Tomorrow’s edition of National Journal will feature this story, which has already been posted to the Web site. (Free to non-subscribers.)

Also, in light of recent press reports about cyber spies penetrating the U.S. electrical grid, I’m enclosing a link to a story we ran last year on the cover of the magazine: “Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States.”

Not that we need it, but here’s yet another reason to worry about havoc in financial markets: U.S. intelligence officials increasingly fear that computer hackers could wreck banks and large financial institutions, or send stock markets into one more panicked frenzy, by covertly manipulating data and spreading false information.

In interviews and speeches over the past few months, senior counterintelligence and security officials laid out some dire scenarios. They’re all predicated on a determined individual or small group fabricating information in such a way that the public sees a different picture of financial health than exists, either at a particular company or in broad markets.

For example, imagine a large brokerage finds itself suddenly saddled with huge losses because a disgruntled employee falsified information in the company’s accounting systems, thus ensuring that billions of dollars in losses never show up on the books. Or think about the tumult that would ensue if someone hacked into a stock exchange and changed individual share prices, unleashing a flood of buy and sell orders.

These kinds of nightmare events shape the thinking of the senior Bush administration officials in charge of protecting the nation’s computer infrastructure. They’re concerned that financial institutions, while aware of the risks posed by lax information security, haven’t taken bold enough steps to tighten up their own defenses and thus are imperiling a global system that is utterly dependent on accurate information.

The current crisis in mortgage-backed securities underscores the consequences of inaccurate information. Analysts often labeled those investments safe because they relied on outdated mortgage-default rates to assess the loans’ riskiness. Their flawed calculus was presumably unintentional.

But imagine the damage that intentionally feeding the market bad information could cause. “Let’s say instead of bringing down the systems at the New York Stock Exchange, you were able to corrupt the data in the exchange’s system,” Joel Brenner, the government’s top counterintelligence officer, posited in an interview with National Journal in May. “If that happened, the market would lose confidence in the prices. ‘Gee, I thought I bought a million shares at X, not X plus 10 cents.’ What would happen to trading? The clearing mechanism would grind to a halt at the end of the day.”

It may sound improbable, and Brenner stressed that the security on stock exchanges is “very, very good.” But he and other senior officials say that the financial system as a whole is not sufficiently protected. The economic damages from massive fraud, they note, could exceed those caused by an act of terrorism. And at a time when the global financial system is teetering on collapse, financial networks are becoming more interlinked and hackers are perfecting their techniques.

Officials don’t base their hypotheses on unfounded fears. Indeed, the world has already seen that one person, with a reasonable level of technical skill, can make whole economies shudder.

In January, Societe Generale, one of France’s largest financial services companies, discovered that a midlevel trader had made a series of complex and bogus futures transactions by hacking into the bank’s security and trading systems. Jerome Kerviel disabled an automatic-alert mechanism that should have flagged his reckless transactions. And he stole passwords that gave him access to accounting records, which he falsified to cover his tracks. He even constructed fake e-mails about fictitious trades to make his activities seem real. When the trader’s managers discovered Kerviel’s fraud, they spent a weekend trying to reconcile the trades in the open market. The bank’s losses totaled more than $7 billion.

“The unwinding of such a massive position put immense pressure on the futures market,” according to Eben Esterhuizen, an investment analyst who covered the story for The Panelist, a financial news blog. “Other traders saw the plunge in futures amid massive and mysterious selling … and they started selling everything else.”

U.S. markets were closed the following Monday, on January 21, for the Martin Luther King Jr. holiday. But world stock markets dipped dramatically. Kerviel’s fraudulent transactions had not yet been publicly revealed, so no one could point to a specific cause for the drop. To fend off a spreading panic, Federal Reserve Board Chairman Ben Bernanke cut the interest rate that the Fed charges banks for overnight loans by 0.75 percent. It was the Fed’s biggest ever emergency cut, and it was precipitated in large part by Kerviel’s massive disinformation campaign.

Rogue traders like Kerviel have caused big losses before, but never this big. In 1995, trader Nick Leeson brought down Britain’s Barings Bank by causing approximately $1 billion in losses. Leeson, however, worked in the area of the company that also oversaw his activities. Kerviel, on the other hand, was a back-office employee and technophile who learned how to circumvent Societe Generale’s computer systems.

The Kerviel case got the attention of senior security officials in the Bush administration. In a public address in September, Melissa Hathaway, who manages the cyber-security portfolio for the director of national intelligence, described it as a prime example of how an insider hacker can, with relative ease, shake the global economy.

Hathaway said that the case is one of several hacking incidents that have informed the policy behind the Bush White House’s national cyber-security initiative, an ambitious and largely classified plan that officials are rolling out in the administration’s final months. The insider threat ranked “first and foremost” among the so-called attack vectors that officials have reviewed, she said. The cyber-plan is aimed primarily at government networks, but Hathaway, like Brenner and other experts in government, has spent much of her time discussing unaddressed risks to private networks, particularly in the financial sector.

To get a sense of just how susceptible financial markets are to disinformation, consider how wildly stock prices fluctuate because of a rumor. Earlier this month, Apple’s share price tumbled by more than 10 percent moments after a post on a CNN website claimed that paramedics had rushed Steve Jobs, the company’s CEO, from his home after an apparent heart attack. The site solicits “user-generated content,” but CNN does not verify it. The poster claimed that an anonymous source with firsthand information had supplied the tip about Jobs, and the report seemed real enough to spark a panic. (Jobs had pancreatic cancer, and his health has been a constant source of worry for investors.)

The company quickly denied the report, and Apple’s stock rebounded, but not before dipping under $100 a share for the first time in nearly a year and a half. CNN removed the fake report from its site.

This wasn’t the first time that bad information has shaken the markets. In January 2006, an error in NASDAQ’s reporting system prompted several websites and online brokers to display incorrect price shifts on various stocks. The prices were correct, but the scale of price changes was not. Some stocks seemed to be up when they were really down, and some seemed to be falling when their share price was actually on the rise. In Japan, trading was halted, and investors found themselves unable to sell losing stocks or to buy up new ones at a discount.

“When you have this kind of problem, it calls into question the entire system,” Yakov Amihud, a finance professor at New York University’s Stern School of Business, told the Associated Press at the time. “As an investor, you question whether the liquidity in that market is there, whether you can buy or sell exactly when you want to. And maybe you decide to sell off your stocks if you don’t trust the system.”

These mishaps were also inadvertent. But for financial institutions, officials say, the lesson is clear: Companies must address the safety and soundness of their information systems in the face of all kinds of potential threats. “This is not happening. And this needs to happen,” says Tom Kellermann, who was the senior data-risk management specialist at the financial division of the World Bank Group and who now sits on a bipartisan commission writing a comprehensive cyber-security assessment for the next U.S. administration. The threat to financial networks has been a key area of concern for the commission.

“The reality is, we’ve been building our vaults out of wood in cyberspace for too long,” Kellermann says.

In our interview, Brennan discussed restructuring the intelligence community, renewing FISA and debating counterterrorism on the campaign trail. Edited excerpts follow. You can also access the transcript at National Journal’s Web site.

Q: Are we hearing a sufficient level of debate and distinction among the candidates of their various national security and counterterrorism positions?

Brennan: I think we are hearing some of that debate. And that debate is going to intensify as we get closer to the election.

There has been a fair amount of discussion, particularly on the terrorism front, about the different types of approaches. But I think it’s mainly at the strategic level.

The intelligence business is a very complicated one, and I think a lot of the nuances may be lost on people. It’s difficult in a presidential debate to really get into those intricacies.

I think there’s a real issue related to some of the approaches that the next administration will have toward some of those countries, in particular, that still pose national security challenges to us — for example, Iran, and whether or not there needs to be some initiative on the part of the United States to see whether there’s some way to bridge the gap, or whether we should maintain a confrontational posture toward Iran.

Senator Obama and Senator [Hillary Rodham] Clinton have expressed an interest in trying to reach out, even to our adversaries. There are differences between those two as to when the president should get engaged.

Q: As a counterterrorism professional, is there one path that you see as more productive?

Brennan: I think that what we need in our quiver are many different types of arrows. We certainly need to have a military arrow. We need to have an intelligence one. But we need to have a diplomatic one. We need to have foreign aid. There needs to be a comprehensive set of approaches. A lot of these issues, including counterterrorism, cannot be solved with kinetic force.

I am a strong proponent of trying to focus more of our efforts on the upstream phenomenon of terrorism. I make the analogy to pollution. We learned that pollutants kill us when they get into the water we drink or the fish we eat or the air we breathe. But I think we also learned that we have to go upstream to identify and eliminate those sources of pollution. Terrorism is a tactic, and we have to be more focused upstream. Since 9/11, understandably we’ve focused downstream, on those terrorists who might be in our midst or trying to kill us, the operators. I think there needs to be much more attention paid to those upstream factors and conditions that spawn terrorists.

We also have to have a full discussion about the appropriate techniques we’re going to use when individuals are captured or detained. But we have to be looking at what are those foreign policies, aid programs, international efforts that we need to be engaged in, that are going to try and stem the flow of those terrorists further upstream. I think a lot of our resources have been dedicated to that downstream phenomenon; I think the United States is a lot safer because we put in place the security filters to prevent terrorists from coming into our country. Now we have to look at the longer-term issues that are more difficult to deal with — why individuals are succumbing to a lot of the recruitment efforts on the part of terrorist groups.

Q: What is the appropriate government agency to handle that?

Brennan: This is an issue the government is grappling with. A lot of the issues right now fall between the Department of State and the Department of Defense and Commerce and others. I think as we deal with these transnational issues, we need to bring to bear those capabilities that exist in different agencies. The National Counterterrorism Center is a place that is trying to deal with the issue in a comprehensive fashion. They have a group there, the Strategic Operational Planning Group, which is trying to bring to bear the full instruments of U.S. national power, from the diplomatic front to the intelligence front to law enforcement and defense. I think we need to have more of these integrated efforts, because no single department can in fact address the issues.

Q: People like you have talked about the need to do this for some time. Why haven’t we seen this take hold as an ethos in government?

Brennan: There are a number of factors. One is, it’s really, really hard. It addresses legacy institutions and architectures and ways of doing business. In Washington, it’s difficult to rearrange how you do work. It would be overhauling, in many respects, the way we do government work. That requires legislation, a close interaction and coordination between the executive and legislative branches, and it also affects a lot of rice bowls.

Q: Then what will it take to finally push this through and make agencies feel compelled to change?

Brennan: It certainly isn’t something that should be done quickly or without appropriate thought. I’m an advocate of having a review of the U.S. governance structures that’s going to transcend administrations. It’s going to be something that people are going to get together and say, “What type of governance structures and changes need to take place so that we can deal with the challenges of 2015, 2020?” The Department of Defense went though the Goldwater-Nichols Act [which changed the military command structure], but I would argue reorganizing a department is easier than reorganizing how many agencies are going to interoperate. I think we still are struggling with that.

Q: Would it make sense then to make the Director of National Intelligence more like the FBI director, someone who’s not necessarily going to leave when the administration changes?

Brennan: I’m an advocate of having term appointments for the Director of National Intelligence. I think it makes sense. But the intelligence community is a subset of the broader national security establishment, which is a subset of the broader U.S. government. I would argue that the challenge for the next decade is how you’re going to ensure better interaction between the federal, state, and local elements, in terms of information sharing, knowledge, and expertise.

Q: In your estimation, where is the threat level of terrorism today versus where it was right after 9/11? How big is the threat domestically? How has it changed?

Brennan: There are two sides to that coin. Whenever you do a net assessment, you look at the threat and the vulnerability. Let me take the vulnerability side. A lot has happened in the past six years in terms of making the homeland a much less hospitable environment for terrorists to ply their trade. We should feel good that our borders are not as porous. There’s a much more substantial watch-listing effort. And a much better capability to detect terrorists and terrorist activity within our borders.

That said, on the threat side, while Al Qaeda, the organization, has been badly bloodied since 9/11, they still retain a potentially lethal capability. There has been a metastasis. Al Qaeda has manifested itself in a lot of different countries and communities, and it’s a movement that continues to be grown and fueled by a number of factors.

One, is, since the collapse of the Soviet Union, we no longer have this bipolar world where you had the United States and the Soviet Union competing with each other and proxies lining up behind them. We now have basically a unilateral world with the United States as the sole superpower from a military and economic standpoint. But also, we’ve seen the fading away of a lot of competing ideologies: socialism, Baathism, Nasserism, communism and others. They have been discredited. You have in some respects Western capitalism on one side, and on the other side, maybe those religiously-driven forms of extremism. Islamic extremism has filled the void where in the past there were alternatives in terms of competing ideologies. We don’t have the same number of “-isms” out there. And so I think this [Islamic extremism] is going to continue to garner support and recruits in different parts of the world.

Q: Compare our ability to counter ideologies versus our tactical capabilities to collect more intelligence, to share it, to do more sophisticated things with it.

Brennan: I think unfortunately we have been way behind the curve as far as the public relations campaign — making sure the image of the United States is seen in a more positive light. When I first went to the Middle East, I studied in Cairo in 1975, and the U.S. was viewed as the sponsor and supporter of Israel. But when I was in Egypt, I was regularly befriended by people, because Americans were still looked upon in a very positive way. Unfortunately, the U.S. image now is not the same as it was several decades ago. The Iraq situation, unfortunately, was viewed as military adventurism on the part of the United States. We need to repair that image. We need to make sure we convey to the world the types of things the United States is committed to. That is very difficult. Focusing on the downstream effort is, in some respects, easier because it’s more tangible. You can go after those high-value targets; you can go after those training camps.

Q: In the 2004 campaign, it seemed you had on one hand President Bush talking about downstream efforts, and then John Kerry articulating something more like the public diplomacy approach. It became a partisan division: that if you were for public diplomacy, you were weaker and identified with Democrats, and if you were on the Republican side, then you were with the president and fighting the fight. It seems not that pronounced this time, and that the candidates are talking more about combating ideologies. Is there still a divide between hard war and soft war?

Brennan: I think there is a divide. Obama is a good example in terms of the different approaches between the parties. In the articulation of the public effort, there needs to be the companion discussion about the need to act forcefully to ensure that U.S. lives and property are protected. I think some of the statement you see coming out from the Democratic side is to reassure the American public that although public diplomacy is going to be a major part of that foreign policy approach, it’s not going to be at the expense of ensuring that we’re going to be able to utilize military and other measures to take action against the threats.

Q: Assess the debate in Congress and with the administration over reforming the Foreign Intelligence Surveillance Act. [Democratic lawmakers allowed the temporary extension of that law, the Protect America Act, to expire, over the vehement objections of the White House.] Why has it come to this point where politics has arguably pulled things off the rails?

Brennan: There is this great debate over whether or not the telecom companies should in fact be given immunity for their agreement to provide support and cooperate with the government after 9/11. I do believe strongly that they should be granted that immunity, because they were told to do so by the appropriate authorities that were operating in a legal context, and so I think that’s important. And I know people are concerned about that, but I do believe that’s the right thing to do. I do believe the Senate version of the FISA bill addresses the issues appropriately. [Director of National Intelligence] Mike McConnell, I think, did a very good job trying to articulate the distinctions between the old FISA law, the FISA understanding under the Protect America Act, and then the House and Senate versions.

There are many types of scenarios for signals [for example, telephone calls and e-mails] to be accessed. But whenever this happens, there needs to be some substantive predicate, a probable cause, that someone is being targeted appropriately. There is an important issue about timeliness. And even though you can go through the FISA process, particularly when you’re dealing with terrorism issues, there needs to be an understanding that intelligence agencies can move quickly if certain predicates are met. We shouldn’t be held hostage to a complicated, globalized [information technology] structure that puts up obstacles to that timely collection. I think there are some very, very sensible people on both sides of the partisan divide trying to make this happen. And it’s unfortunate that it’s become embroiled now in a partisan debate in some quarters. But I think that’s expected in any election year, especially one like this.

Q: So how do we get to the point where the public has reasonable assurances that what an intelligence agency does to determine probable cause, or that predicate, is based on sound technique?

Brennan: Maybe there needs to be a system of executive, legislative and judicial representatives who are going to oversee and ensure that this moves along the right path. It really takes those three legs of government to make sure there aren’t advertent or inadvertent abuses.

You can have FISA judges and representatives from Congress, not to routinely review those individual requests [for surveillance], but the process, the criteria, and to make sure it’s being followed in a strict fashion.

Q: You know that one big debate about FISA is the question of balancing security and privacy and civil liberties. Speaking as someone who has spent your life in counterterrorism, what do the terms “privacy” and “civil liberties” mean to you, and what is that balance?

Brennan: First of all, privacy and civil liberties mean so many different things to different people. There are people on one end of the spectrum that don’t want to have any government interference or insight into what you’re doing.

To me, I think the government does have the right and the obligation to ensure the security and safety of its citizens. If there is probable cause, reasonable suspicion, about the involvement of a U.S. person in something, the government needs to have the ability to understand what the nature of that involvement is. The threshold for that type of government access can be high or can be low, and it needs to be somewhere in the middle.

It really gets back to that issue of what is the substantive predicate. … If we know there’s a terrorist overseas that has been involved in activities, but he’s also an import-export dealer, and he reaches out to Shane Harris because you happen to be an importer of stuff — you’re a U.S. citizen — and we can see there’s contact going on there, well, is that sufficient to give us reasonable suspicion that Shane Harris is involved in something? And Shane Harris happens to be in touch with somebody in his neighborhood that has a past record in engagement in some type of things. So there is going to be a judgment call here.

And what I think is important is that there needs to be an airing of this issue, public hearings that Congress can hold. You can’t explain the issue in such rich detail that you can say exactly where that line is going to be drawn. But there needs to be an articulation of those triggers that the American people overall feel, yes, that’s the right thing for the government to do.

You don’t want to just troll and with a large net just pull up everything. There are technologies available to pulse the data set and pull back only that which has some type of correlation to your predicate.

Q: Is this the difference between the government controlling information, locking it down, and having controlled access to certain data sets which do exist?

Brennan: Right. And I would argue for the latter. Private sector companies can do things the government is unable to do, for marketing to their clients. I would argue the government needs to have access to only those nuggets of information that have some kind of predicate. That way the government can touch it and pull back only that which is related. It’s like a magnet, set to a certain calibration. That’s what I think we need to go to.

In the immediate aftermath of 9/11, the threshold, quite frankly, was low, because we didn’t know the nature of the threat we faced here in the U.S. Every effort was made by the government to try to get as much understanding and visibility into what else might be out there that’s going to hurt us again. Now that a number of years have passed, we need to make sure the calibration is important. But maybe in a period of heightened threat you have to recalibrate that based on new information you have — new intelligence that’s going to give you a better sense of where to aim your magnet.

These are things that need to be discussed openly — not to the point of revealing sources and methods and giving the potential terrorists out there insight into our capability — but to make sure there is a general understanding and consensus that these initiatives, collections, capabilities, and techniques comport with American values and are appropriately adjusted to deal with the threat we face.

Q: How does the next president go about doing that?

Brennan: It’s going to be a real tough job. Even though people may criticize what has happened during the two Bush administrations, there has been a fair amount of continuity. A new administration, be it Republican or Democrat — you’re going to have a fairly significant change of people involved at the senior-most levels. And I would argue for continuity in those early stages.

You don’t want to whipsaw the [intelligence] community. You don’t want to presume knowledge about how things fit together and why things are being done the way they are being done. And you have to understand the implication, then, of making any major changes or redirecting things. I’m hoping there will be a number of professionals coming in who have an understanding of the evolution of the capabilities in the community over the past six years, because there is a method to how things have changed and adapted. My advice, to whoever is coming in, is they need to spend some time learning, understanding what’s out there, inventorying those things, and identifying those key issues or priorities that they have — FISA or something else. They need to make sure they do their homework, and it’s not just going to be knee-jerk responses.

Q: In other words, don’t come in and do a housecleaning?

Brennan: Right — not just in terms of people, but also programs. You don’t want to create upheaval, because it will create a disruption in the system. There are still a lot people who say we have to implement all of the recommendations of the 9/11 Commission. I have problems with some of those, because they’re not really anchored in reality. Sometimes a superficial understanding of a problem leads one to making superficial decisions.

Q: It seems unlikely that any of the leading candidates would come in and dismantle things. They’re fairly savvy to the kinds of things you’re talking about. Is that the case, or is there still a risk there will be a political calculation, in that the next president will need to make a demonstrable effort to wipe the slate?

Brennan: I don’t think anybody’s going to come in and just make wholesale changes. But there’s going to be a learning curve… at a time when you’re still faced with national security challenges. So they have to be learning as they go, but at the same time managing all these issues and making sure they don’t drop any balls at all. It’s going to be challenging, and I wouldn’t be surprised if some of America’s enemies didn’t see if they could take advantage of that transition, and to see whether or not they can do things that are going to be confrontational and provocative to test the new administration.

Published in National Journal.