencies involved, but adding a measure of direction that can promote coordination. Decentralization does not mean fragmentation. Fragmentation comes when decentralized units do not receive explicit policy direction nor the general oversight that indicates the policy is being carried out, and do not share information. The overwhelming problem with our homeland security and defense was a failure to coordinate, to “connect the dots” as we heard endlessly. Coordination can be achieved through centralized control in small and moderately sized and homogeneous agencies, but mammoth projects are almost impossible to coordinate through centralization. Mammoth agencies require a great deal of decentralization because of the diverse tasks and skills involved. Decentralized systems are coordinated not by giving central orders but by signaling intent and making sure that information is shared.
What, concretely, would this mean in terms of executive action? I am sure the FBI director, Robert Mueller, appointed just prior to 9/11, and by all accounts more motivated and effective than any of his recent predecessors, can testify that changing an organization’s “culture” is a tough job. But while the task is difficult, that is what administrators are paid for. Unfortunately, there was no great reallocation of personnel from drug interdiction and prosecuting to, say, translating intercepts and documents, huge amounts of which remained untranslated over three years later. With “executive order coordination” the Assistant could demand that personnel be rotated between the FBI and the CIA. This had been “ordered” during the Clinton administration but no one followed up so it did not happen. Following up would be the job of the assistant, and it would not require a platoon of staffers.
For example, the FBI’s top management would have to show evidence that they took seriously and investigated the complaints of FBI translator Sibel Edmonds. She wrote superiors that she was ordered to slow up her productivity in order to justify a bigger budget request for the translation department, and that favoritism had led to hiring a translator who had not only failed to translate messages in Arabic languages accurately, but was married to a man who was on the terrorist watch list. (They both left the U.S. immediately after the 9/11 attack.) FBI management dismissed her charges and instead promoted her supervisor and his two superiors, and fired Edmonds. 12 Strong signals from the assistant for homeland security would make it clear that investigating such complaints, and there were many, instead of promoting the individuals charged, would be rewarded.
Or, to take another illustration of the type of effort required, consider the so-called “firewall” erected in 1995 that supposedly restricted information sharing between the FBI and the CIA. The Report of the 9/11 Commission notes this was the result of the “misinterpretation” of judicial rulings and procedures. The FBI conveniently saw these as prohibiting information sharing, and the Clinton administration did not address the problem, even though they were warned about it in 1999. (Still, in two crises, information was shared in the Clinton administration.) But the Bush administration received strong warnings in 2000 and 2001 that intelligence agencies were not sharing data, and that the intent of the 1995 procedures was ignored routinely. 13 These warnings came at a time of higher threat levels than the previous administration had experienced, but still had no effect upon the Bush Administration. (Moreover, the forty or so warnings in 2000 about al Qaeda in the Presidential Daily Briefings — a much higher threat level than in 1999 — appeared to have no effect.) These warnings of misinterpretations could be addressed by a homeland security assistant who was fully empowered by the president and his top staff. It was front page news that the FBI was not changing its procedures. In fact, its several attempts to prosecute suspected terrorists were thrown out of court because of faulty procedures, in contrast to its very successful cases against the terrorists who bombed the World Trade Center in 1993. Redirecting the FBI was certainly not a “slam dunk,” but it is far from impossible. FEMA has been redirected at least three times by various White Houses.
In his dramatic memoir Against all Enemies, Richard Clarke indicates that the initial plan of President Bush might have worked. 14 It envisioned Tom Ridge heading up a White House Homeland Security staff of about fifty professionals to lead, coordinate, and conduct oversight of the many federal programs involved with security and disasters. As assistant to the president for homeland security, Ridge expected to have real authority, but soon complained everything had to be cleared with the White House chief of staff. (Presumably that meant homeland security had to be politically vetted, making it less than the top priority of the president.) While this was still consistent with presidential control of the program, it revealed that the president did not intend to take the domestic security issue seriously enough to deal directly with Ridge.
This was not a good sign, but the Office might have worked had the president given it a high priority. Clarke observes: “I believe that adept White House coordination and leadership could get the many agencies all working on components of a consistent overall program.” It would be difficult, of course, but over the years his own organization, the National Security Council, had managed to be quite effective during the Clinton Administration. He continues: “… the alternative method, rewiring the organizational boxes, would make us less able to deal with domestic security and preparedness for years to come.” 15 It had taken years for the mergers that created the Energy Department and the Transportation Department to gel, and both were smaller. Ridge apparently agreed with Clarke that the last thing needed was the reorganization involved in creating a new department.
Executive order coordination was the option that President Bush maintained without much enthusiasm from October 2001 until July of 2002. This lack of enthusiasm was important; it opened the door to other interests.
The Second Option: Power Sharing
In the second option, what Wise calls the “statutory coordinator” option, the homeland security agency is established by law, rather than presidential order. Laws are passed by Congress, so this gives Congress more power than under the first option, and thus reduces that of the president. This was proposed by the Gilmore Commission, which was considering these matters well before 9/11, having been formed in 1999. (Its official government title was, alas, The Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction.) Despite commissions like this before 9/11, aside from a counter-terrorism group in the White House, little was done in the way of government reorganization. The Gilmore Commission had examined all efforts in its second annual report in December 2000 and concluded: “The organization of the federal government’s programs for combating terrorism is fragmented, uncoordinated, and politically unaccountable.” The problem, it said, was lack of central authority, a routine and easy recommendation to which commissions are prone. “The lack of a national strategy is inextricably linked to the fact that no entity has the authority to direct all of the entities that may be engaged.” 16 It called for a national office for combating terrorism that would have legal — that is, statutory — authority and be located in the Executive Office of the President. This location gives the president considerable authority, but it is shared with Congress, which writes the laws governing it.
The reasoning of the Commission was that oversight responsibilities for combating terrorism presently lay in the hands of at least eleven full committees in the Senate, plus numerous subcommittees, and fourteen full committees in the House, with all their subcommittees, eighty-eight in all, each carefully guarding its turf. 17 It was the same problem that earlier commissions had identified for FEMA. The homeland security effort had to be centralized, the committee (and almost everyone else) argued. This would mean new laws, and Congress would pass them, giving it influence. But its influence would not be scattered over eighty-eight committees and subcommittees. The key to the Gilmore Commission plan was that it recommended a reorganization of Congress itself to centralize control over homeland security matters by having a powerful oversight committee in each congressional house. These could override the authority of the eighty-eight parochial and fragmented committees. This would mean that the committees controlling, say, the Coast Guard or border control, could see their authority reduced. This recommendation never succeeded. Individual committee and subcommittee chairs — which are where the power lies — were not likely to support this reduction in their power.
We have to be careful here. I will make much of congressional resistance to giving up committee and subcommittee power. But these committees are closest to the public, and are expected to be responsive to their constituencies. They are responsible for the fact that our federal system is very decentralized (or fragmented, depending upon whose ox is being gored). The committees overseeing, say, border controls and immigration, or the Coast Guard, would be able to cry out that the agencies they oversee are underfunded, or the congressional committee could publicize the failures of the FBI or the CIA to coordinate with the agency the committee oversaw (the agency itself could not), investigate charges of torture as members of a military affairs committee, or charges of waste in Pentagon contracts, and so on. The agency being examined is not likely to bring such matters to the attention of the committee or the White House. There is a congressional watch-dog function, as well as funding pork-barrel projects. If a supercommittee was established, it is not clear that the charges of failures to coordinate, or torture charges, or underfunding charges, would surface; any actions a regular committee might want to take could easily be overridden by the supercommittee. There are reasons for congressional committees and subcommittees to want to keep jurisdiction and to exercise power, and it is hard to distinguish “turf” from representation of the interests of constituents.
(The committee or supercommittee members might fail in quite other ways. They easily put narrow local interests over those of the nation, or are so indebted to large campaign donors as to fail to represent all segments of their constituency. But this is quite another matter. These narrow interests would be present in the two large oversight committees the Gilmore Commission recommended, or, if there were no supercommittee, in the eighty-eight committees. They reflect a problem with our form of government that goes beyond those of restructuring agencies.)
The Third Option: Congressional Control
It was a third option that prevailed; congressional control of a new department with budgetary, personnel, and mission control by Congress. It was based upon the Hart-Rudman Commission findings of 2001. It preserved much of congressional committee power. (Gary Hart had been a Colorado Senator, a democrat, and Warren Rudman had been a republican Senator from New Hampshire, so the interests of Congress were likely to be well considered.) A new cabinet-level department would be created. The power of the president would consist of recommending to the Senate a nominee to be the secretary of the department, and exercising the normal amount of control the president has over any cabinet head. While considerable, of course, presidential power would be less than in the first or the second option. Congress is the clear winner. Political scientist Donald F. Kettl put it as follows, referring to Tom Ridge:
What the members of Congress left unsaid was that if Ridge remained a presidential appointee without congressional confirmation, they would have little control over his operations. If they could pass legislation authorizing the office, setting out its powers, gaining the right to confirm him in office, and controlling the office’s budget, they could dramatically shift the balance of power. Many members of Congress saw this as one of the biggest new initiatives in decades, and they wanted to ensure that they could control its direction. Bush turned them down, saying through a spokesman that the president did not need congressional action to do what was required. 18
Many agencies would be moved from their previous department locations to the new department, but the agencies would still be under the supervision of Congress. Thus, the secretary of DHS would not have the power to use presidential authority to establish new units (e.g. a counter-terrorism threat center that would not be under the control of Congress) or force coordination through threatened budget cuts of, say, the immigration services, that the first option provided. All the congressional committees and sub-committees would still have considerable say over agency budgets and line authority; no supercommittees would override them.
Nevertheless, even under this option, a high degree of conflict within Congress was projected as the new department was considered. One senator was quoted as saying “Hell hath no fury like a committee chairman whose jurisdiction has been taken away” and the reshuffling would alter some jurisdictions. 19 Congress would lose some budgetary authority, and power to make some line appointments, but not as much as under the other two options. A bill to establish DHS was introduced by two senators, with Connecticut’s Joseph Lieberman (D) taking the lead, and the president reluctantly concurred.
If the president opposed the Lieberman bill, why did he give in after a few months and propose his own bill, very similar except that it included even more agencies than the Lieberman bill had? Clarke argues that the White House was about to have two disasters: one, an unmanageable department that both houses of Congress strongly supported, and two, “the major new piece of legislation in response to September 11 would be named after the man whom the majority of voters had wanted to be vice president just twenty months earlier.” It was better to have one of those two outcomes rather than both, so the president sent up a bill that would be called the Homeland Security Act, not the Lieberman Act. 20
A colleague of mine at the Stanford Law School, Laura Donohue, points out that in many ways Congress did not achieved new control, but only maintained control over existing agency functions, and does not control many new initiatives. The executive office has substantial resources. The consequential actions related to homeland security were undertaken by executive agencies rather than ones controlled by Congress. The Department of Justice expanded the USA PATRIOT Act without effective oversight by Congress; the intelligence agencies were unchanged; and the executive branch expanded the National Security Letters, Foreign Intelligence Surveillance Act warrants, and various collection powers, all of which have been used extensively. Congress dismantled the controversial Total Information Awareness program that turned truck drivers, postmen, television cable installers, and others into counter-intelligence agents, but the White House continued the program with its Highway Watch, Marine Watch, Neighborhood Watch, and other programs. Though defunded by Congress, the Defense Department’s Defense Advanced Research Projects’ program, with its eighteen data mining operations, was transferred to the National Security Agency, the CIA, and FBI.
Thus the question of who won and who lost, the executive branch or Congress, is not as clear-cut as one might think. But Congress, as we shall see, kept substantial access to the barrels of pork that homeland security disgorged, and the White House and Republicans in Congress used the pork to further a privatization of the government’s agenda.
A Rough Start and Poor Reviews
Given the ignominious birth of the department we should not expect it to achieve much homeland security for at least a few years, and the initial record sadly confirms that expectation. Even if it had strong presidential backing, the difficulty of merging diverse tasks, funding the new responsibilities, coping with congressional interests, and the inevitable uses to which organizations can be put, severely limits the effectiveness of the department.
For starters, the launching was rough and premature. President Bush had resisted congressional efforts to establish it, but once Congress passed the law, he set an unreasonably ambitious four-month deadline for DHS to open its doors to twenty-two agencies that had to move. It had a hard time finding any doors to open and ended up stuck in the basement of a Navy building without room to house personnel who were to be transferred. Little help in staffing was provided; the Secretary’s staff was very sparse. For weeks some offices lacked phones. The budget was so small that finding funds was a constant preoccupation. Touted as receiving forty billion dollars, DHS received far less in new money. One-third of the money went to other agencies such as the Pentagon, and most of the other twenty-seven billion is not new money. Five of the twenty-two agencies had a total budget of nineteen billion dollars, which they brought with them, and this is counted in the forty billion dollar figure. (See Matthew Brzezinski’s scathing and disheartening details on the failings of the department.) 21 Congress’s dozens of committees still have oversight claims on the department, through their old ties to the agencies.
Congress has watched DHS very carefully. Secretary Ridge said that in the first year he and his top assistants testified 160 times, about every day and a half, before congressional committees; counting staff in general there were more than 1,300 briefings on the hill. It takes from twenty-four to forty-eight hours to prepare for a briefing, he said. And this did not count the “hundreds and hundreds” of Government Accountability Office (GAO) inquiries. 22 The executive coordination option may have had fewer resources than a department, but they could have been better focused.
The department has been watched carefully by several public interest groups such as the Council on Foreign Relations, the Heritage Foundation, and the Brookings Institution; by quasi-government groups such as the RAND Corporation and the Center for Strategic and International Studies; and, most prominently, by the GAO, which is asked to do studies for Congress. There are some differences among the reports. For example the Heritage Foundation emphasizes surveillance of citizens, and recommends that local law enforcement personnel “submit annual assessments of the events, activities, or changes in demographics or patterns of behavior of groups in their jurisdiction,” notes a RAND Corporation summary of recommendations by commissions and public interest groups. 23 (This would reinstall Admiral John Poindexters’ Total Information Awareness program in DHS.) The Brookings Institution, in contrast, has an economics tilt, and is the only one to weigh the budgetary implications of its own recommendations. It is easy to recommend actions as if they are costless.
The recommendations of the public interest agencies, like those of the dozens of commissions (Bremer, Hart-Rudman, Gilmore etc.) are heavily and overly generalized, urge more spending than is feasible, and urge actions without any guidance on setting priorities, as the RAND Corporation summary notes with sadness. 24 Some pay passing attention to first responders, but far too little, and I do not recall a single one that seriously considered the role of the average citizen.
The collaboration issue is a key one; the failure of agencies to connect has been the most prominent of the many 9/11 failures. The GAO and the public interest group reports drone on about the need to cooperate, network, collaborate, or link the disparate agencies both within DHS, and to link DHS agencies with the powerful intelligence and defense agencies outside of it. But cooperation and collaboration are not costless, and appear to be the exception in government, not the norm. It requires an exceptional degree of managerial skill at the agency level, and strong signals from the top of government. Every agency wants the others to cooperate with it, but is reluctant to cooperate with them. The fear is that autonomy is lost unless cooperation is on one’s own terms. It is sad to see these fulsome reports wave the cooperation wand without addressing these realities.
The GAO itself issued 100 reports on homeland security even before 9/11, and in the first three years after that issued over 200 more critical reports. Almost monthly it cited a string of failures (and a sprinkling of successes) of the department, and while acknowledging that it is insufficiently funded, criticizes its poor fiscal management and waste, as did the department’s own Inspector General office. Within a year of its creation (the legislation was signed November 25, 2002) the GAO designated DHS as “high risk,” indicating serious performance problems.
It was not only large (180,000 employees) and diverse (twenty-two agencies with 650 separate computer systems to integrate), but many of the agencies it took in were already “high risk” agencies by GAO standards (that is, not meeting the challenges in both security and non-security functions). The moves were not likely to increase their performance, since some non-security functions (fishing rights, computer crime, tariffs, etc.) might have benefited from staying close to other agencies that were not brought in to the new department.
The new department merged agencies that, along with their security roles, had responsibilities for such activities unrelated to terrorism as fisheries, river floods, animal diseases, energy reliability, computer crime, citizenship training, tariffs on imports, drug smuggling, and the reliability of telephone networks. The potpourri of unrelated activities was to exceed that of any previous large government mergers.
Interorganizational cooperation or coordination is familiar in the business world and among voluntary organizations. There is nothing impossible about it. Large corporations cooperate routinely on political and legislative matters (conspiracy theorists call it the “power elite”). Voluntary organizations, even when competing for funds or clients, cooperate informally and through formal super-organizations that they fund and join. Networks of small firms in Northern Europe, Japan, and to some extent in the U.S. (Silicon Valley companies, biotech firms) cooperate extensively and productively, even while competing. And there are radically decentralized firms such as Johnson and Johnson that take steps to insure cooperation and coordination among their hundreds of small, independent units. It is far from impossible. But in the case of agencies thrown together in the government, with only parts of each agency tasked with, or assigned, roles in a common enterprise such as protecting the nation from terrorists, with diverse histories, and subject to the oversight of several committees, cooperation will be extremely difficult, perhaps more difficult than before the reorganization.
