The Cyber Pearl Harbor redux: helpful analogy or cyber hype?

This article defends the utility of employing the Pearl Harbor analogy to characterize contemporary cyber threats, especially threats facing the United States. It suggests that despite the fact that policy-makers are keenly aware of the nature of today’s cyber threats, this knowledge does not necessarily protect them from falling victim to a strategically significant cyber surprise attack. The fact that elected officials and senior officers fall victim to strategic surprise attacks launched by known adversaries is the problematique that animates the study of intelligence failure. The article concludes with the observation that just because scholars and policy-makers can imagine a ‘Cyber Pearl Harbor’ does not guarantee that they can avoid a Cyber Pearl Harbor.     

Canada's Communications Security Establishment,Signals Intelligence and counter-terrorism

Canada's Communications Security Establishment has undergone a far-reaching transformation in conjunction with the expanded role of Signals Intelligence in the global ‘war on terror’. For the first time, Canada adopted a formal statute for CSE, including an expanded remit for countering terrorism. With a shift in targeting priorities towards terrorism and threats to Canadian interests abroad, Canada's participation in SIGINT-related international partnerships takes on new significance. The collection of communication intelligence touches upon public sensibilities regarding privacy rights of Canadians. The evolution of Canadian SIGINT capabilities was therefore accompanied by the establishment, as early as 1996, of a system for intelligence accountability and review, the Office of the CSE Commissioner. Recent advances in communications technology and pressing requirements for Signals Intelligence have impelled changes in the law, while also accentuating the role played by the CSE Commissioner in scrutinizing CSE activities to ensure compliance with ministerial authorizations and the laws of Canada.     

Missing the Wake-up Call: Why Intelligence Failures Rarely Inspire Improved Performance

After major intelligence failures it is often asked why intelligence and security officials failed to heed the many ‘wake-up calls’ that had been provided by earlier failures and surprises. This article addresses this question by examining intelligence failures as ‘focusing events’, which is a concept used in the literature on government policy making to explain how disasters and crises can stimulate policy change and help organizations and decision-makers learn. It argues that in order for an intelligence failure such as a major terrorist attack to inspire improved intelligence performance – to be a true wake-up call – that failure must not only act as a focusing event to bring more attention to the threat, but it must also lead to increased intelligence collection and greater receptivity toward intelligence on the part of decision-makers.     

Strategic Horizons: Futures Forecasting and the British Intelligence Community

The article deals with the role and benefit added by the use of horizon scanning in intelligence analysis in the UK. It asserts that horizon scanning as a technique, while not entirely akin to the tradecraft of intelligence analysis, has much to contribute to its success. Specifically, is asserts that a horizon scanning function in the JIO and the Cabinet Office should be made permanent, as bureaucratic tumult in the wake of the 2010 SDSR have left the capability un-staffed, though still established. Within the UK intelligence community, such an organization may have positive roles to play in the processes of challenge, the setting of collection priorities, and overall long-term UK intelligence assessment at the national level.     

What's the Harm? The Ethics of Intelligence Collection

Abstract

As the professional practice of intelligence collection adapts to the changing environment and new threats of the twenty-first century, many academic experts and intelligence professionals call for a coherent ethical framework that outlines exactly when, by what means and to what ends intelligence is justified. Reports of abuse at detention centres such as Guantanamo Bay and Abu Ghraib, the ever increasing use of technological surveillance, and the increased attention on the use of torture for intelligence collection purposes have all highlighted a need to make an explicit statement about what is and what is not permissible intelligence practice. In this article an ethical framework will be established which will outline under what circumstances the use of different intelligence collection activities would be permissible. This ethical framework will first underline what it is about intelligence collection that is ‘harmful’ and, therefore, should be prohibited under normal circumstances. The ethical framework then outlines a set of ‘just intelligence principles’, based on the just war tradition, which delineate when the harm caused can be justified. As a result, this article outlines a systemic ethical framework that makes it possible to understand when intelligence collection is prohibited and when it is permissible.     

The Threat Review and Prioritization trap: how the FBI’s new Threat Review and Prioritization process compounds the Bureau’s oldest problems

Abstract

In the nearly 15 years since the events of 11 September 2001, the Federal Bureau of Investigation (FBI) has undertaken a succession of efforts to become an agency capable of fulfilling the intelligence functions with which it has been entrusted. However, historically, the FBI’s experience with intelligence has been reactive due to a law enforcement culture that closed cases rather than identified ways to keep opportunities for collection open, as well as bureaucratic wariness due to the differing expectations from one Presidential administration to the next. The Threat Review and Prioritization (TRP) process is the most recent iteration of the Bureau’s attempt to organize as an intelligence service. However, TRP is informed not by a mission of developing intelligence that will help to disrupt emerging threats or exploit opportunities at both the strategic (policymaking) and tactical (arrests), but instead reactively focuses on the threats which have become fully manifest within the FBI’s own domain. TRP leaves the US at a disadvantage vis-à-vis state and non-state adversaries and competitors. Organizationally, it institutionalizes the shortcomings of reactivity and insularity that were the unfortunate characteristics of the pre-9/11 FBI.     

Hunters not Gatherers: Intelligence in the Twenty-First Century

Because of its origins in a sort of anti-Elizabethan paranoia against centralised government, the United States is poorly set up institutionally to cope with the major danger to itself in the twenty-first century: the threat posed by Islamist terrorism. The Director of Central Intelligence is neither central nor fully directing. A large part of the intelligence community, especially in terms of budgets and supervision, is outside his direct control. There is a 'waters edge' separation between the Federal Bureau of Investigation (FBI) and the CIA. Essentially the CIA collects foreign intelligence and counter-intelligence overseas. The FBI, primarily a crime-oriented organisation, has had only a secondary function of domestic counter-intelligence. It is a case-oriented agency focused on establishing past facts in order to bring suspects to justice. It is psychologically ill-adapted to conceptualising threats that lie upstream, that is, in the future. In this context, September 11 can be most properly described as a failure of imagination. Remedies being proposed range from creating an internal security service à la Britain's MI5 to establishing a semi-autonomous domestic counter-intelligence agency within the FBI. In the field of covert action, intelligence in the twenty-first century likely will be characterised by what could be termed an offensive hunt strategy. Put in another way, intelligence operatives in the twenty-first century will become hunters, not gatherers. They will not simply sit back and gather information that comes in, analyse it, and then decide what to do about it. Rather they will have to go and hunt out intelligence that will enable them to track down or kill terrorists. This will involve sending operatives into countries with which we are not at war, indeed in some cases countries with which we have correct relations. In many circumstances, however, terrorist leaders will be hunted down with the help of host country elements. The likelihood is that this new strategy will be implemented primarily in terms of Special Forces operations aided by CIA elements. Modalities will have to be worked out between the Department of Defense and the CIA as to how such offensive hunt operations are to be carried out and how congressional oversight will be exercised.     

Information Sharing for Infrastructure Risk Management: Barriers and Solutions

There is a public interest in ensuring that infrastructure systems are appropriately protected and prepared for disruptions. While infrastructure protection is usually viewed as a public responsibility, infrastructure risk management actually requires a high degree of cooperation between the public and private sectors, particularly in the sharing of information about risks to infrastructure. Discussions with Chief Security Officers across sectors of the US economy reveal the complexity of the task, as they describe at length the private sector's requirements of multiples types of information about a range of potential threats. While the US government has established many mechanisms for sharing information, barriers remain that inhibit both the private and public partners from obtaining the information needed to protect infrastructure. Overcoming these barriers requires new thinking about the intelligence generation process, the mechanisms and practices upon which the process relies, and the responsibilities of those in the private sector who participate in it.     

'As Rays of Light to the Human Soul'? Moral Agents and Intelligence Gathering

Calls to evaluate ethically the practices of intelligence collection have been prompted by debate over the decision to go to war in Iraq and by consideration of how best to respond to terrorist threats. Recently, they have been bolstered by allegations of prisoner abuse that some have linked to intelligence organisations. Such demands for judgement are articulated with equal measures of urgency and apprehension: there is a perceived need to make clear statements about what constitutes morally prohibited and permissible conduct with regard to intelligence gathering, and yet the tools with which one might perform such a task are not readily apparent. This article begins with three basic assumptions. First, intelligence collection does not exist in an amoral realm of necessity, but, rather, is a human endeavour involving choice and deliberation and, therefore, is vulnerable to ethical scrutiny. Second, there is no consensus on the moral guidelines to be invoked to engage in such scrutiny. There are many distinct ethical perspectives from which intelligence collection might be evaluated - and from which one might provide disparate judgements of the same action. Finally, the practices involved in intelligence gathering are equally multifarious and it would be unhelpful to attempt to cover them with a blanket justification or condemnation (from any perspective). Following on from these assumptions, this article sets out a simple typology of 'realist', 'consequentialist' and 'deontological' ethical approaches to intelligence collection and explores how different practices might be variously evaluated from each. The aim is to provide an initial step towards thinking about ethics and intelligence collection.     

The problem of Defence Intelligence

Abstract

The following article argues that defence intelligence in general, and Britain’s Defence Intelligence (DI) organization in particular, represents an area in intelligence studies that is significantly under-investigated. It makes the case that the significance of understanding defence intelligence and DI lies not only in a general lack of illumination but also because DI is subject to and prompts a range of difficulties and challenges that are either especially acute in the defence context or have ramifications for the wider intelligence community that remain to be fully appreciated. Particular attention is given to DI’s remit being divided between Ministry of Defence and national requirements, problems of fixed-sum resourcing an intelligence function with national responsibilities that is subordinate to Departmental spending structures and priorities, fraught positioning of defence intelligence in Departmental line management and, finally, a chronic lack of public or official interest or scrutiny. The article concludes that the UK’s experience has echoes elsewhere, notably in the US, and that wider international study of defence intelligence is both long overdue and may have implications for understanding of national and wider intelligence institutions and processes.     

All Mistakes Are Not Equal: Intelligence Errors and National Security

Strategic situations create motivational biases that help to predict the type of errors intelligence communities are more likely to commit (Type I errors predict behavior never observed, while Type II errors fail to predict behavior later observed). When the dangers of inaction are low and the cost of action high, the intelligence community is more likely to fail to predict threats (Type II error). If the dangers of inaction are high and the costs of military action low, it is more likely to predict mistakenly threats never observed (Type I error). Studies of US and Israeli decision-making and analyses of two new experimental studies support this theory. The key is to recognize the incentives for error and to develop systems that, at worst, lead to intelligence errors (mistakes consistent with a state's national security needs) and not intelligence failures (errors contrary to national security requirements).     

The civilian's visual security paradox: how open source intelligence practices create insecurity for civilians in warzones

ABSTRACT

Images taken by civilians and shared online have become an important source of conflict intelligence. This article explores issues around how states and non-state actors appropriate civilians’ images to produce intelligence about conflict, critically scrutinizing a practice often called open source or social media intelligence. It argues that image appropriation for open-source intelligence production creates a new kind of visual security paradox in which civilians can be endangered by their everyday visual practices because their digital images can be appropriated by outside actors as conflict intelligence. The transformation of everyday images into conflict evidence relies on what Barthes termed the photographic paradox, the paradox that while a photograph is clearly not the reality it depicts, the photograph is casually interpreted as a copy of that reality. When images are appropriated as conflict intelligence this photographic paradox translates into a security paradox. A visual security argument can be made without the intention or knowledge of the image producer, who then comes to perform the role on an intelligence agent. Yet civilians in warzones can hardly refrain from producing any images when they need to call attention to their plight, and to stay in contact with friends and relatives. The paradox, then, is that such vital visual signs of life can rapidly become sources of danger for the civilian. This civilian visual security paradox, it is argued, demands that intelligence actors respect the protected status of civilians in their online collection practices. So far, however, there is little sign of such respect.     

Introducing the special issue: bringing in the public. Intelligence on the frontier between state and civil society

ABSTRACT

This special issue is based on the observation that today’s intelligence services stand before a difficult task of, on the one hand, having to manage the uncertainties associated with new threats by inviting civil actors in to help, while also, on the other hand, having to uphold their own institutional authority and responsibility to act in the interest of the nation. In balancing this task, we show how today’s intelligence practices constantly contests the frontiers between normal politics and security politics and between civil society and the state. In this introduction we argue that these changes can be observed at three different levels. One is at the level of managerial practices of intelligence collection and communication; another is in the increased use of new forms of data, i.e. of social media information; and a third is the expansion of intelligence practices into new areas of concern, e.g. cybersecurity and the policing of (mis-) information.     

Electoral Competition through Issue Selection

Politics must address multiple problems simultaneously. In an ideal world, political competition would force parties to adopt priorities that reflect the voters' true concerns. In reality, parties can run their campaigns in such a way as to manipulate voters' priorities. This phenomenon, known as priming, may allow parties to underinvest in solving the issues that they intend to mute. We develop a model of endogenous issue ownership in which two vote‐seeking parties (a) invest in policy quality to increase the value of their platform and (b) choose a communication strategy to prime voters. We identify novel feedback between communication and investment. In particular, we find that stronger priming effects can constrain parties to invest more resources in all issues. We also identify the conditions under which parties prefer to focus on their “historical issues” or to engage in “issue stealing.”     

A review of security and privacy concerns in digital intelligence collection

In recent years, government leaks have brought many alleged potential privacy violating intelligence collection programs to the public arena. Intelligence collection can affect the privacy rights of citizens from any country. While the concept of privacy is a complicated one, United States citizen privacy is protected by various policies and laws. This paper reviews these alleged intelligence collection programs, as well as specific laws set in place to protect privacy. Also presented are discussions on public opinion and whether or not digital intelligence collection are providing a safer environment for Americans.     

A weak pillar for American national security: The CIA's dismal performance against WMD threats

American preemptive or preventive military action against WMD-armed adversaries in the future will simply not be feasible without high-quality and timely intelligence. But is American intelligence up to this load-bearing task for the post-11 September national security? This article surveys the Central Intelligence Agency's record of gauging potential WMD threats for more than a decade and assesses its overall performance as dismal. The CIA's recent intelligence debacle against Iraq was one of the greatest in a long series of failures that has publicly exposed the Agency's profound weaknesses. These intelligence failures were due in large measure to the CIA's poor human intelligence collection and shoddy analysis, areas that cannot be remedied alone by the creation of the new Director of National Intelligence post. This article recommends steps needed to increase the quality of intelligence produced by CIA, or elsewhere in the new intelligence community, to move American intelligence in lockstep with military transformation to give the Commander-in-Chief realistic options for countering hostile nation-states or terrorist groups seeking or acquiring WMD.     

Improving the democratic accountability of EU intelligence

The 9/11 attack and the ‘war on terrorism’ have been followed by a discussion on intelligence deficits. However, surprisingly little attention has been given to the issue of agencies' democratic accountability. This article argues the benefits of oversight for democracy and its significance for the improvement of services' performance. It puts EU intelligence agencies, which have hardly been the subject of any debate, at the centre. While acknowledging that the major threats to civil liberties of European citizens are posed by national intelligence agencies, it identifies the establishment of mechanisms for quality control of EU intelligence as the main challenge at the EU level.     

Intelligence to counter terror: The importance of all-source fusion

The modern digital environment has made terrorism and other transnational crimes vastly easier to coordinate on a worldwide scale than was possible before World War II. It has also exacerbated a most serious challenge: governments attempting to stop terrorists – particularly democracies – are expected to do so without undermining the laws, representative principles and informal confidences upon which a culture of democracy depends. The purpose of this article is to examine the modern intelligence requirements for countering terror in order to appreciate this challenge in greater depth and to develop a reasoned basis for balancing counterintelligence capabilities with civil liberties. It begins by considering the nature of the terrorists we face and the requirements for good intelligence operations against them. Historical examples illustrate those lessons that can be learned from the defeat of similar threats in the past, including the recurring ways in which challenges to civil liberties arise as democracies optimize intelligence in the name of security. In discussing the special opportunities and challenges modern technology poses in this contest, the analysis suggests an essential next step for democracies threatened by terrorists in their midst.     

Waking up on another September 12th: implications for intelligence reform

Abstract

After 9/11 the US Government tried to ‘fix’ intelligence by adopting the Intelligence Reform and Terrorism Prevention Act (IRTPA). Resources increased and, to varying degrees, performance improved – particularly in counterterrorism. This article, however, argues that the constellation of Intelligence Community authorities and organizations, either created or left in place by the IRTPA, coupled with the challenges of a complex security environment, leaves us ill-prepared to deal with the Country’s twenty-first century intelligence requirements. Should that critique prove accurate, and should future intelligence failure(s) be judged strategically and politically unacceptable, the second half of the article provides a framework for revising the IRTPA; the proposals substantially increase the authority of the head of the Intelligence Community, consolidate structures, and create centers of analytic critical mass necessary to meet the knowledge requirements for both regional and transnational security issues. Reflecting the Intelligence Community’s long standing tradition of questioning assumptions, the article is meant to foster reflection and debate about whether the Intelligence Community is postured to meet the needs of the Country, and if not, what needs to change.     

SOE's ‘Prosper’ Disaster of 1943

International economic issues have become a foremost government concern since the start of the global financial crisis, leaving economic security increasingly linked to more traditional concepts of national interest and politico-military security. This prioritization has been reflected in the recent requirements of the United Kingdom's intelligence and security actors. Yet, scholarly research has neglected the relationship between intelligence, international economics, and contemporary security policy. Taking current requirements as a catalyst, this article draws on contemporary British history to explore when intelligence can be used to protect economic security and when intelligence actors can best use economic measures to achieve broader politico-military goals. The use of secret intelligence in the economic sphere does, however, have certain limitations and it should therefore only be employed when necessary.