Monday, July 09, 2007

Fusion Centers: Overview and Criticism

Last week, the Congressional Research Service (CRS) published a new report that examines the rise of fusion centers as a critical element in the effort to share information among local, state, and federal homeland security professionals.

report is a critical examination of fusion centers, which distinguishes it from the glossy praise that fusion centers typically receive from local, state and federal authorities, as well as key politicians and DHS Secretary Michael Chertoff.

Let's take a look. I've reorganized CRS' comments into a few major categories:

Fusion Centers' Establishment and Organization:

First, a bit o' history. Fusion centers did not spring forth fully formed from the head of Michael Chertoff, or even the head of Tom Ridge. Instead, they were a logical outgrowth of a number of phenomena, including new philosophies of policing, the war against drug trafficking, and 9/11:

While the [9/11] attacks were the direct impetus for the creation of most state and regional centers, the fusion center movement did not occur in a vacuum and can be best understood as a continuum of a mounting tide. Important influences include the increasing favor of the Intelligence-Led Policing model, among others; the perception that the High Intensity Drug Trafficking Area (HIDTA) Center structure was successfully enhancing coordination; rising agreement amongst Governors that each state should have a fusion center; and the support of the President and key federal homeland security entities, such as the Homeland Security Advisory Council (HSAC), and the Director of National Intelligence (DNI) — Information Sharing Environment Program Manager’s Office.

Since 1990, 28 areas have been designated as HIDTAs across the country. HIDTAs are designed to be multiagency entities that facilitate the coordination of law enforcement counterdrug efforts across all levels of government. Prior to 9/11, the benefits of collocation, coordination of resources, and information sharing across agencies was apparent to many in the law enforcement communities, and there were several states and regions that were looking to replicate the HIDTA model in their communities.

In several cases, post-9/11 state/regional fusion centers have been located with HIDTA centers, and in one case, organizationally linked with the local HIDTA...
And although the federal government has done a lot to encourage the development of fusion centers over the past few years, they remain a state entity - for the most part under the auspices of the state law enforcement agency. Local law enforcement is less represented:
The overwhelming majority of the centers examined by the authors are statewide in jurisdiction and are largely operated by the state police or state bureau/division of investigation. These state fusion centers are largely the outgrowth or expansion of an existing intelligence and/or analytical unit or division within the state’s law enforcement agency.

Furthermore, the majority of sworn officers detailed to fusion efforts are from state police agencies and state bureaus of investigation, rather than local departments. Some may argue this is natural given the majority of fusion centers are state-wide entities that grew out of state police/bureau of investigation intelligence/analysis units. Of the local law enforcement agencies represented, the overwhelming majority are from the largest local police departments in the country, which have more resources, and in some cases, intelligence units (which are somewhat rare in local police departments).
Yet there is diversity among the centers in their funding, staffing, organization, and goals:
Fusion centers are state-created entities largely financed and staffed by the states, and there is no one “model” for how a center should be structured. State and local law enforcement and criminal intelligence seem to be at the core of many of the centers. Although many of the centers initially had purely counterterrorism goals, for numerous reasons, they have increasingly gravitated toward an all-crimes and even broader all-hazards approach. While many of the centers have prevention of attacks as a high priority, little “true fusion,” or analysis of disparate data sources, identification of intelligence gaps, and pro-active collection of intelligence against those gaps which could contribute to prevention is occurring.
And though most centers focus on law enforcement, there is a general shift toward a broader, all-hazards approach, which includes a wider variety of public safety agencies:
In general, the fusion centers studied for this report remain largely law enforcement oriented entities. That said, centers appear to be increasingly bolstering their non-sworn officer ranks and reaching out to non-law enforcement homeland security partners.

All-hazards centers are more likely than their counterterrorism or all-crimes colleagues to have non-criminal justice personnel, to include Department of Health, Fire, Emergency Management Services (EMS), and other non-traditional homeland security partners in the public sector.

The rise of fusion centers is representative of a recognition that non-traditional actors — state and local law enforcement and public safety agencies — have an important role to play in homeland defense and security.
In an article discussing the CRS report, Government Computer News labels this expanded role "mission creep." I tend to disagree, as many of the preparedness and response functions are similar, regardless of the cause of the incident (e.g., the response to a bioterrorism incident will be similar in many ways to a naturally occurring disease outbreak).

Fusion Centers' Counterterrorism Function

The idea of fusion centers has always been to be a proactive element in counterterrorism.
From a law enforcement perspective, it has been argued that state and regional intelligence fusion centers, particularly when networked together nationally, represent a proactive tool to be used to fight a global jihadist adversary which has both centralized and decentralized elements. This network of fusion centers is envisioned as a central node in sharing terrorism, homeland security, and law enforcement information with state, local, regional, and tribal law enforcement and security officials.
One problem, though, is that much of the information-sharing tends to be reactive rather than proactive:
However, research indicates that while fusion centers want to become more proactive, many continue to follow a reactive model. Most fusion centers respond to incoming requests, suspicious activity reports, and/or finished information/intelligence products. This approach largely relies on data points or analysis that are already identified as potentially problematic. ... [I]t could be argued that this approach will only identify unsophisticated criminals and terrorists. The 2007 Fort Dix plot may serve as a good example — would law enforcement have ever become aware of this plot if the would-be perpetrators hadn’t taken their jihad video to a video store to have it copied?
I've covered the vulnerabilities of the Fort Dix plotters in a previous post, and I agree that a more proactive stance would have offered a greater chance of uncovering more vulnerabilities.

Of course, the Fort Dix plotters, like many others, had more ambition than operational skill. The critical question is whether a reactive information-sharing center could stop a well-trained, disciplined terrorist group, especially if they avoid committing precursor crimes or hide their tracks well. CRS is skeptical:

It could be argued that sophisticated terrorist operatives may be so well trained as to avoid any potential illegal activity that may undermine their inimical plots. These operatives may dissociate themselves from direct interaction with supporters who may engage in criminal acts. Do all terrorists or terrorist supporters within the United States engage in criminal activity? The answers to this question are arguable. If, however, the premise that sophisticated terrorists do not necessarily engage in criminal activity is accepted, is reactive and ex post facto collection of intelligence sufficient to uncovering sophisticated terrorist plots?
Also see these prior posts regarding the link between precursor crimes and terrorism. They also suggest that a proactive stance is required.

Fusion centers with stronger information-sharing mechanisms for counterterrorism tend to be those that run under the direct auspices of the state law enforcement agency:

An important consideration when assessing the maturity of fusion center information sharing and analysis efforts is the centers’ access to and quality of relevant information and intelligence.

The fusion center leadership of state-wide centers, which were largely “owned” by one state agency, tended to have a more direct relationship with the “boots on the ground.” These centers operated under the same parent agency, usually a state police or investigation agency, making it easier to have direct access to both investigators and their information/intelligence collection efforts.
Fusion Centers' Broader Homeland Security Functions:

After initially focusing mostly on counterterrorism and crime-solving, fusion centers have been broadening their scope - but crime is still a major focus, and there is a lot of variety among the centers:
Given the fractured development of grassroots fusion centers around the country, and the broad nature of federal guidelines on the subject, fusion centers have significantly different roles and responsibilities. Some fusion centers are solely counterterrorism focused, while others have a broader mission. Some are prevention oriented, while others have a response and/or recovery role.

Many of the “first-wave” centers, those created soon after 9/11, were initially solely focused on counterterrorism. Today, less than 15% of the fusion centers interviewed for this report described their mission as solely counterterrorism. In the last year, some counterterrorism-focused centers have expanded their mission to include all-crimes and/or all-hazards.

A little more than 40% of fusion centers interviewed for this report describe their center’s mission as dealing with “all-crimes.” There were shades of meaning in the definition of “all-crimes” across fusion centers. Some fusion centers were concerned with any crime, large or small, petty or violent. Such centers provided support to investigations into single criminal acts and larger criminal enterprises. Some centers, however, focused on large-scale, organized, and destabilizing crimes, to include the illicit drug trade, gangs, terrorism, and organized crime.
Further diversity is found in the "all-hazards" approach:
A little more than 40% of fusion centers interviewed for this report describe their center as “all-hazards” as well as all-crimes. It appears as if all-hazards means different things to different people ...

For some, all-hazards suggests the fusion center is receiving and reviewing streams of incoming information (i.e., intelligence and information) from agencies dealing with all-hazards, to include law enforcement, fire departments, emergency management, public health, etc. To others, all hazards means that representatives from the aforementioned array of public sectors are represented in the center and/or considered partners to its mission. At some centers, all-hazards denotes the entity’s mission and scope — meaning the fusion center is responsible for preventing and help mitigating both man-made events and natural disasters. For others, “all-hazards” indicates both a pre-event prevention role as well as a post-event response, and possibly recovery, role.
Without some kind of consistency, the question arises as to how well the fusion centers can share information with one another and the federal government. If the information is so varied in its content from different centers, this may complicate the process of gaining full situational awareness.

Fusion Centers' Information Sharing Function:

It goes without saying that, regardless of whether the subject is counterterrorism or disaster preparedness, a key function of the fusion center is information sharing. An overview:
The majority of fusion centers interviewed for this report serve a solely, or at least primarily, analytic role. These centers operate a support function for operations and investigations, but are not directly engaged in such activities, although there were some exceptions.

In order to prevent, as well as mitigate, a variety of threats, fusion centers work to enhance information sharing, conduct threat assessments and analysis, and support and/or facilitate preparedness efforts. To those ends, most fusion centers acted as:
  • intelligence/information relay centers;
  • collocation centers for personnel from various agencies (often with access to their agencies’ databases);
  • facilitators of coordination on a variety of projects;
  • analytic centers; and
  • case support centers.
The stated emphasis is toward prevention:
Most fusion centers fulfill both prevention and response functions, with a bias toward prevention.
That's good, but without a proactive stance (as discussed earlier) the question arises as to how well they may be able to fill this prevention role. In addition, some fusion centers play a much more direct role in response and recovery:
However, in numerous cases, the fusion center is described as playing a situational awareness role to support the emergency operations center (EOC) during events. Some fusion centers said they had a reserved seat at the EOC that they could access during events.
Fusion Centers' Information Sharing Process:

Given that one of the most critical roles that a fusion center plays is a central node for sharing information, it is vital for the information-sharing processes to be efficient and robust. But many fusion centers are still new, so there are still problems with the system:
Moreover, the development of a process for gathering information according to clearly defined information requirements in fusion centers remains nascent.
One ongoing problem is that not everyone's systems talk to one another - a common concern at all levels:
Research indicates that there may be a misconception that all states and regions are operating sophisticated intelligence management systems that have access to all databases available within their jurisdiction. Not every state has a state-wide intelligence system, in fact many don’t.

Even states that have such a system, often don’t have access to all the data pools outsiders believe they do. For example, one center that is more mature than many of its counterparts reported having access to only 30% of the law enforcement data in the state — and that was good compared to other respondent fusion centers.

[F]usion centers and states continue to purchase systems that operate using proprietary language and that cannot “speak” to other systems without additional equipment and costs.
Beyond the technical concerns, there are questions about whether there is shared understanding about what "intelligence" means:
Another philosophical concern stems from the different conceptions of intelligence among the intelligence and law enforcement communities. In the absence of a common understanding about what constitutes intelligence, fusion center development and progress may be impeded.
In Washington DC, this lack of shared understanding has manifested itself in less-than-ideal information sharing:
In January 2007, Washington, DC, Police Chief Kathy Lanier testified to the cultural differences and lack of understanding between SLT and federal communities:

[T]he Department of Homeland Security is not a law enforcement agency like the FBI ... is a law enforcement agency.... So it’s very difficult for them to understand what my need to know is, if they don’t know what it is that I do. If they’re not familiar with what I do on a daily basis, what resources I have, and how I can reduce vulnerabilities through the daily activities of more than 4,500 employees here in Washington, D.C. ... So a lot of information doesn’t get to me, because they don’t believe I have a need to know.... I think it’s just a lack of understanding. And this is not in all DHS’s fault ... local law enforcement’s just as much at fault. The Department of Homeland Security is not completely aware of what our operational capabilities are and how the information, if passed on to us, could be used to reduce the vulnerability.... So information that may be shared with us is not shared with us because they don’t think it’s something that we can do anything with or that we can use to help reduce that vulnerability.
Relationship with Feds re: Info Sharing:

Lanier's complaint is a nice segue into the topic of local-state-federal information sharing in the fusion centers. CRS says the FBI tends to enjoy a better relationship with fusion centers, and not just in the nation's capital:
Overall, relationships with DHS were described by fusion centers having a DHS detailee as relatively positive. However, by comparison, fusion centers reported a more favorable relationship with the FBI than DHS.
But the relationship between these federal agencies left something to be desired:
A common refrain from state fusion center leadership was that there was no coordination between the FBI and DHS with respect to substantive mission support and resource allocations were often duplicative or nonexistent.
The state-federal relationship - with any agencies -
may be aided by collocating fusion centers with federal agencies:
To varying degrees, federal participation in state and regional fusion centers appears to influence the relationship between levels of government, state, and local access to information and resources, the flow of information/intelligence, and maturation with regards to intelligence cycle functions. Approximately 30% of fusion centers are collocated with a federal agency(s), and as a result, that federal agency(s) may have a significant influence on their development, operation, and even budget demands.

There appears to be a direct correlation between contact between a federal agency and a fusion center, and the center’s positive outlook on the relationship between the two. In general, fusion centers collocated with a federal agency reported favorable relationships with that agency. This was often in stark contrast to the views of other fusion centers not collocated with a federal agency(s).
Specifically, federal agencies can help with security clearances for local and state personnel:

Almost all fusion centers studied for this report had multiple personnel with security clearances, although there were a couple of exceptions that had few if any cleared personnel. On average, fusion centers appear to have 14 staff with Secret clearances, which is not insignificant considering the average staff size of the fusion centers interviewed for this report was approximately 27 full-time persons. Clearances for state and local personnel were not restricted to Secret-level clearances, but also included some Top Secret (approximately 6 persons on average) and Top Secret-Secure Compartmentalized Information (SCI) (approximately one person on average) clearances as well

Fusion center representatives claimed that in recent months DHS has increasingly conducted security clearances for state and local personnel at fusion centers. Fusion centers claimed that the DHS process has improved to the point that it was faster than the FBI’s.

In addition to the significant number of cleared state and local personnel at the fusion centers, fusion center collocation with federal agencies has also increased state/local access to threat intelligence and information. However, often that access was indirect (i.e. a federal official may need to access the information on behalf of state and local fusion center staff).
But one big problem is the volume and form of the information that comes into the fusion centers from federal agencies:
Numerous fusion centers officials claim that although their center receives a substantial amount of information from federal agencies, they never seem to get the “right information” or receive it in an efficient manner. According to many state fusion center leaders, often pertinent threat intelligence must be requested by fusion centers, rather than federal agencies being proactive in providing it. The obvious difficulty arises regarding the inability to request relevant threat information that is unknown to members of the fusion center.

[A]ccording to some fusion officials it appears that information sharing from the federal government to the state and local fusion centers continues to be a largely reactive, especially when it comes to information state and local officials believe is relevant to their jurisdiction. Several fusion center officials remarked that they receive such intelligence and/or information when they request it, which is an improvement over pre-9/11 situation, however according to fusion center officials, federal agencies are still not proactive in reaching out to state and regional fusion centers, sometimes even when a connection to that locality is apparent in an analytic product.

The fusion centers interviewed for this report cited numerous sites operated by federal agencies that they needed to check in order to receive information from the federal law enforcement and intelligence communities, including, but not limited to, the HSIN and its sister systems HSIN-Secret and HSDN, Law Enforcement Online (LEO), Federal Protective Service (FPS) portal, Regional Information Sharing Systems (RISS), among others.

