Additional Areas For Reform

Analytical Integrity. The “tradecraft” of intelligence analysis is mostly a col- lection of lessons learned over decades about what works and does not work in a profession whose high-stakes work is performed by thousands but that also bears little outside scrutiny and provides few metrics by which to gauge success or failure on a regular basis. These lessons have accumulated from:

The perceived misuse of intelligence by consumers as was the case with respect to war-related assessments in the Johnson and Bush Administrations; Failures such as the failures to warn of the collapse of the Soviet Union and the specific threat of 9/11; Successes in piecing together tactical and often technical puzzles such as estimates of Iranian nuclear program maturation; and Strategic victories such as anticipating critical geopolitical developments that have been years in the making.

NCSC has added value in such areas as fusing cross-community intelligence for terrorism watchlisting purposes and improving information sharing while carrying roughly half of the overall cadre for the ODNI. An incoming Administration should focus NCTC on integrative tasks, many of which cannot be carried out elsewhere in the IC, but should not use personnel and resources for redundant analyses that duplicate the work of such other IC entities as the FBI and CIA.

Historically, this tradecraft has been passed on in the form of unwritten rules learned on the job and in agency-specific training classes, but increasingly since the intelligence reforms of 2004, they have been codified IC-wide under the direction of the Deputy Director of National Intelligence for Mission Integration. A RAND study of U.S. intelligence tradecraft notes that the “vast majority of intelligence analysts reside outside the Central Intelligence Agency and do work that is tactical, operational, and current.”35 The study goes on to note that the Defense Intelligence Agency (DIA) has as many analysts as the CIA has and that the National Security Agency (NSA) has several times as many analysts, as does the National Geospatial-Intelligence Agency (NGA), indicating both the breadth of the IC’s technical collection and its emphasis both on developing analysts who can interpret secret human or technical intelligence in quick-turnaround pieces and on countering tactical, asymmetric threats like terrorism.

During the Cold War, however, there was a more balanced analytic focus with greater emphasis on strategic intelligence issues as a means of outcompeting the Soviet Union. This kind of analysis deals not only in secrets, but also in myster- ies—making well-founded but ultimately unknowable predictions about future actions by a competitor or adversary. The tradecraft necessary to succeed in stra- tegic analysis requires substantive regional and topical expertise developed over the years to supplement experience in the daily collection and understanding of secrets. Institutionally, it also requires that agencies’ analytic processes be open to discussion, debate, and dissent because analysts must work together to describe a probable range of future outcomes and warn about unproven current threats rather than using the collection to solve a single puzzle with a defin- itive answer.

Regarding its mission to follow longer-term issues, the IC is falling short in resourcing and in openness to dissenting opinions, which (if taken seriously) can help responsible officials respond more effectively to threats and threat actors. The IC Analytic Ombudsman has expressed concern that hyperpartisanship “has threatened to undermine the foundations of our Republic, penetrating even into the Intelligence Community.”36

For example, the Ombudsman noted in a report on the IC’s handling of elec- tion-threat analysis in 2020 that, in his view, CIA officials had deliberately downplayed dissenting views and coordination comments expressed by experts at the National Intelligence Council and elsewhere who felt there was evidence of Beijing’s intent to exert at least some influence on the 2020 election as opposed to the consensus view that Beijing did not interfere in U.S. elections. Senior CIA analysts and leaders made it “difficult to have a healthy analytic conversation in a confrontational environment” while violating multiple official IC tradecraft standards. By not allowing dissents or considering alternatives, the CIA exercised “undue influence on intelligence.”37 Subsequent exposure of China-linked online influence and the FBI’s warnings about continued efforts through the 2022 mid- terms highlight the folly of undue certainty without consideration of alternatives. On election influence and other controversial issues, such as the origin of COVID-19, analysts at the most powerful intelligence agencies have increasingly tended to use the leeway they have been given to insert their political views into their work in order to influence (if possibly even control) the analytic process. They do this in ways that attempt to squash dissent and impair the creation of a culture in which entrenched views are challenged and unpopular analytical lines can sur- vive or not according to their merits.

To help the United States and its leaders to outcompete China across mul- tifaceted societal, economic, military, and technological threats, the IC’s capability to conduct strategic intelligence analysis that is relevant to policymak- ers in both parties must be rebuilt and strengthened. Because Beijing may be a peer or even exceed U.S. capabilities in some areas, the post-9/11 analytic focus on quick-turnaround secrets is not good enough. Strategic planning—informed by intelligence—must take place for the United States to stay ahead of whatever new threats China may pose.

An incoming conservative President will have the opportunity to signal the demand for such strategic products and prioritize their production through communications to intelligence leaders and formal mechanisms such as shifting priorities within the National Intelligence Priority Framework and structuring the President’s Daily Brief. The incoming DNI should also emphasize implementing the recommendations in the Ombudsman’s report, especially regarding objectiv- ity, the inclusion of dissenting viewpoints, and more serious efforts to hold senior leaders accountable for backchannel attempts to change or suppress analytic views. Accounting for the long history of intelligence failures and surprises, an incom- ing conservative President must appreciate the ambiguity, complexity, limits, and assumptions inherent in intelligence assessments. Intelligence often deals with the human dimension in complex decision systems within a foreign country or organi- zation, and this makes consistently accurate predictions difficult if not impossible to develop. Seeing something and understanding what you are seeing are two dif- ferent things, so a President should consistently and patiently press the IC about its potential biases, assumptions, methodology, and sourcing. With regard to election-threat analysis and politically controversial topics, agency leaders should take seriously the Ombudsman’s admonition that we need to maintain tradecraft standards across all countries and topics by ensuring that equitable standards apply across all foreign threat actors. Analysis should be put forward without regard to the domestic political ramifications of intelligence conclusions.

“Obligation to Share” and Real-Time Auditing Capability. The fed- eral government has made admirable progress in recent years by being more

forward-leaning in sharing cyber threat intelligence with private-sector partners and the public, emphasizing that the protective nature of such information is of value only if put into the right hands at the right time. Since critical infrastructure and services are overwhelmingly owned, managed, and defended by the private sector in the United States, there has been an increasing emphasis on declassify- ing intelligence and sharing actionable information with private-sector partners, often through industry-specific Information Sharing and Analysis Centers (ISACs); regional meetings of government and private-sector experts called InfraGard, run by the FBI; direct public notification from the Department of Homeland Security, the FBI, and (increasingly) the NSA; and more discreet one-on-one engagements led by the collecting agencies.

These programs properly recognize the private sector’s role in providing cyber- security for Americans; in practice, however, the intelligence shared by the U.S. government through these venues is too often already known or no longer relevant by the time it makes its way through the downgrade process for sharing. In addition, government-shared information often needs to take advantage of the opportunity to provide contexts, such as attribution, trends, and size of the observed cyber problem. As warranted, additional context should be provided to the private sector as a matter of routine.

To continue improving the U.S. government’s ability to defend the country’s most vital networks, the IC must adopt an “obligation to share” policy process, including the capacity for “write to release” intelligence products whereby newly discovered technical indicators, targeting, and other intelligence relevant to cyber defense are automatically provided either to the public or to targeted entities within 48 hours of their collection—which is how counterterrorism intel- ligence has been managed for years when it comes to a “duty to warn.” Under this policy, agency heads should still have the flexibility to withhold intelligence for operational or counterintelligence reasons but would need to report regularly to Congress on the number of and justification for exceptions. This policy would make sharing intelligence and defending networks the default, as it already is in the rest of the cybersecurity community outside the IC, to improve the quantity, relevance, and timeliness of defensive information while ensuring accountability for top leaders when they must withhold this information. One of the most significant challenges within the IC is presented by the need to share information promptly among the 18 elements of the intelligence enterprise. The only long-term solution to the understandable tension between the need to share information and the need to protect intelligence sources and methods is a robust real-time auditing capability that electronically flags unauthorized access. Under an identity management system with real-time audit, even the most sensi- tive information acquired by America’s intelligence agencies can be shared, and the access to and use of that information are appropriately monitored. Establishing a real-time auditing capability is essential to decreasing the risk for the heads of intelligence agencies in meeting their statutory requirements to ensure that they protect sources and methods associated with the classified information their agen- cies collect.

Overclassification. There is broad consensus across the U.S. government and among stakeholders that the system for classifying, declassifying, and otherwise marking and handling sensitive information is at a crossroads. Exorbitant amounts of classified data are created daily, and agency personnel often mistakenly choose classification as the default selection to ensure national security. At the same time, the effectiveness of downgraded and carefully declassified information to support foreign policy efforts has been borne out in, for example, alerting the broader world of Russia’s buildup and likely plans for its invasion of Ukraine. Two executive orders principally govern how the U.S. government handles clas- sified and sensitive information.

Executive Order 13526, “Classified National Security Information,” issued in 2009,38 prescribes the classification levels and procedures for declassification.

The current system for declassifying classified national security information (CNSI) is extraordinarily analog, requiring experts’ review of individual records. Declassification policies are based on human review of paper and need to con- template and handle the proliferation and volume of digital records created by agencies. The U.S. government will soon reach the point at which manual review is impossible. The declassification of CNSI should support key U.S. national security objectives, reflect mission priorities, and not serve solely as a necessary procedural function. Reforms should include:

Tighter definitions and greater specificity for categories of information requiring protection. More stringent policies to effect significant reductions in the number of Original Classification Authorities (OCAs). Stricter accountability measures at the OCA level and more detailed security classification guides.

Executive Order 13556, “Controlled Unclassified Information,” issued in 2010,39 aimed to establish a uniform program for managing all unclassified information that requires safeguarding or dissemination controls.

lEnhanced metrics for accuracy of classification. lA general simplification of the overall system for the benefit of users. On the back end, an ODNI-run declassification process that is faster, nimbler, default-to-automated, and larger-scale should be a priority. Additionally, investments in IT are required to deal with the growing volumes of CNSI collected and produced in the digital age, along with many years’ worth of existing analog and digital holdings that could provide valuable historical insights. An incoming Administration needs to explore options to prioritize funding for innovation in declassification management: for example, by establishing a budget line item specifically for the modernization of declassification or designating fund- ing for program classification management as a special-interest item. The Administration will also need to transition to using technology, including tools and services for managing Big Data (which provide a robust electronic record repository, making information within and across agencies easier to organize and locate and facilitating more rapid review and release capabilities for records of emerging interest); artificial intelligence/machine learning (which, when incor- porated into existing business practices, enables machine interpretation of unstructured text and data, applies decision support technology to enable more consistent classification decisions, and expedites reviews between agencies); and expansion of Commercial Cloud services (which facilitate the rapid testing and deployment of new tools and technologies).

However, technology is not a panacea; human expertise in information holdings and routine validation of the technology will always be necessary. With or with- out machine assistance, agencies will require more people and more varied skill sets to improve their ability to meet the electronic records era’s classification and declassification demands and serve an incoming Administration’s goals.