Office of
the Director of
National Intelligence
Domestic Approach to National Intelligence
Domestic Approach to National Intelligence
UNITED TO PROTECT
2
Office of the Director of National Intelligence
Table of Contents
4
Preface
5
Introduction
7
Purpose
8
Challenge
10
Integrating National Intelligence
23
Other Key Considerations
24
Way-Ahead
25
Abbreviations
3
Preface
This publication comprises inputs from a broad array of
participants representing elements of the U.S. Intelligence
Community (IC) and its partners in the domestic field. We thank
everyone involved for their time and valuable contributions.
The process began with meetings and resulted in many
conversations, drafts, revisions, and rounds of coordination
with subject matter experts, lawyers, privacy and civil liberties
officials, and senior leadership. Over time, we realized the topic
is very complex and often characterized differently by the various
participants and stakeholders, depending upon their vantage point
and mission. Segments explaining the role of specific IC agencies
and departments were written and provided by the entity itself.
The Domestic Approach to National Intelligence describes the
“as is,” or current picture, of the operating environment for the
IC’s key engagements with federal, state, local, tribal, territorial,
and private sector partners inside the United States. The next
step—one that may be even more complex and challenging—is
to move beyond the “as is” descriptions and work toward a vision
of the “should be.” Challenges aside, we owe it to the American
people to strengthen the national security apparatus to best
protect our citizens and their privacy, civil rights, and civil liberties.
Introduction
Office of the Director of National Intelligence
Since my appointment as the Director of
National Intelligence in 2010, one of my
highest priorities has been strengthening
intelligence partnerships to help preserve
the
country's national security. Partnerships have
long been a foundation of our work overseas.
In light of 9/11 and the rapidly evolving natur
e of foreign threats to the homeland, we also
must renew our focus on how the Intelligenc
e Community (IC) collaborates with partner
agencies inside the United States to ensure
that we carry out our national and homeland
security missions as effectively as possible.
Protecting the privacy and civil liberties of
our
citizens is fundamental to this endeavor.
Significant progress has been made since
9/11 in building capacity, standardizing
practices, and sharing information with partn
ers in the United States to defend against and
respond to foreign and foreign-inspired threa
ts to our homeland. As vital as that progress
has been, I believe that we still have work to
do to ensure that all those involved in this effort
—including the American people—share a
common understanding of how this mosaic
fits
together. Thus, I directed my staff to work with
our partners to describe in a single document
the "as-is" operating environment for the IC’s
key engagements with federal, state, local,
tribal, territorial, and private sector partners inside
the United States. The result of my request
is the paper, Domestic Approach to National
Intelligence.
This paper was prepared in consultation with
the ODNI's Office of Civil Liberties,
Privacy and Transparency and Office of Gene
ral Counsel and coordinated with mission
partners. Appropriately, the paper's descriptio
n of the "as-is" operating environment reflec
ts
each agency's limitations imposed by law,
policy, and mission, and highlights the
importance of protecting privacy and civil libert
ies, an imperative for all partners engaged
in
this committed effort. The paper does not
purport to describe the specific laws, polici
es,
safeguards, or operations relating to each
agency's activities, nor does it make
recommendations for change.
I believe the Domestic Approach to National
Intelligence provides, in a transparent
manner, a common general understanding
of the current state of intelligence exchange
between the IC and its domestic mission partn
ers, and serves to further our collaborative
efforts. We trust that it will serve as a usefu
l foundation for the ongoing, productive dialo
gue
on homeland security that the American peop
le rightfully expect.
James R. Clapper
Director
5
Domestic Approach to National Intelligence
“ We need to deal with the realities of globalization – the blurring
these days of foreign and domestic matters. Because when threats
like terrorism and international organized crime transcend borders,
it’s critical that we think holistically about intelligence. But we’re
also a people who – Constitutionally and culturally – attach a high
premium to our personal freedoms and our personal privacy.”
James R. Clapper
6
Office of the Director of National Intelligence
Purpose
This paper, the Domestic Approach to National
Intelligence, describes certain key roles and
relationships that characterize efforts by members
of the U.S. Intelligence Community (IC) and federal,
state, local, tribal and territorial (FSLTT) government
organizations to engage with one another to carry
out the shared mission of protecting the homeland.
These partners work with one another, and through
established channels with the private sector (e.g.,
critical infrastructure owners and operators), as part
of a complex web of relationships. Each partner,
regardless of level, plays an important role in
protecting the homeland with respect to warning,
interdiction, prevention, mitigation, and response.
The importance of partnerships and collaboration is
emphasized in this paper, as is the IC’s responsibility
to the public to protect privacy, civil rights, and civil
liberties. Descriptions related to organizational
responsibilities and/or authorities are provided by
the respective agencies. The Domestic Approach to
National Intelligence is consistent with the framework
and recommendations outlined in the Criminal
Intelligence Coordinating Council’s (CICC) National
Criminal Intelligence Sharing Plan, the strategies
in support of the National Network of Fusion
Centers, and information sharing and safeguarding
standards outlined by the Program Manager for
the Information Sharing Environment (PM-ISE).
By describing these roles and relationships in one
place, this paper strives to foster an important national
dialogue that will promote a better understanding of
how the IC engages with key partners in this domestic
enterprise and supports the holistic ideals articulated
by the Director of National intelligence (DNI).
PROTECTING PRIVACY, CIVIL
RIGHTS, AND CIVIL LIBERTIES
To prevent and deter acts of terrorism and other threats
on American soil, we must continue to develop lines of
coordination and appropriately align intelligence, law
enforcement, and homeland security efforts. However,
this must be accomplished only in accordance with the
Constitution, laws, Executive Order 12333, and core
values of our nation. Protecting fundamental rights
and liberties is an important national security end
in and of itself. The Domestic Approach to National
Intelligence is fully committed to exemplifying America’s
values: operating under the rule of law, consistent
with Americans’ expectations for the protection of
privacy and civil liberties, respectful of human rights,
and preserving the trust of the American people. As
President Obama stated at the National Archives in
May 2009, “We uphold our fundamental principles and
values not just because we choose to, but because
we swear to. Not because they feel good, but because
they help keep us safe. They keep us true to who we
are… So as Americans, we reject the false choice
between our security and our ideals. We can and we
must and we will protect both.” Thus, it is essential
that we comply with all applicable legal and policy
authorities including, but not limited to, the Privacy
Act, Executive Order 12333, and the Information
Sharing Privacy Guidelines. Similarly, IC elements
and FSLTT organizations must continue to operate
within their defined mission roles and responsibilities.
President Obama, photo provided by the White House
“We uphold our fundamental
principles and values not just because
we choose to, but because we swear
to. Not because they feel good, but
because they help keep us safe. They
keep us true to who we are… So as
Americans, we reject the false choice
between our security and our ideals.
We can and we must and we will
protect both.”
President Obama
National Archives in May 2009
(Opposite) Director Clapper briefing the President, photo provided by the White House
7
Domestic Approach to National Intelligence
Challenge
Our nation must deal with a wide range of complex
threats to our people and interests both overseas
and within the nation’s borders. These threats include
foreign-based and foreign-inspired terrorism, foreign
intelligence activities, homegrown violent extremism,
transnational organized crime, cyber-attacks by
foreign actors or their agents, and more. Shrinking
budgets and growing mission requirements demand
effective, interoperable, and non-duplicative–that is,
“smart”–government operations. This new dynamic
also demands greater teamwork and responsible
information sharing between members of the IC
and FSLTT partners—as well as appropriate and
responsible information sharing with the private
sector—that is consistent with law, policy, and
regulation and protects privacy, civil rights, and civil
liberties. Such partnerships provide access to the
expertise and unique capabilities and authorities
held by each partner, resulting in benefits not only to
those involved but also to the nation as a whole.
As the nature of threats to the homeland changes,
so too does the nature of the challenges the nation
must address. Transnational organized crime poses
a significant and growing threat to national and
international security and bears dire implications for
public safety, public health, the security of democratic
institutions, and economic stability across the globe.
For example, transnational drug traffickers and
human smugglers operating across U.S. borders and
within the U.S. reap enormous profits that enable
them to undermine legitimate governance in their
countries of origin. At the same time, international
criminal organizations, terrorists, and state-sponsored
cyber attackers have demonstrated their ability to
compromise information systems. Many of these
threats have low-level signatures. Detecting them
and determining their attribution can be difficult.
Washington DC, photo provided by ODNI
8
9/11 Museum and One World Trade Center, photo
provided by ODNI
The U.S. is considered a high-priority intelligence
target by many foreign intelligence entities. While
traditionally the threat has been to our political, military,
and diplomatic interests at home and abroad, the loss
of sensitive economic information and technology is a
growing threat to our national security. In recent years,
economic espionage conducted by foreign intelligence
entities, corrupt insiders, and corporate competitors
has exploited vulnerabilities in cyberspace that may
weaken our economic advantage. Cyber espionage
has not replaced traditional espionage as a way to steal
secrets, but the ability to focus technology on lesser
protected information is a significant and growing threat.
Even before the 9/11 attacks, the IC elements
and FSLTT organizations started developing
relationships to identify and address particular
threats and national intelligence challenges in
the homeland. There was, however, no integrated
national approach. Since 9/11, significant progress
has been made in building capacity, standardizing
Office of the Director of National Intelligence
CBP helicopter flying over New York City, photo provided by CBP
practices, and sharing information, both
horizontally and vertically, to support foreign
operations, perimeter protection, and homeland
security and law enforcement (HS&LE) requirements.
Nonetheless, inconsistent practices, absence of
doctrine, and a lack of unity of effort across levels
of government still characterize the domestic
landscape. This domestic enterprise is more ad hoc
and independent than organized and enterpriseoriented, and often depends more on personal or
preexisting relationships than defined engagement
protocols. Many potential stakeholders and
contributors are left out of the equation as well,
particularly on issues other than counterterrorism.
In navigating this enterprise, it is important for
individual IC elements and FSLTT organizations to
continue to work within their respective missions and
authorities, even as they seek to enhance responsible
collaboration and information sharing. In particular,
the sharing activities and relationships between IC
elements and FSLTT organizations are undertaken
through established channels and in accordance with
legal and policy requirements that are designed to
ensure agencies are acting within their authorities
and missions and are protecting privacy, civil rights
and civil liberties. Sharing with the private sector is
undertaken with special care so that applicable legal
and policy requirements are identified and followed.
9
Domestic Approach to National Intelligence
Integrating National Intelligence
The effective integration of national intelligence
with relevant information from FSLTT partners is
essential to protecting the nation. This integration
requires agile, robust, and responsible processes
that leverage existing partnerships and encourage
new ones. These partnerships enable appropriate
information sharing and build trust, consistent with
the missions and authorities of each agency and
the need to protect privacy, civil rights, and civil
liberties. As trust and partnerships mature, efficient
integration across stakeholders is also increased,
resulting in an enhanced understanding of respective
capabilities, information, and requirements (including
how customers use products and services).
This graphic depicts some types of FSLTT information and intelligence shared in the domestic environment. In some cases, information can be categorized as both FSLTT information and intelligence.
FSLTT PARTNER
INFORMATION
10
•
Criminal Intelligence
•
Homeland Security Information
•
Investigative Information
•
Cyber Threat Information
•
Suspicious Activity Reporting
•
Critical Infrastructure Security
and Resilience Information
•
Other Information
IC ELEMENT
INTELLIGENCE
• National
Intelligence
• Foreign
Intelligence
• Counterintelligence
Office of the Director of National Intelligence
ROLES & RESPONSIBILITIES
The IC interacts with and serves a wide range of
customers and partners, both within and outside the
U.S. Government (USG), with intelligence support
designed to meet the customers’ and partners’
responsibilities and specific mission requirements.
Customers are those who have requirements for
intelligence products or support, and use it to carry
out their official responsibilities. Within the domestic
enterprise, federal customers directly receive unique
support from the IC based on their mission needs,
often through a Federal Intelligence Coordination
Office (FICO). With regard to state, local, tribal, and
territorial (SLTT) customers, information categorized
or derived from national intelligence is generally
disseminated by the Department of Homeland Security
Office of Intelligence & Analysis (DHS/I&A), the Federal
Bureau of Investigation (FBI), Drug Enforcement
Administration (DEA), and the U.S. Coast Guard
(USCG). Dissemination occurs directly or via a “hub &
spoke” approach through entities like fusion centers,
and Joint Terrorism Task Forces (JTTFs). The widearray of customers for intelligence support include
departmental secretaries and senior policymakers,
threat coordinators, governors, state homeland security
advisors, mayors, police chiefs, sheriffs, first responders,
federal officials, and others who are directly engaged
in making decisions related to public safety. In addition,
appropriate threat and warning information is provided
to the private sector (e.g., owners and operators of
critical infrastructures), through established channels.
New York City Police Department patrol cars, photo provided
by NYPD
FSLTT partners include HS&LE organizations operating
across our country to protect our borders, points-of-entry,
infrastructure, and communities. These professionals are
on the front line of ensuring public safety and protecting
the nation from all threats. Partner preparedness is
crucial to our national security, as they have the greatest
visibility on local criminal activity relevant to national
intelligence and will be the first responders on the scene
during threat situations and incidents. Information
sharing at this level supports law enforcement and public
safety offices best equipped to understand current
threats and the risks associated with them, inform
resource allocation, and interdict or investigate criminal
actors. Crucial to their efforts is the timely and efficient
sharing of criminal intelligence, public safety, and open
source information via communication networks
designed to store and transmit Sensitive But Unclassified
(SBU) information. These partners also play a critical
role in identifying suspicious activities and reporting this
information following protocols established by the
Nationwide Suspicious Activity Reporting Initiative (NSI).
Immigration and Customs Enforcement Agents, photo
provided by ODNI
Additionally, appropriate and responsible information
sharing with private sector entities, particularly the
owners and operators of infrastructure critical to national
security whose businesses may be exploited by
nefarious actors, is fundamental to the protection and
resilience of the nation. Such sharing takes place
through established channels and in accordance with
applicable law and policies. Private sector organizations
undertake security and threat mitigation measures to
protect lives and property and have unique information
and expertise that can help the IC and FSLTT better
understand existing threats.
Thus, the domestic enterprise is characterized by an
extraordinarily complex set of customer and partner
relationships, composed of both informational and
organizational architectures that are involved in
the collection, analysis, use, and dissemination of
information and intelligence. Relationships are described
in general terms, recognizing that there is no national
standard or doctrine for these interactions. It is also
important to note that the descriptions on the following
page do not include the multiple layers of legal and
policy requirements that govern these relationships.
11
Domestic Approach to National Intelligence
The Domestic Enterprise
This graphic broadly illustrates the relationships between FSLTT and U.S. IC partners.
FSLTT Organizations
1
U.S. IC
A
Global Emphasis
Customers
5
2
Partners
Domestic
Emphasis
3
4
B
1
FSLTT Organizations
Organizations operating on the front lines across the country to protect border points-of-entry, infrastructure, and
communications, such as federal departments and agencies, DHS component agencies, local police departments, first responders, and other entities involved directly in infrastructure security and resilience.
2
Customers
Individuals that maintain a ‘customer’ relationship with the IC, such as governors, homeland security advisors,
mayors, critical infrastructure owners and operators, and HS&LE leaders.
3
Partners
Organizations that carry out the intelligence cycle under their respective authorities and may maintain formal
partnerships with the IC, such as fusion centers, High Intensity Drug Trafficking Areas (HIDTAs), Regional Information Sharing System (RISS) Centers, Criminal Intelligence Units (CIUs), and federal departments and agencies with FICOs.
4
IC Elements with Domestic Emphasis
Federal departments and agencies with both Title 50 and Non-Title 50 components, such as DEA, DHS, FBI (to
include Field Intelligence Groups (FIGs), JTTFs, the Terrorist Screening Center (TSC)), and USCG. DHS/I&A and
FBI are primarily responsible for the IC’s domestic analysis and information sharing efforts with HS&LE partners.
5
IC Elements with Global Emphasis
Federal departments and agencies that provide support to FSLTT partners, through appropriate channels, in the
form of current intelligence, alerts, warnings, and notifications, such as CIA, DIA, NGA, NSA, etc.
A
SAR/NSI, Intelligence Information Reports (IIRs), Criminal Intelligence, and Investigative Information
FSLTT-initiated processes for documenting, processing, analyzing, and sharing national intelligence with the IC.
B
Alerts, Warnings, Notifications, Bulletins, TTPs, and other intelligence reporting
IC-initiated processes for documenting, processing, analyzing, and sharing national intelligence with
FSLTT partners.
12
Domestic Approach to National Intelligence
UNCLASSIFIED
Office of the Director of National Intelligence
State and Major Urban Area Fusion Centers
Olympia
Salem
Bismarck
Helena
Montpelier
Saint
Paul
Boise
Pierre
Madison
Des
Moines
Cheyenne
Sacramento Carson City
Salt Lake
City
Denver
Topeka
Frankfort
Oklahoma
City
Little Rock
Santa Fe
Harrisburg
Springfield
Jefferson
City
Phoenix
Lansing
Indianapolis
Lincoln
Austin
Columbus
Charleston
Nashville
Atlanta
Jackson
Baton
Rouge
Albany
Richmond
Augusta
Concord
Boston
Providence
Hartford
Trenton
Dover
Annapolis
Washington, D.C.
Raleigh
Columbia
Montgomery
Tallahassee
Also located in:
Anchorage, Alaska,
San Juan, Puerto Rico,
Honolulu, Hawaii, and
St. Thomas, U.S. Virgin Islands
NCTC 017657d [0097cs] AI 1-15
KEY FSLTT SHARING
ORGANIZATIONS/FUNCTIONS
Certain FSLTT entities have formed specialized
sharing organizations, or include specific sharing
functions, that serve as points of intersection
between FSLTT elements and the IC.
State and Major Urban
Area Fusion Centers
The 78 federally-recognized fusion centers in the
country form the National Network of Fusion Centers
and operate to assist HS&LE partners in preventing
and responding to crime, including terrorism. Fusion
centers serve as focal points for the gathering, receipt,
analysis, and sharing of threat-related information
between partners. They are owned and operated by
state and local entities with support from federal partners
in the form of deployed personnel, training, technical
assistance, exercise support, security clearances,
connectivity to federal systems, technology, and grant
funding. Located in states and major urban areas
throughout the country, fusion centers are uniquely
situated to empower front-line law enforcement, public
safety, fire service, emergency response, public health,
critical infrastructure owners and operators, and private
sector security personnel with an understanding of the
local implications of national intelligence. Additionally,
fusion centers are optimally positioned to identify local,
regional, and statewide trends regarding criminal or
suspicious activity that relate to national security threats.
Fusion centers provide interdisciplinary expertise and
situational awareness to support decision making at
all levels of government. Most fusion centers have
access to SECRET-level systems, to include systems
operated by DHS, FBI, and/or the Department of
Defense (DOD). This connectivity enables fusion centers
to obtain and review classified reports disseminated
in accordance with applicable laws and policies.
High Intensity Drug Trafficking
Areas (HIDTAs)
The Office of National Drug Control Policy (ONDCP)
provides assistance via the HIDTA program to federal,
state, local, and tribal law enforcement agencies
operating in 28 areas determined to be the nation’s
critical drug trafficking regions. The program’s goal
is to reduce drug availability by assisting agencies
participating in HIDTAs with federal support to dismantle
and disrupt drug trafficking organizations, which includes
analytic support to tactical counterdrug operations.
Although many of the participating officers are cleared
at the SECRET-level, the majority of their work is done
at the UNCLASSIFIED and LAW ENFORCEMENTSENSITIVE-levels. The HIDTA program is built on
the premise that participating agencies should have
an equal voice in addressing regional drug threats.
UNCLASSIFIED
13
Domestic Approach to National Intelligence
High Intensity Financial
Crime Areas (HIFCAs)
and HIDTAs, contribute to federal task force
investigations, and support other decision makers.
The Department of the Treasury’s HIFCA program is
intended to concentrate law enforcement efforts at
the federal, state, and local levels to combat money
laundering in designated high-intensity money laundering
zones. In order to implement this goal, a moneylaundering action team was created or identified within
each HIFCA to spearhead a coordinated anti-money
laundering effort. Each action team is composed
of all relevant federal, state, and local enforcement
authorities, prosecutors, and financial regulators.
Participating agencies leverage their respective
authorities and resources to meet mission requirements.
The seven HIFCA areas are California Northern
District, California Southern District, Southwest Border,
Chicago, New York, Puerto Rico, and South Florida.
Bureau of Alcohol, Tobacco,
Firearms and Explosives (ATF)
ATF strives to enhance public safety by protecting
Americans from gun violence, the criminal misuse of
explosives, and acts of arson. In support of these key
missions, ATF also regulates the explosives and firearms
industries. ATF’s investigative and regulatory expertise is
especially helpful due to its jurisdiction over firearms and
explosives – two “commodities” that can possibly relate
to terrorism and national security. At the headquarterslevel, ATF maintains contact with several IC agencies
through direct liaison positions within ATF’s Office of
Strategic Intelligence and Information. Additionally, ATF’s
intelligence analysts and supervisors maintain working
relationships with such entities as the National Network
of Fusion Centers, and JTTFs. Finally, ATF publishes
Intelligence Information Reports (IIR) for the community
at large, both at the classified and unclassified levels,
and is in the process of posting formally published
criminal intelligence reporting on various IC platforms.
Civil Applications Committee (CAC)
Immigration and Customs Enforcement Agent, photo provided
by ODNI
Regional Information Sharing System
(RISS) Centers
The RISS network, funded by the DOJ’s Bureau of
Justice Assistance, consists of six centers across the
country that provide tailored analytic, technical, and
research support, database access, equipment loans,
event deconfliction, and training to local law enforcement
agencies. RISS centers operate at the UNCLASSIFIED
and LAW ENFORCEMENT-SENSITIVE-levels.
Criminal Intelligence Units (CIUs)
CIUs serve as the principal collectors of criminal
intelligence at the state and local law enforcement
levels. Independently owned and operated by major
city, major county, and state police law enforcement
agencies, these intelligence units conduct strategic
law enforcement intelligence operations on organized
criminal activity, transnational threats, and terrorism
within their jurisdictions. While separate and distinct
from federal task forces and the IC, these units
help support the analytic efforts of fusion centers
14
The CAC is an interagency committee led by the
Department of the Interior that coordinates and oversees
the federal civil use of classified and unclassified
collections. Chartered by the President in 1975, the
CAC provides federal civil agencies access to national
systems data in support of their mission responsibilities.
Specifically, it provides a forum through which the
federal civil agencies coordinate data requirements,
develop tasking strategies, certify the proper use of data,
and track and plan for the progress and evolution of
national systems. CAC activities have expanded beyond
traditional mapping applications to a broad range of
environmental and remote-sensing applications central
to federal agency civil missions, such as monitoring
recovery from natural disasters and related hazards. The
CAC also coordinates the use of imagery exploitation
and application resources and supports remote-sensing
research and development activities at special facilities,
such as the United States Geological Survey (USGS)
Advanced Systems Center. Examples of CAC facilitated
activity include monitoring volcanoes, detecting wildland
fires, coordinating emergency response to natural
disasters (such as hurricanes, earthquakes, and floods),
monitoring ecosystems, and mapping wetlands.
Office of the Director of National Intelligence
Federal Intelligence Coordination
Offices (FICOs)
Outside of the IC, numerous federal departments
or agencies have staff charged with intelligence-like
functions. Cleared to the TOP SECRET levels, many
with access to classified networks, FICOs serve
as an interface between the IC and federal partner
communities. FICOs provide varying levels of support
to senior policymakers and consumers of intelligence/
information within their organization. Examples of
departments with a FICO include the Federal Reserve
Board of Governors, Department of Transportation, and
Department of Commerce. Federal Senior Intelligence
Coordinators (FSICs), designated by their Secretary
or agency head, are the highest ranking individuals
within a federal department or agency that serve as the
primary liaisons between the respective departments
or agencies and the IC. Designation of FSICs at
Executive Branch departments and agencies, which
began in 2012, assists in defining responsibilities
and moving toward true intelligence integration.
See Something Say Something campaign, provided by DHS
U.S. INTELLIGENCE COMMUNITY
The IC consists of 17 Executive Branch agencies
and organizations that conduct intelligence and
counterintelligence activities in support of U.S. foreign
policy and the protection of our national security.
Intelligence informs policy decisions, military actions,
international negotiations, and interactions with foreign
countries. IC elements that have a global emphasis
make significant contributions to our homeland security
and defense. Intelligence from these organizations in
the form of alerts, warnings, notifications, and other
reporting is shared in accordance with appropriate
safeguards primarily through DHS/I&A and the FBI
to domestic enterprise customers and partners.
The organizations described below serve as primary
gateways for appropriate IC engagements with FSLTT
partners (e.g., serving as integration points for sharing
through the FSLTT intersection points described above,
task force participation, and the exchange of staff
officers and analysts with HS&LE organizations).
DHS
DHS is responsible for the unified national effort to
secure the U.S. by preventing and deterring terrorist
attacks and responding to other threats and hazards. It
also has statutory responsibilities to provide threat
information to the owners and operators of critical
infrastructure and key resources. DHS/I&A provides
intelligence support across the full range of homeland
security missions. DHS/I&A ensures that information
related to homeland security threats is collected,
analyzed, and disseminated to all relevant customers
across the domestic enterprise. The DHS Under
Secretary for I&A also serves as their Chief
Intelligence Officer and reports to both the Secretary
of DHS and the DNI.
DHS/I&A has a unique mandate within the IC for
sharing information and serving as an information
conduit and intelligence advocate for state, local,
tribal, and territorial governments. DHS/I&A supports
fusion centers with deployed personnel and SECRETlevel systems, security clearances, training, technical
assistance, exercise support, and collaboration.
This National Network of Fusion Centers is the hub of
much of the two-way intelligence and information flow
among the FSLTT partners. Fusion centers represent
a shared commitment between the federal government
and the state and local governments who own and
operate them. DHS/I&A officers report and disseminate
information of intelligence value from DHS components,
FSLTT partners, and open source collection to the IC
and the DHS Intelligence Enterprise. DHS/I&A also
supports statutory responsibilities to provide terrorism,
cyber, and other threat information to the owners and
operators of critical infrastructures and key resources.
Several other DHS component agencies have
regular interaction with the IC, including Immigration
and Customs Enforcement (ICE), Customs and
Border Protection (CBP), Transportation Security
Administration (TSA), U.S. Secret Service (USSS), and
U.S. Citizenship and Immigration Services (USCIS).
15
Domestic Approach to National Intelligence
FBI agents arresting a suspect, photo provided by FBI
FBI
The FBI’s ability to leverage law enforcement and
intelligence capabilities is critical to protecting the
homeland. The FBI has the lead domestic role in
investigating international terrorist threats to, and
in conducting counterintelligence activities to meet
foreign entities’ espionage and intelligence efforts
directed against, the U.S. The FBI is also responsible
for coordinating collection of foreign intelligence and
counterintelligence activities with other IC elements
inside the U.S., and leads the IC effort to integrate
intelligence support in the domestic field through the
DNI Representative (DNI Rep) program. The FBI is
able to execute these roles because, under applicable
statutes and Executive Order 12333, it can exercise
a broader range of domestic activities than other
intelligence agencies. The FBI can also leverage
the capacities of its 56 field offices, supporting FIGs,
JTTFs, cyber teams, and criminal authorities to support
its efforts. A critical force multiplier for the FBI is its
engagement in over 400 national security and criminal
task forces with FSLTT partners and its participation in
the National Network of Fusion Centers. The JTTF is
an example of active partnership. The 104 JTTFs
are multi-jurisdictional task forces established to
conduct terrorism-related investigations. JTTF
investigations are focused on known threat actors or
identified individuals who meet the thresholds under
the Attorney General Guidelines for domestic FBI
operations. Using the information derived from FBI
FIGs, JTTFs, and fusion centers, the FBI develops
intelligence products on significant developments
or trends related to terrorism. These intelligence
products may be used by partners to support their law
enforcement and homeland security activities, such as
intelligence-led policing efforts, implementing protective
measures, or other target-hardening initiatives.
16
FIGs are located in each of the FBI’s 56 field offices
and are staffed with FBI intelligence analysts, language
analysts, and special agents who provide domain
awareness for their areas of responsibility (AOR)
and complement the overall FBI analytic effort. FIGs
are the primary mechanism through which FBI field
offices develop human intelligence, identify emerging
trends, and identify, evaluate, and prioritize threats
within their AORs. They support domain awareness
and investigative efforts through the use of strategic
and tactical analysis, linguists, subject matter experts,
special operations groups, and specialized surveillance
groups. FIGs have established processes for collecting,
analyzing, and producing intelligence information.
These processes enhance the nation’s ability to
successfully penetrate national and transnational
criminal networks, terrorist organizations, foreign
intelligence services, and other entities that seek to
harm the U.S. FIGs may also disseminate information
to the IC and other federal, state, local, and tribal
agencies, as well as foreign counterparts. Utilizing
dissemination protocols, FIGs contribute to local and
regional perspectives on all threats, and serve as the
FBI’s primary intelligence link with fusion centers.
The Terrorist Screening Center (TSC) serves as the
USG’s consolidation point for known and suspected
foreign and domestic terrorist watch list information.
The consolidated watch list contains thousands
of records that are updated daily and shared with
FSLTT law enforcement, IC members, and select
international partners to ensure that individuals with
links to terrorism are appropriately screened. The
TSC, which is administered by the FBI and supported
by federal departments and agencies, including DOJ,
DHS, the Department of State (DoS), the ODNI,
and the National Counterterrorism Center (NCTC),
ensures that information provided to and consolidated
by TSC is thorough, current, and accurate.
Office of the Director of National Intelligence
DEA
DEA is the lead federal agency for the enforcement
of controlled substances laws and regulations of
the U.S. It brings to the criminal and civil justice
system those organizations and principal members
of organizations involved in the cultivation,
manufacturing, or distribution of controlled substances
appearing in or destined for illicit traffic in the U.S.,
and supports non-enforcement programs aimed at
reducing the availability of illicit controlled substances
on the domestic and international markets.
DEA has 226 domestic offices and its workforce is
supplemented with nearly 2,500 domestic police
officers that are deputized as DEA task force agents.
These agents, working under DEA supervision,
are authorized to enforce federal laws and are the
cornerstone of DEA’s interaction with state and local
law enforcement. DEA coordinates drug intelligence
worldwide to assist in disrupting or dismantling
international drug trafficking organizations. DEA
maintains both a global and domestic presence, and
ensures that a clear bridge exists between the two.
The DEA intelligence program works to provide predictive
intelligence to identify trends and vulnerabilities in
order to guide and prioritize the application of limited
enforcement resources. The Office of National Security
Intelligence (ONSI) was designated a member of
the IC in February 2006. The objective of ONSI is to
maximize DEA’s contribution to national security, while
protecting the primacy of its law enforcement mission.
Domestically, DEA shares intelligence with appropriate
FSLTT agencies at multiple stages and at multiple
points. Initial sharing of information occurs through direct
contact with the partners. Each DEA field division and
district office maintains a presence on the local JTTF,
providing a direct conduit for sharing. Outside of the
JTTF, information is shared directly with the responsible
agency and/or through the HIDTAs and fusion centers.
Additionally, DEA task force officers offer a direct link to
their parent departments and agencies. Concurrently,
relevant information is shared at the national level via
the ONSI and the Special Operations Division, ensuring
that information obtained by DEA is shared across
multiple tracks with all relevant customers and partners.
Seizure by the Drug Enforcement Administration, photo
provided by DEA
and, to the extent possible, predict and prevent
economic and financial crises. Treasury also performs
a critical and far-reaching role in enhancing national
security by implementing economic sanctions against
foreign threats to the U.S., identifying and targeting
the financial support networks of national security
threats, and improving the safeguards of the country’s
financial systems. Created under the Intelligence
Authorization Act of 2004, the Office of Intelligence
and Analysis (OIA) is Treasury’s IC component. OIA
officers help draft Treasury policy and support the
execution of Treasury’s regulatory and enforcement
authorities by providing all-source intelligence analysis.
Often, traditional intelligence is integrated with
financial intelligence generated by administrative, law
enforcement, and private sector partners. OIA also
supplements intelligence support provided by DHS to
the Treasury Department in its role as the financialsector agency for critical infrastructure protection.
Department of the Treasury
Treasury is the department responsible for promoting
economic prosperity and ensuring the financial security
of the U.S. Treasury. It is responsible for a wide
range of activities, such as advising the President
on economic and financial issues, encouraging
sustainable economic growth, and fostering improved
governance in financial institutions. Treasury works
with other federal agencies, foreign governments,
and international financial institutions to encourage
global economic growth, raise standards of living,
17
Domestic Approach to National Intelligence
USCG
As the principal federal agency responsible for maritime
safety, security, and stewardship, the USCG protects
vital economic and security interests of the U.S.
and has strong partnerships with FSLTT entities. In
addition to its responsibility for the safety and security
of the maritime public, the maritime transportation
system, and the integrity of maritime borders, the
USCG fills a unique niche in the IC. USCG intelligence
provides timely and actionable intelligence and
criminal investigative expertise to support tactical
and operational commanders, strategic planners and
leaders, and to meet national and homeland security
intelligence requirements. As a result of its diverse
authorities and mission areas, the USCG maintains
broad awareness of the maritime environment.
SUPPORTING DOMESTIC
INTEGRATION
The following ODNI components are tasked
with supporting and improving intelligence
integration in the domestic field:
NCTC
NCTC has primary responsibility within the USG for
analysis and integration of all intelligence possessed
or acquired by the USG pertaining to terrorism and
counterterrorism, excepting intelligence pertaining
exclusively to domestic terrorists and domestic
counterterrorism. NCTC executes these duties through
NCTC Operations Center, provided by NCTC
18
USCG vessel, photo provided by USCG
efforts in intelligence analysis, information sharing,
counterterrorism strategic operational planning, and
maintaining the USG’s central repository of identities
information for known or suspected terrorists in
support of the USG’s terrorist screening process.
Supporting the counterterrorism mission is the NCTCled Joint Counterterrorism Assessment Team (JCAT),
which replaced the Interagency Threat Assessment and
Coordination Group (ITACG) in April 2013. Its mission
is to improve information sharing and enhance public
safety. In coordination with the FBI and DHS, JCAT
collaborates with other members of the IC to research,
Domestic Approach to National Intelligence
UNCLASSIFIED
Office of the Director of National Intelligence
DNI Reps in the U.S.
Seattle
Boston
Chicago
San
Francisco
New York
Pittsburgh
Washington, D.C.
Denver
Los
Angeles
Atlanta
Houston
Miami
NCTC 017657g [0097cs] AI 4-15
produce, and disseminate counterterrorism intelligence products for FSLTT partners, and advocates
for the counterterrorism intelligence requirements and
needs of these partners throughout the IC. JCAT aims
to improve the quantity and quality of intelligence
products for FSLTT partners. Like ITACG,
JCAT is located within NCTC and is composed
of fully cleared state, local, and tribal HS&LE
partners, as well as representatives from NCTC
and its federal partners, DHS and FBI.
NCTC maintains the Terrorist Identities Datamart
Environment (TIDE), which is the USG’s central and
shared knowledge bank on known or suspected
international terrorist identities. NCTC also has the
unique mission to be the two-way interface between
domestic law enforcement and homeland security
apparatus and the IC for terrorist identity and
encounter information. NCTC is the single point
of national integration for information sharing
regarding terrorist identity data through the
TIDE database. It provides selected exports of
terrorist identity information to U.S. domestic
screening and border entities through the TSC.
Additionally, NCTC’s domestic representatives are
uniquely equipped to facilitate the flow of both strategic
and regional counterterrorism information to and from
NCTC. They are primarily co-located with DNI Reps
UNCLASSIFIED
and
strive to share counterterrorism-related intelligence
with federal, state, local, and tribal personnel, always
working via their FBI and DHS counterparts.
NCSC
The National Counterintelligence and Security Center
(NCSC), previously known as the Office of the National
Counterintelligence Executive, was established to help
counter threats from foreign adversaries who seek to
acquire national defense information, undermine the
country’s economic and technological advantage, and
influence governmental processes. NCSC facilitates
the enhancement of U.S. counterintelligence activities
by: 1) enabling the counterintelligence community to
fulfill its mission of identifying, assessing, prioritizing,
and countering the intelligence threats to the U.S.; 2)
ensuring that the counterintelligence community acts
in an efficient and effective manner; and 3) providing
for the integration of all counterintelligence activities.
Cyber Threat Intelligence
Integration Center (CTIIC)
In February 2015, the President directed the
DNI to establish the CTIIC to support the federal
government’s efforts to anticipate, mitigate, and
counter foreign cyber threats to the U.S. and our
national interests. CTIIC supports the federal cyber
community—including cybersecurity centers, the IC,
other relevant departments and agencies, and senior
policymakers. It facilitates the timely information
sharing of threat intelligence and related indicators,
integrates analysis of threat trends and events, identifies
gaps in knowledge, and helps the community identify
opportunities to degrade or mitigate threat capabilities.
19
Domestic Approach to National Intelligence
DNI Representatives in the U.S.
Leveraging 12 senior FBI officials across the U.S.,
the primary mission of the DNI Rep is to lead IC
efforts within his or her AOR by creating an IC
enterprise that is coordinated, integrated, agile,
and effective. The role of a DNI Rep is to engage
and periodically convene U.S. senior field
representatives of each IC element in their respective
AOR. DNI Reps conduct coordinated outreach to
ensure that appropriate entities are aware of the
IC’s capabilities, analytic products, and resources
while facilitating and monitoring implementation
of DNI direction, policies, and procedures. This
single-enterprise approach integrates intelligence
in defense of the homeland and supports U.S.
national security interests at home and abroad.
U.S.-Mexico Border, photo provided by CBP
20
National Intelligence Manager
(NIM) for the Western Hemisphere
and the Homeland (NIM-WHH)
The NIM for the Western Hemisphere and the Homeland
is responsible for partnering closely with other functional
and regional NIM teams, ODNI/Partner Engagement,
and DNI Reps to ensure FSLTT equities (e.g. homeland
security information, criminal intelligence, etc.) are
identified and considered at the national intelligence level.
The Unifying Intelligence Strategy (UIS) for the Western
Hemisphere serves as a key instrument for integrating the
efforts of the IC in support of the Western Hemisphere,
which includes the U.S. homeland. The UIS identifies
opportunities and priorities for intelligence integration
in support of IC and FSLTT partners where foreign
intelligence affects FSLTT information, and vice versa.
Office of the Director of National Intelligence
National Maritime IntelligenceIntegration Office (NMIO)
NMIO’s mission is to advance maritime intelligence
integration, information sharing, and domain awareness
to foster unity of effort for decision advantage that
protects the United States, its allies and partners
against threats in or emanating from the global
maritime domain. NMIO serves as the nexus for the
Global Maritime Community of Interest (GMCOI) to
improve collaboration and facilitate integration, while
keeping the highest levels of the U.S. Government
informed on maritime information issues.
Program Manager for the Information
Sharing Environment
PM-ISE is designed with one key goal in mind: to
combat terrorism more effectively. The Intelligence
Reform and Terrorism Prevention Act (2004) established
an Information Sharing Environment (ISE), which is
managed by the Program Manager for the ISE and
comprises policies, procedures, and technologies
linking the resources (people, systems, databases,
and information) of FSLTT entities to facilitate terrorism
information sharing, access, and collaboration.
PM-ISE has a government-wide mandate to facilitate
the sharing of information with regard to terrorism,
weapons of mass destruction, and homeland security
in a manner consistent with national security and
applicable legal standards relating to privacy and
civil liberties. PM-ISE is working to achieve discrete,
coordinated, and focused efforts leading to the delivery
of interoperable, reused, and in some cases shared
agency capabilities to accelerate mission impact.
DOD
DoD’s role can be summarized as follows: 1) homeland
defense - the protection of U.S. territory, its domestic
population, and critical defense infrastructure against
external threats and aggression; and 2) civil support providing military support to civil authorities at the federal,
state, and local levels across a range of conditions. The
Secretary of Defense describes the three circumstances
under which DoD assets could be involved in homeland
defense and civil support missions as follows:
In extraordinary circumstances, DoD would conduct
military missions such as combat air patrols or
maritime defense operations. DoD would take the
lead in defending the people and the territory of
our country, supported by other agencies. Included
in this category are cases in which the President,
exercising constitutional authority as Commanderin-Chief and Chief Executive, authorizes military
action to counter threats within the U.S.
In emergency circumstances, such as managing the
consequences of a terrorist attack, natural disaster,
or other catastrophe in support of civil authorities,
DoD could be asked to act quickly to provide
capabilities that other agencies do not possess or
that have been exhausted or overwhelmed.
In non-emergency circumstances of limited scope
or planned duration, DoD would support civil
authorities where other agencies have the lead—
for example, providing security at a special event
such as the Olympics, or assisting other federal
agencies to develop capabilities to detect chemical,
biological, nuclear, and radiological threats.
DoD cannot provide for all aspects of homeland
security. The homeland security mission requires the
use of the full range of political, economic, diplomatic,
and military tools, including enhanced intelligence to
improve potential detection of future attacks. Domestic
law enforcement agencies will bear a heavier burden
in meeting domestic security needs. In addition,
emergency preparedness planning and capabilities,
which integrate the strengths of federal, state, and
local authorities, are the first lines of response and
defense in the homeland. Much of homeland security
will entail localized responses, supported by planning
and coordination with other levels of government.
U.S. Northern Command
(USNORTHCOM)
USNORTHCOM’s mission is to conduct homeland
defense (protection against external threats and
aggression), civil support, and security cooperation
to defend and secure the U.S. and its interests. Its
primary area of operation includes air, land, and
sea approaches and encompasses the continental
U.S., Alaska, Canada, Mexico, and the surrounding
water out to approximately 500 nautical miles. It also
includes the Gulf of Mexico, the Straits of Florida,
and portions of the Caribbean region to include the
Bahamas, Puerto Rico, and the U.S. Virgin Islands.
The Commander of USNORTHCOM also commands
North American Aerospace Defense (NORAD)
Command, a combined U.S.-Canadian team responsible
for aerospace warning, aerospace control, and maritime
warning for Canada, Alaska, and the continental U.S. In
conjunction with its other missions, NORAD assists in
the detection and monitoring of merchant vessels and
aircraft suspected of illicit trafficking. This information
is passed to civilian law enforcement agencies to help
combat the flow of contraband into North America.
21
Domestic Approach to National Intelligence
Military jet conducting a patrol exercise, photo provided by DoD
Joint Task Force North (JTF North), a subcomponent of
USNORTHCOM, is the DoD organization tasked to
support our nation’s federal law enforcement agencies in
the interdiction of suspected transnational threats within
and along the approaches to the continental U.S.
Transnational threats comprise activities conducted by
individuals or groups that involve international terrorism,
cyber threats, narcotics trafficking, alien smuggling,
weapons of mass destruction, and the delivery systems
for such weapons that threaten the national security of
the U.S. JTF North support to federal law enforcement
agencies is organized into the following six categories:
intelligence, operational, engineering, general,
interagency synchronization, and technology integration.
Within the intelligence support category, JTF North
provides the following: agency case-sensitive intelligence
support, collaborative threat assessments, geospatial
intelligence support, modified threat vulnerability
assessments, and threat link analysis products.
22
Office of the Director of National Intelligence
Other Key Considerations
SECURITY CLEARANCE REFORM
The ability to share classified information across the
domestic enterprise at the SECRET-level, between the
IC and FSLTT partners, is critical for effective intelligence
integration. A key enabler to support this requirement
is a streamlined process for nominating, investigating,
adjudicating, granting, and tracking security clearances
for partner agencies. Security clearance reform set the
conditions for great progress over the last five years.
In August 2010, Executive Order 13549, “Classified
National Security Information Program for FSLTT
entities”, designated the Secretary of Homeland Security
as the Executive Agent for this effort. Working with
the FBI and other federal partners, DHS established
governance and an oversight structure to promote the
uniform application of SECRET-level security clearance
standards. Additionally, security liaison officers were
designated at state and major urban area fusion centers
to assist with nominations and the processing of security
clearance requests. In 2006, the average processing
time for initial security clearances was 165 days.
Presently interim SECRET clearance determinations
are made based on preliminary checks within 14
days of requests being received by the sponsoring
agency. Final clearances are issued once the Office of
Personnel Management completes its investigation and
there is a favorable adjudication of the request. The
average processing time in 2015 for a final SECRET
clearance was 116 days. DHS and FBI currently hold
over 10,000 SLTT and private sector clearances.
promote secure and responsible information sharing.
The strategy does not define particular categories or
types of information that must be shared. Rather, it
shifts the focus of information sharing and safeguarding
policy to defining information requirements that support
effective decision making. The strategy outlines a vision
with a national policy roadmap to guide information
sharing and safeguarding within existing law and policy.
This strategy does not replace the National Strategy
for Information Sharing (2007 NSIS), as the 2007 NSIS
continues to provide a policy framework and directs many
core initiatives intended to improve information sharing.
NATIONAL STRATEGY FOR
INFORMATION SHARING
& SAFEGUARDING
Our national security depends on the ability to share the
right information, with the right people, at the right time.
This information sharing mandate requires sustained
and responsible collaboration between the IC and
FSLTT partners. Over the last few years, the IC and
FSLTT partners have successfully streamlined policies
and processes, overcome cultural barriers, and better
integrated information systems to enable information
sharing. Today’s dynamic environment, nonetheless,
poses challenges to the continuing effort to improve
information sharing and safeguarding processes and
capabilities. While innovation has enhanced the ability
to share, increased sharing has created the potential for
vulnerabilities that require strengthened safeguarding
practices. The 2012 National Strategy for Information
Sharing and Safeguarding provides guidance for
effective development, integration, and implementation
of policies, processes, standards, and technologies to
23
Domestic Approach to National Intelligence
Way-Ahead
This paper promotes a better understanding of
the current operating environment of the domestic
enterprise. Going forward, it will be important to move
beyond the “as is” descriptions and work toward a
vision of the “should be.” This vision must guide longterm investment strategies that align assets to better
synchronize intelligence collaboration and interplay with
FSLTT partners, while ensuring the privacy, civil rights,
and civil liberties of our citizens are fully protected. It
must also help to identify potential changes to policies,
technologies, and organizational and informational
frameworks to optimize both cost and effectiveness.
Ultimately, the domestic enterprise must be postured to
provide all-source intelligence and enhance responsible
information sharing and collaboration across public
safety, law enforcement, and intelligence activities.
This will ensure that our customers and partners—
from first responders to our national leaders—have
the most accurate and current intelligence.
24
Office of the Director of National Intelligence
Abbreviations
NCSC
National Counterintelligence
and Security Center
NCTC
NGA
NIM
NORAD
NORTHCOM
NRO
NSA
NSI
National Counterterrorism Center
NSIS
National Strategy for
Information Sharing
Department of Homeland Security
Office of Intelligence & Analysis
ODNI
Office of the Director of
National Intelligence
DIA
Defense Intelligence Agency
DNI
Director of National Intelligence
OIA
Office of Intelligence and Analysis,
Treasury Department
DoD
Department of Defense
Office of National Drug Control Policy
DoJ
Department of Justice
ONDCP
ONSI
DoS
Department of State
DOT
Department of Transportation
Office of Personnel Management
EMS
Emergency Medical Services
OPM
PM-ISE
FBI
Federal Bureau of Investigation
FICO
Federal Intelligence Coordination Office
Regional Information Sharing System
FIG
Field Intelligence Group
FSIC
Federal Senior Intelligence Coordinator
FSLTT
Federal, state, local, tribal, and territorial
RISS
SAR
SBU
TIDE
HHS
Health and Human Services
HIDTA
High Intensity Drug Trafficking Area
Transportation Security Administration
HIFCA
High Intensity Financial Crime Area
HSA
Homeland Security Advisor
HS&LE
Homeland Security & Law Enforcement
IC
Intelligence Community
ICE
Immigration and Customs Enforcement
TSA
TSC
TTP
UIS
USCG
USCIS
IIR
Intelligence Information Report
INR
Bureau of Intelligence and Research
U.S. Government
ISC
Investigative Support Center
ITACG
Interagency Threat Assessment
and Coordination Group
USG
USGS
USSS
JCAT
Joint Counterterrorism
Assessment Team
JTF
Joint Task Force
JTTF
Joint Terrorism Task Force
LE
Law Enforcement
AOR
Area of Responsibility
ATF
Bureau of Alcohol, Tobacco,
Firearms and Explosives
CAC
Civil Applications Committee
CBP
Customs and Border Protection
CI
Counterintelligence
CIA
Central Intelligence Agency
CICC
Criminal Intelligence
Coordinating Council
CIU
Criminal Intelligence Unit
CT
Counter Terrorism
DEA
Drug Enforcement Administration
DHS
Department of Homeland Security
DHS/I&A
National Geospatial-Intelligence Agency
National Intelligence Manager
North American Aerospace Defense
Northern Command
National Reconnaissance Office
National Security Agency
Nationwide Suspicious Activity
Reporting Initiative
Office of National Security Intelligence
Program Manager for the
Information Sharing Environment
Suspicious Activity Report
Sensitive But Unclassified
Terrorist Identities Datamart
Environment
Terrorist Screening Center
Tactics, Techniques and Procedures
Unifying Intelligence Strategy
U.S. Coast Guard
U.S. Citizenship and
Immigration Services
U.S. Geological Survey
U.S. Secret Service
25
Domestic Approach to National Intelligence
Domestic Approach to National Intelligence
Domestic Enterprise
Seattle
Olympia
WA
Portland
Salem
Helena
MT
ND
MN
Bismarck
OR
Saint Paul
ID
Minneapolis
SD
Boise
WI
Pierre
WY
Madison
Sioux Falls
Milwaukee
IA
Carson City
Sacramento
Salt Lake
City
NV
Cheyenne
UT
NE
Denver
San Francisco
Topeka
CO
CA
Des
Moines
Chicago
Kansas City
Springfield
Omaha
Lincoln
KS
Las
Vegas
IL
Jefferson
City
MO
In
Saint
Louis
Springfield
Santa Fe
Los Angeles
AZ
San Diego
0
Phoenix
Nashv
OK
Oklahoma
City
Albuquerque
NM
AR
Little
Rock
MS
300 Kilometers
0
Jackson
300 Miles
Dallas
TX
El Paso
LA
Austin
DNI Representative
NCTC Representative
San Antonio
Drug Enforcement Administration Division Office
Baton Rouge
New Orle
pending
Federal Bureau of Investigations Field Office
High Intensity Drug Trafficking Area Headquarters Element
Regional Information Sharing System Center
State/Major Urban Area Fusion Center
US Coast Guard District Office
Shaded areas represent the DNI Rep Regions.