Public sector transformations are more difficult than those in the private sector, the head of the GAO, the Comptroller General, said in a letter to a congressional committee, because organizations in the public sector must contend with more power centers and stakeholders, have less management flexibility, and are under greater scrutiny. Furthermore the top officials are typically political appointees who do not stay for long. 25 Even in the private sector, where things are easier, his letter notes that over forty percent of executives in acquired companies leave within the first year, and seventy-five percent within the first three years. It takes from five to seven years, according to research, to make mergers and acquisitions work in the private sector, even with all that sector’s advantages.
In December, 2004, Clark Kent Ervin, the inspector general of DHS (a watchdog division within the department) was not reappointed. He was a Harvard University-trained lawyer who had worked in the first Bush administration, and came from Texas. But he had issued many critical reports accusing DHS officials of ineptitude and fraud, including a charge that almost fifty million dollars in excess profits were paid to Boeing. 26 He repeated some of his criticisms in an op-ed piece in TheNew York Times after he was fired. 27 It was an alarming development, and, as we shall soon see, the first of many instances of using the terrorism crisis for corrupt ends.
It is still not clear as yet what the reorganization means to the agencies that were moved, except that they are expected to take on new duties or increase their security efforts. In many cases it may only mean a change in the letterhead, while personnel continue to use their contacts with other agencies and go about their business. One cannot imagine any great changes in, say, the Plumb Island Animal Disease Center, other than increasing their research on the deadly substances that terrorists might use. The Federal Protection Services, moved from the General Services Administration, may have received some new weapons and was told to have some meetings with the Office for Domestic Preparedness (moved from the Justice Department), but one can’t imagine much new synergy from such contacts or much new energy. (An exception, pointed out me by Laura Donohue, is the Exercise Division, transferred from the Department of Justice, running 300 high-quality exercises a year.) But to the extent that new security responsibilities are added to the agencies, as must be the case with almost all of them, one can imagine that all the agencies folded into the department will be having a harder time doing the jobs they were originally designed to do.
The improvements made in border security, airline security, immigration checks, and a small beginning in port security, all could have been made without any reorganization.
New Roles for Old Agencies
The Immigration Service is designed to let people into the country, particularly those whose skills are deemed to be in short supply. It is now asked to deny entry to suspected terrorists, and has little expertise to do this. The Border Control agencies are designed to prevent smuggling and illegal entry, but have had little capability to identify terrorists among either the legal or illegal entries. Thus new tasks must be learned, and connections made, to parts of organizations they had little contact with (the FBI’s counter-terrorist divisions and the CIA). And so on through many of the twenty-two agencies herded into the new department.
One basic problem is making fruitful connections between the relevant agencies. Finding the right organization is not easy. If you suspect a threat to your chemical plant do you go to the local police, the FBI, EPA, or the Coast Guard or Border Control if it’s near a border or the water? Whichever one you pick then has the problem of which of the others, and how many, should be involved. (Information should be shared, and dots connected.) If there is a dispute among them as to what actions to take, or what resources a unit should supply, what is the next level that would resolve the dispute? The organizations contacted may not accept your authority if you demand specific resources, or you may not be sure who has the resources you think necessary.
Even the question of what person you contact in the organization may be problematical. Take, for example, the frustrations of the Centers for Disease Control (CDC). Though (fortunately) not transferred to DHS, it illustrates the interorganizational problems of combating terrorism.
Shortly after 9/11 an anthrax attack occurred, sending the lethal substance through the mail, where sorting machines spread it randomly to hundreds of addresses in addition to the intended addresses. The Centers for Disease Control was the natural place to handle such an emergency, but they were caught off guard. What they knew about anthrax came from agricultural settings, where it occurs naturally and infects animals and farm workers. “Everything we knew about the disease just did not fit with what was going on. We were totally baffled,” said an official of the public health system. 28 Anthrax had always been an agricultural problem, but now it was a criminal one, thus requiring contact with the FBI. But, an official at CDC told me, there was no reason for the Centers to have any established links with the FBI. The FBI dealt with criminals, the CDC with microbes and victims. But one might think that networking should be easy; just get on the phone and call the FBI. (“Listen to the options carefully; they have changed.”) But who would they call? Since the FBI had no experience with what looked like a criminal epidemic, their help lines were of little use. (“Your call is important to us; please try again.”)
This official had, by chance, struck up a friendship with an FBI agent as a result of a totally unrelated conference a year before. She had his number, she explained the problem, and he was able to run interference for her up the FBI hierarchy to the appropriate level and office. (It is not clear how the Centers for Disease Control escaped being folded into DHS; given the threat of bioterrorism it would seem to belong there more than, say, the Plumb Island Animal Disease Center. But given its unique character and extraordinary importance and expertise, one can be grateful that it remains reasonably independent.)
Since the attack was unpredicted, there were no established routines to call into play. Not only had the Centers never dealt with the FBI, they had had no reason to deal with the U.S. Postal Service, state and local police agencies, and so on. Not only were there layers of phone numbers that needed to be searched, but the officials dealing with the attack had no authority over other agencies, such as local post offices or police, to get them to do what they thought needed doing once they found them. Agencies all have their organizational interests, jurisdictions, and clout. Networks are not hierarchical; the units have autonomy. An official of the CDC said they were not prepared “for layers and levels of collaboration among a vast array of government agencies and professional organizations that would be required to be efficient and successful in the anthrax outbreak.” 29
Even when you successfully network, what authority do you have? A Connecticut State health officer, where there was a mysterious anthrax illness, said “we were very much aware that we had no jurisdiction over federal facilities whether it was the V.A. or the post office.” 30 Reorganization of the government will not solve problems such as these, nor will injunctions to establish “clear lines of authority.” As the ample disaster and emergency response literature shows, it will require frequent drills, exercises, simulations, and meetings where diverse agencies get a chance to see each other’s point of view, establish personal contact, and build trust. This is new work, and in turn requires increased budgets. The efficient agency is one that is using every dollar it gets to increase its efficiency; add terrorism to its charge, and its budget must increase, or it will no longer be an efficient agency. Yet, as we have seen, the first responder agencies are grossly underfunded.
Organizational Problems: Displacement of Missions
A small chunk of the new Department of Homeland Security contains the Federal Emergency Management Agency. What would happen to its traditional concern, natural disasters? The fate of programs concerned with natural disasters under DHS was a concern from the beginning. FEMA Director Joe Albaugh was asked early in 2002 about this and told Congress that the traditional role of FEMA would not be affected. But even Republican lawmakers were not convinced. Rep. Don Young (D-AK), Chairman of the House Transportation and Infrastructure Committee, said that if the Homeland Security Secretary wanted to redirect the agency and focus on preventing terrorist attacks, he could reduce “other [FEMA] missions and direct those resources entirely to security.” Congressman Young had good reason to think this possible. This is what President Reagan’s first appointment did, downgrading natural and industrial disasters and upgrading the threat of a nuclear attack and the rounding up of domestic radicals. 31
To forestall this, the chair of the Select Committee on Homeland Security, Richard Armey (R-TX) redrafted the White House proposal to keep FEMA primarily an agency dealing with natural disasters. Since the White House objected, this suggested that a displacement of its mandate would indeed be in the cards. Some senators and the highly regarded former FEMA head, James Witt, along with the Brookings Institution, were all opposed to putting FEMA in the new Department. 32 Brookings foresaw the problems that were to come in a report that concluded “while a merged FEMA might become highly adept at preparing for and responding to terrorism, it would likely become less effective in performing its current mission in case of natural disasters as time, effort, and attention are inevitably diverted to other tasks within the larger organization.” 33 Instead, the authors of this report urged that FEMA retain its status as an independent agency and that federal preparedness and response functions be consolidated within that agency, rather than within DHS.
Hurricanes Katrina and Rita in 2005 disclosed an unprepared and fractured response. Many attributed a good bit of the problem to a FEMA that had been captured by terrorist concerns and staffed by inexperienced political appointees. I have discussed the many justifications and some limitations of this interpretation. 34 It seems plausible that FEMA’s absorption by the Department of Homeland Security, the resulting emphasis on terrorism rather than natural disasters, and the inattention to natural disasters by the Bush Administration, account for much of the Katrina and Rita failures.
Organizational Challenges: New Tasks, Few New Resources
A further problem was what happened to the agencies when they were transferred to DHS and given added homeland security tasks, but expected to continue with their usual ones, often with no significant budget increase, if any. In Pittsburgh, where the Coast Guard helps control traffic on the busy Ohio River, homeland security activities had accounted for ten percent of Coast Guard activity; it now grew to fifty percent. This meant cutting other activities, such as assisting boaters and acting as traffic cops on the crowded river. The Coast Guard’s effort in drug interdiction declined by sixty percent after 9/11, and time invested in preventing an encroachment on American fishing territories and enforcing fishing rules shrank thirty-eight percent. 35 One might say that at least priorities were changed by the Coast Guard, but increased funding for security could have left the old activities in place if they were deemed necessary.
The U.S. Border Patrol is an example of inadequate funding for new tasks. It hasn’t had much to do on the 4,000 mile border with Canada. But a terrorist was caught (almost accidentally) bringing explosives over the border to be used in an attack on the Los Angeles airport. Then it was learned that some 9/11 terrorists used Canada as a port of entry. The Border Patrol, in 2002, had only 330 agents supported by one analyst to intercept illegal crossings of the 4,000 mile border. In the last twenty years, 200 agents have been cut in government downsizing efforts. Half the inspection booths were simply closed. 36 As of April, 2004, miles and miles of the border consist of dense, overgrown brush where before there had been cleared spaces. In 2004 the Border Patrol finally received more resources for an impossible task.
A serious problem has emerged that concerns the critical area of first responders — police, fire, emergency medical, and various voluntary associations and homeowners associations. The title of a 2003 Council of Foreign Relations task force report summed up the problem: “Emergency Responders: Drastically Underfunded, Dangerously Unprepared.” 37 The under-funding by government at all levels was declared to be extensive. The report estimated that combined federal, state, and local expenditures would have to be tripled over the next five years to address this unmet need. Covering this funding shortfall using federal funds alone would require a fivefold increase from the current level of $5.4 billion per year to an annual federal expenditure of $25.1 billion. Nor would these funds provide gold-plated responses; they would go to essentials. For example, the Council’s executive summary gave these examples of deficiencies:
- On average, fire departments across the country have only enough radios to equip half the firefighters on a shift, and breathing apparatuses for only one-third. Only ten percent of fire departments in the United States have the personnel and equipment to respond to a building collapse.
- Police departments in cities across the country do not have the protective gear to safely secure a site following an attack with weapons of mass destruction (WMD).
- Public health laboratories in most states still lack basic equipment and expertise to adequately respond to a chemical or biological attack, and seventy-five percent of state labs report being overwhelmed by too many testing requests.
- Most cities do not have the necessary equipment to determine what kind of hazardous materials emergency responders may be facing. A study found that only eleven percent of fire departments were prepared to deal with the collapse of buildings with over fifty inhabitants, thirteen percent with chemical or biological attacks, and only twenty-five percent with equipment to communicate with state or federal emergency-response agencies. 38
Furthermore, the funds that the federal government did allocate for emergency responders were sidetracked and stalled due to a politicized appropriations process, the slow distribution of funds by federal agencies, and bureaucratic red tape at all levels of government, according to GAO reports.
Congress itself has played a substantial role in hampering the effort. The $3.5 billion promised by the White House in January 2002 for first responders in the state and local governments fell victim to partisan squabbles in Congress, not being approved until over a year later, in February 2003.
Organizations, as I have argued, are tools that can be used by those within and without them for purposes that have little to do with their announced goals. 39 A new organization such as DHS invites use. As soon as the department was established, the corporate lobbying began. Four of Secretary Tom Ridge’s senior deputies, in his initial position as assistant for homeland security at the White House, left for the private sector and began work as homeland security lobbyists, as did his legislative affairs director in the White House. The number of lobbyists who registered and listed “homeland,” “security,” or “terror” on their forms was already sizeable at the beginning of 2002, numbering 157, but jumped to 569 as of April 2003. One lawyer for a prominent Washington, D.C. law firm was up-front about corporate interests. He mentions in his on-line resume that he authored a newsletter article titled “Opportunity and Risk: Securing Your Piece of the Homeland Security Pie.” 40 It is a very large pie indeed.
A web page document, “Market Opportunities in Homeland Security,” introduces one to the “$100 billion” homeland security marketplace, for $500.00 plus shipping. Less exuberant in its predictions, a Frost & Sullivan report indicates the industry generated $7.49 billion just in 2002, with total market revenues of sixteen billion dollars estimated for 2009. Frost and Sullivan is an “international growth consultancy,” found at www.frost.com. A report from Govexec.com by Shane Harris, “The homeland security market boom,” published less than six months after 9/11, documents the aggressiveness of U.S. business in flocking to the new funding source. “Every good company out there can take what they do and reposition it for homeland defense,” says Roger Baker, the former chief information officer of the Commerce Department, and now with a private company. 41
There were intra-government uses too. Presidential declarations of disaster areas, and the federal funds that followed, varied directly with the political importance of the area to the president of the time. Shortly after 9/11 the PATRIOT Act was passed. Democratic Senator Patrick Leahy of Vermont was the chairman of the Senate Judiciary Committee, and he wrote in the criteria for distributing some $13.1 billion among the states. His committee used a formula long in use for distributing much smaller funds, one that favored the small states. The small states now resisted any change in the formula, and could do so since they had the power in the Senate. The funding was almost exactly in reverse order of the threat. (The degree of threat being used had been assessed by a non-governmental research organization using sophisticated probability models.) The ten highest amounts went to states and districts with the least threat, except for Washington, D.C., where the congresspeople live. Thus Wyoming received sixty-one dollars per person, California only fourteen dollars. Alaska, hardly a target for terrorism, received fifty-eight dollars, while New York, the target of six separate plots by Islamic terrorists in the last decade, got only twenty-five dollars per person.
This point deserves elaboration. The formula meant that forty percent of the funds had to be divided equally among the states, regardless of population. The Executive Branch had discretion over the remaining sixty percent, but distributed it according to each state’s population, rather than the risk exposure of the state’s population. In early 2003 Congress announced a plan that might rectify the situation, a new $100 million grant for “high threat” urban areas only. New York City, for example, would get twenty-five percent of it. Immediately, Congress pressed the administration to increase the size of the lucrative hand-out, and also increased the number of cities at risk. Disasters are funding opportunities. Soon fifty cities, perhaps politically important to the Administration, were designated as “high threat,” and while the size of the grant grew to $675 million, New York City received only seven percent instead of twenty-five percent. Democrats charged that the Bush Administration doesn’t have a constituency in the big cities, and so it allowed this to happen. 42
Despite charges that federal outlays were being distorted by the basic formula in use, and only partially rectified by the grants to specific cities, the formula was still in place at the end of 2004. The House approved a bill to have the funding formula reflect the risks the states faced, and the White House, to its credit, made a similar request in its 2005 budget. But the Senate would have none of it. Senator Leahy is a member of the powerful Homeland Security Appropriations Subcommittee, and his state of Vermont gets a handsome fifty-four dollars per capita. He curtly reminded Secretary Ridge of the power of small states such as his. “I have to say, I was really disappointed that the president’s proposed budget … drops the all-state minimum formula,” he said. “That would affect all but, I think, one or two in this subcommittee.” He charged that the Administration “wants to shortchange rural states.” The bill, according to senate aides, “would go nowhere,” and it didn’t. 43
Wyoming is the number-one recipient of homeland security money per capita. Asked about this, a Wyoming official remarked, typically, that “our citizens deserve the same kind of protection afforded to those in other places in the country.” This was from the chief of police in Douglas (population 5,238), who had just received a new $50,000 silver RV that serves as an emergency operation command center, paid for with federal dollars. A tiny county in North Dakota purchased more biochemical suits than the county had police officers, and in 2004 Juneau, Alaska spent almost a million dollars for a robot to deactivate bombs, decontamination equipment, and night vision goggles. (See the useful analysis of how political scientists account for such things in Patrick Robert’s “Shifting Priorities.” 44 ) Firefighters in Casper, Wyoming even denied they were less at risk than, say, New York City residents. “No one can say Casper can’t be a terrorist target” one of them remarked. Wyoming had the largest surplus, as a percentage of the state budget, of any state in the nation. Yet the seriously in-debt state of California spends five times as much, per person, of its own money on homeland security — taxes its citizens pay — as does Wyoming. 45 The unrepresentative character of the Senate and the parochial interests of the citizens of small states, who expect their senators to bring in the federal dollars, make it difficult to respond to our vulnerabilities. 46
Finally, in December 2004, DHS was able to get around Senator Leahy’s bill and announced a new formula that focused upon cities, rather than states (over the protests of small states) and went part way to matching funds to threats. New York City was the biggest winner, going from a forty-seven-million-dollar grant to $208 million; Washington, Los Angeles, Chicago and Boston got smaller increases. 47 California Senator Diane Feinstein tried again to further increase the proportion of funds to risky areas in 2005, but Senators Collins (VT) and Lieberman (CT) blocked it. We should not be surprised. Patrick Roberts notes: “The last time Congress bypassed the usual guarantees for small states in a major grant program was in 1956 when it spent $31.5 billion over thirteen years to build interstate highways.” 48
The GAO, individual congresspeople, and investigative reporters, have detailed extensive examples of “pork” spending by DHS. Even when the department’s own personnel reject grants, they are overridden by their superiors. One example concerns security at our ports. While the major ports did get the largest grants, smaller ones went to ports in places like St. Croix in the Virgin Islands (hardly a target), Martha’s Vineyard in Massachusetts, one in Ludington, Michigan, and fully six locations in Arkansas. 49 The contracting abuse was enormous. The Washington Post said “the government‘s internal audits have repeatedly questioned the cost and effectiveness of the equipment and security systems bought from corporations that received a torrent of money under loosened regulations, limited oversight and tight congressional deadlines.” The Office of Management and Budget found that only four of the thirty-three homeland security programs it examined were “effective.” 50
A more serious charge than providing a barrel of pork for states and corporations is made by Eric Klinenberg and Thomas Frank in a Rolling Stones article. They argue that Katrina was the occasion for furthering a privatization policy within DHS and FEMA that amounts to an expansion of “market-based government.” Rather than label it “pork” they call it “looting,” and then document it. Some 300 corporate lobbyists and lawyers gathered in a Senate office building, barely a month after the hurricane struck, to hear Senate Majority leader Bill Frist (R-TN) announce that some $100 billion would be spent on Katrina recovery (and many attendees thought that was less than half of what would be spent, as do Klinenberg and Frank). No-bid contracts followed, going to large, politically connected corporations, with so little oversight that the GAO was appalled, and the press headlined stories of gargantuan waste. 51 Disasters are opportunities. It is speculated that the Katrina/Rita disaster is the large wedge for privatization and reducing social welfare spending.
Another Organizational Use: De-unionizing
The new department offered opportunities to further other presidential agendas unrelated to the terrorist threat. Though President Bush did not favor the department and its massive movement of twenty-two agencies, it provided an opportunity for what appeared to be an attack upon civil service. President Bush immediately demanded that Congress strip of civil service status all employees who would be transferred. Liberals and labor saw this as an attack upon the eighteen different government unions that would reduce the amount of union membership in the government significantly. The president argued that because of the unique, non-routine nature of defense of the homeland, the Department needed to be free of civil service and union restrictions on terminating employees. (It is hard to imagine that the union members among the 180,000 employees were engaged in such non-routine and vital tasks that civil service regulations would hamper them.) The matter dragged on until March 2003 and the last day for final comment on the proposal. A ninety-one page comment from three powerful unions representing about one quarter of the department’s workers arrived. The unions had squared off for a fight.
DHS and the Office of Personnel Management proposed regulations that would cover 110,000 of the department’s 180,000 employees, affecting how they would be paid, promoted, and disciplined. It would become a model for revamping civil service rules in the rest of the federal government. Pay would be linked to performance (political performance and less aggressive bargaining, the union argued), union bargaining rights in several areas would be restricted (e.g. deployment of workers and the use of technology) and the government would speed up and tighten the disciplinary process. 52 There was a lengthy standoff, and as of October 2005, the issue is still in dispute since a federal judge, for the second time, ruled the new personnel rules invalid. 53 Again, disasters are opportunities.
Departure of Key Personnel
The departure of seasoned terrorist experts started almost immediately. Rand Beers had thirty-five year’s experience in intelligence; he had replaced Oliver North, who was the director for counter-terrorism and counter-narcotics in the Reagan administration. Beers spent seven months in the new department, and five days after the Iraq invasion in March 2003 he resigned. Three months later he told a Washington Post reporter of his disaffection with the counter-terrorism effort, which was making us less secure. The focus on Iraq, he said, “has robbed domestic security of manpower, brainpower and money.” 54 Agreeing with many, Beers saw the minimalist Afghanistan war as only dispersing al Qaeda and not pursued enough to disable it, and the maximal Iraq war as recruiting terrorists. Another disaffected expert, Richard Clarke, left in February of 2003, just before the Iraq invasion, saying the same thing. His revelations about the misdirected, under-funded, and bureaucratically incompetent response to the terrorist threat, Against All Enemies, made the best seller lists in April 2004.
Others departed or would not be recruited. A New York Times story in September 2003, six months after the start of the department, reported two top officials leaving. “So few people want to work at the department that more than fifteen people declined requests to apply for the top post in its intelligence unit — and many others turned down offers to run several other key offices, government officials said.” 55 The administration announced that 795 people in the FBI’s cybersecurity office would be transferred to DHS, but most decided to stay with the more reliably funded, higher-status FBI and only twenty-two joined the new department. 56 Flynt Leverett, who served on the White House National Security Council for about a year until March 2003 and is now a fellow at the Brookings Institution, observed, “If you take the (White House) counterterrorism and Middle East offices, you‘ve got about a dozen people … who came to this administration wanting to work on these important issues and left after a year or often less because they just don‘t think that this administration is dealing seriously with the issues that matter.” 57 (For other examples see Clarke’s Against all Enemies.)
Centralizing to Combat a Decentralized Enemy
There is no evidence that the reorganization anticipates a strategy recommended by some commentators: structuring the agencies so that their structure matches the threat. Unfortunately, those who make this recommendation have not offered compelling theoretical arguments to support their position. But it does make considerable sense nevertheless, and is worth exploring. There is a mismatch between the nature of the threat (involving highly-decentralized terrorist networks) and the response (an attempt to create a centralized, hierarchical agency). Given the nature of current Islamic terrorism of the al Qaeda type — unpredictable acts by elements of a loosely coordinated network — many experts say what is required is a highly decentralized response that would allow considerable autonomy for the groups involved — first responders, intelligence agencies, border control agencies, airlines, ground transportation agencies, etc. Because the actions of the terrorists are unpredictable, a great deal of latitude must be given to those on the ground. (For a devastating critique of The 9/11 Commission Report in connection with its handling of the first responder problem — calling for centralizing what should be decentralized — see Kathleen Tierney, “The 9/11 Commission and Disaster Management.” 58 )
The central authority should be restricted to such matters as threat assessment and warnings that come from outside DHS, and frequent surveys, reviews and evaluations of DHS units. This is quite compatible with decentralized response strategies, and certainly with decentralized tactics. Unfortunately, the immediate response of most politicians, and often many administrators, to signs of poor coordination, indifference to changing environments, and new tasks, is to rein everyone in, to centralize, and give specific tactical orders. I am sure this is what Senator Lieberman and others had in mind when they wrote their proposed bill, a version of which the president finally accepted. It was easy to react this way to incredible stories of bungling and mismanagement by, in particular, the credibility-challenged CIA and the balkanized fiefdoms of the FBI.
But interestingly enough, these favorite whipping boys of the 9/11 tragedy/fiasco escaped the steamroller that ran over so many agencies. They were to remain outside DHS (though they were threatened to be reined in), in another misdiagnosis of the problem and another attempt at centralization sure mostly to fail to make us safer. We turn to that for our final topic.
DHS and Intelligence
Most commentators see the biggest failing of the largest reorganization of the government in recent times, the creation of DHS, as the failure to connect it with the dots of the intelligence agencies (which remain unconnected in themselves). The Department of Homeland Security managed to get only one office of the FBI (the National Infrastructure Protection Center) and assurances that a few DHS members could sit in on the coordinating committees in the intelligence community (IC). DHS can ask for information, but has no assurance it will get it. Since intelligence is critical for security, for deciding where to put resources, what kind of threat is likely, for alerts that one is imminent, for knowledge of the strengths and weaknesses of terrorist groups, and so on, DHS is almost totally dependent upon the fragmented IC. Of course, many things are obvious: cockpit doors of aircraft must be hardened, container ports are vulnerable, as are national landmarks and nuclear power plants and chemical plants, and so on. But intelligence is needed to decide how much money and effort should go to each type of target, since perhaps only a third of the funds needed to do the most obvious things is available. What are terrorists most likely to attack? And intelligence is needed to anticipate the size and strategies of the attackers, and when to sound an alert that an attack is imminent.
One doubts that the IC has been able to be of much service to DHS in these matters. Even when DHS gets warnings from the IC it has had trouble communicating with its own agencies. Both federal and state agencies said they were informed of “orange alerts” only by listening to CNN, not by DHS. And some governors and mayors refused to respond to the orange alerts since they were so vague and response was so expensive. DHS appears to find it difficult to be responsive itself. Testing the capabilities of its police force, the U.S. Park Police deliberately left a suspicious black bag on the grounds of the Washington Monument. The police failed to respond quickly or effectively. One officer reportedly was caught sleeping. When a test official called the Department of Homeland Security to warn them about the bag, he got this priceless recording from our protectors: “Due to the high level of interest in the new department, all of our lines are busy. However, your call is important to us and we encourage you to call back soon.” 59
Should DHS have gotten more control over those security agencies that are not clearly related to military strategy and battlefield tactics? (Probably the bulk of the estimated forty billion dollars spent yearly on security is military-related.) Should they have at least gotten the FBI, which is primarily concerned with domestic security, though it does operate abroad to some extent? Aside from the problem of the sheer size of DHS being increased even more, the consensus is that the security agencies are far too powerful for even parts of them to be moved. As Amy Zegart argues, agencies concerned with foreign affairs, such as the intelligence agencies, are oriented towards the president, rather than Congress, and controlled by the president to a greater degree than domestic agencies. 60 The interests of the president and the intelligence agencies thus were “aligned,” as political scientists put it. Even if it were wise to give the non-military intelligence agencies to DHS, it was not likely to happen. DHS could not even get control of the FBI.
When the 9/11 Commission released its report in the summer of 2004, we got another burst of government reorganization. 61 The Commission recommended a radical change in the intelligence community. It was to be headed by an intelligence director with cabinet-level status and the authority to determine the budgets and key personnel of all of the fifteen agencies that made up the IC. The Commission was on well-trodden ground with its recommendation. In just the last ten years there have been thirteen major studies and reports concerning our national intelligence system. They all recommended reorganizations, particularly to centralize controls over the disparate activities. Political scientist Thomas H. Hammond asks “why is the intelligence community so difficult to redesign?” 62 Bureaucratic politics and power, of the sort we have been examining, play a role, he acknowledges, but there are further structural reasons.
He argues that because of dilemmas inherent in any structural setup, the reorganization plans have enough faults in them to prevent any agreement on basic changes. For example the intelligence community (IC) both collects information, and integrates and disseminates it. A structure good for collection may be poor for integration and dissemination, and vice versa. Furthermore, a structure that favors rapidly acting upon intelligence in any situation short of an imminent attack, say acting on the August 2001 warnings and information about flight schools, etc., has costs. It may disrupt the source of information and prevent further surveillance that could identify more terrorists and their organizations. (This is the classic tension between the FBI and the CIA.) Finally, a structure that is appropriate for dealing with one kind of threat, for example, state-sponsored terrorism, will not be appropriate for another kind of threat, such as that presented by al Qaeda. A major criticism of the Bush administration’s handling of terrorism from 2000-2001 was that it was still preoccupied with state-sponsored threats from North Korea, Iran, Syria, and even, to some extent, Russia, whereas the IC should have been reorganized to deal with the mounting threat of Islamic terrorist organizations.
But neither structure might be appropriate for domestic terrorism as represented by the Oklahoma City bombing or by leaderless groups, or by individuals loosely connected for an action on abortion clinics, power grids, logging operations, etc., and then dissolving. All three forms of terrorism are still present dangers, but we can hardly have three separate structures to deal with them. The appearance of non-state-sponsored groups like al Qaeda has not meant the disappearance of state-sponsored terrorism or even anthrax mailings. So how should the structure be oriented?
The complex trade-offs required have produced a kind of structural conservatism on the part of intelligence policy makers, Hammond argues. No alternative structure has seemed clearly superior to the present one. And of course the costs of tearing organizations apart and disrupting career paths are substantial.
Hammond illustrates the difficulties when he outlines six functions (and policy areas) of the Intelligence Community (IC), and they give pause to any easy solution. Recognition of the variety (and possible incompatibility) of these functions and policy areas does not seem to have been addressed by the December 2004 intelligence reform bill signed by the president. They are:
- Determining the intentions and monitoring the capabilities of the Soviet Union, China, North Korea, Iran, etc.;
- Monitoring the nuclear proliferation technologies, capabilities, and intentions of foreign state and non-state organizations;
- Counterterrorism at home and abroad;
- Providing intelligence support for anti-drug campaigns;
- Providing intelligence support for U.S. government policy in Iraq;
- Supporting U.S. combat operations. 63
The intelligence reorganization of December 2004 primarily involves the creation of a new director of intelligence who will have budgetary control over all fifteen agencies. This prompted strong opposition from the Pentagon, but it was temporarily defeated when the public outcry finally brought the reluctant president to force a congressional committee chairman allied to the Pentagon to back down. (Another chairman made the issue of illegal immigration hostage to the bill, but only partially succeeded.) The details of the reorganization and budgetary changes were “still to be determined” at the end of 2004, and as of October 2005, it appears that intelligence is not to be centralized after all. The new “czar,” John Negroponte has not behaved like one, and the Pentagon, CIA, and the FBI will retain much of their autonomy. 64 It does not appear that the vague legislation will address the dilemmas that Hammond identifies.
Senator Harry Byrd (D-VA), one of only two members of the Senate to vote against the bill, delivered a scathing speech dealing with the limitations of the bill, which are now apparent. Congress in general wished to give more power to the head of the new agency, but the Pentagon and other interests got the powers watered down. But Byrd was primarily concerned about the hasty passage of a long, complicated bill whose latest version the Senate had only twenty-four hours to review; the secrecy the bill provided to the new agency, closing off ombudsman reviews and whistle-blower protection; the failure to deal with prison scandals associated with intelligence interrogation and the successful attempt to limit inquiries into possible prison abuses; changing mandates to promises regarding new resources; and the successful attempt to reinstate and reinforce powers under the PATRIOT Act that Congress wanted reconsidered, parts of which the courts had thrown out. The intelligence bill was described by civil liberties groups as a Trojan horse, using the opportunity for reform of intelligence failures to greatly weaken civil liberties. 65 Excerpts from Senator Byrd’s remarks are worth quoting since they touch on many of the organizational issues we have been dealing with.
Among the distinguished experts on intelligence and security who argued against hasty passage and recommended deliberate consideration in Congress next term were David Boren, Bill Bradley, Frank Carlucci, William Cohen, Robert Gates, Gary Hart, Henry Kissinger, Sam Nunn, Warren Rudman, and George Schultz. Intelligence reform needs to consider broader issues than the war on terror, but the bill does not. It fails to address the unfolding prison abuse scandals in Iraq, Afghanistan, and Guantanamo Bay. The conference agreement eliminates provisions to ensure that the Congress receives timely access to intelligence, and it also allows the White House‘s Office of Management and Budget to screen testimony before the Intelligence Director presents it to the Congress. This insures political control over what Congress hears, since the OMB is the most political government agency.
Update: After this essay was written, but before it was posted, the White House issued a memo and accompanying Fact Sheet further elaborating on its plans for CTIIC. For commentary on how those documents relate to the original essay, see this post.
A Cyber Threat Intelligence Integration Center (CTIIC) established by the Director of National Intelligence in response to a presidential directive can play a valuable role integrating and assessing cyber threat data available to the government in support of policymaking and operational responses. The CTIIC director, preferably an intelligence professional, should be appointed by the DNI and report exclusively through him to the White House where CTIIC’s assessments and expertise would inform, but not supplant, interagency policy deliberations. The president’s order should direct relevant cabinet officers to support CTIIC by sharing relevant information, detailing expert staff, and helping the center overcome foreseeable technological challenges.
CTIIC’s assessments will be structurally flawed until its analysts can routinely access threat information now available only in the private sector. The DNI should integrate the functions of the National Intelligence Officer for Cyber into CTIIC to enhance its long-range analysis and designate the CTIIC director as the IC’s Mission Manager to ensure the adequacy of collection and other resources devoted to cyber targets.
The choices made while designing and standing up CTIIC should be informed by the many hard lessons learned during the National Counterterrorism Center’s (NCTC) short, but eventful, history.
Last Tuesday, President Obama’s Homeland Security Advisor Lisa Monaco announced the administration’s intent to establish CTIIC within the Office of the DNI. Monaco explained that CTIIC would promote information sharing on cyber threats between government agencies, integrate available intelligence, perform all-source analysis, and support policymakers as well as agencies with operational roles defending against and responding to cyber attacks. She added that CTIIC would not collect new information or otherwise encroach on the missions of existing cyber centers at DHS, FBI, NSA, CIA, and elsewhere in the government. Monaco said the new center, modeled on NCTC, would fulfill the president’s State of the Union pledge to ensure “our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism.”
News articles and blog posts reporting the announcement were generally positive, and offered additional context on the planned center. The Washington Post reported that the CTIIC proposal had emerged from a recent study by the White House’s Cybersecurity Coordinator comparing the government’s counterterrorism and cyber defense practices. Support for a new center apparently grew along with frustration by policymakers at the government’s inability to reach timely consensus on the sponsorship, goals, and impact of last Thanksgiving’s attack on the Sony Pictures Entertainment network. Post sources added that the new center would have a modest budget of $35 million and staff complement of 50, and would be formally established by a presidential “memorandum.”
The need to improve information sharing and the government’s response to cyber incidents was acknowledged in the administration’s 2009 Cyberspace Policy Review. Notwithstanding significant investment in watch centers, new offices, and technology, no one appears satisfied with the government’s current ability to deter, detect and defend against attacks on our digital infrastructure. Progress addressing this multifaceted challenge will depend on many factors, but long-term success will invariably require the government to collect, evaluate, and present accurate intelligence on the burgeoning cast of malign actors in cyberspace and their evolving arsenal.
The idea of a national center focused on cyber threats has been discussed in intelligence circles for years, but establishing one now is both timely and appropriate. Timely because the threat is compounding daily and appropriate because the decision to launch a new government bureaucracy appears to have been taken as a last resort after the existing organizations proved unable to work effectively together.
Looking to NCTC as a model for the new CTIIC is also sensible, although Monaco correctly acknowledged that there were important differences in the intelligence challenges posed by terrorists and hackers. NCTC serves as a clearinghouse for information on terrorism, produces coordinated threat assessments, and supports the White House in coordinating responses to active plots. Today’s NCTC, however, is not the same institution imagined by its many architects or even the same office described in the statute and directives that define its mission. Rather, NCTC is the product of diverse --- often contradictory --- visions, difficult policy choices, and stiff real-world challenges it has confronted over a decade (plus) of existence. In drafting a presidential directive on CTTIC (and possibly negotiating in the future with Congress on a legislative charter), choices will be required concerning the center’s mission and authorities, relationship with the ODNI, Intelligence Community (IC) and non-IC agencies, its role in supporting or assuming functions now performed by the White House, and the means to secure qualified intelligence and technical staff. NCTC’s experience offers useful lessons on all of these topics.
TTIC: NCTC’s Predecessor
NCTC was established by executive order in late August 2004, but the center was actually built on a strong existing foundation of the Terrorist Threat Integration Center (TTIC) that had been operating for more than a year under the supervision of the Director of Central Intelligence (DCI). President Bush had unveiled TTIC in his 2003 State of the Union address, principally as a vehicle to improve the integration of terror threat information gathered overseas with that collected by the FBI and other agencies in the U.S. - - a shortcoming widely understood to have contributed to the government’s failure to detect and prevent the September 11, 2001 attacks. White House officials optimistically declared in early 2003 that CIA’s Counterterrorism Center (CTC) and the FBI’s Counterterrorism Division (CTD) would shortly relocate to a single facility together with TTIC, and that the new center would have no operational role and therefore required no new statutory authorities.
In Blinking Red, former Bush administration official Michael Allen recounts the hurried but intense interagency tussle that preceded TTIC’s launch. CIA sought to protect the operational prerogatives of CTC, an organization that already included representatives of the FBI, Department of Defense (DOD), and other agencies engaged in counterterrorism. CIA insisted that the new center’s name not include “intelligence” or “analysis,” the latter term reserved for the specialized craft practiced on an “all-source” basis exclusively by CIA’s Directorate of Intelligence. TTIC’s mission was narrowly limited to consolidating information and integrating threat reports.
TTIC’s first (and only) director John Brennan recalled in interviews the enormous challenge of acquiring --- leave aside integrating --- data that eventually flowed into TTIC on 26 different government networks. In its early days, TTIC was also forced to compete for experienced analysts with CIA, FBI, and other agencies that were already strapped in handling their own responsibilities.
Of course, CIA/CTC and FBI/CTD never co-located their front offices or key operational components with TTIC, and TTIC’s successor (NCTC) was later codified in statute and assigned all-source intelligence analysis as one of its principal responsibilities.
The 9/11 Commission’s NCTC
The report of the congressionally-chartered National Commission on Terror Attacks Upon the United States (9/11 Commission) was submitted to President Bush and simultaneously published in late July 2004, quickly achieving bestseller status. The 9/11 Commission concluded that our counterterrorism effort required greater unity and recommended creating a new post of National Intelligence Director (NID) and an enhanced NCTC built on the foundation of TTIC. The 9/11 Commission’s NCTC proposal called for an organization housed along with the NID in the Executive Office of the President (EOP). The new center would be led by a presidentially appointed director and charged with two missions: strategic intelligence and joint operational planning. NCTC’s planning mission, according to the 9/11 commissioners, would replicate the Joint Staff’s J-2 and J-3 functions in a civilian joint counterterrorism command. To avoid infringing on the statutory authorities of DOD, CIA, and FBI, the 9/11 Commission defined “joint planning” as assigning lead responsibilities to agencies and closely tracking the execution of assigned tasks.
Not by accident, the 9/11 Commission’s admittedly “entrepreneurial” NCTC recommendation tracked closely a design favored by former National Security Advisor and then-Chairman of the President’s Foreign Intelligence Advisory Board, Brent Scowcroft. Scowcroft had been asked by President Bush early in his first term (and before the 9/11 attacks) to study the IC and recommend changes to improve U.S. intelligence.
After the Democratic Party’s 2004 presidential nominee John Kerry publicly endorsed all of the 9/11 Commission’s recommendations, the next opportunity to weigh in on NCTC belonged to President Bush.
NCTC and the Bush Administration
Under mounting political pressure, and after hasty consultations with his senior national security advisors, President Bush declared his support for a “strong” NID and the establishment of NCTC. The NCTC concept endorsed by the Bush administration in early August 2004 centered on analyzing and integrating threat intelligence from foreign and domestic sources and serving as the government’s “knowledge bank” on terrorists and terror groups. The 9/11 Commission’s proposed planning function was scaled back to “supporting the development of government action plans.” President Bush’s NCTC would not be part of the EOP. While the Bush administration did not endorse the 9/11 Commission’s operational planning role for NCTC, administration officials did announce plans to hand off to NCTC the functions of the Counterterrorism Security Group (CSG), a high-level interagency group that met (and still meets) to receive updates on active plots and to track steps being taken across government to disrupt planned attacks.
The White House convened a series of interagency meetings in August 2004 regarding implementation of the 9/11 Commission’s recommendations. These sessions frequently pitted advocates for an empowered NID and an NCTC against others who sought to defend traditional departmental chains of command.
President Bush’s late August order establishing NCTC authorized the center (in addition to its intelligence functions) to conduct “strategic operational planning for counterterrorism activities” and to assign operational responsibilities to lead agencies but not to “direct the execution of operations.” NCTC’s director under the Bush order would be appointed by the DCI, with a seemingly odd additional requirement that the president approve the DCI’s choice. The DCI was unambiguously instructed to exercise “authority, direction, and control” over NCTC and its director.
A legislative proposal containing the main elements of the president’s executive order on NCTC was sent to Capitol Hill, where legislation was advancing in both chambers to establish a NID, NCTC, and to implement other reforms recommended by the 9/11 Commission.
The Congress, IRTPA, and NCTC
Through the fall 2004 campaign season, President Bush’s reelection, and well into a lame duck legislative session, multiple committees in the House and Senate debated provisions in draft intelligence reform legislation. The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) emerged from conference negotiations between senators Susan Collins and Joe Lieberman --- the leaders of the Senate’s Government Affairs Committee, both of whom strongly supported the 9/11 Commission’s recommendations --- and Speaker of the House Dennis Hastert, who was caught between the administration’s demands for action and an armed services committee chairman bent on defending to the hilt the prerogatives of the Secretary of Defense and military commanders.
While the IRTPA’s NCTC provisions closely track those in the Bush administration’s executive order, the final bill unsurprisingly added a requirement that the NCTC director be appointed by the president and confirmed by the Senate. The IRTPA also codified a unique dual reporting chain requiring NCTC’s director to report to the DNI (the NID’s new title) regarding the center’s intelligence functions, but directly to the president on strategic operational planning.
The IRTPA also established within ODNI a National Counterproliferation Center (NCPC) with responsibilities concerning weapons proliferation similar to those conferred on NCTC for terrorism. The IRTPA’s NCPC provisions were silent on how the center’s director would be selected, and also included a waiver allowing the president to choose not to establish an NCPC if he deemed such a center unnecessary. The IRTPA (in a legally superfluous gesture) also authorized the DNI to create additional national intelligence centers to address priority topics.
The WMD Commission: A Final (and Skeptical) View of NCTC, NCPC, and Intelligence Centers
After the IRTPA was signed into law, but before ODNI opened for business, the White House received the report of an executive branch advisory panel charged with examining U.S. intelligence, in particular regarding proliferation in the aftermath of flawed pre-war intelligence assessments of Iraq’s weapons of mass destruction (WMD) program. The so-called “WMD Commission” recognized that its report was submitted too late to impact significantly the major restructuring of the IC, but this Commission nonetheless offered wide-ranging recommendations, including on the question of national intelligence centers. The WMD Commission recommended that the president establish an NCPC but not assign that center the same strategic operational planning mission given to NCTC. The WMD Commission’s proposal for NCPC described a small center to coordinate, but not conduct, intelligence analysis on proliferation and to develop collection strategies in the manner of an IC “mission manager” for proliferation.
The WMD Commission report questioned the wisdom of assigning NCTC’s director potentially incompatible intelligence and policy roles, as well as his dual reporting chain. More generally, the WMD commissioners listed the hazards of creating national intelligence centers. Such centers discouraged competitive analysis, instigated turf battles with existing agencies, and created new stovepipes that would inhibit information sharing, according to the commissioners. The Bush administration accepted these WMD Commission recommendations and directed the DNI to establish an NCTC along these lines.
Establishing CTIIC: Imminent Choices and Foreseeable Challenges
Mission, Status, and Authorities: The White House’s announcement offered few details on the nature of the new cyber intelligence center. A forthcoming presidential directive will presumably address questions concerning its mission, responsibilities, legal status, and the authorities of the center and its director as well as the nature of their relationship with the White House, DNI, IC, and non-IC agencies. CTIIC’s overly descriptive title signals that the center will initially be assigned only a modest mission focused on consolidating and integrating available information on cyber threats in the mold of NCTC’s predecessor, TTIC.
If CTIIC’s mission is limited to intelligence functions (e.g. sharing and analyzing threat information, preparing assessments for policymakers and other agencies, clearing information to be shared with state and local governments and the private sector), the DNI has ample authority to establish the center. The DNI is authorized to establish, operate, and direct new national intelligence centers by both the IRTPA and Executive Order 12333 (as amended in 2008). Any formal action by the president would be designed to enhance the stature of the center and harvest any political benefit from taking action on a high-profile national security issue. There is no obvious need for the president to appoint the head of a small national intelligence center, and allowing the DNI to select (and terminate) this official would reinforce the DNI’s leadership of our national intelligence enterprise.
Assigning CTIIC a role in shaping or implementing national policies on cyber security or assigning operational tasks to other agencies may require legislative action, and would foreseeably trigger defensive reactions by NSA/CyberCom, FBI, DHS, CIA, and other turf conscious bureaucracies. NCTC’s strategic operational planning mission has always been constrained by the center’s limited access to information on CIA and DOD activities under Titles 50 and 10, respectively, of the U.S. Code. The NCTC director’s dual reporting chain has likely generated more friction with key counterterrorism stakeholders than it has conferred real national security gains. Targeted leaks in the aftermath of the failed Christmas 2009 bombing of a Northwest Airlines aircraft revealed an unconstructive amount of tension between the DNI, CIA director, NCTC director, and White House counterterrorism officials.
CTIIC will not likely travel the same uneven path to adolescence as did NCTC, but the White House may not get the final say on the mission and authorities of the new cyber intelligence center. While Congress has a disappointing record of legislating on cyber security, it is foreseeable that the intelligence oversight committees will attempt to codify a charter for the CTIIC even in the context of the annual intelligence authorization bill rather than as part of more comprehensive cyber security legislation.
Relationship with the White House and NSC/Interagency Process: In its endorsement of the 9/11 Commission’s NCTC recommendation, the Bush administration described how the new center would take over the CSG’s functions by providing a current and shared operational picture and by monitoring how agencies executed disruption tasks assigned by the president, NSC, or CSG. In practice, the White House-chaired CSG was always engaged and directing the government’s response to significant terror threats. The political risks to a sitting president were simply too high to delegate hands-on management of an acute terror threat incident to any group outside the White House. NCTC played an essential role updating and assessing new threat information and monitoring actions between CSG meetings but NCTC never replaced the CSG. NCTC continues to extend and temporarily supplement the small NSC counterterrorism staff during high threat periods.
The analogy being drawn between terror and cyber threats is useful but imperfect. Serious terror threats to the homeland or U.S. citizens abroad are all too regular but still only intermittent. The level and intensity of cyber threats to the U.S. and its interests, however, are nearly constant with spikes caused when new attackers, tools, or targets appear on the scene. The CTIIC can contribute to improved policy responses merely by consolidating and storing information in a retrievable format, crafting integrated assessments, and providing situational awareness to policymakers during an incident without assuming any role in making policy, devising operational plans, or grading other agencies’ performance.
Competition for Mission and Talent: It would be an understatement to observe that TTIC and NCTC were not warmly welcomed by more established government institutions with counterterrorism missions. The lead role assumed by the DCI and CIA in shaping, staffing, and supervising TTIC could be explained as much by institutional self-preservation as a sincere interest in improving information sharing and threat analysis. In reality, unconstrained sharing of threat information and improved cooperation across the “foreign-domestic divide” had become the norm within days of the 9/11 attacks. A certain amount of tension based on the perceived competition for mission space and scarce analytic talent has dogged NCTC since its founding.
From CIA’s perspective, the Agency was working at full capacity to detect and disrupt possible 9/11 follow-on attacks, to find and neutralize al-Qa’ida’s leaders, and to support the invasion and occupation of Iraq when it was asked to assign experienced officers to a new intelligence center to perform analytic work already underway in CTC. By 2006, when Mike Hayden transitioned from principal deputy DNI to CIA director, media reports described an open “food fight” between CIA and NCTC over “lanes in the road” and the allocation of skilled analysts. Because of his credibility with both warring camps, Hayden was able to settle the issues relatively swiftly by decree, and that general arrangement appears to have held.
CTIIC’s first leaders will also confront a significant technical challenge not unlike the one faced by John Brennan and his successors at NCTC. After clearing the legal, procedural, and privacy hurdles to gain access to government information on cyber threats, CTIIC can look forward to a multi-year project to integrate information from disparate systems into a searchable database configured to support intelligence analysis. The DNI and CTIIC’s director will heavily depend, at least at the outset, on information, analytic talent, and technical support from NSA, FBI, DHS, and CIA.
Incomplete Information and Inaccurate Assessments: Intelligence analysis, by definition, compels practitioners to reach judgments based on incomplete information. All-source analysis, once an exclusive CIA franchise, is now practiced more broadly in the IC because of technology and increased information sharing. On most national security topics, the information gathered by U.S. IC collection agencies, combined with open sources, adequately supports reliable intelligence judgments.
Assessing cyber threats, however, presents a distinct challenge. The Internet’s basic design allows actors to conceal their identities, or even attribute their actions to others. IC collection of cyber threat data is structurally limited to the extent it excludes the large body of relevant information that Americans, U.S. businesses, and other private organizations choose not to volunteer to the government. The Homeland Security Advisor acknowledged this handicap last week and repeated the Obama administration’s appeal to Congress to pass legislation that promotes greater sharing of threat information between the government and private sectors. Expectations for the completeness and precision of CTIIC’s analytic assessments should remain modest until this structural handicap is overcome.
If CTIIC will be tasked to conduct all-source analysis of cyber threats, and not simply integrate agency views, the center will need to handle a large volume of sensitive U.S. Person and privileged commercial information. The disclosures by former NSA contractor Edward Snowden significantly eroded the public’s overall confidence in the IC, but the civilian ODNI --- in partnership with DHS and the FBI --- can likely demonstrate an ability to consolidate, store, and analyze cyber threat data while safeguarding privacy.
Finally, the respective roles of DHS and the FBI in dealing with domestic counterparts on cyber threats should be clarified. The failure to do so in the counterterrorism area contributed to the prolonged rivalry between DHS fusion centers and FBI joint terrorism task forces concerning primary relationships with state, local, and tribal entities. In turn, CTIIC can serve as the single authorized source of threat warnings to be shared (by DHS or FBI) outside the U.S. government, thereby protecting against charges of inconsistency, favoritism, or conferring unfair commercial advantage.
Steven Slick is the Director of the Intelligence Studies Project at the University of Texas-Austin and a former CIA Clandestine Service officer who served as the NSC’s Senior Director for Intelligence Programs and Reform from 2005-2009. He can be reached at [email protected]. The essay’s text was approved by CIA’s Publication Review Board.