Tuesday, January 19, 2010

Profiling and why it does not work in anti-terrorism operations

Immediately after the terrorist attacks on 9/11 airport security was drastically increased. Anyone and everyone, regardless of color, creed, age, or sex was subject to additional screening when passing through security checkpoints. Along with the increase in security came the calls for profiling. While people claimed they understood and appreciated the increased security, they did not want it to impact them, only those they believed could possibly be terrorists. In other words, the only people that needed additional scrutiny were young Middle Eastern males; just look at who carried out 9/11 and who blows up buses in Israel. Why should lily-white, red-blooded Joe Blow or his senior citizen grandmother have to take off their shoes and risk possibly missing their flight when there are so many Middle Eastern-looking people (this includes Latinos according to some) that represent a much higher risk?

Dr. Edward N. Luttwak believes we should be doing something very similar. In a recent Wall Street Journal Op-Ed piece, he writes, “screen[ing] passengers as persons instead of their bodies and belongings has an overwhelming advantage,” namely that this method “can detect a would-be terrorist even if the specific technique he tries to employ is not previously known.” While his risk-based approach has some merit, once al-Qa`ida operators understand which groups are not screened and which ones receive extra attention, they will simply devise ways to join those groups.

On September 11, 2001 the 19 hijackers were all of Middle Eastern, mostly Saudi, descent. For some time after 9/11, many terrorist operatives were of similar background. As al-Qa`ida was disrupted and displaced, and more franchise organizations came online, the probability of a terrorist being of Middle Eastern descent began to diminish. Just as the United States and its Western allies adjusted anti-terrorism defenses based on the last attack, al-Qa`ida adjusted its offensive capabilities by varying the color, ethnicity, and even sex of its operatives in order to defeat the anti-terrorism measures.

The phrase, “wilderness of mirrors,” an allusion to Alice in Wonderland, was how some intelligence experts described the spy war between the United States and Soviet Union. It is still used to describe the war between counter-terrorism professionals and terrorists; one side trying to gain the edge against the other in small battles all around the globe while trying to make the other side believe something that is not true. We continuously try to find ways to thwart the next 9/11 and they, the terrorists, are always looking for that small gap in our anti-terrorism protection rings to exploit and kill people. These small battles can have great, strategic impacts on the overall war.

Sun Tzu said, “All war is based on deception.” By keeping the terrorists guessing, they will never truly know what we know or what we don’t know about them and their operations. That may sound like a Rumsfeld axiom, but in warfare it is absolutely true. If we only screened young Middle Eastern males, al-Qa`ida would recruit (and they have been) or attract Westerners such as John Walker “the American Taliban” Lindh, Daniel Patrick Boyd, or Bryant Neal Vinas. This satisfies two requirements for al-Qa`ida planners, it provides an operative less likely to be viewed as a terrorist by the mainstream public and it gives them someone familiar with Western culture and travel. This last requirement goes toward defeating the Transportation Security Administration’s Behavioral Detection Officers (BDO) who are looking for individuals feeling out of place and nervous. The more confidence an operative has, the less likely they will be singled out by BDOs. We must keep them guessing as to the true capabilities of our anti- and counter-terrorism assets and measures.

Some people ask, “Doesn’t the fact that in an open democratic society most of the anti-terrorism measures put into place are eventually exposed by the media or civil liberties groups?” and “Doesn’t that exposure defeat the purpose of keeping those measures secret from al-Qa`ida so they do not know our capabilities?” In some ways the answer is yes, by exposing our capabilities to the enemy it allows them to design ways to defeat them; however, on the other hand, the terrorists do not know how good those capabilities are and whether they work or not. President Reagan used the idea of “Star Wars,” the U.S. military’s space-based warfare concept in the 1980s, to deceive the Soviets into believing this program would work. They then bankrupted their economy trying to develop a program of their own that could defeat ours. But ours only really existed on paper, not in the near future as Soviet intelligence was led to believe. Pardon the clichés, but power perceived is power achieved and the rest, as they say, is history.

Monday, January 18, 2010

Al-Qa`ida’s Christmas Day attack; déjà vu all over again

The attempted bombing of Northwest flight 253 on Christmas Day was no success for al-Qa`ida, but it was no success for U.S. counterterrorism authorities either. The United States’ Intelligence Community (IC) and counterterrorism agencies had at least two opportunities to deny Umar Farouk Abdulmutallab from succeeding, his U.S. visa could have been revoked or he could have been stopped at the boarding gate by being placed on the Transportation Security Administration’s No-Fly watchlist; instead, it was pure, dumb luck that almost 300 people were not killed on Christmas day. Luckily, Abdulmutallab was an inept operative and the detonator was of such miserable quality that it failed to work properly. The planners and bomb-makers of al-Qa`ida are not idiots. They operate much like military planners do around the world. If an operation is not executed properly they go back to the drawing board, learn from their mistakes, implement the necessary changes, and go at it again. There is no shortage of shuhadaa willing to martyr themselves for the cause and eventually they will catch us off-guard, just like Abdulmutallab did, and then we might not be so lucky.

Why did the Christmas attack fail?

Al-Qa`ida’s traditional method of attack includes complex, simultaneous attacks. They do this for two reasons. One, it ensures one or more attacks succeed. We cannot guard everything, everywhere and, just like drug trafficking organizations, they play the percentage game where for everyone one or two that get caught, three or four succeed. Second, the more attacks that succeed simultaneously, the more we have to stretch our response assets, thus eliminating any redundant response systems we might have in place and straining the entire system. That was not the case in the Christmas attack. Why? More than likely it was because Abdulmutallab’s handlers in Yemen are not as sophisticated as other al-Qa`ida planners such as Khalid Sheikh Mohammed, Abu Zubaydah, or Muhammad Atef. However, the Christmas attempt could also have been simply to test airport security or the effectiveness of the device in defeating airport screening. According to media reports, Abdulmutallab has told investigators there are many others just like him ready to carry out attacks against the United States or its interests. It is possible Abdulmutallab was conducting a reconnaissance of airport security and was prepared to exploit any deficiencies he found, which he almost succeeded in doing. CNN reported on Friday there appears to be a “palpable level of angst” among intelligence officials and that those officials believe “there are a lot of” other potential bombers out there with the training needed to carry out another attack.

Why did we fail?

Today’s al-Qa`ida is not the same al-Qa`ida we faced on September 10, 2001. Today we face a multifarious, geographically diverse enemy, beholden to an ideology and not to a person issuing commands from a cave in the Hindu Kush. As a result, the operators and planners we face are as varied as their locations, presenting a heterogeneous organism that evolves and adapts faster than we can imagine, or at least faster than we can react. It is for that reason that the single most important aspect of national security we have at our disposal is information sharing.

John Brennan, the Deputy Assistant to the President and Deputy National Security Adviser for Homeland Security and Counterterrorism, led a preliminary review of the Christmas Day attack. The findings of that review were published last week and outlined nine shortcomings that, together, nearly led to the single deadliest attack on American soil since 9/11. The premise of these findings is that, while there was enough information within the IC and it was properly shared to identify and watchlist Abdulmutallab so that he could not have boarded a flight to the U.S., the analysts responsible for doing so failed to “connect the dots.” Most importantly though, the only agencies listed in the findings are CIA and NCTC; one whose mission lies outside America’s borders and the other who was created to help the Director of National Intelligence (DNI) coordinate information between agencies, not to act as an operational component of the IC, which is what it has effectively become. Though the report states there was not an information sharing problem, the one department created and charged with homeland security, DHS, is not even mentioned because they were not part of the equation, thus clearly demonstrating a lack of information sharing. How can you have a cabinet-level department whose singular mission is to protect the homeland and not even mention it in the report unless the information was never shared with it to begin with?

This is not the first time the IC’s lack of information sharing has resulted in an attack. We saw Major Nidal Hassan succeed in killing fellow Soldiers at Ft. Hood because information gleaned by FBI and DOD was deemed inconsequent and not shared with the experts on extremism and radicalization at DHS. These agencies, lacking experts in the fields of extremism and radicalization, viewed Hasan’s activities from a law enforcement perspective; “was he committing a crime?”

Similarly, Carlos Leon Bledsoe, the Muslim convert who shot and killed U.S. Soldiers in front of a recruiting office in Little Rock, AR in June last year had been under FBI investigation since he returned from Yemen, allegedly for being in Yemen and his arrest there for possessing a Somali passport. Everyone today understands how critical Yemen is in the fight against al-Qa`ida’s ideology and the fact this individual was there and possessed a Somali passport—Somalia has not had a government since the early 1990s and any Somali passport being used today is going to be outdated and/or fictitious—would raise “red flags” with extremism and radicalization experts who have known about Yemen and Somalia since the 1990s. But again, that information was never shared outside FBI channels, who were simply looking for criminal activity. Unfortunately, they got their criminal activity, at the cost of two Soldiers shot, one of whom died.

How do we fix the system?

Any recommendations on addressing the identified problems need to focus on the failure to share information and any effort to truly secure the homeland must not only include DHS, but must put it first, otherwise, we are no better off than we were on September 10, 2001.

There is no one solution to securing the nation; there are multiple layers of security that must be coordinated effectively and that have to change their posture on an irregular basis so as not to establish a pattern that al-Qa`ida can identify and exploit. There are many so-called experts and a plethora of politicians that think they know better than the real experts; those men and women that are out there everyday implementing the rules and procedures that have thus far, except in a few instances, kept al-Qa`ida from executing another 9/11-style attack. The best thing Congress can do is to allow the departments and agencies implementing our national security the flexibility to do their jobs. One thing we definitely do not need is more oversight.

I am sure there will be no shortage of individuals attacking my assessments and recommendations. I will simply preface my recommendations with this: all plans and solutions look good on paper; it is how they actually work when implemented that matters. The assessments below are based either on personal experience or on interviews conducted with individuals who actually work in these departments and agencies and intimately understand how they work on a day-to-day basis.

First, DHS must be the lead federal agency when it comes to homeland security. While the FBI has the legal authority to investigate all terrorism-related incidents, DHS must have the legal authority to conduct all intelligence-related operations. Only when the intelligence points to an active plan to carry out an attack should the FBI become involved. Currently, if FBI decides someone is a terrorist or has terrorist connections they open an investigation, essentially eschewing intelligence as a tool. Once they open that investigation they severely limit with whom that information can then be shared, which was the key failure behind 9/11 and the primary reason DHS was created. This even includes state and local law enforcement officials who may have critical intelligence related to the individual in question or who would benefit from simply having situational awareness. I am not sure if FBI is still wrapped in the institutional mindset that they are the premier law enforcement agency, like they were before 9/11, or if it is just the idea that they want all the glory, but due to privacy concerns and civil liberty issues, the law enforcement aspect and terrorism intelligence piece of FBI need to be completely separated. DHS should operate the only domestic terrorism intelligence agency.

Of course, the argument will be made that there are DHS and state and local law enforcement liaison officers assigned to NCTC and that this is where the information is shared. Unfortunately, the majority of the information is restricted to only those liaison officers; in most cases they are not allowed to pass the information back to their parent departments or agencies. The liaison officers are just that, liaisons, not necessarily the subject matter experts. The experts reside with the parent departments or agencies and do not receive the information. The creation of NCTC as an analytic, operational component of the IC basically created another stovepipe where information is gathered and never shared, at least not in a timely fashion.

Second, the DNI, through NCTC, needs to assert his power over the IC, demanding that information sharing not only be uppermost in everyone’s mission statement, but also in their daily activities. NCTC needs to stop trying to become an operational component of the IC and focus on coordinating products and missions between other members of the IC. As it stands right now NCTC acts as if it is simply a new component of the IC; the manpower of NCTC is way over its original authorization. Instead of developing their own studies and products, they should concentrate on ensuring the departments and agencies responsible for various topics are tasked with the development of the necessary products or provide the required answers. When there is a challenging problem, they should focus on bringing the subject matter experts from around the IC together to work on them. Unfortunately, many IC agencies are understaffed because they are providing personnel to NCTC and DNI. Once the project has been completed those experts should be released back to their parent organizations. And finally, while they are working at NCTC, these analysts should be authorized to share the information with their home agencies and not be hamstrung behind soundproof walls. As Jean-Louis Bruguiere, France’s leading magistrate investigating terrorism from 1981 to 2007 wrote in a New York Times Op-Ed last week, “Often, it is the small, apparently trivial sign lost in the avalanche of data that forewarns of a coming threat. The more trained eyes there are on information, the more likely that sign is to be read.”

There is an old saying that “knowledge is power.” And information is knowledge. Inside the Washington, DC beltway information is the “holy grail.” The person with the most wins. While the leaders of our intelligence and counterterrorism departments and agencies are professionals, they are also political appointees and are always looking for the edge. The further we get from 9/11, the more these departments and agencies will begin to revert to their old ways. If more emphasis is not placed on removing the barriers to sharing information and certain departments and agencies are allowed to re-build their pre-9/11 fiefdoms, the more vulnerabilities will be created that will allow those multifaceted, al-Qa`ida associates of Umar Farouk Abdulmutallab to exploit our individualistic system and execute an operation. And unless we learn from this most recent intelligence failure, al-Qa`ida will eventually succeed.

Thursday, January 7, 2010

Why the security system failed to detect the underwear bomber and why it will continue to fail

There has been much finger pointing since Umar Farouk Abdulmutallab’s failed bombing of the Christmas Day Northwest flight from Amsterdam to Detroit. Originally the Secretary of Homeland Security (DHS) declared that the system worked, and then the President countered her and stated the system, specifically the Intelligence Community, failed as a whole. As a terrorism and homeland security expert, I must agree with the President. And, regardless what his counterterrorism advisor John Brennan has claimed, the one, incontrovertible reason our system failed was due to the lack of information sharing. But even more importantly, this was not the first time the system failed due to a lack of information sharing since 9/11.

According to media reports, the United Kingdom’s intelligence services were already aware of Abdulmutallab’s potential for violence as was his own father who reportedly informed our own State Department. Unfortunately, the State Department failed to do two very important things: first, they failed to check their own records and realize Abdulmutallab was in possession of a U.S. visa. That would have ended his ability to travel to the U.S. and none of the rest would matter. However, their second mistake was failing to pass that information to the rest of the IC, most importantly, to DHS, which would have guaranteed that even if Abdulmutallab was able to enter one of our neighboring countries, he would have been prevented from crossing a land border into the U.S.

The lack of information sharing persists even with the lessons learned from 9/11 and the offices put into place since to facilitate better information sharing. For example, according to the media the FBI and DOD were in possession of information that indicated U.S. Army Major Nidal Hasan was in contact with the same Yemeni-based radical sheikh, Anwar al-Aulaqi, that Abdulmutallab was emailing before his attack. Like the situation with Abdulmutallab, the information on Hasan was not shared with the rest of the IC.

In response to the failed Christmas attack, President Obama has ordered a surge in the number of Federal Air Marshals (FAMs). But how would this prevent future Abdulmutallabs from carrying out another attack? The passengers were able to subdue Abdulmutallab, once he tried to ignite his detonator. If his detonator worked properly, and even if FAMs were aboard, they would simply be among the casualties being picked up off the ground. While adding FAMs is a good step forward in our response strategy, the public should not be fooled into believing FAMs are the answer to secure flights. Our prevention strategy must be just that, to prevent something like this from happening to begin with.

Our security strategy is based on a concentric circle, or layered, approach, which is the right way to do it; if one layer fails the subsequent layers should work. However, the one, single point of failure, is information sharing. This links all the other layers in the security strategy so that departments and agencies working in one layer know what is happening in all the other layers. In both cases mentioned above information sharing was non-existent, thus allowing the entire system to fail and permitting one of the two attacks to succeed. That is a 50% success rate for the terrorists. Unless serious doctrinal changes are made at the departments and agencies most responsible for failing to share information, this will continue and sooner or later, regardless of how many FAMs are aboard or how much you make passengers strip before boarding a flight, one of these violent extremists will achieve martyrdom, at the expense of a few hundred, or even thousand, American citizens.