CHAPTER 3: THREAT ASSESSMENTS - THE BASIS FOR SMART SECURITY DECISIONS
Asleep at the Wheel
While our broad national security agenda helps set the stage for determining what to
protect, the actions of other states and individuals define more precisely where security
must be focused. The Commission has frequently been reminded that the United States is the
single biggest intelligence target in the world. Traditional, long-range intelligence
threat predictions are now of reduced value in a world of evolving alliances and volatile
political, socioeconomic, cultural, and regional crises. (Footnote 10) Threats must be
reassessed frequently. The Commission found many instances, discussed throughout this
report, where security countermeasures currently employed appear to be excessive in terms
of the threats or are not linked to threats at all.
A critical element necessary to make smart security decisions is reliable, usable,
intelligence data defining the threat. Currently, there are efforts underway in the
Defense and Intelligence Communities to incorporate threat assessments when developing
security policies. For example, the DoD's Acquisition Systems Protection Program (ASPP),
designed to protect leading-edge technology, calls for incorporating threat assessments in
each phase of advanced weapon systems development. Defector information and espionage
lessons learned are taken into account in updating personnel security procedures. Physical
and technical security policies and countermeasures, traditionally based on vulnerability
assessments, are now being developed using threat information. As a result, security
policies are being revised and dramatically changed. The Commission applauds these
efforts.
However, getting from the Intelligence Community-specifically the counterintelligence
organizations- the threat information necessary to support coherent, risk-based security
countermeasures policies, military operations, and industry is an ad hoc rather than a
systematic process. In the absence of access to threat assessment information, security
policies have been based on risk avoidance, constrained primarily by the availability of
resources.
The reasons for the failure to incorporate intelligence and counterintelligence
information into security policies are numerous. Traditionally, the intelligence and
counterintelligence communities have been separate and distinct from their security
counterparts. Intelligence and counterintelligence activities are discrete programs where
budgets are built and justified in terms of collection and production against specific
targets. Security programs, on the other hand, are normally funded from base operating or
administrative funds of various agencies and are difficult to link to specific programs.
These programs and funds, when accounted for at all, generally have not had to face the
scrutiny of cost-risk analysis (with some individual exceptions).
Security officials do not always know how to task the Intelligence Community for threat
information. They have neither the necessary clearances and contacts within the
Intelligence Community nor an understanding of the contribution that intelligence
producers can make. The counterintelligence community, for its part, focuses on its
mission of conducting investigations and collecting, analyzing, and exploiting information
to identify and neutralize the intelligence activities of foreign powers that adversely
affect US national security. Yet the security policy community has not been viewed as a
primary customer. Consequently, intelligence and counterintelligence requirements are not
defined to support rational security decision making. The Commission believes that the
security community must work closely with the National Advisory Group for
Counterintelligence and the newly appointed Issue Coordinators to develop collection and
production strategies that address security consumers needs.
When security officials do task for threat information, support is not always timely
and frequently is overclassified. Department of Defense customers often wait months while
counterintelligence requirements are forwarded through several operational levels for
approval, and to service headquarters elements for validation. The requirement is then
forwarded to analysis centers for drafting, which requires an additional 120 days. Some
DoD personnel reported to the Commission response times longer than a year for critically
needed requests. Roadblocks are also encountered if classified information needs to be
disseminated in an unclassified form. The counterintelligence community seems unable to
provide unclassified analyses.
One senior DoD official requested an unclassified report to use in a contractor
security awareness briefing. The report arrived six months later-stamped Secret, Not
Releasable to Contractors.
In the absence of a comprehensive threat assessment process, some security
organizations have performed their own. The Air Force's Special Access Program (SAP) has
created dedicated analytic cells to provide timely assessments. Air Force SAP intelligence
specialists directly contact the scientific community and perform independent assessments
on cutting edge Air Force technologies and developmental weapon systems. Navy and Army SAP
programs draw upon cleared service analysts. Not possessing a cadre of analysts, DoD field
elements postulate the local threat using worst case scenarios until finished assessments
arrive. This results in employing stringent, expensive countermeasures to prevent the loss
of critical technologies information. The field elements note that when the much awaited
reports do show up, they are either too general to be applicable, or they contradict other
services or the Defense Intelligence Agency's assessments, often regarding the same
technology.
A DoD program manager requested an assessment of the foreign intelligence threat to
a city, with particular emphasis on whether there was targeting of the advanced technology
system that was being developed at a facility. Eighteen months later, the program manager
received from one DoD element an assessment, stating that the threat to his area was low,
with no particular foreign interest in the technology. Another DoD element had already
informed him, six months earlier, that there was an established, aggressive foreign
intelligence collection program targeting the developing technology.
There is a schism concerning threat information between security policy officials and
the Intelligence Community that widens greatly when it comes to a supportive relationship
between counterintelligence organizations and security professionals. At the national
level, counterintelligence funding is under the purview of the DCI's National Foreign
Intelligence Program. But the counterintelligence community is a loose confederation of
separate activities held together by budgetary convenience, not centralized management.
The five major counterintelligence organizations (FBI, CIA, Army, Navy, and Air Force) can
work together collegially, but frequently strike out on their own. Some of these
organizations have difficulty identifying their customers. Indeed, one senior
counterintelligence official points with pride to the fact that "we
(counterintelligence organizations) are our own best customer." Counterintelligence
information is collected, analyzed, produced, and disseminated separately from normal
intelligence channels. Critics charge that this process ignores national strategy and
policymakers' needs.
This fragmented counterintelligence organizational structure has also created large
gaps in knowledge. For example, there is no common counterintelligence data base, either
within the Department of Defense itself or among the counterintelligence organizations
generally, from which threat assessments might be drawn. This shortfall may contribute to
the difficulty counterintelligence organizations have had in supporting clearly defined
customers, like the National Industrial Security Program (NISP). Despite two years of work
by counterintelligence representatives within the NISP, no mechanism was created to
communicate threat data to industry.
For senior policymakers, while there is an interagency coordination process to support
them, the products fall short. National counterintelligence assessments, such as the
"Winds of Change" and the "Triennial Threat Assessment of the Foreign
Intelligence Threat and Effectiveness of US Counterintelligence and Security
Countermeasures," need to use more current data, be made more policy- relevant, and
provide a clearer picture for the reader. As now written, these assessments do not
respond, in a timely manner, directly to national-level requirements, aid resource
allocation, or meet the needs of program managers and military commanders. Future
editions, if any, require a keen understanding of senior policymakers' requirements and
tighter analytic presentation and packaging.
The Commission heard from many individuals within the Department of Defense about the
need to streamline the counterintelligence structure and we understand that the Deputy
Secretary of Defense and the Director of Central Intelligence the are considering options
to do this. The Commission believes such restructuring can bring savings and better
service, but we would expand the discussion to include the Attorney General and the
Director of the FBI so as to incorporate other major counterintelligence organizations.
A Wake-Up Call
Information about the dangers posed by foreign governments and organizations does not
come solely from counterintelligence assets. Much of it comes from human sources or
defectors, signals intelligence, imagery assets, our diplomatic corps, and other sources
that need to be more actively tasked by security officials. In other areas of intelligence
production, consumers have a single place to go for analytic assistance. For example,
counterterrorism and nonproliferation consumers have individual points of contact that
respond, in a coordinated fashion, to their needs. The DCI's Counterterrorism Center (CTC)
and Nonproliferation Center (NPC) personnel reportedly broker timely responses to
policymakers' requests. These offices do not compete with established production elements.
They serve as facilitators, drawing on information and substantive expertise from within
the community.
The Commission recommends that the Secretary of Defense and the Director of Central
Intelligence appoint the DCI's Counterintelligence Center as executive agent for
"one-stop shopping" for counterintelligence and security countermeasures threat
analysis.
The Commission does not intend by this recommendation to create a counterintelligence
"czar" or to supplant existing authority for counterintelligence investigations,
operations, or the unique, individual analytic efforts in support of specific law
enforcement or military operations. Rather, we seek a national- level focal point for
threat analysis that is easily accessible by government and industry to support broad
security management decisions. This "one-stop shopping" office must operate as a
corporate information asset of benefit to all government and industry customers. The
Counterterrorism Center customer response office can serve as a model.
While the Counterintelligence Center lacks the expertise in domestic threats that the
Federal Bureau of Investigation has, it provides an established, credible intelligence
production office with professional analysts able to tap into the full range of
intelligence and operational reporting. It also has the most experience in providing
analysis for senior policymakers.
However, the Commission notes that the current analytic and community elements of the
Counterintelligence Center must expand and change dramatically to include a broader
community and industry flavor and to incorporate expertise in the security countermeasures
areas that it lacks currently, such as threats to information systems security. The
Commission expects that the Counterintelligence Center will draw upon the experience and
knowledge of other agencies when preparing responses for risk management decisionmaking
and coordinate the products extensively. This includes drawing upon the NSA's and the
DISA's ongoing efforts that focus on threats to information systems security. Existing
interagency analytic efforts, such as the National Advisory Group for
Counterintelligence's Analytic Working Group, will fold into this initiative.
Further, dissemination procedures need to be restructured, allowing customers to pull
the information they need from the system, instead of having it pushed to them in
restricted formats. Threat information needs to get out to users at all levels in the
Defense and Intelligence Communities and in industry.
The Commission is aware of and applauds a recent decision by the counterintelligence
agencies to create an interagency data base. However, the data base needs to expand to
allow for users with varying classification levels. The Commission also urges the
community to take advantage of the counterintelligence data base program now under way
within the Department of Defense and ensure that the two data bases are compatible. This
interagency data base initiative should be undertaken and a prototype fielded immediately.
The Commission recommends that the DCI's Counterintelligence Center serve as the
executive agent to spearhead the rapid creation of a communitywide counterintelligence and
security countermeasures data base for government and industry use.
To proceed to Chapter Four click here.
| |
Report
....................
Chapters
|