The cultural shift stemming from a “need-to-know” to a “need-to-share” atmosphere in the intelligence community in the wake of 9/11 has been necessary to operate in today’s complex environment, experts and former national security officials say, but elements of the system may need an overhaul to tackle the increased insider threat problem.
“You can clearly equate today’s vulnerabilities with the response to the criticisms of 9/11. You can,” former CIA and NSA director General Michael Hayden said. “On the other hand, nobody required us to increase information sharing and do it stupidly. And so there is a certain element there — the direction was correct, but maybe more care should have been taken.”
As the center line moves away from need-to-know in the direction of responsibility to share, Hayden said, the IC inevitably opens “more and more of what used to be watertight doors.” And when that happens, the “massive disruption, destructive leak — that just becomes more likely.”
“It is going to happen. Period,” Hayden said.
The concern over the insider threat from an employee who holds a security clearance and has access to classified, sensitive information, is a significant challenge in a need to share environment, particularly in light of issues ranging from privacy and civil liberties to national security concerns. But retrenching to the previous system after the pivot following the criticism over the failure of the various intelligence agencies to “connect the dots” before 9/11, that is share information that might have prevented the attacks, is not a viable solution, observers told The Cipher Brief.
“The idea of information sharing is probably the hardest nut to crack in the intelligence community,” Spike Bowman, formerly deputy general counsel for national security law at the FBI and deputy of the National Counterintelligence Executive, said. “Everybody knows it has to be done. Since 9/11, it’s been a guidepost for the whole community. But it’s very hard.”
The move from an overarching “need-to-know” approach, where ideally only people with the appropriate clearances and the need-to-know to do their jobs receive sensitive information, to one where information is more widely shared so clues from different agencies are better integrated by analysts, has proven to be a difficult challenge.
Bowman points out that given the different needs of various intelligence agencies — take, for example, the idea that the CIA may want a particular piece of evidence for the purpose of gaining or exploiting foreign intelligence, while the FBI’s requirement for that same bit of information may be to preserve it in order to prosecute if necessary — there is potential for strife as an agency makes it claim. “It’s an ongoing process, an ongoing effort in order to try to get to the right conclusion,” Bowman said.
As a former senior national security official noted, “Do we need to retrench from the direction pushed post-9/11? I personally don’t think so, but that doesn’t mean we need to not be more thoughtful in how it’s implemented.”
There’s the ongoing debate over whether Defense Department and Intelligence Community (IC) contractors have too much access to information, particularly in light of the removal of NSA data by Booz Allen Hamilton contractors Edward Snowden and Harold Martin. Hayden argues this is not an issue about blue badge holders — government IC employees — versus green-badged contractors.
“I don’t make this a green vs. blue. Although the last couple of leakers were green, Aldrich Ames was blue, Robert Hanssen was blue,” Hayden said. “And, by the way, Booz Allen doesn’t clear anybody. The clearance is always done by the government.”
The information sharing is productive, but it unquestionably “has a dark side,” Hayden said. One way to potentially manage it better, he suggested, is for the IC to emphasize continuous monitoring rather than entry-level monitoring.
“We may have the clearance system wrong,” Hayden said.
The system is currently “anchored at the front door,” Hayden said, with the polygraph screening exam, the SF86 questionnaire form, and the extensive wait as individuals’ personal lives are investigated. “It is, frankly, very off-putting and very invasive, and then they let you in the front door and let you wander through the playground for seven years before they check again,” he said
“I’d offer the view, maybe the Edward Snowden who showed up in Hong Kong wasn’t the Edward Snowden who took the polygraph, if you know what I mean. He changed during the period. So maybe the deal is a little less emphasis on that massive hurdle at the front, and more active continuous monitoring once you’re in,” Hayden said. “Given the nature of the modern world and data available on everybody, that actually might prove more effective than what we’re doing now.”
Elizabeth Goitein, who co-directs the Brennan Center for Justice's Liberty and National Security Program, said a key problem stems from so much information being needlessly classified — “then everyone and their mother needs a clearance to do their job.”
“You end up with 4.5 million people having security clearances, which is about what we have right now, which is not a good recipe for keeping secrets,” she said. “That’s one way in which reducing over-classification would actually lead to a more effective and intelligent way of sharing threat information.”
The shift in the information sharing landscape raises significant concerns over privacy and civil liberties. After 9/11, it was clear that “there was key information that wasn’t shared, but the barriers to sharing had to do with bureaucratic infighting, cultural issues, and also over-classification,” Goitein added. The 9/11 Commission investigating the attacks found departments and agencies held information close to the vest. For instance, the CIA and FBI did not share key information about the 9/11 attackers.
Goitein doesn’t think the solution to the problem is necessarily working. “It was really just developing a firehose of information and making sure that you sprayed it around to all of the government agencies,” she said. “I don’t think it’s been much of a solution.”
IC efforts since 9/11 have been largely focused on “expanding the kind of information that could be shared to include what was not necessarily threat information,” she said, and it can lead to a serious privacy issue when an agency collects personal information for one purpose but then shares it with another agency for another specified use and purpose that it wasn’t authorized for.
Although information sharing is certainly a cause for concern when considering insider threats, the increased risk in today’s environment is also due to more digitization, the former senior national security official noted. “It’s not all about sharing — if huge quantities are now digitized, you can have a huge exposure without sharing,” he said. Take Snowden, for instance, who was an IT expert with the ability to access enormous amounts of data.
“I don’t think of it as linearly as a pendulum that needs to be pushed back, but the security risk of thinking about that is real,” the official said. “We have a much more complex threat environment. We really do need to connect the dots more than ever before, and we have the tools and analysis to do that.”
There are no “personnel or bureaucratic or technical controls in an age of digitization or information sharing that can reduce the insider threat to de minimis,” he said. “Getting people to buy in, that needs to be the big picture. Securing our way out of this won’t get us there.”
The experts and former officials The Cipher Brief spoke with say moving away from the information sharing culture promoted post-9/11 isn’t on the table given today’s world. But they believe there are clear issues that need to be dealt with by the IC.
“Do we need to retrench from the direction pushed post-9/11? I personally don’t think so, but that doesn’t mean we need to not be more thoughtful in how it’s implemented,” the former senior national security official said.
Mackenzie Weinger is a national security reporter at The Cipher Brief. Follow her on Twitter @mweinger.
Follow @TheCipherBrief on Twitter for exclusive #InsiderThreat coverage.
