Previous IFPA-Fletcher Conferences
National Security
Strategy and Policy:
Planning for and Responding to Threats to the U.S. Homeland
October 28-29, 2004
Ronald Reagan Building
and International Trade Center
Washington, D.C.
Michael Noll, Director, J-2, U.S. Northern Command
Introduction By: Dr. Richard H. Shultz
Michael Noll: What I’d like to do here just for a few minutes is step down perhaps three or four levels from the view that Mr. Woolsey just gave you and talk from the perspective of the J-2, the Director of Intelligence of a regional combatant command, the one that is responsible for homeland defense, and to directly address the central issue of our panel, which is developing actionable intelligence.
I'd like to talk about those two terms, intelligence and actionable, but in the opposite order. I think everyone understands that intelligence is a sum of data which is aggregated in information and which ideally is turned into knowledge. There are other people who take data and assemble it into information. My job is to take information and synthesize it into knowledge. This is all-source analysis.
It’s also a J-2’s job to communicate that knowledge to those who must use it, and communicate it in a way that is clear and convincing, the right knowledge at the right time for the right people. Our job at NORAD/NORTHCOM, J-2, is to assess the threat to North America across the full spectrum; we have to deal with traditional strategic threats, what we call the strategic asymmetric, and the threat of terrorism. And we have to assess those threats in their full global context; we can’t stop at our boundary line, area of responsibility boundary line.
We have to do this for homeland defense, in support of homeland defense, and for military support to homeland security. And having assessed the threat, we have to provide warning. Again, I think perhaps obvious but worth reminding you, this is an art and not a science.
So next, this issue of actionable intelligence. Actionable intelligence for whom? Well, for me it’s pretty clear. Actionable intelligence for my commander, General Ed Eberhart, for his inner staff, the senior decision makers, for our extended staffs -- there’s two commands, NORAD and NORTHCOM -- and for the subordinate NORAD regions and NORTHCOM components. And the principle of providing this actionable intelligence runs along a fairly simple thought process, which is to each according to his mission needs, their ability to understand and their ability to safeguard things which are secret.
Now, the other thing to remind you, and again from my perspective, I'm talking about actionable intelligence at the theater strategic level for a military command. What makes this intelligence actionable? It’s actionable if we can prevent surprise, if we can give our leadership time to think through a problem, allow time to plan and to prepare, and to set the stage for informed decision making on things which are appropriate for our command, such as setting of alert levels or the posture of our forces.
Now, to provide that actionable intelligence, we enter this world of information sharing, sometimes called the need to share, sometimes called the need to know. My boss, the commander of NORAD/NORTHCOM, has great responsibilities—He is accountable to the President, the SECDEF, Congress and the American people. The latter is the most challenging -
--only because I think you would understand they have high expectations of what we can do; in fact, those expectations probably outstrip our actual authorities.
So the commander of NORAD and NORTHCOM needs to see all the intelligence. And that’s a very expansive requirement. My job is to get that information by whatever means I need to get it. I have to sort out the wheat from the chaff, and there’s a lot more chaff than there is wheat. And I have to impart the knowledge that might be gained in the form of what I would call an extended conversation. I sit down with the commander, General Inge and other senior leaders every day, and we discuss the threat actually in considerable detail. The understanding that might come from that is cumulative over time; it doesn’t come in a single moment or a single piece, but it really is cumulative.
Now, underpinning this info sharing issue are matters of law and policy, and I believe, personally, that we have the laws and we have the policies we need to get the information we need. That said, at a lower level, at the mid-levels, lower levels of the intelligence and law enforcement communities, there’s often a struggle with individuals, however right-minded, who interpret and implement these policies in a way that might make it difficult to share information. In fact, still, I think, the information sharing deck is stacked in favor of those who are trying to protect sensitive intelligence sources and methods, or protect sensitive law enforcement investigations.
But, on the other hand, for those of us who are in this business of all-source analysis, whose job it is to connect the dots, the first thing we need is to be able to see all the dots. Now, how this is to be done is, of course, very difficult in terms of structure. A paradigm often used in the intelligence community is that of the lanes in the road, which is to say this agency has this responsibility, and this center will do this job, and it keeps the lines neat and people know what they're supposed to do. But more and more, I believe we need a way to crossconnect across those lanes and to bring together our best minds, our best analysts in some kind of a secure and trusted network.
Now, the technology to do that exists, but it is very difficult organizationally to determine who should be speaking to whom on a given issue, who should see what information about a certain problem. But I think we need to address that.
Even if you were given all the information you might want, you then face the problem of what I might call the disciplines of the trade. The first, and Mr. Woolsey alluded to this, a really cardinal lesson learned from the 9/11 tragedy is the requirement for fusion. And by fusion I mean something very specific, the fusion of foreign intelligence with law enforcement-derived information. Not law enforcement information, we have no law enforcement mission at my command, but that information which is of intelligence value, which is derived from law enforcement actions. That must happen, and in fact it does happen at our command.
Now, this brings up the issue of domestic information and domestic intelligence. Clearly, there is a requirement for that, but that requirement for a military intelligence command is not absolute. And the reason it’s not absolute is that we have to protect civil liberties. Civil liberties are fundamental to what this whole war on terrorism is about; it’s what the enemy are attacking. Within the Department of Defense, we have an intelligence oversight program which is run at the level of OSD, which helps us work through this. And we have spent a lot of time and a lot of effort on this intelligence oversight program, a lot of training has gone into it.
To explain it simply, you have a kind of yardstick or a measure of what’s in and what’s out. We call this the nexus, that there must be a foreign threat nexus for a military intelligence organization to legitimately be involved in domestic information; it has to connect in some way, either confirmed or suspected, with some foreign threat. It could be a foreign intelligence operation, it could be a foreign terrorist operation, but it’s got to connect. If it does not connect, if it is a purely criminal matter, if it’s a matter of civil disobedience, people exercising their right to dissent, then a military intelligence organization is not and should not be involved.
Then the next discipline of the trade is this matter of sorting the wheat from the chaff. We are very rigorous about triaging the information that we get, and we do this triage by the credibility of the sourcing. I think it stands to reason that not all intelligence is of equal value, not all sources are equally good. But it is important to make those distinctions and to present those distinctions to decision makers so that they know what requires their intense attention and what requires simply due diligence.
In addition to these tactics, if you will, we use another set of procedures called operational net assessment, or ONA. In the military we have a joint experimentation process that’s run by Joint Forces Command. This yields certain products and ONA is one of them. Stripped down to its essentials, what it involves is taking three different looks at any given threat or problem or issue.
The first look is blue’s view of red. Think of blue as us, red as the enemy. Blue’s view of red is simply that fused intelligence of law enforcement information, the intel picture, if you will.
Then the second look is blue’s view of blue. That’s vulnerability analysis, that’s us looking at ourselves, understanding our infrastructure, understanding the vulnerabilities of our infrastructure. Very important and very valuable.
The third look is red’s view of blue, which is called red teaming, and that is the attempt to crawl inside the head of the enemy and look out through his eyes. Now, this is very valuable, but very difficult to do. It requires you to have a high degree of understanding of the individual or group you are trying to emulate. If you don’t understand them, you're going to end up mirror imaging, essentially. But again, very valuable.
And if you take these three looks together, then I think you have a far better characterization of the threat.
Additionally, something that is very useful in terms of the disciplines of the trade is how you organize the information you present, and we often fall back on three separate ways, three related ways. First, what do we know; second, what don’t we know; and third, what do we think? And it’s always very important, I remember when General Powell used to say this to the Chairman of Joint Chief of Staffs, you have to distinguish which is which, don’t mush them together.
Then having done all those things, it’s very important to be credible. Credibility comes from performance over time and credibility gives you the ability to convince and perhaps set the stage for action. All this requires immense, constant effort. And in the nature of our business, we intel officers are morning persons; it’s all before the dawning.
We were asked to talk a little bit about intelligence community reform and structural issues, and I think that from my perspective -- remember, I work in Colorado, not in Washington -- the key point from which we ought to proceed is knowing ourselves -- ourselves in this case being Americans and American intelligence. We don’t give a whole lot of thought in Colorado Springs to a lot of the issues you see in the papers here. The reform discussions are sort of a Washington thing. It’s about organization, reorganization, bureaucratic power, who controls money. Now, there’s nothing wrong with that, and you should always seek the best organizational model, but I believe that success in intelligence depends on excellence in fundamentals, the performance of your intelligence personnel. Those fundamentals, I think, are recruiting, training, tactics, discipline and retention.
Through that, you mold a group of intelligence analysts, you help them succeed. Those folks are bright, they're positive, they're universally hardworking, but I have to tell you they've not been well treated by the American educational system.
Also, in terms of knowing ourselves, we need to realize that we as Americans are very fond of technology, and have trouble grasping the darker parts of the world, have trouble understanding or imagining them. And perhaps most important, we in the government are risk-averse, very risk-averse. We’re good at technical intelligence, we’re bad at human intelligence. We’re rich in resources, but impatient in the application of those resources. But if we’re honest, if we know ourselves, then I think we can play to our strengths and cover or mitigate as best we can our weaknesses.
The last point I'd like to make to you is this matter of facing the unknown. If you take what we have, what we know, know about a threat, particularly a terrorist threat, you can liken it to an iceberg, where only about 10% of the iceberg is above the water; the great majority of it is invisible, below the water. You can only see part of the threat. Then remember this issue of wheat and chaff; a lot of what you can see is wrong, simply wrong. So the piece that’s really good is really quite small in terms of the totality of the threat. The art of intelligence is in assessing the whole of that iceberg from that tiny piece which is visible. So we have to acknowledge and respect the unknown, and we have to factor that into what we think, which are our assessments.
But I also think that while we need to be cautious, we also have to push the edges with our analysis, to take some intellectual risk and use our imagination, grounded in realism, but use our imagination, and be willing not to put a stake in the ground, but to reassess constantly as new information comes in.
I think that if we do these things, then we can fairly be said to have developed actionable intelligence for homeland defense and homeland security in the 21st century. Thank you. [Applause]
Questions and Answers
DR. SHULTZ: So we have 15 minutes for some questions, and I’ll follow the same approach we did before, maybe take three or four of them and then I’ll ask the panelists to comment. If you have a question that you want to direct to one of the speakers, I think that may be a useful approach so we could try that as well. Who wants to ask the first question?
__: I've got a question for the entire panel. The Director of Central Intelligence Directive 8/1 specifies that all IC members are supposed to implement policies, procedures, and process training to achieve the maximum degree of information exchange among IC agencies, customers and our foreign partners. The crux of my question is, what are you doing to increase information sharing specifically with Canada and Mexico in the aftermath of 9/11?
MR. NOLL: I’ll take a shot at the question about information sharing with Canada and Mexico. I think that people would be pleased to see how much information sharing goes on, in terms particularly of terrorist threats, with those two countries. In both countries, the national leaderships are highly motivated to defeat terrorism, highly motivated, and put considerable effort against it. The relationships we have in terms of bureaucratically for exchanging information are a little different with the two countries.
The relationship with Canada is far more mature, as you might expect. It reflects long-term alliances. In addition to being the J-2 of Northern Command, I'm also the J-2 of NORAD, which is a bi-national command. Our intelligence directorate has integrated Canadian intelligence officers, fully integrated in our operations. We have a very close relationship with Canada’s national defense headquarters and their J-2 organization. So the flow is very, very robust with Canada, and I think pretty good with Mexico.
So I don’t think information sharing with those two countries is a significant impediment.