Return to the USDOJ/OIG Home Page
Return to the Table of Contents

The Federal Bureau of Investigation's Efforts to Improve the Sharing of Intelligence and Other Information

Report No. 04-10
December 2003
Office of the Inspector General


REDACTED AND UNCLASSIFIED

Executive Summary

       The Federal Bureau of Investigation (FBI) has established as its highest priority the prevention of terrorist attacks on the United States.  The accomplishment of this critical national security mission requires the FBI to collect, analyze, and appropriately disseminate intelligence and other information needed to disrupt or defeat terrorist activities.  However, in the past, Congressional inquiries concerning the September 11, 2001, terrorist attacks on the United States, reports of commissions examining terrorism before and since September 11, and Office of the Inspector General (OIG) reports have suggested various weaknesses in the FBI’s ability to effectively carry out the vital intelligence component of its counterterrorism program.1

        As a result, the OIG initiated this audit to review the FBI’s progress in addressing deficiencies in the FBI’s intelligence-sharing capabilities that the FBI, Congress, the OIG, and others identified subsequent to the September 11 terrorist attacks.  Our audit focused specifically on the FBI’s: 1) identification of impediments to the sharing of counterterrorism-related intelligence and other information; 2) improvement of its ability to share intelligence and other information both within the FBI and to the intelligence community and state and local law enforcement agencies; and 3) dissemination of useful threat and intelligence information to other intelligence and law enforcement agencies.  The focus of this audit was to identify and evaluate corrective actions taken by the FBI to improve the sharing of intelligence information.  The audit does not directly assess the viewpoints of the broader intelligence community or state and local law enforcement agencies to avoid overlap with related work on governmentwide information sharing recently conducted by the U.S. General Accounting Office (GAO).

Introduction

        The terrorist attacks of September 11, 2001, revealed severe deficiencies in the FBI’s intelligence analysis and information-sharing capabilities and processes.  During the OIG’s September 2002 audit of the FBI’s counterterrorism program, some FBI managers described the FBI’s intelligence analysis capability as “broken.”  Others on terrorism-related commissions and in Congress have suggested that the FBI’s intelligence capability was more than broken; it had been virtually nonexistent.

        The FBI’s historic expertise has been in crime-fighting and in building cases for prosecution of criminals.  Refocusing the FBI to preventing terrorist acts and developing the sets of skills required to collect, analyze, and disseminate intelligence strategically as well as tactically has required a change in the FBI’s culture that has not been easy or quick.

        FBI Director Robert Mueller took office one week before the September 2001 terrorist attacks and was immediately confronted with the need to change the focus of the FBI, and address various management problems at the FBI.  He established as the FBI’s highest priority the prevention of terrorist attacks and set about restructuring the Counterterrorism Division (CTD) to improve analysis and to foster the internal sharing of information.  The Director also addressed the FBI’s lack of a full, professional intelligence capability by bringing on board through temporary assignments seasoned Central Intelligence Agency (CIA) managers and analysts to help address the FBI’s deficiencies in intelligence analysis and dissemination.  Recognizing that the FBI’s information technology (IT) systems were severely antiquated, the Director also hired professional IT managers from outside the FBI to develop more modern computer systems.

Impediments

        The FBI has faced a number of impediments in its efforts to transform itself into a law enforcement agency with a robust intelligence capability to help prevent future terrorist attacks.  An inherent part of this reinvention is the ability to securely share intelligence and other information.  During the course of our audit work, we asked FBI CTD managers about the problems they have encountered in sharing intelligence and other information both within the FBI and also to and from the intelligence community and state and local law enforcement agencies.  FBI counterterrorism managers universally cited the FBI’s IT limitations – particularly the existing Automated Case File (ACS) system – as the predominant impediment to the effective dissemination of intelligence and other information.  Not only is the ACS system outmoded and a poor tool for disseminating information, but because of security vulnerabilities ACS cannot be used to transmit Top Secret (TS) or Sensitive Compartmented Information (SCI).  Since much intelligence is TS or SCI, ACS was restricted to Secret level information or below and could not communicate with other agencies’ systems.  The other major impediment cited was the FBI’s problems with being able to pull information together from a variety of sources, analyze the information, and disseminate it.  In other words, the FBI lacked the ability to “connect the dots” or create a mosaic of information.  Along with the FBI’s analytical weakness was the lack of a capability to prepare a strategic threat assessment or “big picture” intelligence estimate.

        In addition to IT and analytical impediments, FBI counterterrorism managers outlined a number of day-to-day information-sharing problems.  For example, incoming cables or other information from the intelligence community were not always disseminated, or not disseminated timely, to the individuals or units that needed to act on the information.  Such misdirected information could occur if the addressee had transferred jobs or the specific and correct unit was not designated.  Internal communications through Electronic Communications (EC) were a problem because ECs required layers of review and approval as they made their way through the organization.  In addition, although state and local law enforcement have publicly complained that the FBI was not sharing information, some state and local officials would not apply for the security clearances required for access to the information.  Further, if the FBI was not the originator of the information, the intelligence agency providing the information needed to approve dissemination beyond the FBI.  Passing information beyond the originating office also required the “scrubbing” of more sensitive aspects, such as the sources and methods used to acquire the information, to avoid potential compromise.

        FBI managers stated that to accompany the organizational changes and the focus on improving information-sharing processes, the FBI has not yet established policies and procedures that delineate the appropriate processes to be used to share information and intelligence, either internally or externally.  For example, when we requested a flow chart for the processing of intelligence or other information received by FBI headquarters, none was available, and the FBI instead prepared a narrative description to meet our request.  Further, the FBI has no formal policy or directive on what information should be disseminated to state and local law enforcement and under what circumstances.  Without formal policies on information sharing, FBI managers and staff lack criteria and guidance by which to ensure that appropriate information is disseminated to the appropriate parties either within or outside the FBI.  However, the FBI recently created Concepts of Operations that serve as a framework for improving key aspects of its intelligence program, including information sharing, and intends to develop the policies and procedures required to implement the plan.

Improvements

        We found that based on their own reviews – and undoubtedly as a result of Congressional investigations and hearings on the FBI’s counterterrorism program – FBI managers were aware of the obstacles the FBI faces in improving its ability to process and disseminate intelligence and other information from multiple sources.  Although most of the FBI’s efforts to improve information and intelligence sharing are ongoing, we found that fundamental reform has begun.  Specifically, the FBI has taken the following actions to improve its ability to communicate information within the FBI, analyze intelligence, and disseminate information outside the FBI.

  • Established the wide area network portion of Trilogy in preparation for IT improvements such as the Virtual Case File to replace ACS later this calendar year.
  • Worked on a pilot of a TS/SCI network that has wired the CTD for access to higher-level classified intelligence information.
  • Continued its longstanding exchange of managers with the CIA, including FBI personnel assigned to the CIA’s Counterterrorist Center and CIA personnel assigned to FBI CTD sections.
  • Temporarily borrowed 25 analysts from the CIA to establish an interim corps of intelligence analysts and, under the direction of an experienced CIA manager, began hiring and training FBI Intelligence Reports Officers and analysts within a defined career track.
  • Revamped the FBI analyst corps to establish a professional career track and a training program for Intelligence Analysts, Reports Officers, and Operations Specialists.
  • Named an Executive Assistant Director and a Deputy Assistant Director for a newly formed Office of Intelligence to oversee both terrorist-related and criminal intelligence matters, including management of the informant program.
  • Developed nine Concepts of Operations to establish goals and key principles for improving the core elements of the FBI’s intelligence program, including information sharing.
  • Restructured the CTD from two main sections to nine sections under three Deputy Assistant Directors, including new emphasis on analysis, terrorist threats, terrorist financing, and dissemination of intelligence and other information.
  • Provided intelligence reports and assessments to the intelligence community and certain other agencies.
  • Widely circulated information and declassified intelligence to the state and local law enforcement community through a weekly Intelligence Bulletin.
  • Provided threat information to state and local law enforcement through messages over the National Law Enforcement Telecommunications System.
  • Entered data on terrorist suspects to the National Crime Information Center system for access by state and local law enforcement officers.
  • Worked cooperatively with the CIA on the daily Threat Matrix and report to the President and produced a Presidential Report to provide information on current issues of concern to the White House, CIA, and Department of Homeland Security.
  • Established less formal “Urgent Reports” for immediate notification of FBI managers concerning terrorist threats or other events deemed important for senior management attention.
  • Established an interagency National Joint Terrorism Task Force at FBI headquarters to work more closely with other federal agencies.
  • Worked on pilot projects to develop a shared investigative database with participating federal, state, and local law enforcement agencies at selected locations.
  • Increased the number of Joint Terrorism Task Forces from 36 in 2001 to 84 in 2003, in order to work with and share intelligence and other information with state and local law enforcement and other federal agencies.
  • Managed the Foreign Terrorist Tracking Task Force to improve the FBI’s ability to identify terrorist suspects in the United States and to block the entry of terrorist suspects.
  • Established an Office of Law Enforcement Coordination to act as a liaison to state and local law enforcement agencies.

        In June 2003, the new Executive Assistant Director for Intelligence launched a 10-week initiative to develop Concepts of Operations for each of 9 core intelligence functions, including information sharing.  The Concepts of Operations provide a framework for developing formal policy and procedures and give FBI managers guidance through broad principles for information sharing.  Also, the FBI is in the process of developing an FBI-wide enterprise architecture.  In conjunction with the enterprise architecture, the FBI should develop a process map to define the current state and end state for its information-sharing processes and an implementation plan to put its Concepts of Operations into action.

Dissemination

        Other than by conversation or passing of documents by hand, the FBI has nine primary ways of disseminating intelligence and other information outside the FBI:  1) The Director’s Briefing, including input to the daily Threat Matrix and the Presidential Report, 2) Intelligence Information Reports as information dictates, 3) Intelligence Assessments, 4) Secure Video Teleconferencing System, 5) Urgent Reports, 6) weekly Intelligence Bulletins, 7) Quarterly Terrorist Threat Assessments, 8) e-mail messages, and 9) Terrorist Watch List in the National Crime Information Center.  Also, when the TS/SCI LAN is fully operational, the FBI will be able to electronically transmit information, not only internally but to the broader intelligence community.  We analyzed the content of the nine methods of information sharing to determine the nature of the information and to evaluate its potential usefulness.

        The information disseminated by the FBI was generally useful, although some items were classified and therefore available only to the intelligence community or to those with the requisite security clearances.  Other items were either unclassified information or were modified to allow broader distribution on a “law enforcement sensitive” basis.  In the latter category, in particular, the information in Intelligence Bulletins and Quarterly Terrorist Threat Assessments varied as to content and usefulness for the purposes of helping state and local law enforcement agencies deal with the high-risk threat of radical Islamic fundamentalist terrorism.  For example, some of the information provided dealt with upcoming social protests or with environmental extremists.  While local law enforcement agencies nationwide might be interested in the potential for criminal activities by such groups – which fall under the FBI’s broad definition of terrorism – the focus of the information the FBI provides to state and local law enforcement is not always on international terrorism.  Instead, much of the material disseminated falls within the FBI’s definition of domestic terrorism.  Our specific observations about the nine types of information-sharing products follows.

  1. The Director’s Briefing and Threat Matrix.  The FBI Director’s morning briefing included a number of items, most notably the daily Threat Matrix for which the FBI provides information to the CIA and which in turn is used to prepare the President’s daily threat briefing.2  The Director’s Briefing also included a counterterrorism update, operational highlights, a summary of significant intelligence, and information on Foreign Intelligence Surveillance Act activities.  The briefing and the matrix focused on international terrorism.  Since the OIG’s September 2002 audit on the FBI’s Counterterrorism Program, the information in the matrix showed more analysis of the credibility of threats, relationships to other threats, and capacity to carry out a threat.  After completion of our audit work, the FBI replaced the Director’s Briefing with a more broadly-focused Director’s Daily Report covering various FBI activities.  Although we did not review the new reports, FBI officials indicated that counterterrorism aspects continued to be included in the report.
  1. Intelligence Information Reports provide the FBI, intelligence community agencies, the White House, the State Department, the military, and other selected federal agencies with the specific results of classified intelligence collected on internationally-based terrorist suspects and activities, chiefly abroad.  By design, the reports are not analyses or necessarily validated intelligence, and are not broad assessments or estimates.  Rather, the reports are relatively short (several pages) narrative results of potentially actionable intelligence disseminated to parties with a need to know.  In some cases, the FBI asks recipients to provide additional information on the topic.
  1. Intelligence Assessment products are also being developed and issued by the FBI.  For example, we reviewed the classified national threat assessment “The Terrorist Threat to the U.S. Homeland:  An FBI Assessment” and found that this intelligence estimate is a comprehensive view of terrorist capabilities and intent.  The report, produced at the Secret/SCI level, was distributed within the intelligence community.
  1. The Secure Video Teleconferencing System provides an opportunity for frequent contact among members of the intelligence and counterterrorism community to communicate face-to-face and discuss terrorist and related intelligence.  While video teleconferencing is limited to cleared federal personnel, the ability to directly share information on a real-time basis is valuable.
  1. Urgent Reports are intended to provide breaking information quickly to senior FBI managers from field offices without the inherent delay of the formal EC, although the Urgent Reports are expected to be formalized through a subsequent EC.  We reviewed 42 urgent reports issued during about a two-week period.  The reports are in e-mail format and are one or two pages in length.  Urgent Reports can be on any topic and are not limited to terrorism.  Of the reports we reviewed, 26 percent pertained to actual or suspected terrorism matters; others reported on criminal issues or on incidents at airline checkpoints.
  1. Intelligence Bulletins, issued weekly, are intended to share information with state and local law enforcement agencies on an unclassified, law-enforcement-sensitive basis.  The Bulletins are not alerts that give specific guidance to law enforcement agencies on preventing a terrorist act, but rather appear to be an effort to educate and raise general awareness about terrorism issues.  The Bulletins are usually a page or two of general information on a variety of topics.  Some Bulletins have provided information that would be useful to law enforcement agencies’ efforts to help detect and disrupt terrorist activities by radical Islamic fundamentalists.  For example one Bulletin described terrorist surveillance techniques.  Other Bulletins have covered upcoming social protests or protestors’ tactics.  Of the 15 Bulletins we reviewed, 6 dealt with international terrorism topics, 6 were unrelated to the threat of international terrorism, and 3 gave general information on terrorism or called for vigilance.
  1. Quarterly Terrorist Threat Assessments are approximately two dozen pages that provide state and local law enforcement agencies a general overview of the terrorist threat, the civil disturbance threat, and events in various regions of the world.  These unclassified, law-enforcement-sensitive assessments discuss in general the potential for terrorist activities and provide background on terrorist methods.  The assessments do not delineate specific steps that should be taken to thwart terrorist acts or investigate terrorist suspects.  We reviewed five reports, which provide similar information with minor updates to each subsequent report.
  1. E-mail messages over the National Law Enforcement Telecommunications System allow the FBI to instantly provide threat warnings or other information to state and local law enforcement personnel.  In practice, the messages have varied in their relevance to the threat of international terrorism and in their guidance to state and local law enforcement agencies.
  1. The FBI posts names from its Terrorist Watch List on the National Criminal Information Center database, along with guidance on what state or local law enforcement should do, for example, if they encounter a named individual during a traffic stop.  The sharing of the watch list information is critical to integrating state and local law enforcement into the war on terrorism and greatly enhances the nation’s ability to identify and arrest or detain terrorist suspects.

Recommendations

        To improve its ability to provide useful information within the FBI and to other federal, state, and local agencies, we make the following six recommendations to the FBI based on the results of this audit:

  • Using the Concepts of Operations as a framework, establish a written policy on – and procedures for – information sharing, including what types of information should be shared with what parties under what circumstances.
  • Ensure that the FBI-wide enterprise architecture currently under development is accompanied by a process map for information sharing that clearly defines the current state and an end for the information-sharing process so that the numerous information sharing initiatives can be coordinated and properly monitored and managed.
  • Consider transferring responsibility for investigating crimes committed by environmental, animal rights, and other domestic radical groups or individuals from the Counterterrorism Division to the Criminal Investigative Division, except where a domestic group or individual uses or seeks to use explosives or weapons of mass destruction to cause mass casualties.
  • For each Concept of Operations, develop an implementation plan that includes a budget along with a time schedule detailing each step and identifying the responsible FBI official.
  • Issue guidance on Urgent Reports so that top FBI managers’ attention focuses on the most important matters of national security and public safety.
  • Focus the content of Intelligence Bulletins and Quarterly Terrorist Threat Assessments to provide – to the extent possible – actionable information on the high risk of international terrorism and any domestic terrorist activities aimed at creating mass casualties or destroying critical infrastructure, rather than information on social protests and domestic radicals’ criminal activities.

Footnotes
  1. The commissions and their reports include: 1) the Bremer Commission's (National Commission on Terrorism) June 2000 report entitled "Countering the Changing Threat of Terrorism"; 2) the Gilmore Commission's (Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction) second and fourth reports in December 2000 and December 2002, respectively; and 3) the Thornburgh Panel's (National Academy of Public Administration) June 2003 Congressional testimony on the FBI's reorganization. The OIG reports include: "Review of the Federal Bureau of Investigation's Counterterrorism Program: Threat Assessment, Strategic Planning, and Resource Management" (September 2002), and "An Investigation of the Federal Bureau of Investigation's Belated Production of Documents in the Oklahoma City Bombing Case" (March 2002).
  2. The interagency Terrorist Threat Integration Center (TTIC), established on May 1, 2003, with CIA and FBI representation, has assumed responsibility for the Threat Matrix and the Presidential Terrorism Threat Report, to which the FBI contributes.

REDACTED AND UNCLASSIFIED