This map was created in June 2013 to provide a general overview
of the domestic enterprise. It is not meant to be all-inclusive.
26
UNCLASSIFIED
Honolulu
Hagatna
GU
M
Houston
El Paso Intelligence Center
US Immigration and Customs Enforcement
Memphis
HI
Office of the Director of National Intelligence
UNCLASSIFIED
ME
Augusta
Montpelier
VT NH
Albany
MI
Buffalo
NY
Lansing
e
Detroit
PA
Pittsburgh
Cleveland
ndianapolis
Louisville
VA
Charleston
Frankfort
KY London
NY
Richmond
Charlotte
pending
Columbia
Atlanta
AL
Baltimore
MD
GA
Jacksonville
Trenton
NJ
Dover
DE
Annapolis
Richmond
FL
Norfolk
Orlando
0
0
Tampa
Miami
100 Kilometers
100 Miles
Charlotte
Amalie
AK
San Juan
Anchorage
New York City
VA
Tallahassee
eans
Boston
WASHINGTON, D.C.
Montgomery
Mobile
Newark
Harrisburg
SC
pending
Providence
RI
Hartford CT
New Haven
Philadelphia
NC
TN
Birmingham
MA
Albany
PA
Raleigh
Knoxville
ville
Trenton
Harrisburg NJ
WASHINGTON, D.C.
WV
Cincinnati
NH
VT
Dover
MD
DE
Annapolis
OH Columbus
IN
Concord
Boston
MA
CT Providence
Hartford RI
PR
VI
Juneau
NCTC 017657 [0097s] AI 7-15
27
Domestic Approach to National Intelligence
This Page was Intentionally Left
BLANK
28
Domestic Approach to National Intelligence
This Page was Intentionally Left
BLANK
29
Domestic Approach to National Intelligence
This Page was Intentionally Left
BLANK
30
UNITED TO PROTECT
NCTC 029197 | December 2016
Original Article
End-user perceptions of intelligence dissemination
from a state fusion center
Carla Lewandowskia,* and Jeremy G. Carterb
a
Law and Justice Studies, Rowan University, 561 Campbell Library, 201 Mullica Hill Road, Glassboro,
NJ 08028, USA.
E-mail: lewandowskic@rowan.edu
b
School of Public and Environmental Affairs, Indiana University – Purdue University Indianapolis,
801W. Michigan Street, BS 4081, Indianapolis, IN 46202, USA.
E-mail: carterjg@iupui.edu
*Corresponding author.
Abstract This research examines end-user perceptions of an intelligence product disseminated from
a state fusion center in the Northeast region of the United States. The current literature suffers from an
empirical gap within the arena of contemporary law enforcement intelligence; largely because of the
difficulty of obtaining data related to such practices. This research informs this gap and provides
insights into local law enforcement intelligence sharing. Descriptive statistics and interview narratives
are presented. Original survey data was collected from a sample of law enforcement agencies subscribed to the fusion center’s intelligence listserv. Random interviews with survey respondents were
also conducted and NVivo software was utilized to develop qualitative constructs. Findings indicate
the intelligence product is read daily and perceived to be moderately useful by recipients. End users
are primarily concerned with jurisdiction-specific and officer safety-related information. Upper-level
administrators are the organizational lynchpins for funneling information to patrol officers.
Security Journal (2017) 30, 467–486. doi:10.1057/sj.2014.38;
published online 1 September 2014
Keywords: intelligence; fusion center; information sharing; policing; end users
Introduction
In the wake of the terrorist attacks of 11 September 2001 (hereafter 9/11), the concept of
multi-agency information centers in the United States was transformed into what are now
known as fusion centers to serve as a key mechanism to improve law enforcement
information sharing and the utilization of intelligence products. In short, fusion centers are
entities diverse in personnel and agency composition that serve as a conduit to facilitate
effective information sharing across both geographic and authoritative jurisdictions (that is,
local, state and federal). Though fusion centers are not the sole component of law
enforcement intelligence, they perhaps represent the most significant investment of resources
and tangible change in law enforcement post-9/11. Thus, it is not surprising that these centers
have been the subject of intense debate. While the majority of government reports and
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
www.palgrave.com/journals
Lewandowski and Carter
academic research to date has advocated for these centers (Carter and Chermak, 2012),
concerns over their operations (U.S. Senate, 2012) and overall effectiveness (Taylor and
Russell, 2012) have been called into question.
The literature on fusion centers is progressing, but significant knowledge gaps remain.
Specifically, the literature is sparse with respect to; (i) what extent do recipients of
intelligence products further share this information within their own agency; (ii) the
frequency at which fusion centers distribute intelligence products; and (iii) intelligence
products desired by recipients from fusion centers. This research is not a parsimonious test of
theory. Both scholars and professionals are in need of insight with regard to the practices
examined within this research. Sparse evidence exists pertaining to reciprocal relationships
for information and intelligence sharing between fusion center and state and local law
enforcement. From an academic research perspective, the literature is uninformed about how
state and local law enforcement perceive the products they receive from fusion centers as well
as the perception of information provided to fusion centers from state and local law
enforcement. The present study seeks to inform the literature regarding the former knowledge
gap and provide insights into fusion center information sharing through original survey data
and interviews with law enforcement personnel who receive fusion center analytic products.
Law Enforcement Intelligence
Information sharing
One of the key elements to the successful use of intelligence for the prevention and
mitigation of risk is widespread information sharing. Such risks, especially at the fusion
center level, are focused on terrorism. The Office of Homeland Security’s National Strategy
for Information Sharing (Homeland Security Council, 2007, p. 1) stated ‘Our success in
preventing future terrorist attacks depends upon our ability to gather, analyze, and share
information and intelligence regarding those who want to attack us, the tactics they use, and
the targets that they intend to attack’. To this end, law enforcement must have effective
mechanisms for sharing information as well as a willingness to engage in proactive
information sharing. There is reason to suspect that, despite substantial effort, information
sharing in the area of intelligence is significantly limited (Cooney et al, 2011; Chermak et al,
2013). Intelligence should guide law enforcement’s operational and strategic decision
making (Carter, 2009). In order to achieve this desired end, intelligence must get into the
hands of decision makers in the form of an actionable intelligence product from which action
can be taken. Fusion centers are the medium through which actionable intelligence products
reach state and local law enforcement.
The fusion center model
There are currently 78 official fusion centers in the United States (U.S. House of
Representatives, 2013) to increase the exchange of information and data across government
and private sectors to enhance law enforcement’s ability to fight crime and terrorism and
prevent threats (Global Intelligence Working Group, 2005). The relationship between state
468
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
End-user perceptions
and local law enforcement and fusion centers is reinforced by the National Strategy for
Homeland Security that identifies the philosophy as one of the primary tools to combat
terrorism and threats to the United States (Homeland Security Council, 2007). Fusion centers
are designed to serve as a conduit for facilitating information sharing across jurisdictions
while also providing an analytic capability for many local agencies that would otherwise not
have access to crime and intelligence analysts. In order for fusion centers to meet their
overarching mission, to improve information sharing, they must have an effective method of
communication with state and local law enforcement.
There is no single model for a fusion center, namely because of the diverse needs and
environmental characteristics that affect the structure, processes and products of such a
center. A Congressional Research Service report raised questions regarding the current and
potential efficacy of fusion centers. The report notes that in light of the growth of the fusion
centers in state and local jurisdictions without a coordinated national plan, ‘there appears to
be no “one-size-fits-all” structural or operational model for fusion centers’ (Rollins, 2008,
p. 18). From a centralized federal perspective, as reflected in the report, the lack of a uniform
model is assumed to be a flaw (Taylor and Russell, 2012). However, the state and local
perspective is somewhat different. Indeed, the ability to build a fusion center around
grassroots needs is preferred; this permits state and local agencies to mold the fusion center
into a model that best suits the needs and challenges that are idiosyncratic to each jurisdiction
and the communities they serve. As noted by Johnson and Dorn (2008, p. 38) in describing
the New York State Intelligence Center,
Creating one center for intelligence and terrorism information, to combine and distribute that information to law enforcement agencies statewide, prevents duplication of
effort by multiple agencies. Additionally, one state fusion center serving the entire New
York law enforcement community provides a comprehensive picture of criminal and
terrorists networks, aids in the fight against future terrorists events and reduces crime.
Fusion centers and local police
Fusion centers serve as a lynchpin of information sharing both vertically between levels of
law enforcement as well as horizontally across state and local agencies. The nexus between
threats to public safety and local law enforcement has been well-documented (Clarke and
Newman, 2006; Newman and Clarke, 2008; Boba, 2009). Local law enforcement agencies
are in a unique position to push vital information to fusion centers as a result of their
knowledge about individuals, groups and organizations operating in local communities
as part of their day-to-day operational work. As Bayley and Weisburd (2009) noted,
‘low policing’ that focuses on street-level interactions among law enforcement and
community members is perhaps one of the most significant benefits police have in their
counter-terrorism efforts.
As Masse et al (2007, p.7) note in their report to Congress: ‘The 8 00 000 plus law
enforcement officers across the country know their communities most intimately and,
therefore, are best placed to function as the “eyes and ears” of an extended national security
community. They have the experience to recognize what constitutes anomalous behavior in
their areas of responsibility and can either stop it at the point of discovery (a more traditional
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
469
Lewandowski and Carter
law enforcement approach) or follow the anomaly or criminal behavior, either unilaterally or
jointly with the Federal Bureau of Investigation (FBI), to extract the maximum intelligence
value from the activity (a more intelligence-based approach)’. Fusion centers are positioned
to be the operational capacity through which local law enforcement engage in the more
intelligence-based approach (Masse et al, 2007; Carter, 2014). This, however, is a significant
shortcoming of the current knowledge base as the majority of fusion center research has
either been conceptual or focused on fusion center operations and practices rather than their
interaction with local agencies.
There are two notable studies that explored fusion centers and local law enforcement.
Both of these studies focused primarily on local perceptions of the usefulness of fusion
centers. First, in their study of the 184 local law enforcement executives in South Carolina,
Cooney et al (2011) noted that while most local law enforcement personnel perceived the
South Carolina fusion center to be useful, the percentage of locals with opposing perceptions
was significant enough to warrant further research and policy reconsiderations. Their study
also concluded that local agencies that identified themselves as engaging in ‘intelligence-led
policing’ viewed the fusion center more favorably. Second, Ratcliffe and Walden (2010)
utilized survey and interview information from 51 state troopers about their perception of
information received from and sent to a fusion center in the Northeast region of the United
States. Their findings indicated an overall ambiguity of the fusion center’s role with state and
local law enforcement. Troopers tended to prefer information received from fellow troopers
over fusion center products as well as rarely providing information to the center to be
included in analysis. Despite low overall levels of trooper acceptance of the fusion center, it
was noted that troopers consistently accessed fusion center information – likely because of
its ease of access. Ratcliffe and Walden (2010) go on to note the importance for future
research to explore how fusion centers can disseminate intelligence products more
strategically and that such an exploration would require surveying end users of intelligence
products. The current study seeks to build on this recommendation by surveying end-user
perceptions of a fusion center in the Northeast region.
Methodology
Survey of intelligence product readers
Empirical research exploring law enforcement intelligence issues has been severely
hampered by a lack of access to, and unwillingness to participate by, intelligence personnel
within agencies (see Chermak et al, 2013). Moreover, ideal surveying methods – such as
random sampling – are not feasible given the fidelity of intelligence practices nationwide.
Not every law enforcement agency in the country is actively engaged in information sharing
and intelligence practices (Carter and Phillips, 2013), thus a targeted sample is required.
Virtually all intelligence research to date (post-9/11) has been conducted based on purposive
samples where the researchers had an existing relationship with the intelligence personnel
(see Cope, 2004; Graphia-Joyal, 2010; Ratcliffe and Walden, 2010; Cooney et al, 2011;
Carter and Phillips, 2013; Chermak et al, 2013; Darroch and Mazerolle, 2013; Ratcliffe et al,
2014). This purposive sampling approach is even more pertinent with regard to fusion
centers. As per the Department of Homeland Security-mandated fusion center guidelines
470
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
End-user perceptions
(Global Intelligence Working Group, 2005) and baseline capabilities of fusion centers
(Global Intelligence Working Group, 2008), each fusion center is required to maintain strict
security requirements, including having a sensitive compartmented information facility for
the handling of classified information.
Despite scholars not having an interest in classified information, the presence of such
security measures is believed to inhibit a willingness to share even the most basic of
information regarding fusion center practices. As a result, data extraction for research
purposes relies on a rapport between researchers and intelligence practitioners. Such an
approach is commonplace in other aspects of policing where information is sensitive, such as
policing cybercrime (Holt and Bossler, 2012), the mentally ill (Borum et al, 1998) and sex
workers (Simic et al, 2006). The present research required a purposive sampling frame in
order to accurately explore end users of intelligence products from the fusion center.
The present study utilizes a sample of law enforcement agencies that subscribe to the
fusion center’s intelligence E-mail listserv, which distributes a daily intelligence bulletin.
Information within this bulletin is divided into categories that include issues such as
officer safety, current threats, be-on-the-lookout (BOLOs) and emerging crime tactics and
techniques. A sentiment exists among some fusion center employees that very few people
read the bulletin on a daily basis. As a result of this sentiment, there has also been
dissatisfaction among some individuals who work to create the intelligence product because
they question the usefulness of their work. To date, there has been no systematic tracking of
the intelligence product to determine the number of people who access or share this product
within their agency. Thus, the fusion center was eager to understand more about its daily
product and to receive information that would help it decide how to make it more useful for
law enforcement subscribers who seek to best utilize the information it contains.
While beneficial for purposes of reaching end users, this listserv also created limitations
for generalizability of the findings to be presented. Owing to obvious security concerns, the
researchers were not able to have access to the persons directly through the listserv and thus
relied on fusion center personnel to disseminate the survey instrument. As a result, the
researchers had no control over the sampling frame. Simultaneous to the survey instrument
being disseminated, the listserv being utilized for sampling was continuing to expand as
part of a fusion center initiative to improve its reach to local law enforcement agencies.
A Web-based survey was disseminated to agencies on the fusion center listserv. At the time
the survey was initially disseminated to end users in March 2011, the listserv was comprised
of 427 state, municipal and tribal law enforcement agencies as well as public works, other
government organizations (such as the Attorney General’s Office) and members of the
private sector. When the sampling period closed in May 2011, the listserv included 609 total
organizations (from multiple contiguous states).
In total, 315 agency responses were received. Each response was unique to a single
agency. Since multiple persons from a single agency are included on the fusion center’s
listserv, it was clearly communicated to the fusion center research partner managing the
survey that any multiple responses from the same agency be identified. No multiple
responses from the same agency were observed. A conservative response rate of 53 per cent
(315/609) is reported for this study. Given the fusion center’s listserv is comprised of 85 per
cent state and local law enforcement agencies (as explained by the fusion center research
partner managing the E-mail dissemination) from urban areas and the proportion of state and
local agencies within the responses received was 87 per cent (and 67 per cent urban), the
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
471
Lewandowski and Carter
findings are likely not influenced by non-response bias. However, since access to the listserv
was restricted and no determinations could be made with regard to the characteristics of
responding versus non-responding agencies, it cannot be said with certainty that nonresponses bias is not a limitation to this research. In addition to the descriptive statistics to
follow, respondents were provided open-ended opportunities within the survey to express
levels of satisfaction or disappointment with the intelligence product bulletin.
Interviews with end-user personnel
To better understand the interaction of end-user personnel with the intelligence product and
the information reported in survey responses, interviews were conducted with the recipients
to provide more depth and context to the survey results. Creswell (2008, p. 4) characterizes this research approach as ‘a means for exploring and understanding the meaning
individuals or groups ascribe to a social or human problem’. The intent of employing these
interviews is not necessarily to arrive at an answer to a question, but rather to better
understand the interviewee’s interpretation of phenomena through the lens of their practical
experience (Seidman, 2006). Since state and local police departments represent the majority
of the intelligence product listserv, and are arguably the most direct end users of fusion center
products, a random sample of 20 municipal police personnel who completed the survey were
interviewed for this research. Though not truly a random sample as the sample population
does not include agencies that did not respond to the survey, the randomization process is
important to establish the absence of researcher bias in agency selection for interviews. The
researchers attempted to conduct interviews with agencies that did not respond to the survey
to gather more representative information. However, the fusion center could not release
contact information for agencies not consenting to be contacted via the survey. Respondents
were asked to include their contact information if they were open to being contacted regarding
their survey results; 112 persons provided their contact information. These 112 persons were
then arranged alphabetically by last name and numbered from 0 to 112.
A random number generator was then used to select 20 of these 112 persons. Of the
20 law enforcement personnel interviewed, 6 were chiefs of police or upper management,
8 were middle management and 6 were frontline supervisors or patrol officers. Each individual
was interviewed for a period of 1 hour using a semi-structured interview format to allow the
interviewer to employ proper follow-up queries in accordance with the person’s position
within the department (that is, chief had different perspectives of intelligence than frontline
officers). The insights provided by these personnel are critical to understanding under what
circumstances police utilize intelligence products. Trends from the open-ended survey
responses and interviews with personnel are included in the findings to provide contextual
insights to the limited descriptive data. NVivo software was utilized to organize and identify
thematic constructs from the qualitative information gleaned from the interviews.
Findings
For ease of interpretation, this section is organized by separating the survey and interview
findings across each key area. While such a discussion, specifically of interviewee insights,
472
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
End-user perceptions
Table 1: Descriptive statistics for survey respondents (n = 315)
Per cent (n)
Type of organization
Federal
State
Local
Tribal
Private
7.9 (25)
25.1 (79)
61.9 (195)
1.0 (3)
4.1 (13)
Level within organization
Upper level
Mid level
Frontline
33.6 (106)
30.2 (95)
36.2 (114)
Setting of department
Urban
Rural
67.6 (213)
32.4 (102)
may arguably be more appropriate within the conclusions and discussion section, the
information is provided here to contextualize the descriptive information. It should be noted
that the findings presented are basic descriptives. Exploratory analyses were conducted by
the researchers to provide additional insights from the data, such as variation by agency or
personnel type. However, since no observable differences were identified and given space
considerations for qualitative narrative, these analyses are not provided. A lack of variation
was also observed across interviewees. The lack of differences by agency type is perhaps a
welcomed diagnostic as intelligence practice (in theory) should not differ across varying
agencies (Ratcliffe, 2008; Carter and Carter, 2009a). In addition, it would be interesting to
examine these findings in parallel with crime. Differences in crime type and frequency could
likely influence agency perceptions of intelligence products. Unfortunately, such an analysis
was not possible because of the inability to identify specific agencies (fusion center security
concern) to link their responses with corresponding crime data.
Table 1 provides descriptives of agencies responding to the survey. The majority
(61.9 per cent) of respondents were local agencies while a quarter of the respondents
(25.1 per cent) were from a state organization and roughly 8 per cent worked for a federal entity.
Only 1 per cent was from a tribal organization and 4 per cent of respondents worked in the
private sector. There was an almost equal distribution of representation from upper-level
management (33.6 per cent), middle-level management (30.2 per cent) and patrol (36.2 per
cent). Most of the respondents (67.6 per cent) indicated that they worked in an urban setting.
Dissemination of the intelligence product – Survey
Survey items targeted how the intelligence product bulletin is received,1 how it is made
available to patrol and, if E-mailed, to how many people it is forwarded. Table 2 illustrates
the extent to which the intelligence product bulletin is disseminated. An overwhelmingly
majority of respondents indicated they received the bulletin via E-mail (84.4 per cent).
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
473
Lewandowski and Carter
Table 2: Intelligence product dissemination
Per cent (n)
How do you receive the intelligence product? (n = 270)
Personal/work E-mail
From the chief/head of your organization
Look-up manually
84.4 (228)
15.2 (41)
0.004 (1)
How is intelligence made available to frontline personnel? (n = 268)
E-mail
Meeting
Posting
Other
Not available
63.1 (169)
19.8 (53)
4.9 (13)
4.5 (12)
78.4 (21)
To how many people in your organization do you regularly forward the intelligence product E-mail? (n = 271)
1–5 people
15.5 (42)
6–10 people
7.1 (20)
11–50 people
8.5 (23)
51 or more people
2.6 (7)
Approximately 15 per cent indicated they received the bulletin from the chief administrator
of their organization (that is, chief of police) while only one respondent indicated manually
seeking the bulletin – likely through secured access of an electronic information sharing
system such as the Regional Information Sharing System Network (RISSNET) (www
.riss.net/). The primary audience for the intelligence product bulletin is the local law
enforcement community; specifically patrol as they have the most day-to-day contact with
the public. When asked how the information in the intelligence product bulletin is made
available to those patrol officers and frontline personnel, the majority of respondents (63.1
per cent) said it was made available by E-mail, followed by a much less frequency of those
receiving the information during a meeting (19.8 per cent) such as roll call, and just under 5
per cent indicated the information was posted in a public place within the agency. A similar
percentage of respondents indicated the information was made available through other
methods. Of the respondents who chose to provide an open response, a consistent theme
emerged that information was made available to specific units within the department – such
as gang or drug squads.
Important to the aspect of information availability is the possibility that information – in
this case the intelligence product bulletin – is passed between members of an organization.
Thus, more personnel within a department are likely receiving information beyond what is
captured by recipients on a listserv. Through interviews with officers from local agencies, it
was identified that in some departments the supervisor is the only person who receives the
intelligence product at their respective agency. He or she will then forward it to an
intelligence officer, patrol officers or the entire frontline and middle management. Table 2
illustrates the extent to which respondents indicated the intelligence product bulletin is
forwarded to others within the organization. Of those who responded, most indicated they
forwarded the intelligence product to 1–5 other people within their organization on a regular
basis (15.5 per cent). A similar number of respondents indicated they regularly forwarded the
474
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
End-user perceptions
bulletin to 6–10 (7.1 per cent) and 11–50 people (8.5 per cent). Less than 3 per cent indicated
they forwarded the bulletin to more than 51 people. Though the data do not allow for
comparisons of these findings to respondents’ agency size, these findings are likely related to
agency size. For example, while a respondent may have only forwarded the bulletin to 6–10
other persons, this could possibly represent the majority or entirety of the respondent’s
organization. A consistent trend of the respondents who provided an open response indicated
they selectively forwarded the bulletin to others whom they feel it was relevant.
Dissemination of the intelligence product – Interviews
In-depth interviews with officers from different agencies revealed four important and
interesting findings related to the dissemination of the intelligence product bulletin. First, a
trend that emerged from the interviews was that many of the officers interviewed did not
know how they initially started receiving the intelligence product bulletin E-mails. Many of
the officers in middle-management positions or in patrol said they started receiving the
intelligence product one day and surmised their chief had included their names on the list.
Moreover, these officers indicated they did not know whether others within the department
were on the distribution list, but believed their colleagues also received it as a result of being
enlisted by someone else as well. One of the detectives interviewed acknowledged he was
always under the assumption everyone in the agency received the bulletin until interviews
for this study were conducted and he was surprised to discover this was not the case. Second,
the extent to which one person within a department would take it upon him/herself to make
patrol aware of the intelligence product bulletin. Many departments lacked sufficient staff to
cull through intelligence and send out only what was relevant to patrol. A majority of the
officers interviewed indicated they printed out the bulletin, or specific parts of it, to distribute
to patrol or display on a board where it would be noticed by patrol.
Third, select officers may not forward the intelligence product to others in their agency if
they believe everyone is receiving it already. Regardless of department size, dissemination of
the intelligence product varies and is fragmented for some agencies. One officer interviewed
from an urban agency indicated the department had its own intelligence unit and integrated
information from the intelligence product into its own bulletin. Another officer, also from an
urban agency, indicated there was a lack information sharing and intelligence product
distribution in his department. Moreover, this officer went on to acknowledge this problem
exists even among the different patrol shifts as officers did not communicate important local
intelligence gathered from the night before. The final trend among the officers interviewed
was that not all officers had access to work E-mail, and those who did were not required to
check it regularly. Thus, the only way for them to receive the information consistently was if
someone within the department was tasked, or takes the initiative, to disseminate the
information to patrol via another manner – such as roll call or posting it within a common
place.
Utilization of the intelligence product – Survey
Critical to exploring the utility of intelligence products is the extent to which different
personnel within an agency use the intelligence provided. Responses to the item asking
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
475
Lewandowski and Carter
Table 3: Intelligence product utilization
Per cent (n)
Who in your organization primarily uses intelligence in the intelligence product? (n = 258)
Investigative personnel
36.0 (93)
Everyone
28.7 (74)
Patrol
24.4 (63)
Middle management
23.6 (61)
Senior officials
19.8 (51)
No one
2.3 (6)
Other
5.0 (13)
How often do you open the intelligence product attachment to read more about a topic? (n = 272)
Daily
59.2 (161)
1–2 times a week
29.4 (80)
Once a month
2.9 (8)
Never
2.2 (6)
Other
6.3 (17)
When was the last time you read the intelligence product attachment closely? (n = 271)
Within the last day
Within the last 3 days
Within the last week
Within the last month
Cannot remember
50.0 (136)
25.0 (68)
12.5 (34)
1.8 (5)
10.7 (29)
respondents to indicated who in their organization primarily uses intelligence were not
mutually exclusive; respondents could indicate multiple types of personnel as there are
likely to be multiple users and restricting responses to a single selection would not be
representative of practice. Table 3 presents the findings of the intelligence-users item. Of
those who responded, most indicated investigative personnel primarily utilized the
intelligence product bulletin (36 per cent) followed by the notion that everyone in the
organization utilized the bulletin (28.7 per cent). Patrol (24.4 per cent), middle management
(23.6 per cent) and senior officials (19.8 per cent) were indicated to utilize the intelligence
product similarly. A promising finding is that less than 3 per cent indicated no one in
the organization used the bulletin – thus hopefully reaffirming the overall utility of the
intelligence product to the organizations to which it is distributed.
In an effort to explore the extent to which recipients of the intelligence product bulletin
are reading the actual bulletin, respondents were asked to indicate the extent to which they
read the bulletin attachment for further information as well as the last time they read the
attachment closely. Beyond estimating the frequency of the actual bulletin being read, such
measures also highlight the extent to which the bulletin appeals to the recipients. Table 3
further illustrates the extent to which the intelligence product bulletin is utilized by the
recipients. The results are insightful. Of those who responded, 59.2 per cent indicated they
opened the attachment daily followed by 29 per cent that indicated they read the attachment
once or twice a week. Less than 3 per cent of respondents indicated they read the intelligence
product bulletin once a month or never.
Despite assurances that the survey was anonymous, survey respondents may have
answered in what they perceived to be a socially desirable way and thus may have felt the
476
© 2016 Macmillan Publishers Ltd. 0955-1662 Security Journal Vol. 30, 2, 467–486
End-user perceptions
need to overestimate how often they read the intelligence product bulletin. This bias was
hopefully mitigated via the Web-based survey format as evidence exists that people will
answer in a less socially desirable way when using an electronic survey (Kiesler and Sproull,
1986). In order to reaffirm these findings, a second question gauged respondents’ frequency
of reading the intelligence product bulletin within a past timeframe. These results are also
presented in Table 3. Among the respondents, 50 per cent acknowledged they read the
intelligence product within the last day followed by 25 per cent responding they had read it
in the last 3 days and 12.5 per cent within the last week at the time of the survey. Less than
2 per cent had not read the bulletin within the last month while 10.7 per cent acknowledged
they could not remember the last time they read the bulletin. The findings from these two
items related to the frequency at which recipients read the intelligence product bulletin
attachment were consistent with one another.
Utilization of the intelligence product – Interviews
In-depth interviews were conducted to provide further context to how patrol received the
intelligence product bulletin. In some departments, the chief had decided that all personnel
should regularly receive the bulletin; either by E-mail or during the roll-call meeting at
the beginning of the shift. Though the information was made available to all personnel, there
appeared to be no informal or formal mechanisms to motivate personnel to actually read the
bulletin. In other departments, only detectives received the bulletin. Interviews with other
officers indicated their agency practice was to print the bulletin and place it in the break room
or in a binder with other notices for the patrol. This binder would typically contain ‘BOLOs’
and other officer-safety notices.
Interviews with officers from different agencies provided context for why end users of the
intelligence product bulletin were motivated to open the attachment. Though respondents
reported a variety of motives that prompted them to read the bulletin, consistent trends
emerged. One of the most frequent trends was that officers perceived reading the bulletin as a
responsibility of their job. These officers said it was their due diligence to keep up with
threats in order to piece together information and make better decision...
Purchase answer to see full
attachment