Getting Smart on Intelligence
What the intelligence community is, how it works, and why it’s not like CNN.
Hello and happy Thursday.
On Tuesday, the Department of Homeland Security (DHS) issued a National Terrorism Advisory System (NTAS) Bulletin with the following warning:
As recent acts of violence in communities across the country have so tragically demonstrated, the nation remains in a heightened threat environment, and we expect that environment will become more dynamic in the coming months. ... DHS expects the threat environment to become more dynamic as several high-profile events could be exploited to justify acts of violence against a range of possible targets. These targets could include public gatherings, faith-based institutions, schools, racial, ethnic, and religious minorities, government facilities and personnel, U.S. critical infrastructure, the media, and perceived ideological opponents.
The NTAS appears to be responding to multiple threats, including international terrorism, domestic extremism/terrorism, criminal gun violence, and political developments like the expected Supreme Court reversal of Roe v. Wade. You can read the press release linked above for more details. But this got me thinking.
Warnings like these are based on intelligence. And intelligence now features prominently in the public conversation about homeland security, foreign policy, cybersecurity, and global conflicts like the one in Ukraine. But, while the general topic of intelligence feels familiar to many, its features and nuances are not popularly understood. So, as a former INTEL dude, I thought I might do another explainer to help you wade through these conversations. You may even want to bookmark this so that you can refer to it later.
Seriously, another explainer? Do you get belly rubs from Steve or something when you do one of these?
Yes, yes, I do. But that’s not the point. I really think you’ll find this interesting. Gimme a chance.
Fine. I guess you better start by explaining what you mean by “intelligence.”
Cool. I like this definition of intelligence from the CIA: “Reduced to its simplest terms, intelligence is knowledge and foreknowledge of the world around us—the prelude to decisions and action by U.S. policymakers.”
There are three parts of this definition that are important to understand: knowledge, foreknowledge, and decisions and actions. Intelligence is about more than just having facts and data; it’s about understanding these in context. It’s focused on understanding, not just what’s happening, but also why it’s happening. This is the kind of knowledge the intelligence community (IC) is looking for about the world. But this isn’t knowledge for knowledge's sake.
The IC must also be able to anticipate how the world is changing at the micro, mezzo, and macro levels. It needs to “look around the corner” and reliably inform policymakers of what they can expect next. That’s the kind of foreknowledge we’re talking about.
Finally, intelligence uses this knowledge and foreknowledge toward a specific end—enabling policymakers to make informed decisions and actions. Knowing about and predicting world events is fine, but intelligence is about using these insights to shape these events to the advantage of the United States and its interests. This last bit is what makes the IC different from say, CNN.
While major news services typically value accuracy (I’m drawing a distinction between traditional news reporting and the far more popular, but less fact-driven, “opinion news”), the 24-hour news cycle incentivizes coverage that is often incomplete, without context, and frequently wrong. Reporters and editors can be okay with this, though, because the reporting can always be updated or corrected later—what matters most is being first to the story. Intelligence cannot and does not operate that way.
Policymakers and other “consumers” of intelligence use it to make real decisions, frequently decisions on matters of life and death. This means the IC must have higher standards of reporting and must be crystal clear in drawing distinctions between what we know, what we do not know, what we assess, and what is possible. This can sometimes be frustrating for consumers who hear a story on NPR on the way to work but are then told by the IC that we’re still gathering information. This creates a constant tension on the IC as it strives to be both timely and accurate across a huge spectrum of intelligence issues.
Like what issues?
The director of national intelligence (DNI) prioritizes seven mission objectives, the first three of which “transcend individual threats, topics, or geographic regions.”
Strategic intelligence: Issues of “enduring national security interest.”
Anticipatory intelligence: “New and emerging trends, changing conditions, and underappreciated developments.”
Current operations intelligence: INTEL in support of “planned and ongoing operations.”
The other four mission objectives address specific, topical requirements.
Cyber threat intelligence: Information on “state and non-state actors engaged in malicious cyber activities.”
Counterterrorism intelligence: Information on “state and non-state actors engaged in terrorism and related activities.”
Counterproliferation intelligence: Information on “state and non-state actors engaged in the proliferation of weapons of mass destruction and their means of delivery.”
Counterintelligence and security intelligence: Information on “threats from foreign intelligence entities and insiders.”
Okay, so you’ve referenced the “IC” several times, who is that?
The U.S. intelligence community is made up of the following 18 organizations:
Two independent agencies—the Office of the Director of National Intelligence (ODNI) and the Central Intelligence Agency (CIA);
Nine Department of Defense elements—the Defense Intelligence Agency (DIA), the National Security Agency (NSA), the National Geospatial-Intelligence Agency (NGA), the National Reconnaissance Office (NRO), and intelligence elements of the five DoD services; the Army, Navy, Marine Corps, Air Force, and Space Force.
Seven elements of other departments and agencies—the Department of Energy’s Office of Intelligence and Counter-Intelligence; the Department of Homeland Security’s Office of Intelligence and Analysis and U.S. Coast Guard Intelligence; the Department of Justice’s Federal Bureau of Investigation and the Drug Enforcement Agency’s Office of National Security Intelligence; the Department of State’s Bureau of Intelligence and Research; and the Department of the Treasury’s Office of Intelligence and Analysis.
Do they all do the same thing?
Well, sort of, but not really. Almost all these organizations participate in the complete “intelligence cycle”—planning and direction, collection, processing, analysis and production, and dissemination and feedback. Here’s a quick gist on each part of the cycle:
Planning and direction are when intelligence priorities are set and tasked to the IC. For example, “We need to know more about Iranian intentions and capabilities regarding nuclear weapons.”
Collection is the act of gathering information on these tasked targets and issues. This is done across multiple “INTs” to ensure as comprehensive an understanding as possible.
Processing is when the relevance and reliability of collected information is evaluated and validated (when possible). Ideally, this can be done using multiple sources of information from different types of collection.
Analysis and production is when collected information is turned into “intelligence” by adding context, analysis, and other amplifying information. This is done via intelligence products like the President’s Daily Briefing (PDB), which can include “finished intelligence” as well as “raw, operational reporting”—highly controlled information that includes information that could also expose sensitive sources and methods.
Dissemination and feedback are where consumers with a “need to know,” are given access to intelligence reports and products and where they can provide feedback that further refines the other parts of the intelligence cycle. For example, a source can be tasked with follow-on requirements for more information or for clarification.
While there’s a great deal of overlap among agencies, each element of the IC has unique missions, authorities, and requirements for their respective areas of responsibility. The CIA, for example, refers to the president as “the first customer,” while agencies within the Department of Defense must also prioritize military-related missions and requirements.
So, what are “INTs” and are they the same thing as “sources and methods?”
They’re different but related. When we talk about sources, there are five broad categories: MASINT, HUMINT, GEOINT, OSINT, and SIGINT. The following definitions come from the DNI’s IC Consumers Guide.
Measurement and signatures intelligence (MASINT) is “intelligence produced through quantitative and qualitative analysis of the physical attributes of targets and events to characterize and identify those targets and events.” This would include clandestinely sampling air particulates from a suspected nuclear weapons facility or looking for telltale signs of elicit underground facilities, like ground disturbances or heat signatures.
Human intelligence (HUMINT) is exactly what it sounds like, information provided by a human source (verbally or via documentation). For example, a spy might turnover a secret planning document from his or her home country’s military.
Geospatial intelligence (GEOINT) “is the exploitation and analysis of imagery, imagery intelligence (IMINT), and geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the earth. This information can be collected by satellites, planes, and other sources.
Open-source intelligence (OSINT) “is intelligence produced from publicly available information.” This can be drawn from the internet, google earth, the local library, or even public records.
Signals intelligence (SIGINT) “is intelligence gathered from data transmissions, including communications intelligence (COMINT), electronic intelligence (ELINT), and foreign instrumentation signals intelligence (FISINT). SIGINT includes both raw data and the analysis of that data to produce intelligence.”
