The Federal Bureau of Investigation's Efforts to Improve the Sharing of Intelligence and Other Information
Report No. 04-10
Office of the Inspector General
The Federal Bureau of Investigation (FBI) has established as its highest priority the prevention of terrorist attacks on the United States. The accomplishment of this critical national security mission requires the FBI to collect, analyze, and appropriately disseminate intelligence and other information needed to disrupt or defeat terrorist activities. However, in the past, Congressional inquiries concerning the September 11, 2001, terrorist attacks on the United States, reports of commissions examining terrorism before and since September 11, and Office of the Inspector General (OIG) reports have suggested various weaknesses in the FBI’s ability to effectively carry out the vital intelligence component of its counterterrorism program.1
As a result, the OIG initiated this audit to review the FBI’s progress in addressing deficiencies in the FBI’s intelligence-sharing capabilities that the FBI, Congress, the OIG, and others identified subsequent to the September 11 terrorist attacks. Our audit focused specifically on the FBI’s: 1) identification of impediments to the sharing of counterterrorism-related intelligence and other information; 2) improvement of its ability to share intelligence and other information both within the FBI and to the intelligence community and state and local law enforcement agencies; and 3) dissemination of useful threat and intelligence information to other intelligence and law enforcement agencies. The focus of this audit was to identify and evaluate corrective actions taken by the FBI to improve the sharing of intelligence information. The audit does not directly assess the viewpoints of the broader intelligence community or state and local law enforcement agencies to avoid overlap with related work on governmentwide information sharing recently conducted by the U.S. General Accounting Office (GAO).
The terrorist attacks of September 11, 2001, revealed severe deficiencies in the FBI’s intelligence analysis and information-sharing capabilities and processes. During the OIG’s September 2002 audit of the FBI’s counterterrorism program, some FBI managers described the FBI’s intelligence analysis capability as “broken.” Others on terrorism-related commissions and in Congress have suggested that the FBI’s intelligence capability was more than broken; it had been virtually nonexistent.
The FBI’s historic expertise has been in crime-fighting and in building cases for prosecution of criminals. Refocusing the FBI to preventing terrorist acts and developing the sets of skills required to collect, analyze, and disseminate intelligence strategically as well as tactically has required a change in the FBI’s culture that has not been easy or quick.
FBI Director Robert Mueller took office one week before the September 2001 terrorist attacks and was immediately confronted with the need to change the focus of the FBI, and address various management problems at the FBI. He established as the FBI’s highest priority the prevention of terrorist attacks and set about restructuring the Counterterrorism Division (CTD) to improve analysis and to foster the internal sharing of information. The Director also addressed the FBI’s lack of a full, professional intelligence capability by bringing on board through temporary assignments seasoned Central Intelligence Agency (CIA) managers and analysts to help address the FBI’s deficiencies in intelligence analysis and dissemination. Recognizing that the FBI’s information technology (IT) systems were severely antiquated, the Director also hired professional IT managers from outside the FBI to develop more modern computer systems.
The FBI has faced a number of impediments in its efforts to transform itself into a law enforcement agency with a robust intelligence capability to help prevent future terrorist attacks. An inherent part of this reinvention is the ability to securely share intelligence and other information. During the course of our audit work, we asked FBI CTD managers about the problems they have encountered in sharing intelligence and other information both within the FBI and also to and from the intelligence community and state and local law enforcement agencies. FBI counterterrorism managers universally cited the FBI’s IT limitations – particularly the existing Automated Case File (ACS) system – as the predominant impediment to the effective dissemination of intelligence and other information. Not only is the ACS system outmoded and a poor tool for disseminating information, but because of security vulnerabilities ACS cannot be used to transmit Top Secret (TS) or Sensitive Compartmented Information (SCI). Since much intelligence is TS or SCI, ACS was restricted to Secret level information or below and could not communicate with other agencies’ systems. The other major impediment cited was the FBI’s problems with being able to pull information together from a variety of sources, analyze the information, and disseminate it. In other words, the FBI lacked the ability to “connect the dots” or create a mosaic of information. Along with the FBI’s analytical weakness was the lack of a capability to prepare a strategic threat assessment or “big picture” intelligence estimate.
