Tag Archives: domestic intelligence

Homeland Security hodge podge

Posted on May 7, 2013 by | Leave a comment

Things remain unclear about the attack in Boston but some things of note can already be discerned.  Here’s my list so far…

Network news is terrible at covering unfolding events.  I don’t think it was always so, but maybe it was and I just didn’t it or my information needs were different.  In any case the 24 hour news channels were uniformly useless.  The normally quite good John Dickerson gives a pretty weak defense of the institution (While mistakes may have been made it’s really the fault of the viewers…or twitter…of Blitzer’s beard!)

The news channels weren’t about providing information and context.  They were about spreading rumor, speculation and regurgitating the few facts they did have.  This led to the second problem of the news organizations (not new but exacerbated by this story) which is that even though these channels have 24 hours to fill with programming they suffer from myopia.  Nothing important was going on elsewhere in the world during the entire week?  Really?  I find that hard to believe.

Social media was even worse.  Twitter was a disaster and Reddit users were on their way to forming virtual lynch mobs.  It would seem, not the greatest set of days for the idea of crowd-sourced intelligence.

But not so fast.  I suspect some of that was the messy nature of self organization.  There was very little attempt to give people ways to connect to the story in helpful (or, at least not harmful) ways.  That is what government can do although the agencies upon whom this responsibility would normally fall (law enforcement or homeland security) don’t really seem interested in communicating more than they absolutely have to with the public.

Aside from the occasional photo op, the customary speech laden with rhetoric about “our partners in the private sector, blah, blah, blah,” and of course the obligatory platitudes that we see in news releases and congressional testimony, the level of engagement with people outside the red brick walls of the DHS complex is anemic, if not nearly extinct.

Lesson Learned:  Shut off the news on the second repeat of ‘what we know’.  Tune back in at the end of the day.  Avoid social media (as it’s currently configured) unless you have some specific information needs you think you can fill through those sources.  Anything else is the virtual equivalent of rubber necking and will do nothing except waste your time and risk getting you caught up in the same useless feeding frenzy everyone else is in.

We’ve already heard calls for new changes to account for this incident.  We should charge this American citizen as an ‘enemy combatant’ and deny him his constitutionally protected rights.  This attack ‘proves’ that Putin is a guy we want on our side, after all.  And all those Muzlims!  Muzlims everywhere!

One incident is one datapoint.  That’s all.  Any assertions that this is part of some sort of trend is engaging in baseless speculation.  We have no idea if this event means nothing or is a harbinger of something significant.  I suspect the former but we have to wait and see.

Lesson Learned:  STFU until you know what you’re talking about (and even now, we don’t know much).  If you don’t know what you’re talking about but want to speculate anyway, make sure you don’t make your speculation have to bare more weight than it can carry.

YouTube Preview Image

We’ve been very fortunate in that the U.S. suffers from very little terrorism.  Less in the past ten years than in the 1970s 1 but I suspect people, like me, that grew up in the 1970s didn’t feel like we were living in a terrorist wonderland.  9/11 may, indeed, have changed everything but perhaps not for the better.

So, while perhaps not popular I recommend Rose Brooks’ occasionally condescending yet still good ‘Keep Calm and Shut the Bleep Up‘ as we gird ourselves for countless stories that go something like:  ‘You know…I was thinking about running in a marathon before I died.  That could’ve been it.  I was that close…’  We get it.  If you didn’t have a head cold you totally would have been in Boston and wow…coulda been you.  Just because the odds of you getting killed in a terrorist attack are increased from 1 in 3 million to 1 in 1 million, don’t expect me to come down with a case of the vapors.

Lesson Learned:  Chill out.  You, your family, your friends and everyone else you care about are MUCH more likely to die in many more ways than terrorist attacks.  If you’re going to freak out…pay some attention to those risks.

 

 

  1. By quite a bit, I might add.   There were almost TEN TIMES the number of terrorist attacks in the 1970s compared to the decade starting on September 11, 2001.

→ Leave a comment

Posted in Uncategorized

Tagged , , , , ,

A few thoughts in the wake of Boston…

Posted on April 15, 2013 by | Leave a comment

I’m writing this just a few hours after the news about the bombing in Boston.  You won’t see any speculation here about who’s responsible, thoughts on the immediate response or similar things.  Rather, I want to talk a bit about what the larger implications might mean in terms of threat and what how an intelligence shop might best respond in a situation like this.

Ok…first things first.  A couple of rules to keep things in perspective.

  1. We should now know that with events like this, information that comes our way in the first hours is going to be confused, full of inaccuracies and speculation.  Anyone who speaks with authority in the first few hours is likely to be a liar.
  2. The 24 news channels are terrible at covering events like this.  Since there is so little information to report they have to fill their air time with anything they can.  This means your signal to noise ratio will be off the charts.  Once you get the broad outlines of the event and (possibly) see any footage of the event your best bet is to switch off the TV.

Since we’ve not got a few decades of data about terrorism from all around the world, there are some findings that might help us think about what might (might) come next.

First, a good place to look is the fine folks at the National Consortium for the Study of Terrorism and Responses to Terrorism (START).  I’d recommend reading this piece about the (un)predictability of terrorism and its ‘burstiness’.  I’d particularly like to mention this latter point.

As the people at START put it:

But in addition, terrorism has a bursty quality. When it is effective in a particular time and place, we get a lot of it rapidly.

Now, I think the key word here is the word ‘effective’.  While, on some level, attacks like Oklahoma City, Mardrid, and 9/11 were successful but I’m not sure they would be considered ‘effective’.  After all, in all of those cases the terrorist group (or individual) was captured or killed during or very shortly after the attack.   There was, in short, no one left to follow up on the success and so no follow up occurred.

But, take something like London or (I’m sure) the terrorist activity we see in much of the Middle East and you’ll see a different definition of ‘effective’.  Since a ‘successful’ attack isn’t a requirement for a terrorist to be successful (because, remember, the point of terrorism is to elicit a particular response…not generally to do direct damage) you can ‘fail’ but still be effective.  I’d suggest that much of the Palestinian terrorism over the past few decades falls into this category.

So…if we don’t neutralize (in some way) the perpetrators in some reasonable amount of time, we might reasonably expect additional attacks by the same group or individual.

Conversely, this also means that if we might not need to be too worried about ‘copy cats’ or others being inspired to action.  After all, al-Qaida has been trying to inspire people to take up the cause for years with little success.  White supremacists have been trying for decades with little to show for it.

It also means that the data suggests that the threat is going to be localized in time and space.  Might the perpetrators jet off to Idaho and launch attacks in Boise?  Sure, I guess, but I’m not sure I’d consider it particularly likely.

Also from START is this piece which states that we might see an increase in hate crimes over the coming weeks as a result of this attack.  Based on their data, the people at START have concluded that:

…in the weeks following a terrorist attack, the number of anti-minority hate crimes increased if the attacks were made against symbols of core American values (such as the Pentagon) or perpetrated by groups with a religious motivation.

Does the Boston marathon qualify?  I’d guess definitely in the immediate area.  I’m not sure how much resonance the event has on people further afield.  But, depending on who is identified as suspects, this could be an issue.

Readers of this blog know I often talk about small intelligence shops.  Events like the attack in Boston, because they are so rare, are going to attract the attention of just about every intelligence unit in the country.  Almost every one of them will be expected to publish some sort of ‘product’ about the event.  So, what should a small shop (I’m not talking the big three letter agencies of the federal government but rather the numerous state, local and joint agencies and centers around the country) do in situations like this?

Everything I’m going to write here is for those shops that don’t ‘own’ the territory where the attack took place.  If this attack took place in your area of operations than that’s another story for another time.

First…take a breath.  Look at observation #1 at the top of this post.  You’re highly unlikely to get much of value during the first 24 hours after an event so don’t expect to do more than summarize basic facts.

BUT…everyone is going to want to be seen to be doing something.  This is, after all, the big show.  So, even if there’s nothing to say, there will be incredible pressure to say something anyway.  In some cases this is from a very real desire to ‘help’.  In other cases this is a very real desire to justify ones existence.  It reminds me of a quote from Sir Humphrey:

“Politicians must be allowed to panic. They need activity. It is their substitute for achievement.”

Only politicians aren’t the only ones susceptible to this.  If you don’t have a plan in place you’ll get sucked into the thankless (and useless) task of feeding regurgitated news to various overlords like a mother bird does with her chicks.

Instead of trying to compete with CNN, the New York Times or news agencies (which you’ll never succeed at doing) take advantage of this time to figure out what you need to know for your area of operations.  So, let’s say I was in charge of a shop in…North Carolina (or Montana…whatever) when this attack happened.  What’s going to be important to me initially?  Probably:

  1. Who committed the attack
    1. The specific individual(s)
    2. Any affiliated group
    3. Any linkage to my area of operations
  2. Why did they commit the attack
    1. What was their motivation
    2. Why did they pick that specific target(s)
  3. How did they commit the attack
    1. How did they acquire the explosive device
    2. How did they carry out the attack (emplacement, detonation, escape)

Now, as those questions get answered you’ll have follow ups and more specific ones but even a list like that disseminated to your staff will help them separate the wheat from the chaff during the early hours and days of the story.  Yes, eyewitness accounts may be compelling but if they don’t address those questions your people are really just wasting their time.

Second, if you do not have a compelling reason to call the agency(ies) responsible for handling the emergency do NOT do so before their first press conference at the earliest.  Look, they’ve got a lot on their hands and the last thing they need to do is answer a bunch of questions from a yahoo like you because the leader of your agency 900 miles away wants the latest poop.  Remember, there are now literally hundreds of intelligence shops in the U.S. now…many of them are going to be calling the scene in order to be the first on their block to put out a product with an exclusive tidbit 1 to show how ‘high speed’ they are.  The last thing you would need in that situation is an extra few dozen calls from people essentially saying ‘So…what’s up?’  Let them do their job and you’ll get your information when you need it.

Third, remember that one incident is NOT a trend.  Don’t start reorganizing your whole shop based on one event.  If you’re assessments of the threat were on solid ground before an attack like this, they should remain so.  One event should not nullify your analysis.  BUT…this is a good time (well, earlier was a better time but you slacked off, didn’t you? So we need to do this now) to identify the triggers that would cause you to reevaluate your analysis.

For example…I’ve been saying that al-Qaida is a has-been organization for some time now.  Assuming they were behind this attack (for a moment) would not change my opinion.  But I should be able to explain at what point I would say my analysis was crap.  That’ll keep me straight both when my ego is on the line as well as when tensions are riding high and people start making claims that this or that event ‘changes everything!’

Forth…If you have nothing to say about an event…say nothing.  The intelligence community is suffocating on a philosophy of ‘Send it to everyone…just in case they need it.’  This means it’s not uncommon to receive the same message three, four, five times or more.  It’s not uncommon to receive products that have no relevance to your area of interest.  Adding to the noise does nothing but guarantee that when you really do have something to say, it’ll be ignored.

