Intelligence Estimate: No new news…but one intriguing message

There are no real surprises in the unclassified “key judgments” of a new National Intelligence Estimate on terrorism, out this morning. Most of the important assessments of the 16 intelligence agencies have already leaked out or were highlighted in other forums by senior officials in recent months.

We judge the US Homeland will face a persistent and evolving terrorist threat over the next three years. The main threat comes from Islamic terrorist groups and cells, especially alQaida, driven by their undiminished intent to attack the Homeland and a continued effort by these terrorist groups to adapt and improve their capabilities.

Again, no surprises. The estimate does point out, echoing testimony by the country’s top intelligence analyst last week, that Al Qaeda has “protected or regenerated key elements of hits Homeland attack capability, including: a safehaven in the Pakistan Federally Administered Tribal Areas (FATA)…”

In all, the one-and-a-half pages of unclassified nuggets aren’t any more specific than what intelligence officials have put out for public consumption in the past year.

But there was one tantalizing bit at the end. The estimate seemed to say that the intelligence agencies need to better position themselves to counter the Internet as a tool for terrorism. In a section devoted to “technological advances” (read: the Internet, communications technologies, etc.) that continue to let “even small numbers of alienated people find and connect with one another, the authors drop this paragraph:

The ability to detect broader and more diverse terrorist plotting in this environment
will challenge current US defensive efforts and the tools we use to detect and disrupt
plots. It will also require greater understanding of how suspect activities at the local
level relate to strategic threat information and how best to identify indicators of
terrorist activity in the midst of legitimate interactions.

Let me read between the lines here a bit. “The ability to detect broader and more diverse terrorist plotting in this environment…” Here, they’re talking about picking up on the signals of an attack–online chatter, rhetoric on jihadi Web sites, but also message traffic, probably money transfers. We’ve known for a long time that the intelligence agencies focus on the Web and online transactions to detect terrorist patterns.

But to the second point, this “will challenge current US defensive efforts and the tools we use to detect and disrupt plots;” that strikes me as a pretty candid admission. It’s not like the intelligence agencies are saying, “We can’t detect plotting on the Internet,” but they’re clearly pointing out this is an area of concern, and one that’s going to keep putting counterterrorism specialists through their paces.

In light of this challenge, the agencies will need “greater understanding of how suspect activities at the local level relate to strategic threat information.” This strikes me as a clear reference to the use of fusion centers, which are supposed to marry local intelligence with the global threat picture. This could be seen as a shot at the Homeland Security Department. Theoretically, it’s DHS‘ job to put those two pieces together–local and global–but it has never really worked out that way. Most of this integration goes on at the National Counterterrorism Center, and the intelligence agencies hold sway there. The fusion centers themselves, while nominally under DHS‘ purview, are, in my experience, FBI-led affairs, with strong ties to the Office of the Director of National Intelligence. It’s not clear whether this part of the estimate could be read as a move to underscore that this intelligence fusion is really the intelligence community’s job, or as a signal to DHS that they need to step into this role more forcefully. I have to conclude, though, based on my reporting, that it’s the former. This is a clear signal that the intelligence community sees fusion centers, and in the integration of local, national, and global threat reporting, as a vital part of domestic security.

Finally, the estimate says the intelligence agencies must understand “how best to identify indicators of terrorist activity in the midst of legitimate interactions.” That’s the false-positive, false-negative challenge in a nut shell. How do you scan all this activity–whether online or in the physical world–and determine what is and isn’t suspicious? This is an area of particular interest for me, and I’ve been writing about it for years. I think it’s most interesting that, in an NIE devoted to terrorist threats to the Untied States, officials chose to point out this challenge. Clearly, it weighs heavily on their minds.