In addition to IT and analytical impediments, FBI counterterrorism managers outlined a number of day-to-day information-sharing problems. For example, incoming cables or other information from the intelligence community were not always disseminated, or not disseminated timely, to the individuals or units that needed to act on the information. Such misdirected information could occur if the addressee had transferred jobs or the specific and correct unit was not designated. Internal communications through Electronic Communications (EC) were a problem because ECs required layers of review and approval as they made their way through the organization. In addition, although state and local law enforcement have publicly complained that the FBI was not sharing information, some state and local officials would not apply for the security clearances required for access to the information. Further, if the FBI was not the originator of the information, the intelligence agency providing the information needed to approve dissemination beyond the FBI. Passing information beyond the originating office also required the “scrubbing” of more sensitive aspects, such as the sources and methods used to acquire the information, to avoid potential compromise.
FBI managers stated that to accompany the organizational changes and the focus on improving information-sharing processes, the FBI has not yet established policies and procedures that delineate the appropriate processes to be used to share information and intelligence, either internally or externally. For example, when we requested a flow chart for the processing of intelligence or other information received by FBI headquarters, none was available, and the FBI instead prepared a narrative description to meet our request. Further, the FBI has no formal policy or directive on what information should be disseminated to state and local law enforcement and under what circumstances. Without formal policies on information sharing, FBI managers and staff lack criteria and guidance by which to ensure that appropriate information is disseminated to the appropriate parties either within or outside the FBI. However, the FBI recently created Concepts of Operations that serve as a framework for improving key aspects of its intelligence program, including information sharing, and intends to develop the policies and procedures required to implement the plan.
We found that based on their own reviews – and undoubtedly as a result of Congressional investigations and hearings on the FBI’s counterterrorism program – FBI managers were aware of the obstacles the FBI faces in improving its ability to process and disseminate intelligence and other information from multiple sources. Although most of the FBI’s efforts to improve information and intelligence sharing are ongoing, we found that fundamental reform has begun. Specifically, the FBI has taken the following actions to improve its ability to communicate information within the FBI, analyze intelligence, and disseminate information outside the FBI.
In June 2003, the new Executive Assistant Director for Intelligence launched a 10-week initiative to develop Concepts of Operations for each of 9 core intelligence functions, including information sharing. The Concepts of Operations provide a framework for developing formal policy and procedures and give FBI managers guidance through broad principles for information sharing. Also, the FBI is in the process of developing an FBI-wide enterprise architecture. In conjunction with the enterprise architecture, the FBI should develop a process map to define the current state and end state for its information-sharing processes and an implementation plan to put its Concepts of Operations into action.
Other than by conversation or passing of documents by hand, the FBI has nine primary ways of disseminating intelligence and other information outside the FBI: 1) The Director’s Briefing, including input to the daily Threat Matrix and the Presidential Report, 2) Intelligence Information Reports as information dictates, 3) Intelligence Assessments, 4) Secure Video Teleconferencing System, 5) Urgent Reports, 6) weekly Intelligence Bulletins, 7) Quarterly Terrorist Threat Assessments, 8) e-mail messages, and 9) Terrorist Watch List in the National Crime Information Center. Also, when the TS/SCI LAN is fully operational, the FBI will be able to electronically transmit information, not only internally but to the broader intelligence community. We analyzed the content of the nine methods of information sharing to determine the nature of the information and to evaluate its potential usefulness.
The information disseminated by the FBI was generally useful, although some items were classified and therefore available only to the intelligence community or to those with the requisite security clearances. Other items were either unclassified information or were modified to allow broader distribution on a “law enforcement sensitive” basis. In the latter category, in particular, the information in Intelligence Bulletins and Quarterly Terrorist Threat Assessments varied as to content and usefulness for the purposes of helping state and local law enforcement agencies deal with the high-risk threat of radical Islamic fundamentalist terrorism. For example, some of the information provided dealt with upcoming social protests or with environmental extremists. While local law enforcement agencies nationwide might be interested in the potential for criminal activities by such groups – which fall under the FBI’s broad definition of terrorism – the focus of the information the FBI provides to state and local law enforcement is not always on international terrorism. Instead, much of the material disseminated falls within the FBI’s definition of domestic terrorism. Our specific observations about the nine types of information-sharing products follows.
To improve its ability to provide useful information within the FBI and to other federal, state, and local agencies, we make the following six recommendations to the FBI based on the results of this audit: