Connecting Counterterrorism Dots: Need Better Analysis, Not More Dots

Recent terrorist near misses on Christmas Day 2009 and in Times Square in May 2010 received the usual call from policymakers and pundits: “We need to connect the dots.” However, calls for “More Intelligence” and “Connecting the Dots” quickly contort into counterproductive policy and unnecessary expenditures that hamper our counterterrorism abilities for several reasons.

1-We still don’t understand the threat

The Christmas Day underwear bombing attempt suggests ‘a lack of intelligence’ isn’t the problem.  A plethora of intelligence clues turned up in the aftermath of this failed bombing attempt.  The bomber, Umar Farouk Abdulmutallab, bought a ticket in cash, had been denied a visa to enter Britain, was detected by the NSA and tipped off to the U.S. Embassy.  All of these tell tale terrorism dots were not connected.  Why? Analysis is the culprit, not data.

2-We are overwhelmed with data, most of it worthless

Analysts failed to detect the Christmas day plot, but to their credit, they are overwhelmed with reporting.  Unfortunately, policymakers and counterterrorism officials will rush to create “more intelligence” such that this “never happens again.”  To prove to Congress expanded capability, government officials will publish more intelligence reports. These officials will brief Congress in subsequent rounds of testimony where they state, “Senator X, since the last time we spoke, our agency has generated 300 gazillion intelligence reports on al Qaeda which is a 30% increase in intelligence over last fiscal year”.  The session will end, Senator X will be happy there is more intelligence reporting and a few months later, another terrorist plot will sneak by U.S. CT analysts.

Why does ‘more intelligence’ fail to stop terrorism?

Imagine you are a kid taking swimming lessons. You show up to the lesson, receive a quick briefing from your swim instructor and then you are dumped into the center of the pool.  You throw your arms haphazardly at the water, thrashing violently, barely keeping your head above the surface.  You try to reach the side and you don’t make it.  The instructor jumps in and saves you.

The instructor gets you out and says, “well you didn’t make it to the side of the pool, but maybe we’ll try a different method next time.” During the next swimming lesson, the instructor boats you a couple miles into the ocean and throws you in saying, “now, try to swim to shore.”  You quickly drown.

This silly story mirrors our repeated approach to counterterrorism.  Except the analyst or investigator is the swimmer, intelligence data is the water, and detection of the terrorist plot is the edge of the pool or shore.  Our counterterrorism approach has been to detect the next terrorist plot by turning our intelligence pool into an ocean.  Subsequently, we are less likely, not more likely, to detect and disrupt the next plot.  There is just too much data, too much reporting, to make sense of what is happening.

3- We invest in CT stuff far more than we invest in CT people

Each terrorist attempt results in further spending to improve counterterrorism.  Except buying more counterterrorism stuff remains far easier than investing in CT people.  Rather than train our analysts and investigators sensibly to build accurate analytical models of the threat, officials will buy more plasma TV’s, databases and software that produces really neat looking charts with lines connecting colorful shapes of differing sizes.

Each increase in CT technology stuff distracts the CT personnel who must learn how to query an intelligence database they will seldom use.  Each database further segregates information bits creating technological silos where key information is overwhelmed by other worthless information.

So what do we do to fix this?

First, train analysts and investigators on analytical methods representative of the threat we face.  We have the intelligence, but we don’t routinely recognize the equation.  The Christmas attempt follows the exact model al Qaeda has used for more than a decade; Recruit, Indoctrinate, Train, Equip, Attack.  Al Qaeda recruited Abdulmutallab during university time in London which has been a worry for years.  Indoctrination occurred in Yemen where he received training, an explosive device previously utilized in Saudi, and targeting guidance.  He attacked via commercial aviation defeating weak security measures previously defeated by Richard Reid, the 9/11 hijackers, the Bojinka plot, etc. Al Qaeda has not significantly changed their approach, and it appears, unfortunately, we have not significantly changed our approach either.

Second, narrow our intelligence streams to what is useful.  Many agencies maintain upwards of 30 or more counterterrorism databases; each requiring special access passwords and dedicated training.  These databases contain thousands of reports; 98% of which say something like, “Osama Bin Laden is awful and we should stop him!”  Two percent of these intelligence reports prove to be useful, but our technology silos prevent rapid discovery and utilization.

Third, eliminate redundant counterrorism bureaucracy.  I’ll write much more on the counterterrorism behemoth, but the volume of people working on CT is counterproductive.  Too many people in too many agencies trying to do the same thing with limited information.  Consolidate and reduce the counterterrorism effort and we will likely have greater success.

2 comments

  1. Clint,

    Interesting site. Bigger problem in my judgment is no accountability. Nobody was fired after the failure to detect the Christmas Day plot. There were plenty of signs. “Attack during the holidays” method had some success–one reason is that this is when the bureaucracy is at its worst. Look, until we suspend the civil service protections for folks working in this area and hold people accountable, then we will get the same result. I am not talking about firing the political appointees who are not working at the level where these things get missed. Jam the people whose job it is to raise the flag.

    In your example, would anyone seriously not remove the instructor from “teaching” any more students? In fact, the federal government would. Just take a look at Bernie Madoff and the SEC. A total f-up, lots of warning signs, and nobody seems to be at fault. But then again, the folks at the SEC were busy supporting porn sites, so I guess it’s OK.

    Good luck with your blog!

    Tim

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>