Respondent fusion center officials remarked that their staff could spend all day, every day reviewing all the information posted on these systems, and still not be confident they had seen all relevant and/or unique data. Often information is duplicated on several sites, but because of the occasional situation when it is not, fusion center officials believe they need to check them all.
The upshot of this? Fusion centers compile and sort information but because the process is so cumbersome, they aren't able to add much value.

Relationship with private sector:

Relationships with the private sector - the benefits of which were recently described in the Governors Guide to Homeland Security (also see this post) - also could be improved:
There is also a misconception that fusion centers, and the information management systems that some of them manage, have access to vast amounts of private sector data. This is largely unfounded.

The flow of information from the private sector to fusion centers is largely sporadic, event driven, and manually facilitated. It does not appear that these databases are directly linked together. In general, the private sector seems very wary of that level of sharing — concerned with lack of government safeguards, industrial espionage, exposing weaknesses to competitors, as well as privacy and civil liberties concerns.

The relationship and role of the private sector is a function that most state fusion centers have yet to fully define and/or embrace.
Critical infrastructure is an obvious area for improvement:
Very few of the state and regional fusion centers have an infrastructure sector representative detailed to their organization and rely, in part, on open-source information, data provided by the federal government, or contract data vendors for information about threats to a critical infrastructure facility.

Information Sharing and Analysis Center (ISAC) organizations, originally envisioned as a mechanism for the sharing of critical infrastructure information between partnering corporations and with the federal government currently are not being fully utilized by state and regional fusion centers as a resource for information.

CRS asks if, given these constraints, fusion centers can really be effective:
It could be argued that if information flow into fusion centers is limited, the quality of the information is questionable, and the center doesn’t have personnel with the appropriate skill sets to understand the information, then the end result may not provide value. Furthermore, if fusion center constituent agencies don’t buy into a common fusion and prevention philosophy that arguably needs to accompany fusion centers (i.e., responsibility for security, a proactive approach, and need for understanding their environment to discern potential threats) can fusion centers be effective?
The answer is yes. A more proactive stance is possible; it just requires a different mindset, better understanding, better processes, and better tools:
Embedded in the fusion process is the assumption that the end product of the fusion process can lead to a more targeted collection of new intelligence, to include private sector data, which can help to prevent crime. It could be argued that through a more pro-active and targeted intelligence process, one that has as its starting point an intelligence gap, or unknown about a particular threat, it is possible that sophisticated criminal groups could be undermined.
Ideally, how might the fusion center analysts such a proactive stance?

Rather than wading through the information that comes into the fusion center, an analyst there might proactively search for connections that may indicate, for example, the nexus between crime and terrorism.

The analyst could gather reports from many sources to analyze precursor crimes (e.g., identity theft, drug dealing, counterfeiting) to see if there are any red flags with relation to a terrorist threat. They could check immigration databases, criminal records, etc., to determine whether any threats may exist.

When suspicions are raised, they pass on this information to local, state, and federal law enforcement, who may decide to proceed with an investigation.

Of course, this does not preclude a reactive engagement. The fusion center analysts can and should examine the data that comes to them. But if they simply collect the information that comes to them, they are compilers and sorters rather than active participants in counterterrorism.

You have to start by asking a question. Do the research, find the answer to that question. Maybe it leads somewhere, maybe it doesn't. When it does lead somewhere, follow up. When it doesn't, ask a new question.

That's how to be proactive.

The future of fusion centers:

Back in the real world, CRS gazes into the crystal ball and finds that, in spite of today's sunny rhetoric regarding fusion centers, it's possible they won't have a long shelf life:
It could be argued that in the absence of another terrorist attack or catastrophic natural disaster, over the course of the next 5 to 10 years, state and regional fusion centers may be eliminated and/or replaced by regional fusion organizations.

It is likely that the fate of fusion centers would differ drastically from state to state, depending on a range of factors, to include, their level of maturity, buy-in from other agency partners, their resource needs, and noted successes, balanced with other critical issues and programs within the jurisdiction.
In short, fusion centers are enjoying a honeymoon period now; but in the long run they will have to prove their value.

No comments: