Tag Archives: fusion centers

That Senate Fusion Center Report (Part 3)

Part 2

The report concludes with an evaluation of fusion center ‘success stories’. On their website , the DHS advertises a number of ‘success stories’ that supposedly highlight the importance of these centers in the counter-terrorism mission. It identifies 23 such cases. Keep in mind that fusion centers have been around since 2001ish, there are currently more than 70 of them (no one could get a straight answer as to exactly how many of these centers there are) and the federal government has poured in between $300 million to $1.5 billion dollars into them (again, no one seemed to thought that keeping track of expenditures was particularly important).

Of those 23 cases, more than half (14 in total) clearly had no nexus to terrorism. These included things like (and I’m not kidding):

  • Fusion Center Contributes to Decrease in Auto Theft (Let me guess…by having all employees lock their car doors?)
  • Fusion Center Enables a Teenage Runaway to Return Home Safely (What did they do, buy her bus fare for her?)
  • Fusion Center Supports Federal Partners through the Use of Facial Recognition Queries (translation: made a database query)

The bottom line is that these ‘successes’ are all things that could be done even if fusion centers never existed.

Ten years….72 facilities…hundreds of millions of dollars and what do they have to show for it? They helped a runaway get back home.

But wait, I can hear you say, what about the 9 ‘terrorism-related’ cases? Stopping one 9/11 would make this whole endeavor worth it, right?

Glad you asked.

Of the nine events I labeled ‘terrorism-related’ (and I was trying to be generous here), none were involved with disrupting plots but rather with supporting investigations that had already begun. And that brings me to a point I’ve been hammering away at for awhile. In none of these cases was there any real analysis going on. Rather (based upon the descriptions by DHS and the subcommittee’s deeper look into four of the ‘best’ cases) fusion centers were used to do database checks, information sharing and perhaps some tasks considered ‘entry-level’ analysis (link charting, PowerPoint summaries of case information, etc.).

So, let’s stop trying to teach a dog to wear cloths and walk on its hind legs. To paraphrase Mr. Johnson, even if we can get them to do it, it won’t be done particularly well. Pull the analysis function out of fusion centers and leave them to do the information sharing and case support functions. They’ve demonstrated they can do those reasonably well, it’s what they’re comfortable with and we can stop wasting resources doing the other stuff.

Then…concentrate analytical resources into regional centers. You have a much better chance of achieving a critical mass of analytical talent to actually get some substantial work done. If you remove the component of those centers that have actual arrest powers you can get off the hamster wheel of arrests and seizures as a metric for success.

But beyond these *ahem* successes, the subcommittee also found evidence of fusion center work that hindered investigations and at least one instance where fusion center work could have led to serious international problems. You may remember I wrote about this incident here but what I didn’t know at the time is that while the DHS was publicly distancing itself from the fusion center’s assessment, it was also referencing the same, incorrect, report in its own products. AND, it never issued a correction.

That Senate Fusion Center report (part 2)

Part 1

Now let’s talk about something that has concerned people about domestic intelligence generally and fusion centers specifically for a long time now.

Violations of civil liberties.

I’ve said before (and I maintain today) that a) I do believe there are violations of civil liberties and civil rights going on all the time in criminal and homeland security shops around the country and b) this is mostly do to incompetence rather than any real plan to deprive people of their rights.

And here’s where you can look at things as half full or half empty.  While the committee’s report identified numerous reports that was inappropriate it did note that ‘[t]o the credit of officials participating in the review process, these reports were for the most part cancelled before publication.’

That’s good but fusion centers produce a whole host of information which doesn’t go through the DHS vetting process.  While, theoretically, every center is supposed to have a privacy officer and all products are supposed to be vetted for privacy/civil liberties/civil rights issues, unlike at DHS that position need not necessarily (or even usually) be a position devoted to those issues.  It can be an ‘extra duty’.  And when something is piled on as such, we all now how much attention and effort usually follows.

Beyond that, remember that there are pressures to produce numbers at these centers.  Quantity of reports = productivity = effectiveness = justifications for promotions and resources.

So, what to do if you don’t have much actual intelligence to report on but you have a lot of constitutionally protected activities going on (ideally conducted by people whose ideological orientation or socio-economic-racial background kinda makes you feel icky?

Well, you could always put out ‘officer safety’ bulletins or ‘situational awareness’ reports.  The reasoning can be ‘Oh, we’re not reporting on the protest or specific event, but there may be ‘public safety’ concerns…traffic might get snarled…people might pass out from heat exhaustion…you know.’

And here’s where you can see the jack-booted thugs behind the curtain or not.

You could say that these sorts of things are a ‘wink and nod’ way to pass along intelligence on constitutionally protected activity.  After all, a ‘situational awareness’ product coming from a ‘crime center’ or a ‘counter-terrorism’ shop will probably mean something different than if the very same product came from the traffic enforcement division, for example. I’m not sure I’ve seen any evidence of the level of self-awareness required to understand the concept of contextual information but it is there in any case.

And the ‘public safety’ argument only really holds water if there’s some evidence that such bulletins go out for similar, non-controversial, events.  Worried about traffic snarls?  Why aren’t you putting out a product when the American Legion holds fund raiser and parade? Oh, that’s right…your dad was in the Legion.  ‘Nuff said.

In those, you can make the most outrageous claims and just tack on a statement at the end that says ‘We recognize the rights of people to conduct first amendment activity and provide this for information only.’

So, what drives this sort of thing?  You can think it’s a grand conspiracy theory but I honestly believe it’s the result of people in over their heads making decisions on issues they aren’t qualified to make.  In the interest of careerism and institutional goals, they wing it, don’t think too much about the consequences and hope if the proverbial shit hits the fan it’ll be after they’ve been promoted out of there (or, retired and picked up a cushy security job with some corporation).

And that is what should drive you nuts.  The flaws identified by the Senate are the results of countless decisions made to let unqualified people feel like they are part of the big game.  As Tom Ridge (the genius who brought us color coded terrorism threats) said:

“We thought if we just threw the name out there, built a bunch of them, we’d feel a lot better.”

Yep…a sound basis for establishing a domestic intelligence program.

That Senate Fusion Center report (part 1)

Remember it?  Oh, how soon we forget.  Well, here’s what I’m talking about if you need a refresher.  I have, finally, gone through the whole report (download your own copy here) and wanted to talk about a some of the important issues it raises.

Now, before I go on, there is one important thing to mention.  This report confines itself to the role that fusion centers play in national couter-terrorism efforts and specifically how they plug into the Department of Homeland Security.  Now, those looking to rebut the report have pointed that out as a fatal flaw with the report.

Personally, I think those people should really just keep quite.  The last thing they want is someone actually looking to see if all those other claims about how effective and valuable fusion centers are actually true.

And in that regard, I’d suggest that many of the observations and shortfalls the committee identified can apply much more broadly than the committee intended.  While the fusion center contribution to national counter-terrorism efforts may look like ‘pools of ineptitude’, at least when talking about intelligence and analysis, it’s probably the aspect of what these centers do that’s most set up for success.

So, we’ll begin in talking about the value of ‘intelligence’ that gets produced and disseminated from fusion centers. The subcommittee’s report reported that many of the reports that made their way to DHS were ‘useless’.  It should be kept in mind that fusion centers produce a whole bunch of reports and only the *ahem* ‘best’ are deemed worthy of being sent to DHS.

Which means, while DHS may think they’re getting spammed with intelligence crap, there’s a whole wave of it flowing from fusion centers that doesn’t make the cut.  The art of regurgitating information, sometimes from open sources and other times from other agencies may not have been perfected in fusion centers but it is certainly getting a great deal of practice.

In part, this is due to another observation made in the report:  Using quantity of production as a metric to determine value.

In a couple of cases there was a lot going on, [Keith Jones, former head of the DHS Reporting Branch said while testifying about reporting coming from fusion centers].  In a couple of others they were looking for stuff [to report] so they could wave their flag.

Fusion centers (like any agency that equates activity for achievement) focus on things that are easy to count.  So, that encourages two sort of bad behavior:

  1. producing intelligence products that aren’t relevant
  2. producing products that are identical (or nearly identical) to reports from other agencies

This leads to everyone’s inbox getting clogged with products and makes it difficult to sift through what deserves attention and what should be sent right to the recycle bin.

(As an aside, another way to boost numbers without doing any work is to forward someone else’s product with a cover note.  That allows an agency to throw its logo on things and get credit with no real investment.  What it means to customers is that they can very well get the same product many, many times.  Hardly efficient.)

Why do these centers produce so much crap?  In part it has to do with training.  Despite the endless pronouncements about how important intelligence is, analysts, investigators, and supervisors have few, if any, training requirements for working in intelligence shops.  There are federal recommendations for 40 hours of training for analysts but even if you could get everyone to adhere to that, 40 hours does not an analyst make.

It just seems strange that in the army I had to go through 14 weeks of training in order to be an entry level analyst.  That allowed me to sit in the same room with intelligence people and learn.  I certainly wasn’t considered capable of independent activity.

We wouldn’t feel comfortable is our police or firefighters were given 40 hours of training and sent out into the world.  And yet, intelligence personnel in many of these fusion centers, expected to contribute to the national counter-terrorism strategy are essentially thrown to the wolves and expected to figure things out.

That problem is compounded by a marked lack of leadership in most of these centers.  When it comes to counter-terrorism (and, to be honest, most aspects of intelligence) most the most critical shortfall is the lack of any real direction and prioritization.  Instead, we perpetuate the myth of ‘all crimes, all hazards’.  Given that many fusion centers contain fewer than a dozen people, the notion that you could have a shop which is tracking ‘all crimes, all hazards’ is patently ridiculous.

He who defends everything defends nothing.1

But…picking priorities entails risk.  After all, pick the wrong thing and you might get held accountable for it.  Pretend to cover everything and you’re all set to lobby your elected representative for more money to ‘fulfill the mandate’.

More tomorrow…

  1. Frederick the Great said that…

We interrupt this blog…Fusion Centers are ‘pools of ineptitude’ edition (told ya!)

Interesting news posted last night that the Senate Homeland Security and Governmental Affairs permanent subcommittee on investigations published a report about fusion centers.  I don’t have a copy of the report yet but the summaries of its findings shouldn’t come as a surprise to anyone who has read this blog.

But after nine years — and regular praise from officials at the Department of Homeland Security — the 77 fusion centers have become pools of ineptitude, waste and civil liberties intrusions, according to a scathing 141-page report…

Begin the scrambling

A spokesman for Napolitano immediately blasted the report as “out of date, inaccurate and misleading.” Another Homeland Security official, who spoke with NBC News on condition of anonymity, said the department has made improvements to the fusion centers and that the skills of officials working in them are “evolving and maturing.”

Not having read the report I can only say that based on many, many discussions with personnel who work in fusion centers as well as personal observations around the country those comments seem neither ‘out of date, inaccurate [or] misleading.’  They actually sound spot on.

And as for ‘evolving and maturing’.  That spokesman can go fuck himself (or herself).  It’s almost 2013.  How long are we supposed to wait for this money pits to ‘mature’ to a level that crayons and paste aren’t the tools of choice?  How long are we going to continue the charade of intelligence products that wouldn’t receive a passing grade in a moderately difficult high school class (based either on use of the language or ability to put thoughts together in a coherent manner)?

Update:  As of 11pm I got my hands on a copy of the report.  I probably won’t be able to go through it in depth for awhile but stay tuned.  You can get a copy of the report from Public Intelligence here.

Fusion Centers – The Triumph of Mediocrity

The Homeland Security Policy Institute just released their findings of a survey they conducted earlier in the year of fusion centers to determine the capabilities and priorities of fusion centers.

The short version of their report*: After more than a decade, fusion centers remain a confused, unfocused mess that have little practical relevance and impact on the mission they were created to do.

Now, the longer discussion.

First, I could go on at length about their methodology but I won’t** other than to say I’m not exactly thrilled with it. Their survey involved questioning one person from each of the nation’s 77 fusion centers***. The survey designers weren’t too concerned with that since many fusion centers are very small (less than 10 people****) and so they were confident that the survey responses accurately reflected the ‘prevailing wisdom’ across the fusion center community. I’m not so sure about that and would read the results more as a bit of rose-colored view of them, based on how the survey respondents were contacted (via an interest group – The National Fusion Center Association) and the belief that any organization asked to take part in a self-evaluation survey is going to assign that survey to someone who shares (at least) a general outlook of what constitutes success.*****

But…let’s put that aside for now and delve into the findings and analysis.

I think a good way to look at this survey is to divide the questions into how respondents said they perceived the threat and their mission and then look at how they responded to questions about how their centers actually operated and were structured. The survey began by asking respondents questions about the nature of the threat. The questions were a bit clunky but there is some interesting stuff here, nonetheless.

Respondents were asked to rate the threat of terrorism to their ‘region’ on a 1-10 scale (one being no threat and ten being ‘Holy crap, they’re breaking down the door as I fill this survey out.’ Almost three-quarters rated the threat as a ‘five’ or higher***** and almost half rated the threat at ‘six’ or higher.

The next question asked who posed the greatest threat to their region. Respondents were given a choice of criminal and terrorist choices. Overwhelmingly, terrorists of various types were picked (the biggest majority were homegrown jihadists). Criminal threats were only cited 5% of the time as the ‘greatest threat’.

When asked who should have primary responsibility for counterterrorism (on a 1-10 sliding scale, 1 being local authorities and 10 being federal), more than a third gave a ’5′ answer (sign) indicating a 50-50 split between the two in terms of primary responsibility.

Respondents were then asked to rate the importance of analysis to their operations. Half said it was either the most or second most (out of six) important priorities. (Don’t get too excited about this answer…Question 3 will reveal this to be pretty bogus).

So, most respondents indicated there was a moderate to high threat in their regions. The greatest threat came from terrorism and analysis was seen as very important to their operations.

Take a moment and do a bit of a thought experiment. If you had built a new agency from scratch (from 5 to 10 years ago, let’s say) in the sort of environment described above what would your expectations be in terms of answers about your agency to these questions:

  1. How often does your center conduct regional threat assessments?
  2. What are your most important sources of counterterrorism intelligence?
  3. Rate the importance of the following tasks from 1 (most important) to 6 (least important): Analysis, Dissemination, Gather/Receive information, Production of product
  4. Rate your center’s capabilities regarding the tasks above from 1 (most capable) to 6 (least capable)
  5. Which catagory best describes your (assume the survey is being answered by someone in a position of authority at the center) professional background (law enforcement, intelligence analysis, intelligence collection, policy management)?
  6. Provide the rank order of the following activities for your center from 1 (most important) to 5 (least important): Counterterrorism, Law Enforcement, Prive sector and cyber security, Public safety/emergency response

So think about what you would expect (or want) those answers to be after a few years of operation.

Question 1: How often does your center conduct regional threat assessments? Let’s leave aside the fact that ‘regional threat assessments’ isn’t defined in any way so you could really fit a wide range of garbage into that term. Despite that, just about half of all respondents said they never conduct regional threat assessments.

What the fuck? How can you assess your threat if you never assess it? Is that the sort of response you would expect from people who say local agencies (which include fusion centers) should share primary responsibility for counterterrorism? Or that analysis is their number 1 priority? And remember, one of the fundamental tasks of fusion centers is identifying trends and understanding the threat. This is what is referred to today as an ‘epic fail’ and should be a big warning flag that what passes for ‘analysis’ in these centers is little more than regurgitation from what was heard around the watercooler or on CNN that morning.

Question 2: What are your most important sources of counterterrorism intelligence? I’d prefer if this question asked how often particular sources of information were used but there you go. About three-quarters of respondents answered that either local law enforcement or Joint Terrorism Task Forces were the most important sources of counterterrorism intelligence. That may be true but I have deep suspicions that fusion centers are looking for sources of intelligence beyond those two sources. There’s a huge law enforcement bias within fusion centers and information coming from those without a badge and a gun is usually regarded as second class. What was very interesting is that less than 10% of respondents said that their own centers’ analysts were their most important source on intelligence. That is shocking.

Perhaps I was spoiled from my military experience but in a properly functioning unit the first question the commander should ask when presented with an intelligence question or issue is ‘Where is my S2?’ (that’s the intelligence section). If your overlord is asking everyone but you, that’s a problem. Maybe with her or maybe with you but it’s not a sign of a healthy organization. Another HUGE red flag.

Also interesting to note was that the Department of Homeland Security and the National Counterterrorism Center ranked even lower. Even more interesting was that NO ONE said that other fusion centers were the most important source of such information and it’s high point was that 6.5% of respondents ranked it as the third most important source of counterterrorism intelligence. Ladies and gentlemen, if you need an indicator that fusion centers are near worthless when it comes to intelligence, just look at the fact that fusion centers don’t even regard each other as being valuable in that regard.

Question 3: Rate the importance of the following tasks from 1 (most important) to 6 (least important): Analysis, Dissemination, Gather/Receive information, Production of product. This should be a ‘gimme’, right? After all, we already looked at a question like this and half of all respondents said analysis was either their ‘highest’ or ‘second highest’ priority. This is, as the man once said, a slam dunk, right? Well, not so fast.

Analysis was ranked third in terms of ‘most important’ when ranked with other tasks (behind gathering/receiving information and dissemination). So, I think we can safely say that the first question was an example of ‘Everything is my number 1 priority!’ instead of any real thinking about how important analysis is. In other words, disregard that answer. If you want some good news, many people (I’m guessing around 45% – hard to tell based on the graphs in the report) said that analysis was the #2 priority. Of course, all that means that roughly 40% of respondents thought analysis was third, fourth or fifth in terms of importance. Getting those sorts of rankings is how you end up with centers created to ‘fuse’ intelligence not doing basic things like threat assessments.

Question 4: Rate your center’s capabilities regarding the tasks above from 1 (most capable) to 6 (least capable). So, your fusion center is up and running. One of it’s primary functions is analysis. Let’s say it’s evaluation time, too. Hypothetically, if your center’s analytical capabilty was given a rank of ’4′ on this scale, how happy would you be with the people in charge of your analytical shop? You think they’d be on the top of your list for fast track promotion? Well, the overwhelming majority of respondents ranked their analytical capability at ’3′ or lower and ’4′ or lower got the lion’s share of that. It looks like perhaps two or three fusion centers (out of 71) ranked their analytical capability as a ’1′. Granted, not everyone answered every question but if you didn’t answer questions like these either a) you aren’t familiar with your center’s capabilties so why are you filling it out in the first place? It’s not exactly an indicator that fills me with confidence about the rest of your operation or b) you’re too chickenshit to answer the question.

Question 5: Which catagory best describes your (assume the survey is being answered by someone in a position of authority at the center) professional background (law enforcement, intelligence analysis, intelligence collection, policy management)? No surprise here. Almost 70% of respondents were law enforcement. More interesting would be to see what the breakdown in leadership in fusion centers is. I suspect it’s even more skewed towards law enforcement if you looked at all supervisory/decision making positions within centers. I have to admit, I’ve written about this so much it’s kind of boring me but it is important. From the authors of the report:

The presence of a predominant law enforcement background within the fusion centers leads to an emphasis on the immediate or strictly utilitarian value of information…Case specific tactical experience…must be balanced with contextual strategic understanding…At present, the fusion centers have too much of the law enforcement perspective and not enough of the analyst. This affects both the focus and the operation of the fusion centers. It leads background and bureaucracy to trump perception of threat.

My only quibble with the above is the phrase ‘perception of threat’. Analysis is more than just gut feelings and ‘perception’. Ideally, it’s judgements based upon information and processes that attempt to account for lack of information placed within a contextual framework. I would rewrite that to be: It leads background and bureaucracy to trump threat. That’s accurate.

Question 6: Provide the rank order of the following activities for your center from 1 (most important) to 5 (least important): Counterterrorism, Law Enforcement, Prive sector and cyber security, Public safety/emergency response. Remember way back at the beginning of this post? Respondents said that terrorism was their greatest threat and that was ranked at moderate to high. So…another easy question, right. We, at least, know what #1 is going to be.

Oh! Sorry, you lost again. But you’ll get a version of the home game and a year’s supply of Turtle Wax.

Even though only 5% of respondents said crime was their greatest threat, 63% of fusion centers said ‘law enforcement’ was their ‘most important’ activity. Counterterrorism was regarded as most important by only 27% but that number is kind of bogus since that’s of question respondents not survey respondents. So, yet again there were fusion center representatives that seem to be unable to master the task of ranking items from 1 to 5. My guess is not too many of those would have put counterterrorism in the #1 spot so I think we can confidently say this disparity is even greater than the numbers in the report.

Think about this. Fusion centers see their most important work being something other than their greatest threat. But remember when they said they thought primary responsibility for counterterrorism should be a joint federal/local endevour? Ah, responsibility without accountability. That must be what we’re shooting for here. From the authors:

When asked a follow-on question about what shapes their rank ordering of their center’s most imporatn activities, most stated that such was the product of their center’s institutional pedigree…the key relationships and customer base they serve, the decisions of elected officials or senior decision-makers, [etc., etc.]…Of the thirty individuals who answered this question, none of them referenced the current of expected threat domain. [emphasis added]

So, the next time you hear or read one of these yahoos talk about how their operations are ‘intelligence-led’ don’t believe it. You can’t do intelligence-led anything if centers look like the description of these answers.

And here’s where it all comes together. I do think these answers are representative in demonstrating the almost complete lack of self-awareness among those running fusion centers (individually perhaps but definitely institutionally) which leads to all this internal inconsistencies. Terrorism is our greatest threat but we’re going to prioritize something else. We think analysis is the most important task but we’re going to focus on building capabilities elsewhere. It’s not just that the emperor has no clothes…he’s not even the emperor. He’s just some dude telling you his crown is invisible too.

Look, if we were in year one or two of this grand fusion center experiment this could all be chalked up to growing pains and the working out of various kinks. But we’re entering into decade number two of this scheme now. I think we can safely say we’re coming to the end of the trial period. If they haven’t gotten their act together by now, they ain’t gonna.

But the authors of the report come to a different conclusion. They argue that more resources and effort needs to go into fusion centers. All they need is the appropriate tweeking and we’ll be ship-shape. I disagree and have to ask if that’s all that’s needed, what are they waiting for. The findings of this report aren’t really new or shocking. People have been identifying the same shortfalls at least for the past five years. But, we continue to see new centers opened along the lines of the old, failed ones. Yes, an emphasis on analytical training would be great but if work priorities are angled one way (towards short term crime activity) it doesn’t matter who your analysts are. The rot runs deeper.

I honestly believe we’d be better off to burn these things to the ground (no, that’s not a threat, please don’t put me on that list), disburse the personnel back to their home agencies and distribute the money currently going to fusion centers to those agencies directly. I don’t think that’s necessarily a good idea but it’s a better one than the status quo.

A good idea would be to take advantage of the current lull in serious terrorist activity and reconfigure these things from the ground up. Take away the intelligence function (which most centers can’t do anyway) from most of these centers and convert them to real time crime centers (able to provide support to anti-crime activities), then concentrate your analytical power into a very few regional centers that have an organic investigative (but not arrest) authority. Then, have them focus exclusively on terrorism (not crime or protesters) and off you go.

There’s other tid-bits in this report that support my position but I fear I’ve already gone on too long.

*You won’t find that in the report itself but I think a not too careful reading between the lines will get you to that conclusion.

**So few people are trying to look at fusion centers in a systematic way that I don’t want to sharpshoot someone for putting forth any good-faith effort in that direction.

***That’s right. We’ve got 77 of those things. Combined with ‘fusion-like’ entities (JTTFs, HIDTAs, etc.) we’re surely at double that. So, just to recap, the solution to problem of information sharing (caused by too many agencies not talking to each other) is to…create hundreds of new agencies that (as we shall see) don’t talk to each other.

****Keep this in mind. Fusion centers are frequently charged with keeping track of criminal and/or terrorist threats in an entire state or large metropolitan area. If you’re trying to do that with less than 10 people (not all of whom are doing intelligence work), good luck.

****It can be a little difficult saying that the organization you’re in is sub-standard if you have (or hope to) achieve some stature within that organization. After all, what would that say about their decision to hire/promote you?

*****On questions similar to this, the number of ’5′ answers, in the exact middle of the scale, gives me pause. Is this just a bunch of weasle answers or honest opinions based on intelligence? I’m inclined to think the former but that’s just my gut feeling.

Homeland Disfunction – The true and astounding adventures of Peter Wesley part 2

Part 1 here.

“Ok, everyone.  Gather ’round.” Fred Marko, the Admin officer for the fusion center said aloud, twirling his finger in the air like a cowboy calling for all the chuck wagons to circle.

Peter popped his head over the cubicle wall, saw Fred and quickly looked around at the other cubicles.  He’d learned early to follow the pack before listening to instructions thrown out to the crowd.  The first three times people had called our some variation of “Hey, everyone! Over here!” he’d gone over to the speaker only to find himself alone and selected to attend meetings and given projects whose tediousness was exceeded only by the After Action Reports he was forced to compose for the various supervisors who were supposed to attend in the first place.

His co-workers, meanwhile, kept their heads down and pretended not to hear.  Particularly insistent types would go from cube to cube trying to get the attention of each individual.  Everyone would do some variation of the ‘What? Me?’ look.  Those who were quite adept would always have a pair of headphones on and pretend to have been lost in music.

Mary, his cubicle neighbor, was a master of deception being able to mimic the movements of removing headphones so perfectly that no one had noticed that she never wore them.

“It’s all in how you twist your head.” She explained over coffee.  “Most people over exaggerate their hand movements but leave their heads rigid.  It’s a total giveaway. I spent about four months last year researching how the human brain processes visual information and detecting things that are outside the norm.  Best four months of my professional career.”

“Where’d you do that?” Peter asked.

“Right here.  They assigned my some bullshit project to do that I finished in an afternoon but they forgot about it almost as quickly as they assigned it.  After that, I realized I was in this weird Twilight Zone and unaccountability.  Whenever someone asked what I was working on I told them I was finishing the assignment they gave me.  They were so embarrassed that they forgot what the project was supposed to be that they just smiled and asked how it was going.  Eventually I felt bad for them and handed it in but it happens once or twice a year.  I should finish my Masters Degree next year at this pace.  Next I’m going to learn Italian.”

He practiced the fake headphone trick bu he could never really get it right and resorted to just sticking earbuds in his ears first thing in the morning and taking them out a few minutes before he left for the day.  It almost always worked.

“C’mon, hero.” Mary motioned to him.  “This is one we can’t dodge.”

People began to emerge from their cubicles like survivors coming out of fallout shelters after a nuclear strike.  Looking vaguely disoriented and unsure of what was to come they began to cluster around the large conference table in the center of the office.

“Ok, folks.” Fred began. “I just want to begin by saying you’re all doing a super job.  Really amazing.  I just want to make sure we’re on track to keep up our high standards.

“So, I think there may have been some confusion about our admin reports so I want to take this opportunity to review.”

Peter noticed a collective sagging of everyone’s shoulders.

“I’ve noticed that not everyone is doing their scheduled reports.  Peter, for example.”  All eyes swiveled and locked on Peter.

“Uh, I’ve been doing my Daily Activity Report .  That’s what it says in the handbook.  Right?”

“Well, that’s you D.A.R. and that’s fine but you haven’t been doing your WAR or MAR.”

“My what?”

“You’re Weekly Activity Report and your Monthly Activity Report.  After all, if we don’t have those, how in the world will we be able to put together the Annual Activity Report?”

“Oh” Peter started.  “I wasn’t aware of those.  If you can send me a template I’d be happy to do them.”

“They’re just like the D.A.R. except the columns are shifted around a bit.”  Fred answered.  “After all, we want you to take these reports seriously so we don’t want any ‘cut and paste’ jobs.”

“So,” Peter began slowly, not quite sure he understood. “You want me to fill in the same information just in a different format so that it will take longer?”

“No, not so that it will take longer.  That’s just the way it ends up.  The DAR goes to Human Resources, the WAR goes to management and the MAR goes to the Department of Homeland Security.  Each wanted the information in a specific format.  Then they meet quarterly and annually and check to make sure the reports all match.”

“Yeah, but…” Peter was cut off by a look from Mary.

Don’t bother asking. Her expression said.

“Uh, sure.  No problem.” He finished.

“Great!”  Fred beamed. “Don’t forget now, these reports are forward looking so we want you to describe the activity you’re going to do over the next day, week and month not what you’ve already done or are currently working on.  If you do something that you didn’t anticipate you’ll need to fill out the appropriate correction form, email it to me, the command staff, and Human Resources.  Then, fax a copy the command staff and hand carry a copy to Human Resources, making sure to get a receipt and bringing that back to me.  Once you do that, you should get a confirmation in your email within 96 hours.  If you don’t, you’ll need to send an email to the Command Staff secretary asking to track your request and if they can’t identify where it is in the system you’ll need to repeat the process at the time you file your next report. Got it?  Good!”

Everyone took that as a sign that the meeting was over and began to shuffle back to their cubicles.  Peter looked at his watch as Mary came up alongside him and he stopped in his tracks.

“Two hours?!  That meeting took two hours?  Don’t tell me this watch is busted.  I know it’s a Pakistani knockoff but I still paid a lot for it.”

“It’s not broken.” Mary whispered.  “We were there fore two hours.  Why do you think I gave you the ‘wrap it up’ look.  If you didn’t shut up we would have been there for another two.”

“Wait, what?  How is that possible?  We weren’t there for more than 10 minutes.  It seemed interminable but it wasn’t really that long.”

“Look,” Mary took him by his elbow and pulled him out of the way of the foot traffic. “I guess I’ll have to tell you.”  She sighed.  “This place is kind of funny.  ALL meetings take at least two hours here.  It doesn’t matter how long they really are.”

“Oh,” Peter replied with a smile.  “I get it.  Haze the newbie, right?  Mind games?  What’s the punchline?  You can tell me, I’ll play along.”

“No, you really need to understand me.” Her face became even more serious.  “All meetings here take at least two hours.  You remember a ten minute meeting right?  Well, so do I but I guarantee you we remember different ten minute meetings.  And if you asked everyone else they would all remember different versions of the meeting.”

“I don’t understand.” Peter said.  He was scrambling to try to figure out the angle but Mary didn’t appear to be joking or insane.

“I know.  Nobody is sure why but weird things happen here with time.  Some people think it’s because this place is situated on an old Indian burial ground, others think it’s because of that whole Mayan calendar doomsday stuff.  Me?  My favorite theory is that there’s a microscopic black hole in the center of the earth but not the exact center.  It’s a little closer to this location and the effect of this super massive object being just a few centimeters closer to us results in all sorts of distortions in the space time continuum.  One of the ways that manifests is that all meetings take at least two hours.”

“I don’t understand.”

“The thing about all these theories is that, ultimately, none of them explain the phenomenon here very well and, perhaps more important, believing any one of them really should certify you as bat shit crazy.  Still, once you eliminated the impossible, whatever remains, however improbable, must be the truth, right?”

“I don’t understand.”

“Yeah, you’re going to need to stop saying that.  It makes you look stupid.”

“Oh, sorry.  So, I guess I just avoid meetings and I’ll be OK, right?”  Peter attempted to put on his ‘very thoughtful’ face in the hopes of not looking quite so befuddled.

“Well, it’s more than that I think.  It can actually be dangerous.  A little while before you got here there was a guy…Jason, I think his name was.  Maybe Josh.  Something with a J.  Definitely a J.”  She drifted off in thought for a moment.

“Anyway, he booked himself for two meetings 30 minutes apart.  You know, to test this theory.  Now, people remember his being at both meetings in their entirety.  He was at two places at the same time!”

“I don’t…wait, that’s not possible.” Peter was starting to feel like he was in free fall.

“Even weirder, is the fact that he was never seen again.  I can’t find his name on any paperwork or emails.  His desk, the one you sit at now, gradually emptied out but I don’t think anyone actually removed anything from it.  I barely remember him but I’m pretty sure we dated for awhile and I think I may have slept with him.”  Mary put her hand to her chin and looked down, deep in thought.  “Yeah…definitely a name with a J in it.”

Peter really didn’t’ understand what was gong on but clearly repeating that fact out loud wasn’t a winning strategy so he figured he’d try something different.  “So, what are you saying?  Some secret government goons are removing this J guy’s stuff because he uncovered some secret of the universe.?”

“No,” Mary said firmly.  “I don’t think people are doing this.  I think the universe is erasing this guy.  He violated some sort of basic laws of physics and that created an irritant to the underlying structure of reality.  I’m guessing that when that happens things have to resolve in one of two ways.  Either, the irritant has to be erased or the universe does.”

“I knew I should have smoked hash is Afghanistan.  I think this might make more sense if I was high right about now.  So what do the overlords who run this place say about all this?”  Peter needed something stronger than whatever was available at the Keruig machine in the kitchenette.

“Not everyone notices.  You saw Fred.  He thinks these meetings are great.  He describes them as super efficient.  Oh, by the way.  When you fill out your reports, you can’t indicate that these meetings take so long.  It creates all sorts of problems and makes management aggressive.  Make up some bogus project and list that for all the extra meeting time.  Oh, and don’t mention how much time you spend filling our these activity reports.”

The got back to their cubicles and Peter sat down trying to absorb what Mary just told him.  Looking down, he saw a piece of paper peeking out from under the cabinets behind his desk.  He reached over and pulled it out, seeing it was a torn print out of an email.  What was left of the paper read:

This meeting appears to conflict with another appointment you have scheduled.  Would you like to cancel this one?

He looked at the ‘To’ line which is where the tear began on the paper.  The only thing that remained was the beginning of a name.  ‘J’.

Yep, definitely a ‘J’ name.


In which I give the DHS a rare thumbs up

I believe we’re in a time of relatively low terrorist activity.  I don’t have any hard data to back that up with (mostly because I’m too lazy to do the work) but I’m just not seeing a lot of serious threats of a magnitude beyond the odd crazy shooter.

That being said, what do you do with a homeland security community that finds it just doesn’t have that much to focus on in terms of immediate threats?  Well, you could looks at that sort of thing as an opportunity and take advantage of the time to build subject matter expertise, refine processes, drill practices, that sort of thing.

Alternately, you could flail around, afraid that this dip in terrorist activity represents a threat to your job security and try to latch on to anything that can even remotely be considered a threat.

Case in point:  The Occupy movement.  With the exception of Oakland, the movement has been non-violent and criminal activity has been limited to ‘regular’ criminal activity (what one would expect in any large gathering of people) or activity normally associated with protest activity.  In few exceptions there’s little in the movement that can be described as politically motivated violence (or even property damage) that typically defines terrorist activity.

But, when al-Qaida isn’t around to be a convenient bogey man to ensure job security you take what you can get.

From Gawker (yes, Gawker) comes this story about how DHS resisted attempts to get sucked into the whole Occupy issue, despite proddings from state and local partners.  In fact, early on, DHS appears to have given the correct response to queries about the subject:

In October 2011, the documents show, the Los Angeles Fusion Center (one of dozens of surveillance centers that coordinate state, local, and federal intelligence) sent a query to DHS’s intelligence division seeking information on “any DHS products identifying and/or describing criminal activities and/or potential civil disobedience associated with the Occupy Wall Street protests nationwide” and the number of “arrests…made, type and number of weapons confiscated, communication used to plan these crimes, etc.”…The intelligence division flatly denied the request: “The information being requested does not fall within the scope of I&A’s authorities. Arrests being made at these protests are a criminal matter and the protesters are engaged in constitutionally protected activity…. DHS should not report on activities where the basis for reporting is political speech.”

Ah, yes…fusion centers.  Those *ahem* ‘Centers of Analytic Excellence‘.  And don’t kid yourself into thinking this was just one fusion center.

Unfortunately, DHS was unable to withstand the weight of requests and:

…there are several instances of DHS gathering and distributing intelligence on Occupy protesters without much justification.

…officials in the Office of Civil Rights and Civil Liberties took a hard line on curbing DHS intel-gathering on Occupy after the Pittsburgh Office of Emergency Management released a bulletin, apparently produced with DHS help, on potential threats the movement posed. “Both myself and [redacted] are somewhat concerned that several items contained in this Intel Bulletin might be advocating surveillance and other countermeasures to be employed against activities protected under the 1st Amendment,” wrote one official in an October 7, 2011.

This is the sort of slippery slope that occurs when you don’t have good procedures and clear standards in place.  Things get sloppy.  Corners get cut.  Mandates expand in an effort to appear relevant.  All without oversight or discussion.  It just evolves that way.

On the plus side (well, maybe for you) the Gawker article has over 300 pages (!) of DHS communications about Occupy that I, dear reader, will go through to see if there’s anything interesting.  Up front, however, part one of the document dump is pretty favorable to the DHS (although one wonders what is under those redactions).  They clearly do not want to get entangled in the Occupy morass regardless of how many requests they get.

Good for them.

As an aside, while part 1 mostly follows one email trail, towards the end of the document you can see the sort of drivel that passes for ‘quality’ intelligence products.  Basically, cut and paste work from open source material laced with wide speculation and unexamined assumptions.


On whom should intelligence training focus

I’m taking part in a pilot training program for intelligence analysts and while listening to the instructors discuss the context and origins of the course I was struck by what may be a flaw in how the federal government understands intelligence work occurring at the state and local level.

This particular training was informed by the experience of intelligence within the federal intelligence community.  As a result, it’s central premise was (explicitly stated) ‘teach people to be better analysts and you’ll get better outputs’.  I certainly think that’s true up to a point but have come to believe that the true source of drag within state and local intelligence is among the managers and customers on intelligence.  Overwhelmingly (based on my personal observations and talking with analysts all over the country) those two groups are what impede the rigor, quality, relevance, and timeliness of intelligence products the most.

There are several reasons for this that all act to reinforce each other.  Customers tend not to have much exposure or orientation to the value of intelligence and how to use it.  Managers, likewise, have minimal experience in the intelligence field and so tend to treat their analysts like data entry clerks to produce fancy police reports.

On a broader scale, intelligence shops tend to be in agencies that don’t have a mature intelligence culture combined with high levels of aversion to change and risk taking.  Think how leaders in the Soviet military were terrified of taking initiative lest they risk their careers (or a one way ticket to Siberia) and you’ll get a good feeling for how these shops are run.

And so there’s only so much bang you’ll get from your buck by training analysts in more and more structured methodologies.  So, discussions about ‘would this work for you’ are great but not super relevant if there’s no chance the shop the analyst is working in would entertain using that technique.

So, recently I was talking to one of these managers and we were discussing his/her desire for a ‘daily product’ to go out to the center’s customers.  I thought it was interesting that rather than a discussion about intelligence priorities and gaps, threats, or other value to customers, the only purpose of this product was to (and this is an approximate quote) ‘let our customers know that we’re out there filtering information for them every day.’

Two things hit me upon hearing that.  First, the center isn’t ‘filtering’ information for their customers.  Most law enforcement agencies have multiple streams of information and what this center (again, common with most such centers) does is just repackage and forward the same information that agencies are already getting, sometimes from two, three, four or even more sources already.

The second is that this particular manager (and quite probably others as well) essentially see the issue in terms of marketing.  They’ll be successful if the can get in enough email inboxes frequently enough that people will know they exist.  Really?  More than a decade since 9/11 and the enlargement of domestic intelligence and success is getting name recognition based upon the number of times you get get into their inbox?  Why not just start selling Viagra and be done with it?

What needs to happen (yet probably won’t because it’s too sensitive a subject) is for DHS (no one else will do it) to demand intelligence centers adhere to tough standards of production and be staffed with qualified managers and staff.  That means real, effective evaluations (which, I’ve been told, are currently more along the lines of a handshake and the old honor system).  The way they do that is to wield the checkbook.  You want to run your shop as a cut rate CNN whose most commonly used tools are ‘cut’ and ‘paste’?  No problem.  Get all your funding internally and knock yourself out.

I won’t hold my breath, however.

Problems in extremism

Recently I was at a training event about homegrown violent extremism (HVE) attending primarily by representatives of state and local agencies (with probably a scattering of federal agencies present as well) and there were a couple of interesting points worthy of exploring.

First, the event began with a question.  The attendees were asked what they thought were the biggest extermist threat facing their jurisdictions.  Answers included:

  • al-Qaida (or similarly) inspired HVEs
  • Right wing extremists
  • Eco/animal rights extremists
  • non-ideologically inspired extremists

Much to my surprise very few (like less than a half dozen of the approximately 150 attendees) mentioned al-Qaida.  I had assumed that its name recognition would mean that it would be the ‘go to’ threat but I was wrong (hence the point of this whole paragraph).

The overwhelming response was the final choice: non-ideological inspired extremists.

Now, it’s not clear to me how that catagory is different from nutjobs with a gun (uh, excuse me, ‘emotionally disturbed persons’).  Further, it’s not clear if this catagory should even be considered in the same breath as terrorists.

I can see how one might want to lump them together.  After all, there’s a guy with a gun shooting at innocent people so maybe it doesn’t matter why he’s pulling the trigger.

Only, it does matter why he’s pulling a trigger both ‘left of boom’* (before the incident occurs) and ‘right of boom’ (after the attack begins) in terms of prevention, target selection, method of attack, etc.

So, two questions come to mind as I think about this.  Have we diluted the idea of threat (in terms of talking about ‘homeland security‘ in its strict anti-terrorism way) to the extent that it just doesn’t have much meaning any more?  A victim, perhaps, of the ‘all crimes, all threats, all hazards, all the time’ psychosis?

Secondly, while discussions about the threat of HVEs have increased over the past couple of years, it’s almost always been wrapped in discussions of ideology (and usually there in terms of al-Qaida inspired ideology).  So, assuming this audience was representative, one wonders, what’s going on here.  Is the message from those paragons of informaiton sharing, fusion centers, not doing that great a job of spreading the message? Or is the homeland security community not sending the correct message? Or are they sending the correct, relevant message but doing it so poorly it doesn’t ‘stick’?

*I’ve been dying to use that phrase for years.  Too bad it’s so overused it’s moved into cliche territory.  Still, I shall not be denied!

Lessons learned

Simon has some comments about the lessons learned process and why it’s so hard for organizations to apply them.  There’s some really good points in here for an intelligence shop.  Of particular relevance…

Information ‘push’ or ‘pull’?

Many of the knowledge management strategies we asked to review, talk about “creating a culture of knowledge sharing”; in other words, they seek to promote publishing and “push” of knowledge around the organization.

This is the wrong place to start.  There is no point in creating a culture of sharing, if you have no culture of re-use. “Pull” is a far more powerful driver for Knowledge Management than Push, and we would always recommend creating a culture of knowledge seeking before creating a culture of knowledge sharing.

Create the demand for knowledge, and the supply will follow.  Create a culture of asking, and the culture of sharing will follow.

Both Simon and I think this may be a bit too much but in the wake of 9/11 and the pursuit of the all important dot connecting led to a cult of ‘information sharing’.  That generally meant opening the fire hose of information and forwarding everything within reach to everyone in the address book in the hopes that the recipients would actually read everything coming across their desk.

Never mind that the effort to push to much information to so many people precludes reading, collating and analyzing the inflow of information.  The important thing is not to be the last guy caught holding the ‘key’ piece of information when the next 9/11 happens.  It looks a little something like this:

YouTube Preview Image

Add to that the fact that many of the people who are potential ‘pullers’ (huh, that sounds a bit rude) don’t really know how to use intelligence and therefore don’t really know what to ask for means there’s a lot of work involved in creating even a good mix of push/pull of information.

AND…(yes, it gets worse), we’re so far past 9/11 that everyone is afraid of looking stupid or incompetent and so have to pretend that they do know how to use intelligence, do know what to ask for and are providing people with information that they can actually use rather than throwing the kitchen sink at them.


A Collection approach, where knowledge is collected and codified and made available as documents, is effective where the knowledge is relatively straightforward, and needs to be transferred to a large number of people, for example in a company with a large turnover of staff, or a company wishing to transfer product knowledge to a large sales force.

A connection approach, where knowledge is transferred through communities of practice and social networks, is suitable for complex contextual knowledge shared between communities of experienced practitioners.

Unfortunately, the ‘dead tree’ approach remains alive and well in terms of intelligence products.  Despite some very good (if rare) efforts on the federal level, state and local intelligence shops still think of .pdf documents and PowerPoint presentations as ‘digital’. Alternate ways of disseminating information aren’t even considered, let alone attempted.

I find that I still have to explain what wikis and blogs are.

Let me say that again, because it’s 2012 and I’m afraid you’ll think this was a transmission from 2003.

I still have to explain to people what wikis and blogs are.

When the only way you can communicate is via Microsoft Word or PowerPoint, you’re going to be limited in what you can say* and almost completely cut off from anyone saying anything to you.  Not a great situation to be in when the mantra is free and easy exchange of information.


It’s absolutely crucial to understand the users of the knowledge; how many there are, and the degree of context and knowledge they have already, then knowledge needs, their working styles and habits.

This applies everywhere, doesn’t it? Yet, because we have a push culture and we only exploit one method of communication we’re forced to treat our audience as a monolithic whole.  So, the cop on the street, the analyst and the mayor are all given the same information in the same format.  Since we have to make sure the least informed of them can understand it we need to simplify it to the point that its actual value is highly questionable.

*Add to this the common maxim that all products should be in the 2-4 page range and you really aren’t going to be able to say much.