When we talk about methods, this is how these sources are leveraged to collect information. So, for example, we might have an airplane with sophisticated sensors and/or a well-placed human source with unique access to a priority intelligence target. Protecting both the sources and methods of intelligence is critical for keeping their security and reliability. When sharing intelligence with other nations it’s common to make intelligence look like it comes from a different “INT” than the one that collected it—allowing us to pass on relevant information without unnecessarily risking the exposure of the true source. For example, we might convert a piece of satellite imagery into a hand-drawn map so that it looks like it was collected via HUMINT rather than IMINT.
And the protection of sources and methods is why we have classifications, right?
Bingo! Classified information falls into three general categories. Confidential information is “applied to information, the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.” Secret information applies to “information, the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security.” And top secret information is “information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security.”
Beyond these three categories, there is no “highest level of security.” Instead, information is sequestered within “need-to-know" channels, often called “cabinets” or “special access programs.” Sometimes these channels include thousands of people and other times it could be only a handful. Beyond this, there are specialized methods for handling information—like NOFORN (“not for foreign distribution”)—but these aren’t technically classifications.
Importantly, there is only one person who has complete and unfettered access to all the nation’s secrets—the sitting president of the United States who can unilaterally declassify and share whatever information he or she wishes.
Wow, that’s a lot of information. Anything else I absolutely “need to know” (hee-hee, see what I did there)?
That’s funny. Yep, three more things:
First, the core mission and authorities of the U.S. IC are laid out in Executive Order 12333, which you can read here.
Second, only the CIA is granted the authority to conduct covert action—activities codified in Title 50 U.S. Code as “an activity or activities of the United States Government to influence political, economic, or military conditions abroad, where it is intended that the role of the United States will not be apparent or acknowledged publicly.” It’s that last part about “will not be … acknowledged” that is critical.
Covert action requires a presidential finding and a congressional notification that outlines an “identifiable foreign policy objective,” and it cannot be intended to influence the domestic U.S. environment. This stands in stark contrast to the broader IC’s clandestine activities, which are not codified in law but defined by the Department of Defense as, “operations sponsored or conducted by governmental departments in such a way as to assure secrecy or concealment” that may include relatively ‘passive’ intelligence collection and information gathering operations.”
Finally, there is no Deep State. The Trump administration made a habit of accusing the IC of being a part of a secret network of non-elected government bureaucrats operating outside of the law to influence and enact government policy. This is not true—at least, not in the way that it’s often described as some sort of grand conspiracy.
That’s not to say that individuals within the government do not abuse their access or authorities or even occasionally try to influence national politics—this certainly occurs. Therefore, aggressive congressional oversight of the IC is essential. But these abuses are not systemic and there certainly isn’t a kind of shadow government behind the scenes pulling the levers of power. In fact, as Jonah often observes, those on the political right who push this narrative must hold two contradictory presuppositions simultaneously—that the U.S. government is so incompetent that it cannot even properly run even the most basic government service and it is simultaneously so powerful and crafty that it is implementing a secret conspiracy across multiple agencies and hundreds, if not thousands, of people. Both cannot be true.
Bureaucrats and bureaucracies are powerful in our system of government because they tend to transcend political change; but that doesn’t make them “enemies of the people.” In fact, the U.S. IC is staffed with thousands of people who love this country and who work tirelessly to ensure its security. Unlike first responders, law enforcement, the military, and other public servants, IC employees largely work in secret and rarely receive public praise. Many of them risk their lives in service to the nation. When they’re criticized and blamed, they have no recourse other than to keep their head down and to stay focused on the mission. Rather than our suspicion, these patriots deserve our appreciation and understanding. I hope this explainer helps you in giving these small, but valuable expressions of gratitude to those who so clearly deserve it.
That’s it for this edition of The Current. Be sure to comment on this post and to share this newsletter with your family, friends, and followers. You can also follow me on Twitter (@KlonKitchen). Thanks for taking the time and I’ll see you next week!