d. What initiative did DIA take to obtain all information and what was the result of that initiative? In the immediate aftermath of the October 2000 terrorist attack on the USS COLE, DIA initiated an effort to enhance Defense intelligence terrorism analysis. While part of this initiative dealt with enhancing analytic capability, the main emphasis was on significantly expanding the amount and type of information available to the all-source analyst. Central to that initiative was DIA's proposal to establish a data repository that contained all IC and law enforcement reporting, regardless of classification, caveat, or sensitivity. No such repository existed in the IC. We pledged that we would institute any and all safeguards imposed by the data originators, to include "air-gapping" the system, to ensure the security of the data. This data repository is operational and limited data loading is underway. We are continuing to work with reporting agencies to obtain approval to incorporate all relevant information into this central secure repository. 2. We understand that DIA did not receive or was not aware of three key pieces of information concerning al-Mihdhar or al-Hazmi: 1) The August 23, 2001 CIA message to FBI, State, Customs, and INS that linked the two individuals to Usama bin Ladin and placed them in Los Angeles; 2) the August 28,2001 HQ FBI communication to the New York Field Office that linked the two individuals to USS Cole perpetrators; or 3) the June 2001 INS granting of a visa application extension to al-Hazmi at a Lemon Grove, California address. a. Did DIA or any of the service criminal investigative organizations especially the Naval Criminal Investigative Service (NCIS), receive any or all of those three pieces of information? DIA was neither on distribution for nor made aware of any of the three referenced reports prior to September 11, 2001. The question of whether the NCIS or other Service organizations were aware of the information should be referred to them. b. Has anything fundamentally changed since 9/11 in terms of who has access to the databases that contained information on Hazmi and Mihdhar? While progress has been made regarding the sharing of operational information and cables, DIA does not have full access to the information in those databases. c. Given your understanding of the NCIS mission and capabilities, what would you have expected it to do knowing that individuals with links to Usama bin Ladin were or had been in Southern California or that there were links to known USS Cole perpetrators? The Naval Criminal Investigative Service has operating procedures that would have guided their actions in such a scenario. This question should be referred to the NCIS. d. Are you or the service criminal investigative services now receiving information from CIA, FBI, and INS similar to the 2001 information? If not, why not? (Rep. Bishop) While we don't know the extent of what we don't know, we are confident there are categories of information to which DIA analysts do not have access. We are aware that some reporting is not being disseminated to our analysts or it is being restricted to senior non-analytic officials, due to reporting agencies operational security concerns. We are not in a position to question, nor would we second-guess, operational and security decisions made by reporting agencies. However, this data is not analyzed in the context of other reporting and it is not undergoing rigorous analytic review to determine validity and to develop further insights. We renew our pledge to the reporting agencies to institute any security controls or protocols they require to place this information within our central data repository. e. If the DIA had intelligence that a base in San Diego was threatened, could that information be shared and sent to the local police? If the local police get threat information first is that information shared with the DIA today? (Rep. Pelosi) While any answer would be speculative and the type of information to be shared driven by the range of possible scenarios, we are certain that the basic threat information could and would be shared with the threatened party and all those involved with security in the surrounding area. DIA makes every attempt to disseminate threat information at the lowest possible classification level. Moreover, DIA has an on-going initiative to share information with state and local law enforcement organizations. 3. Current acting DIA Director Admiral Jacoby in his statement for the record said that there was a need for a paradigm shift in the ownership of information. His position is that ownership of information must reside with the analysts, not the collectors. a. How, practically, can that shift be accomplished, given the traditional practice of Admiral Jacoby did not recommend impeding the ability of collectors to provide valueadded exploitation, interpretation, and packaging of raw information. On the contrary, analysts look upon such activities as insightful and beneficial. Instead, he contended that all collected information should be subjected to a parallel process wherein the raw information - once decoupled from any source identification data that must be protected - is subjected to additional analytic scrutiny and integrated with the wide variety of other data, assumptions, and perspectives that may differ from those held by the collectors. b. How can the needs of the analysts be met and still accommodate those of the collectors? As stated above, the needs of the analysts and collectors are not and should not be exclusive. 4. The Director, DIA, chairs the Senior Military Intelligence Officer's Conference (SMIOC) meetings from time to time. Over the years systemic information issues have emerged from those meetings. In September 1998 one such meeting received information briefings on the East African Terrorist Bombings and the War on Terrorism. One participant observed that there must be a "domestic piece" to emphasize FBI reporting. Another stressed that there was a "commercial piece," as well with FAA. A third representative encouraged information sharing throughout all agencies as has been done with the war on drugs. Yet another recommended a community strategy for designing a framework to study and attack terrorist organizations. a. How is it with that this shared understanding after a critical event in 1998, by the summer of 2001 we don't seem to be much better off in working together and in sharing information? What happened in the meantime? DIA has long been a proponent of full information sharing across the intelligence and law enforcement communities. DIA initiatives to enhance Defense terrorism analysis in early 2001 represented our most concentrated effort to increase the volume and scope of information available to terrorism analysts. We've made steady progress. While we have not achieved all of our goals, we continue to work with counterparts in both communities. b. There appear to be different understandings of inter-agency responsibilities at different levels. This meeting shows that senior officials talk to each other. Analysts tell our Joint Staff that they communicate constantly by secure phone, video and other means. Is the inference that middle managers aren't getting information from either below or above? How accurate is that inference? If even somewhat accurate, what is to be done about it? In DIA, interagency responsibilities are generally understood at all levels. Concerted effort is made to ensure information flows vertically and horizontally throughout the workforce. Since DIA is an organization that is dependent on information from others - it is the raw material of our trade - understanding of inter-agency responsibilities, capabilities, and policies is an imperative at every level of our organization. 5. In January 1999, a SMIOC attendee asked about the terrorist threat and who was in charge. The issue had to do with ORCON (originator controlled) information and how distribution was controlled. The answer was that "this [Issue] was not about technology but about policy which had to go all the way to an Intelligence Community Principals' Committee for approval." a. Does it take a Principals' Committee to resolve the ORCON issue, or can the DCI, on his own recognizance take action? The Director of Central Intelligence can make unilateral decisions on the use and b, Either way, what has the Community done to reduce or eliminate the ORCON caveat since 1999? Since 9/11? The caveat remains in use. In the area of terrorism information, DIA does not contend that the ORCON caveat is an impediment to the flow of information. Those in the originating organizations charged with making release decisions are uniformly responsive and reasonable. 6. In April 1999 a SMIOC meeting was convened to receive a briefing on computer network defense. Challenges to both network defense and information sharing were listed as: law enforcement versus national security; domestic versus foreign intelligence; private versus public interests; the interagency process; and policy and legal issues. a. That is a very clear itemization, over three years ago, of exactly the same challenges that the IC is struggling with today. Did that articulation of the issues by one agency (Defense) result in interagency examination of these issues? While our focus over the past year has been on sharing terrorist related information, the core information sharing issues related to computer network defense are similar. I am unaware of any formal interagency examination of the issues resulting from that SMIOC b. Either way, who is working those information-sharing issues? Who brokers competing interests? Who is in charge? Who represents the interests of concerned state and local organizations? The DCI, by virtue of his position, is the ultimate arbiter of competing interests in the intelligence sharing area, but "disputes" are generally resolved at much lower levels between organizations. DIA represents its own and DOD's interests on information sharing issues. The Homeland Defense/Security apparatus is currently the avenue for state and local organizations. 7. In January and July 2000 a decision brief on asymmetric warfare was discussed by the SMIOC. Both the NSA and the Coast Guard representatives spoke to the legal ramifications of the portion pertaining to Homeland Defense. NSA reiterated its concern about policy and legal issues, especially regarding collection in support of Homeland Defense and terrorism. The Coast Guard cautioned that new environments and new threats might mean old rules no longer applied. A legislative review of what could be done by different organizations might be needed. a. That was nearly three years ago. Has anyone in the Intelligence Community, followed up on the Coast Guard suggestion and done a legislative review? DIA participates as part of the larger DOD representation on Homeland Defense issues. b. What is your understanding of what are the old rules that should no longer apply and how changing these rules would impact individual rights? DIA is subject to a range of intelligence oversight policies and procedures that impose some restrictions, most notably those pertaining to United States citizens, but we are not unduly constrained from performing our foreign intelligence or force protection missions. Laws and governing directives provide sufficient flexibility and, properly interpreted and complied with, do not inhibit our ability to share or receive information relevant to the terrorist threat. 8, In February 2001 the discussion on asymmetric warfare continued at the SMIOC. NSA stated that the FISA requirements remained a major issue. NSA continued to work the issues, but legal constraints remained an impediment. The Coast Guard observed that "[the IC] had more latitude than the lawyers were allowing," and that "if [NSA was] really going to address this issue strongly, they would have to re-evaluate several Cold War parameters and policies." a. What has been accomplished in working these issues over the past three years? Where were we just prior to 9/11 and where are we now? See consolidated response below. b. Has the IC ever taken the Coast Guard's advice to seek out what the law allows and not focus on what the law does not allow? As part of its overall effort to broaden the depth and breadth of information available to analysts, DIA has been working with the DoD General Counsel and Department of Justice and law enforcement agencies to overcome impediments to sharing FISA information as it relates to terrorism threat reporting. DIA adheres to all requisite FISA handling restrictions in accordance with U.S.C. S 1806(B). 9. Do you believe that there is a lack of information sharing because the information is classified at too high a level? If the Intelligence Community classified Information at a lower level, would that help information sharing? (Rep. Castle) The level of classification is not an insurmountable obstacle to information sharing; lowering the level would not, in itself, ensure wider sharing. Analysts who require access to terrorism information generally hold the highest levels of security clearances and are adept at "sanitizing" their analysis to ensure those who need to use it can receive it. Failure to share information is a very complex phenomenon which occurs even in areas where the information is unclassified. |