THE I&W PARADIGM AS APPLIED TO 9/11 Fritz W. Ermarth 25 September 2002 The revelations of recent months as to who knew and reported what and when, or did not, allow for the hypothesis that the attacks of 9/11 could have been prevented with the information we had. The public testimony of the Joint Inquiry Staff of the House and Senate intelligence committees released on 18 September fortifies this hypothesis considerably. Defining and testing this hypothesis should form a part of the agenda of inquiry as to whether there was an intelligence failure, where and when it occurred, and how to correct it for the future. The issue turns, first of all, on how the warning problem should have been and should be conceptualized to address the threat of terrorist attack.
i4*rt
During the Cold War, with Pearl Harbor in recent memory, we worked massively on the "indications and warning" (I&W) problem, and very successfully. We erected an "industrial age" system for collecting strategic warning (there is an enemy who prepares energetically for war), operational warning (here is how he mounts up for war and how we can tell), and tactical warning or warning of attack (he is executing his attack plans). Moreover, and most importantly, this I&W system was tightly linked to military and other response options and action plans, such as alerting and dispersing forces, and, ultimately, war plans. Happily, this system worked well, not by ^averting a Pearl Harbor, which never came (even Cuba 62 did not involve intent to begin war), but by giving us confidence day by day that a Pearl Harbor was not in the offing, a confidence that allowed us to act calmly even in periods of tension, and not bring about war by overreaction and inadvertence. And the fact that our I&W system was very effective probably helped deter the enemy from gambling on surprise, to which his military doctrine assigned a very high value.
c
^H
The problem of terrorism and warning of it is vastly different from and far more difficult for intelligence to deal with by its very nature than warning of massive military attack. The whole point of the terrorist is to avoid giving warning by chosing operations and targets for which elaborate military-style preparations are not necessary. Yet he must make preparations that do or can give some warning. He must mobilize, motivate, organize, prepare, and execute...all the while feeding, fueling, funding, and cajoling his operation. So in very rough terms, the Cold War paradigm of strategic-operational-tactical warning, and connection to vulnerability and response, has some utility. Prior to 911, we definitely had strategic warning. We saw the enemy, Al Qaeda, forming up and growing in strength. We knew his hostile intent. We saw him preparing capabilities, especially in Afghanistan. We experienced his attacks on our overseas perimeter. We heard him proclaim determination to hit us at home, and saw him try it in 1993. Three DCIs and other authorities repeated that it was only a matter of time before major attacks were launched inside the US. We had a kind of operational warning in the summer of 2001. By then we knew something about the enemy's operational repertoire and knew or had strong mason tn suspp^t that guiniriai MSP nf airplanes as bombs was in it. And we were hearing enough about something major in the works to conclude that the threat was mounting in the period immediately ahead. The recent Joint Staff testimony is eloquent on both counts Our challenge was to move beyond strategic and operational to tactical warning. Or, at the very least, to turn what we had in strategic and operational warning into a threat assessment on which preventive action could be taken. Most public commentary about intelligence failure before 9/11 focuses on the first construction of the challenge, and concludes that we were just not lucky enough or energetic enough to penetrate the enemy's immediate plans, to "uncover the plot" as FBI Director Mueller puts it. Or, put another way, there were not quite enough of the right dots to connect to make a precise threat picture.
But the hypothesis here is that we could have done better on the second formulation, extracting actionable warning and threat assessment from what we had. Doing so would have required something like the following: There should long before the summer of 2001 have been formed a special team of analysts charged to lay out on the table \^ what we had in strategic and especially operational warning: What kinds of attacks do we know 0 «j£he is planning; what kinds could he be planning simply because they exploit our vulnerabilities; o>^ and, above all, where do such possibilities correlate with what are high value targets to the / ^ enemy, and to us, that are particularly vulnerable, but which vulnerabilities are susceptible to correction? As to targets, we knew he had prominent public buildings and WTC on his list. Had such an echeloned, largely analytical, l&W-Threat Assessment- Response system been in place, it would have or could have led to a menu of probable threats with something like the 9/11 scenario high on the list. Other threats would probably have been there as well, such as largescale truck bombings (because he did it at Khobar Towers), and perhaps BW attack (because it's easy and terribly destructive). But "planes as bombs" would certainly have been there, because we had indicators (e.g., from the Philippines in the mid-1990s and later) that this was in the enemy's attack repertoire, and could readily assess it as an easily reconnoitered and executed attack mode under the existing security regime and rules-of-engagement (ROE) for response to hijacking attempts (surrender and fly to Havana for negotiations or rescue). The irony and tragedy is that the actual attack exploited, and probably discovered by careful reconnaissance, vulnerability to high-value attack which we could have significantly, perhaps decisively, remedied had we thought of the attack mode chosen. We could readily have reasoned that the attacker had to get multiple hijackers aboard fuel laden aircraft with lethal weapons that would pass through security even if observed, e.g., very small knives. And he had to count on the old ROE derived from a history of hijacking for ransom or bargaining, which called for surrender of the flight plan, not the cockpit. We could have tightened airport security against hitherto allowed lethal weapons. We could have put sky marshals on aircraft in rank order of their bomb "yield" potential, i.e., fuel load. We could have locked the cockpit doors. Above all, we could have changed the ROE for dealing with hijack attempts. Had these rules been changed to oblige aircrew to block entry to the cockpit at all cost, including enlisting passenger help, even if lives were threatened or lost, these attacks would have failed. They could have been readily defeated by arming aircrew with simple bludgeons such as the expandable police baton. Had such measures been announced, the hijackers might have been deterred, or if not, we would have defeated the attacks and captured the hijackers, much as the hijacking of Flight 93 was defeated, alas too late to save the plane and the lives of the people on it.
/-n /
Of course, the foregoing relies on hindsight. Our present hindsight is still not 20-20 and won't be until investigations have been completed. The following questions must be asked: Was any special analytical effort tasked to combine warning indicators of all kinds with threat potential, target value and vulnerability information, and possible defensive options?
If not why not, and where was the lapse? If so, did it yield an actionable threat menu? If I not why not? One reason might be that the resulting threat menu was too long and too \d to prioritize to b Even if the true threat had been prominently recognized by intelligence as possible, even probable, defensive action might not have been taken because the action authorities would not believe the threat assessment or did not believe it convincing enough to take measures that would alarm the flying public. But this link in the l&W-Assessment-Response chain is moot if the first ones are missing.
By definition, 9/11 was a huge intelligence failure in that available threat information did not cause defensive action when it well might have, just as in 1941. That there were failures beyond the people and organizations labeled intelligence is clear. But these failures were inevitable if the intelligence input, especially the analytical input, was weak or lacking. On available evidence, it seems that the matter was not one of a requisite warning system not having enough evidence because of weaknesses in collection or communication, although those weaknesses existed, but that the system simply was not there or was insufficiently robust. To be sure, there were lots of analysts working on the terrorism problem throughout the 1990s. But most of them were apparently doing operational support (homework for chasing bad guys) or current intelligence (packaging the results of collection), not real warning and threat analysis. A public indication of this is the proud claim of the intelligence community that everyday it sends to the policymakers a "threat matrix" containing 50-100 cells of information. This is a confession of analytic vacuum, the more frightening because it seems to be unrecognized as such. This threat matrix is surely not the only analytic product sent to policymakers. But to give it pride of place in defense of the warning performance suggests a defensive reflex at best, and a misappreciation of the function at worst. Given that we had and publicly recognized strategic warning of terrorist attack on our homeland, why did we not create a real warning response system? Probably a variety of factors were at work. 1) The terrorism warning problem is different from and analytically harder than the military warning problem. It takes a lot of cerebration and invention to migrate the logic of the latter to the former task. 2) The counter-terrorism business is dominated by operators who are focused on running ops and collecting data, not on squeezing the most actionable judgments from limited information. 3) Throughout our national security establishment, including intelligence, there was a pervasive spirit of getting the Cold War behind us. Laudable to a degree, this may have blurred appreciation of Cold War lessons applicable to our new situation. 4) The peculiarities of the administration which governed through most of the past decade may have played a role. 5) The new administration, while festooned with people critical of the intelligence community, had other matters higher on its agenda than fixing intelligence problems. 6) Bureaucratically or organizationally, a fix to the terrorism warning problem does not come naturally. During the Cold War, most of the intelligence entities responsible for warning, especially operational and tactical, were in the DOD as were nearly all the threat evaluation and response entities below the President, namely the military commands. Creating an I&W system for terrorism must lace together intelligence with many hugely different entities, such as FAA for airport security, DOE for security at nuclear sites, and CDC for BW attack. Even with the shock of 9/11 and the creation of a Department of Homeland Security, this will be hard to do. Because it is written from a distance by one not involved in the action, this critique may be too harsh and unfair. Final judgments on the extent, locus, and nature of failure in 9/11 must rest on careful study with complete access to the record of the last decade in counter terrorism. Our intelligence and law-enforcement leaders claim to have successfully thwarted or interdicted a significant number of terrorist attacks in this period. That record of success must be examined to bring a balanced conclusion on the meaning of 9/11. Even more important, that record should give important lessons on how to design and run an effective I&W system for counter terrorism. We need to look back at this tragic experience through the lens of strategic-operational-tactical warning combined with threat, value, vulnerability, and response option assessment to find the true reasons for failure. And if that lens does not presently exist in robust form, it must be promptly created, polished, and applied to the present and future threat of terrorist attack. The place for this lens is probably in the new Department of Homeland Security. But the logic and the impact of the function it performs must reach out to all the nation's elements of intelligence, defense, and public safety.
Fritz W. Ermarth is Director of National Security Programs at the Nixon Center. He is also a part-time Senior Analyst in the Strategies Group of Science Applications International Corporation. He had several tours on the NSC staff, served as Chairman of the National Intelligence Council 1988-93, and retired from CIA in 1998. The judgments in this article are the author's own and should not be attributed to any of his past or present affiliations.