 

  1. That’ll probably be released to the press before the product is even disseminated making the whole thing moot.

→ Leave a comment

Posted in Uncategorized

Tagged , , , , ,

How might we measure the usefulness of fusion centers?

Posted on February 25, 2013 by | Leave a comment

It’s been a few months since the U.S. Senate (or at least one of their subcommittees) released a scathing report about the 72 fusion centers that have popped up around the country since 9/11.  While the initial firestorm appears to have subsided I’m sure it remains a touchy subject and be rest assured as soon as fusion centers have something to bolster their case you’ll be seeing a whole lot of crowing about how much value they have.

It does raise an interesting, and still unanswered, question of how we should evaluate the value of fusion centers.  Certainly there should be something besides anecdotal reports either in favor or against.  Right?  One would think so, but given we’re more than a decade into this experiment, the fact that we haven’t really gotten far in beyond simple quantitative figures (we’ve answered 1,000 phone calls! We sent out 5 bazillion emails!) should have you consider that nobody is really interested in finding answers.

Let’s face it, identifying metrics for the effectiveness of something as squishy and ambiguous like ‘homeland security’ (similar to ‘counterinsurgency’) is going to be really hard, fraught with errors and, even if you get it right today, subject to change as the operating environment changes.

But, allow me to provide one possible piece of the puzzle.  One of the problems of determining effectiveness of something as big as a fusion center or as simple as even the smallest intelligence bulletin is if people actually value the darned thing.  You can try to send out surveys but a) response rates are abysmal and b) if you think grade inflation is bad in our universities check out evaluation forms in government work.  Everyone has learned that by giving straight ‘excellents’ you usually aren’t asked to answer any open ended follow up questions.  Therefore, the quickest way to be done with an evaluation form is to say everything is great and forget about it.

Even if you can swing in person interviews (very time and personnel intensive) you’re likely to hear only praise if not conducted properly (and very few in the community know how to conduct such interviews even if they were interested in doing so).

And yet, across lunch tables, while sharing a brew or via electronic communication device I receive a steady stream of dissatisfaction among erstwhile ‘consumers’ of intelligence.  Why don’t they speak up when given the chance?  Most often it’s because of concerns about reprisals.  Either institutional (‘Oh, you said something unflattering about our agency.  Yeah, we’ll get to your request.  Look for it around half past never.’) or personal (‘Oh, Ms. T applied to work at your agency.  Yeah, she’s not really a ‘team player’. I’ve got a brother in law though who’d be perfect…’).  And with no payoff there’s only downside in speaking up.

So, if you can’t always rely on what people and organizations say in this environment, you can look to what they do.  Most organizations jealously guard their resources and don’t spend them unless they think they can make a net profit on the deal.  Fusion centers, as the name implies, are designed to bring elements from many different agencies together so that each representative can contribute their expertise.

I suppose you could, therefore, look to see who puts there money where their mouths are when it comes to providing resources to these fusion centers.  Specifically:

  • What agencies have ever provided personnel or other resources to the center?
  • Has that level of commitment increased, decreased or remained the same over periods of time?

Of course, this would by no means be a complete picture but it would give you an idea of who feels such a center provides value.  We all know that joint centers also provide agencies the opportunity to dump under-performers and sometimes contributions reflect more of a ‘I’ll scratch your back if you scratch mine’ sort of arraignment but I think it could provide some important hints as to the value of the center.  Some agencies you could automatically exclude from this (for example the agency that owns the building or is mandated by law to participate and the Department of Homeland Security which has a organizational commitment to provide liaisons to these facilities but how many other partners are out there.  And how long do they stay?

 

→ Leave a comment

Posted in Uncategorized

Tagged ,

That Senate Fusion Center Report (Part 3)

Posted on October 18, 2012 by | Leave a comment

Part 2

The report concludes with an evaluation of fusion center ‘success stories’. On their website , the DHS advertises a number of ‘success stories’ that supposedly highlight the importance of these centers in the counter-terrorism mission. It identifies 23 such cases. Keep in mind that fusion centers have been around since 2001ish, there are currently more than 70 of them (no one could get a straight answer as to exactly how many of these centers there are) and the federal government has poured in between $300 million to $1.5 billion dollars into them (again, no one seemed to thought that keeping track of expenditures was particularly important).

Of those 23 cases, more than half (14 in total) clearly had no nexus to terrorism. These included things like (and I’m not kidding):

  • Fusion Center Contributes to Decrease in Auto Theft (Let me guess…by having all employees lock their car doors?)
  • Fusion Center Enables a Teenage Runaway to Return Home Safely (What did they do, buy her bus fare for her?)
  • Fusion Center Supports Federal Partners through the Use of Facial Recognition Queries (translation: made a database query)

The bottom line is that these ‘successes’ are all things that could be done even if fusion centers never existed.

Ten years….72 facilities…hundreds of millions of dollars and what do they have to show for it? They helped a runaway get back home.

But wait, I can hear you say, what about the 9 ‘terrorism-related’ cases? Stopping one 9/11 would make this whole endeavor worth it, right?

Glad you asked.

Of the nine events I labeled ‘terrorism-related’ (and I was trying to be generous here), none were involved with disrupting plots but rather with supporting investigations that had already begun. And that brings me to a point I’ve been hammering away at for awhile. In none of these cases was there any real analysis going on. Rather (based upon the descriptions by DHS and the subcommittee’s deeper look into four of the ‘best’ cases) fusion centers were used to do database checks, information sharing and perhaps some tasks considered ‘entry-level’ analysis (link charting, PowerPoint summaries of case information, etc.).

So, let’s stop trying to teach a dog to wear cloths and walk on its hind legs. To paraphrase Mr. Johnson, even if we can get them to do it, it won’t be done particularly well. Pull the analysis function out of fusion centers and leave them to do the information sharing and case support functions. They’ve demonstrated they can do those reasonably well, it’s what they’re comfortable with and we can stop wasting resources doing the other stuff.

Then…concentrate analytical resources into regional centers. You have a much better chance of achieving a critical mass of analytical talent to actually get some substantial work done. If you remove the component of those centers that have actual arrest powers you can get off the hamster wheel of arrests and seizures as a metric for success.

But beyond these *ahem* successes, the subcommittee also found evidence of fusion center work that hindered investigations and at least one instance where fusion center work could have led to serious international problems. You may remember I wrote about this incident here but what I didn’t know at the time is that while the DHS was publicly distancing itself from the fusion center’s assessment, it was also referencing the same, incorrect, report in its own products. AND, it never issued a correction.

→ Leave a comment

Posted in Uncategorized

Tagged , ,

That Senate Fusion Center report (part 2)

Posted on October 16, 2012 by | Leave a comment

Part 1

Now let’s talk about something that has concerned people about domestic intelligence generally and fusion centers specifically for a long time now.

Violations of civil liberties.

I’ve said before (and I maintain today) that a) I do believe there are violations of civil liberties and civil rights going on all the time in criminal and homeland security shops around the country and b) this is mostly do to incompetence rather than any real plan to deprive people of their rights.

And here’s where you can look at things as half full or half empty.  While the committee’s report identified numerous reports that was inappropriate it did note that ‘[t]o the credit of officials participating in the review process, these reports were for the most part cancelled before publication.’

That’s good but fusion centers produce a whole host of information which doesn’t go through the DHS vetting process.  While, theoretically, every center is supposed to have a privacy officer and all products are supposed to be vetted for privacy/civil liberties/civil rights issues, unlike at DHS that position need not necessarily (or even usually) be a position devoted to those issues.  It can be an ‘extra duty’.  And when something is piled on as such, we all now how much attention and effort usually follows.

Beyond that, remember that there are pressures to produce numbers at these centers.  Quantity of reports = productivity = effectiveness = justifications for promotions and resources.

So, what to do if you don’t have much actual intelligence to report on but you have a lot of constitutionally protected activities going on (ideally conducted by people whose ideological orientation or socio-economic-racial background kinda makes you feel icky?

Well, you could always put out ‘officer safety’ bulletins or ‘situational awareness’ reports.  The reasoning can be ‘Oh, we’re not reporting on the protest or specific event, but there may be ‘public safety’ concerns…traffic might get snarled…people might pass out from heat exhaustion…you know.’

And here’s where you can see the jack-booted thugs behind the curtain or not.

You could say that these sorts of things are a ‘wink and nod’ way to pass along intelligence on constitutionally protected activity.  After all, a ‘situational awareness’ product coming from a ‘crime center’ or a ‘counter-terrorism’ shop will probably mean something different than if the very same product came from the traffic enforcement division, for example. I’m not sure I’ve seen any evidence of the level of self-awareness required to understand the concept of contextual information but it is there in any case.

And the ‘public safety’ argument only really holds water if there’s some evidence that such bulletins go out for similar, non-controversial, events.  Worried about traffic snarls?  Why aren’t you putting out a product when the American Legion holds fund raiser and parade? Oh, that’s right…your dad was in the Legion.  ‘Nuff said.

In those, you can make the most outrageous claims and just tack on a statement at the end that says ‘We recognize the rights of people to conduct first amendment activity and provide this for information only.’

So, what drives this sort of thing?  You can think it’s a grand conspiracy theory but I honestly believe it’s the result of people in over their heads making decisions on issues they aren’t qualified to make.  In the interest of careerism and institutional goals, they wing it, don’t think too much about the consequences and hope if the proverbial shit hits the fan it’ll be after they’ve been promoted out of there (or, retired and picked up a cushy security job with some corporation).

And that is what should drive you nuts.  The flaws identified by the Senate are the results of countless decisions made to let unqualified people feel like they are part of the big game.  As Tom Ridge (the genius who brought us color coded terrorism threats) said:

“We thought if we just threw the name out there, built a bunch of them, we’d feel a lot better.”

Yep…a sound basis for establishing a domestic intelligence program.

→ Leave a comment

Posted in Uncategorized

Tagged , , , , ,

That Senate Fusion Center report (part 1)

Posted on October 15, 2012 by | Leave a comment

Remember it?  Oh, how soon we forget.  Well, here’s what I’m talking about if you need a refresher.  I have, finally, gone through the whole report (download your own copy here) and wanted to talk about a some of the important issues it raises.

Now, before I go on, there is one important thing to mention.  This report confines itself to the role that fusion centers play in national couter-terrorism efforts and specifically how they plug into the Department of Homeland Security.  Now, those looking to rebut the report have pointed that out as a fatal flaw with the report.

Personally, I think those people should really just keep quite.  The last thing they want is someone actually looking to see if all those other claims about how effective and valuable fusion centers are actually true.

And in that regard, I’d suggest that many of the observations and shortfalls the committee identified can apply much more broadly than the committee intended.  While the fusion center contribution to national counter-terrorism efforts may look like ‘pools of ineptitude’, at least when talking about intelligence and analysis, it’s probably the aspect of what these centers do that’s most set up for success.

So, we’ll begin in talking about the value of ‘intelligence’ that gets produced and disseminated from fusion centers. The subcommittee’s report reported that many of the reports that made their way to DHS were ‘useless’.  It should be kept in mind that fusion centers produce a whole bunch of reports and only the *ahem* ‘best’ are deemed worthy of being sent to DHS.

Which means, while DHS may think they’re getting spammed with intelligence crap, there’s a whole wave of it flowing from fusion centers that doesn’t make the cut.  The art of regurgitating information, sometimes from open sources and other times from other agencies may not have been perfected in fusion centers but it is certainly getting a great deal of practice.

In part, this is due to another observation made in the report:  Using quantity of production as a metric to determine value.

In a couple of cases there was a lot going on, [Keith Jones, former head of the DHS Reporting Branch said while testifying about reporting coming from fusion centers].  In a couple of others they were looking for stuff [to report] so they could wave their flag.

Fusion centers (like any agency that equates activity for achievement) focus on things that are easy to count.  So, that encourages two sort of bad behavior:

  1. producing intelligence products that aren’t relevant
  2. producing products that are identical (or nearly identical) to reports from other agencies

This leads to everyone’s inbox getting clogged with products and makes it difficult to sift through what deserves attention and what should be sent right to the recycle bin.

(As an aside, another way to boost numbers without doing any work is to forward someone else’s product with a cover note.  That allows an agency to throw its logo on things and get credit with no real investment.  What it means to customers is that they can very well get the same product many, many times.  Hardly efficient.)

Why do these centers produce so much crap?  In part it has to do with training.  Despite the endless pronouncements about how important intelligence is, analysts, investigators, and supervisors have few, if any, training requirements for working in intelligence shops.  There are federal recommendations for 40 hours of training for analysts but even if you could get everyone to adhere to that, 40 hours does not an analyst make.

It just seems strange that in the army I had to go through 14 weeks of training in order to be an entry level analyst.  That allowed me to sit in the same room with intelligence people and learn.  I certainly wasn’t considered capable of independent activity.

We wouldn’t feel comfortable is our police or firefighters were given 40 hours of training and sent out into the world.  And yet, intelligence personnel in many of these fusion centers, expected to contribute to the national counter-terrorism strategy are essentially thrown to the wolves and expected to figure things out.

That problem is compounded by a marked lack of leadership in most of these centers.  When it comes to counter-terrorism (and, to be honest, most aspects of intelligence) most the most critical shortfall is the lack of any real direction and prioritization.  Instead, we perpetuate the myth of ‘all crimes, all hazards’.  Given that many fusion centers contain fewer than a dozen people, the notion that you could have a shop which is tracking ‘all crimes, all hazards’ is patently ridiculous.

He who defends everything defends nothing.1

But…picking priorities entails risk.  After all, pick the wrong thing and you might get held accountable for it.  Pretend to cover everything and you’re all set to lobby your elected representative for more money to ‘fulfill the mandate’.

More tomorrow…

  1. Frederick the Great said that…

→ Leave a comment

Posted in Uncategorized

Tagged , ,

We interrupt this blog…Fusion Centers are ‘pools of ineptitude’ edition (told ya!)

Posted on October 3, 2012 by | Leave a comment

Interesting news posted last night that the Senate Homeland Security and Governmental Affairs permanent subcommittee on investigations published a report about fusion centers.  I don’t have a copy of the report yet but the summaries of its findings shouldn’t come as a surprise to anyone who has read this blog.

But after nine years — and regular praise from officials at the Department of Homeland Security — the 77 fusion centers have become pools of ineptitude, waste and civil liberties intrusions, according to a scathing 141-page report…

Begin the scrambling

A spokesman for Napolitano immediately blasted the report as “out of date, inaccurate and misleading.” Another Homeland Security official, who spoke with NBC News on condition of anonymity, said the department has made improvements to the fusion centers and that the skills of officials working in them are “evolving and maturing.”

Not having read the report I can only say that based on many, many discussions with personnel who work in fusion centers as well as personal observations around the country those comments seem neither ‘out of date, inaccurate [or] misleading.’  They actually sound spot on.

And as for ‘evolving and maturing’.  That spokesman can go fuck himself (or herself).  It’s almost 2013.  How long are we supposed to wait for this money pits to ‘mature’ to a level that crayons and paste aren’t the tools of choice?  How long are we going to continue the charade of intelligence products that wouldn’t receive a passing grade in a moderately difficult high school class (based either on use of the language or ability to put thoughts together in a coherent manner)?

Update:  As of 11pm I got my hands on a copy of the report.  I probably won’t be able to go through it in depth for awhile but stay tuned.  You can get a copy of the report from Public Intelligence here.

→ Leave a comment

Posted in Uncategorized

Tagged , , ,

Trapwire

Posted on September 6, 2012 by | Leave a comment

H/T Geeks are Sexy

YouTube Preview Image

You can tell it’s fake 1  because Congress isn’t tripping over itself to throw money at the project.

 

  1. Well, the Kickstarter part, anyway.  For more on TrapWire you can check here.

→ Leave a comment

Posted in Uncategorized

Tagged ,

The Muslim threat

Posted on August 29, 2012 by | 1 Comment

Four radical Muslims were recently charged for planning on launching a series of attacks in America and installing a government run by Sharia law.  Unlike other less than competent terrorists these evildoers spent almost $90,000 on weapons and killed two people in furtherance of their goals.

 

Haven’t heard about this story?  What’s going on?  Is this the result of the crypto-Socialist/Muslim agenda and liberal media apologizing for terrorists and endangering patriotic Americans?  Where is the Fox/CNN specials and congressional inquiries

 

Oh…sorry about that.  I got a few points of the story wrong.

 

It wasn’t Muslims after all.  It was a group of U.S. soldiers.

 

Is it just me or does anyone find it odd that this group who took real, concrete actions in furtherance of a plot to launch attacks in the U.S. get charged by a county prosecutor while the FBI trips over itself to charge every groups of bumblers and incompetents it can entice into jihad (wait, there are even more)?

 

Imagine, if you will, what the response from the media and the government would be had these guys had names like ‘Muhammad’, ‘Sayed’, ‘Nidal’, etc. Does anyone not think that the current circle jerk in Florida wouldn’t pivot its focus to talk about how the president is failing the country and how this event proves we need more troops, more surveillance, more erosion of freedoms?

 

But…these are 4 white guys.  And everyone learned the lesson about what happens when you try to link those guys to terrorism.  But…a few dozen people engaging in peaceful protest?  Lock ‘em up!  After all, they might be terrorists!

 

But the media at least is covering all its bases.  They are picking up on the current terrorist flavor of the week…ANARCHISTS!

 

YouTube Preview Image

 

It appears these people are being declared anarchists based on the fact they have anarchist tattoos (you know, the A with a circle around it).

 

Anarchist s

Anarchist s (Photo credit: Wikipedia)

I don’t want to comment too much on this aspect of the case since I’ve only got some really sketchy open source reporting to go on but we should consider that the use of a symbol does not necessarily mean one agrees with the ideology commonly associated with that symbol.

In any case, as al-Qaeda is finding it increasingly difficult to mount operations in the U.S., the homeland security machine and fear industry needs another target to justify its existence.  What better group than anarchists…they’re here.  Nobody really understands what they are. Take it away Blitz!

YouTube Preview Image

It’s groundhog day all over again.

This is all about selective targeting of ‘undesirable populations’ and has nothing to do about threat.  After all, if the homeland security community was concerned about people who threaten to violently overthrow the government they’d check out this guy or this guy.  Can anyone honestly say that if a Muslim or an anarchist publicly said something like this they wouldn’t (at a minimum) get a good examination by the FBI and quite probably be the subject of an undercover investigation?

But we can’t do that.  These terrorists vote.

This should really erode your confidence in homeland security efforts.  It reflects a huge blind spot.  The focus remains on ‘da Muzlims’ (they’re safe since they don’t vote and are dirty foreigners) and the powerless.  The focus remains on past threats rather than looking objectively at likely, potential future threats.

It ensures we will be surprised again and again and continue asking ‘Why didn’t we see this coming?  Why didn’t we connect the dots?’

Oh, and the soldier plot?  Looks like maybe the leader was involved with the right crowd a few years ago.

→ 1 Comment

Posted in Uncategorized

Tagged , ,

Fusion Centers – The Triumph of Mediocrity

Posted on July 12, 2012 by | 3 Comments

The Homeland Security Policy Institute just released their findings of a survey they conducted earlier in the year of fusion centers to determine the capabilities and priorities of fusion centers.

The short version of their report*: After more than a decade, fusion centers remain a confused, unfocused mess that have little practical relevance and impact on the mission they were created to do.

Now, the longer discussion.

First, I could go on at length about their methodology but I won’t** other than to say I’m not exactly thrilled with it. Their survey involved questioning one person from each of the nation’s 77 fusion centers***. The survey designers weren’t too concerned with that since many fusion centers are very small (less than 10 people****) and so they were confident that the survey responses accurately reflected the ‘prevailing wisdom’ across the fusion center community. I’m not so sure about that and would read the results more as a bit of rose-colored view of them, based on how the survey respondents were contacted (via an interest group – The National Fusion Center Association) and the belief that any organization asked to take part in a self-evaluation survey is going to assign that survey to someone who shares (at least) a general outlook of what constitutes success.*****

But…let’s put that aside for now and delve into the findings and analysis.

I think a good way to look at this survey is to divide the questions into how respondents said they perceived the threat and their mission and then look at how they responded to questions about how their centers actually operated and were structured. The survey began by asking respondents questions about the nature of the threat. The questions were a bit clunky but there is some interesting stuff here, nonetheless.

Respondents were asked to rate the threat of terrorism to their ‘region’ on a 1-10 scale (one being no threat and ten being ‘Holy crap, they’re breaking down the door as I fill this survey out.’ Almost three-quarters rated the threat as a ‘five’ or higher***** and almost half rated the threat at ‘six’ or higher.

The next question asked who posed the greatest threat to their region. Respondents were given a choice of criminal and terrorist choices. Overwhelmingly, terrorists of various types were picked (the biggest majority were homegrown jihadists). Criminal threats were only cited 5% of the time as the ‘greatest threat’.

When asked who should have primary responsibility for counterterrorism (on a 1-10 sliding scale, 1 being local authorities and 10 being federal), more than a third gave a ’5′ answer (sign) indicating a 50-50 split between the two in terms of primary responsibility.

Respondents were then asked to rate the importance of analysis to their operations. Half said it was either the most or second most (out of six) important priorities. (Don’t get too excited about this answer…Question 3 will reveal this to be pretty bogus).

So, most respondents indicated there was a moderate to high threat in their regions. The greatest threat came from terrorism and analysis was seen as very important to their operations.

Take a moment and do a bit of a thought experiment. If you had built a new agency from scratch (from 5 to 10 years ago, let’s say) in the sort of environment described above what would your expectations be in terms of answers about your agency to these questions:

  1. How often does your center conduct regional threat assessments?
  2. What are your most important sources of counterterrorism intelligence?
  3. Rate the importance of the following tasks from 1 (most important) to 6 (least important): Analysis, Dissemination, Gather/Receive information, Production of product
  4. Rate your center’s capabilities regarding the tasks above from 1 (most capable) to 6 (least capable)
  5. Which catagory best describes your (assume the survey is being answered by someone in a position of authority at the center) professional background (law enforcement, intelligence analysis, intelligence collection, policy management)?
  6. Provide the rank order of the following activities for your center from 1 (most important) to 5 (least important): Counterterrorism, Law Enforcement, Prive sector and cyber security, Public safety/emergency response

So think about what you would expect (or want) those answers to be after a few years of operation.

Question 1: How often does your center conduct regional threat assessments? Let’s leave aside the fact that ‘regional threat assessments’ isn’t defined in any way so you could really fit a wide range of garbage into that term. Despite that, just about half of all respondents said they never conduct regional threat assessments.

What the fuck? How can you assess your threat if you never assess it? Is that the sort of response you would expect from people who say local agencies (which include fusion centers) should share primary responsibility for counterterrorism? Or that analysis is their number 1 priority? And remember, one of the fundamental tasks of fusion centers is identifying trends and understanding the threat. This is what is referred to today as an ‘epic fail’ and should be a big warning flag that what passes for ‘analysis’ in these centers is little more than regurgitation from what was heard around the watercooler or on CNN that morning.

Question 2: What are your most important sources of counterterrorism intelligence? I’d prefer if this question asked how often particular sources of information were used but there you go. About three-quarters of respondents answered that either local law enforcement or Joint Terrorism Task Forces were the most important sources of counterterrorism intelligence. That may be true but I have deep suspicions that fusion centers are looking for sources of intelligence beyond those two sources. There’s a huge law enforcement bias within fusion centers and information coming from those without a badge and a gun is usually regarded as second class. What was very interesting is that less than 10% of respondents said that their own centers’ analysts were their most important source on intelligence. That is shocking.

Perhaps I was spoiled from my military experience but in a properly functioning unit the first question the commander should ask when presented with an intelligence question or issue is ‘Where is my S2?’ (that’s the intelligence section). If your overlord is asking everyone but you, that’s a problem. Maybe with her or maybe with you but it’s not a sign of a healthy organization. Another HUGE red flag.

Also interesting to note was that the Department of Homeland Security and the National Counterterrorism Center ranked even lower. Even more interesting was that NO ONE said that other fusion centers were the most important source of such information and it’s high point was that 6.5% of respondents ranked it as the third most important source of counterterrorism intelligence. Ladies and gentlemen, if you need an indicator that fusion centers are near worthless when it comes to intelligence, just look at the fact that fusion centers don’t even regard each other as being valuable in that regard.

Question 3: Rate the importance of the following tasks from 1 (most important) to 6 (least important): Analysis, Dissemination, Gather/Receive information, Production of product. This should be a ‘gimme’, right? After all, we already looked at a question like this and half of all respondents said analysis was either their ‘highest’ or ‘second highest’ priority. This is, as the man once said, a slam dunk, right? Well, not so fast.

Analysis was ranked third in terms of ‘most important’ when ranked with other tasks (behind gathering/receiving information and dissemination). So, I think we can safely say that the first question was an example of ‘Everything is my number 1 priority!’ instead of any real thinking about how important analysis is. In other words, disregard that answer. If you want some good news, many people (I’m guessing around 45% – hard to tell based on the graphs in the report) said that analysis was the #2 priority. Of course, all that means that roughly 40% of respondents thought analysis was third, fourth or fifth in terms of importance. Getting those sorts of rankings is how you end up with centers created to ‘fuse’ intelligence not doing basic things like threat assessments.

Question 4: Rate your center’s capabilities regarding the tasks above from 1 (most capable) to 6 (least capable). So, your fusion center is up and running. One of it’s primary functions is analysis. Let’s say it’s evaluation time, too. Hypothetically, if your center’s analytical capabilty was given a rank of ’4′ on this scale, how happy would you be with the people in charge of your analytical shop? You think they’d be on the top of your list for fast track promotion? Well, the overwhelming majority of respondents ranked their analytical capability at ’3′ or lower and ’4′ or lower got the lion’s share of that. It looks like perhaps two or three fusion centers (out of 71) ranked their analytical capability as a ’1′. Granted, not everyone answered every question but if you didn’t answer questions like these either a) you aren’t familiar with your center’s capabilties so why are you filling it out in the first place? It’s not exactly an indicator that fills me with confidence about the rest of your operation or b) you’re too chickenshit to answer the question.

Question 5: Which catagory best describes your (assume the survey is being answered by someone in a position of authority at the center) professional background (law enforcement, intelligence analysis, intelligence collection, policy management)? No surprise here. Almost 70% of respondents were law enforcement. More interesting would be to see what the breakdown in leadership in fusion centers is. I suspect it’s even more skewed towards law enforcement if you looked at all supervisory/decision making positions within centers. I have to admit, I’ve written about this so much it’s kind of boring me but it is important. From the authors of the report:

The presence of a predominant law enforcement background within the fusion centers leads to an emphasis on the immediate or strictly utilitarian value of information…Case specific tactical experience…must be balanced with contextual strategic understanding…At present, the fusion centers have too much of the law enforcement perspective and not enough of the analyst. This affects both the focus and the operation of the fusion centers. It leads background and bureaucracy to trump perception of threat.

My only quibble with the above is the phrase ‘perception of threat’. Analysis is more than just gut feelings and ‘perception’. Ideally, it’s judgements based upon information and processes that attempt to account for lack of information placed within a contextual framework. I would rewrite that to be: It leads background and bureaucracy to trump threat. That’s accurate.

Question 6: Provide the rank order of the following activities for your center from 1 (most important) to 5 (least important): Counterterrorism, Law Enforcement, Prive sector and cyber security, Public safety/emergency response. Remember way back at the beginning of this post? Respondents said that terrorism was their greatest threat and that was ranked at moderate to high. So…another easy question, right. We, at least, know what #1 is going to be.

Oh! Sorry, you lost again. But you’ll get a version of the home game and a year’s supply of Turtle Wax.

Even though only 5% of respondents said crime was their greatest threat, 63% of fusion centers said ‘law enforcement’ was their ‘most important’ activity. Counterterrorism was regarded as most important by only 27% but that number is kind of bogus since that’s of question respondents not survey respondents. So, yet again there were fusion center representatives that seem to be unable to master the task of ranking items from 1 to 5. My guess is not too many of those would have put counterterrorism in the #1 spot so I think we can confidently say this disparity is even greater than the numbers in the report.

Think about this. Fusion centers see their most important work being something other than their greatest threat. But remember when they said they thought primary responsibility for counterterrorism should be a joint federal/local endevour? Ah, responsibility without accountability. That must be what we’re shooting for here. From the authors:

When asked a follow-on question about what shapes their rank ordering of their center’s most imporatn activities, most stated that such was the product of their center’s institutional pedigree…the key relationships and customer base they serve, the decisions of elected officials or senior decision-makers, [etc., etc.]…Of the thirty individuals who answered this question, none of them referenced the current of expected threat domain. [emphasis added]

So, the next time you hear or read one of these yahoos talk about how their operations are ‘intelligence-led’ don’t believe it. You can’t do intelligence-led anything if centers look like the description of these answers.

And here’s where it all comes together. I do think these answers are representative in demonstrating the almost complete lack of self-awareness among those running fusion centers (individually perhaps but definitely institutionally) which leads to all this internal inconsistencies. Terrorism is our greatest threat but we’re going to prioritize something else. We think analysis is the most important task but we’re going to focus on building capabilities elsewhere. It’s not just that the emperor has no clothes…he’s not even the emperor. He’s just some dude telling you his crown is invisible too.

Look, if we were in year one or two of this grand fusion center experiment this could all be chalked up to growing pains and the working out of various kinks. But we’re entering into decade number two of this scheme now. I think we can safely say we’re coming to the end of the trial period. If they haven’t gotten their act together by now, they ain’t gonna.

But the authors of the report come to a different conclusion. They argue that more resources and effort needs to go into fusion centers. All they need is the appropriate tweeking and we’ll be ship-shape. I disagree and have to ask if that’s all that’s needed, what are they waiting for. The findings of this report aren’t really new or shocking. People have been identifying the same shortfalls at least for the past five years. But, we continue to see new centers opened along the lines of the old, failed ones. Yes, an emphasis on analytical training would be great but if work priorities are angled one way (towards short term crime activity) it doesn’t matter who your analysts are. The rot runs deeper.

I honestly believe we’d be better off to burn these things to the ground (no, that’s not a threat, please don’t put me on that list), disburse the personnel back to their home agencies and distribute the money currently going to fusion centers to those agencies directly. I don’t think that’s necessarily a good idea but it’s a better one than the status quo.

A good idea would be to take advantage of the current lull in serious terrorist activity and reconfigure these things from the ground up. Take away the intelligence function (which most centers can’t do anyway) from most of these centers and convert them to real time crime centers (able to provide support to anti-crime activities), then concentrate your analytical power into a very few regional centers that have an organic investigative (but not arrest) authority. Then, have them focus exclusively on terrorism (not crime or protesters) and off you go.

There’s other tid-bits in this report that support my position but I fear I’ve already gone on too long.

*You won’t find that in the report itself but I think a not too careful reading between the lines will get you to that conclusion.

**So few people are trying to look at fusion centers in a systematic way that I don’t want to sharpshoot someone for putting forth any good-faith effort in that direction.

***That’s right. We’ve got 77 of those things. Combined with ‘fusion-like’ entities (JTTFs, HIDTAs, etc.) we’re surely at double that. So, just to recap, the solution to problem of information sharing (caused by too many agencies not talking to each other) is to…create hundreds of new agencies that (as we shall see) don’t talk to each other.

****Keep this in mind. Fusion centers are frequently charged with keeping track of criminal and/or terrorist threats in an entire state or large metropolitan area. If you’re trying to do that with less than 10 people (not all of whom are doing intelligence work), good luck.

****It can be a little difficult saying that the organization you’re in is sub-standard if you have (or hope to) achieve some stature within that organization. After all, what would that say about their decision to hire/promote you?

*****On questions similar to this, the number of ’5′ answers, in the exact middle of the scale, gives me pause. Is this just a bunch of weasle answers or honest opinions based on intelligence? I’m inclined to think the former but that’s just my gut feeling.

→ 3 Comments

Posted in Uncategorized

Tagged , , , , ,