Signs and Portents: The 'I & W' Paradigm Post-9/11

October 2, 2002 Topic: Security

Signs and Portents: The 'I & W' Paradigm Post-9/11

The revelations of recent months--about who knew what and when about Al-Qaeda intentions--have lent credence to the hypothesis that the attacks of 9/11 could have been prevented with the information we had in-hand.

The revelations of recent months--about who knew what and when about Al-Qaeda intentions--have lent credence to the hypothesis that the attacks of 9/11 could have been prevented with the information we had in-hand. The public testimony of the Joint Inquiry Staff of the House and Senate Intelligence Committees released on September 18, 2002 further supports this hypothesis. In order to assess the question of "intelligence failure" prior to 9/11--and to correct any defects for the future--defining and testing this hypothesis must form an integral part of the inquiry agenda.


During the Cold War (with Pearl Harbor still a relatively recent memory), the United States devoted a great deal of attention to solving the "indications and warning" (I&W) problem. We erected an "industrial age" system to facilitate "strategic warning" (determining who the enemy is and what his capabilities are), "operational warning" (what are the enemy's modes or operations of attack and how can we detect if they are being put into action), and "tactical warning" or "warning of attack" (the enemy is executing his attack plans). Moreover, and most importantly, this I&W system was tightly integrated into military and other response options and action plans (such as alerting and dispersing forces.) This system worked well, not by averting a second Pearl Harbor, but by giving successive presidential administrations the confidence that potential Pearl Harbors were not in the offing. This, in turn, allowed American policymakers to act calmly and rationally and not to overreact, even in periods of heightened international tension. Moreover, because the American I&W system was very effective, our adversaries were deterred from gambling on the likelihood of a surprise attack crippling the United States, preventing it from responding with overwhelming force.

Gathering intelligence on terrorists is a far more difficult task than assessing whether a strategic rival is planning a massive military attack on the United States. By nature, the terrorist works by stealth, avoiding targets for which elaborate military-style preparations are necessary. Nonetheless, the terrorist must still make preparations that do or can give some warning. He must mobilize, motivate, organize, prepare, and execute…all the while feeding, fueling, funding, and cajoling his operation. So in very rough terms, the Cold War paradigm of strategic-operational-tactical warning, with close links to a menu of response options, still has some utility.

Prior to 9/11, we definitely had strategic warning. Al-Qaeda openly proclaimed its intent to strike the United States. We knew it was gaining strength, recruiting members, and preparing capabilities, especially in Afghanistan. We experienced its attacks on our overseas perimeter. Three Directors of Central Intelligence, as well as other authorities, repeatedly warned that it was only a matter of time before major attacks were launched inside the United States.

By the summer of 2001, we also possessed a type of operational warning. We had amassed sufficient intelligence about the enemy's operational repertoire and had strong reason to suspect that suicidal use of airplanes as bombs was a major tactic. We had enough warning to conclude that the threat was mounting in the period immediately ahead. (The recent Joint Staff testimony is eloquent on both counts.)

Our challenge was to move beyond strategic and operational to tactical warning--or, at the very least, to turn what we had in strategic and operational warning into a threat assessment on which preventive action could be taken.

Most public commentary concludes that we were just not lucky or energetic enough to penetrate the enemy's immediate plans--to "uncover the plot" as FBI Director Mueller puts it--and therefore nothing could have been done. The hypothesis here is that we could have done better on extracting actionable warning and threat assessment from what we had. Long before the summer of 2001, a special analytical team should have been formed to assess what we possessed by way of strategic and operational warning, and to determine the following: What sort of attacks was the enemy planning? What were the high value-targets (we knew that prominent public buildings and the World Trade Center were high on the list), and what vulnerabilities could the enemy exploit?

Had such an echeloned, largely analytical, I&W-Threat Assessment-Response system been in place, it might have developed a menu of probable threats, with something like a 9/11 scenario high on the list. Certainly, other threats would probably have been there as well, such as large-scale truck bombings (because the enemy had successfully executed it at Khobar Towers), and perhaps a biological weapons attack (since the enemy had some capabilities in this area and the results would be terribly destructive). But "planes as bombs" should certainly have been there. We had sufficient indicators (e.g., from the Philippines in the mid-1990s) that this was in the enemy's attack repertoire. Moreover, such an attack could have a high probability of success, given the existing security regime and rules of engagement for response to hijacking attempts.


If we had been assessing our vulnerabilities and the capabilities of our enemies, we could have concluded that a scenario in which passenger airliners might be used in terrorist attacks was likely. In response, we could have tightened airport security against hitherto allowed lethal weapons. We could have put sky marshals on aircraft in rank order of their bomb "yield" potential, i.e., fuel load. We could have locked the cockpit doors. We could have equipped air crews with expandable police batons to defend against hijackers.

Above all, we could have changed the rules of engagement for dealing with hijack attempts--had aircrew been instructed to block entry to the cockpit at all cost, including enlisting passenger help, even if lives were threatened or lost, these attacks might have failed. Had such measures been announced, the hijackers might have been deterred. If not, we might have defeated the attacks and captured the hijackers, much as the hijacking of Flight 93 was defeated, alas too late to save the plane and the lives of the people on it.

By definition, 9/11 is a huge intelligence failure: available threat information did not bring about defensive action when it well might have, just as in 1941. That there were failures beyond the people and organizations beyond those traditionally classed as "the intelligence community" is clear. But these failures were inevitable if the intelligence input, especially the analytical input, was weak or lacking.

On available evidence, it seems that the matter was not one of a requisite warning system not having enough evidence because of weaknesses in collection or communication, although those weaknesses existed, but that the system simply was not there or was insufficiently robust. To be sure, there were many analysts working on the terrorism problem throughout the 1990s. But most of them were apparently doing operational support (homework for chasing bad guys) or current intelligence (packaging the results of collection), not real warning and threat analysis. A public indication of this is the proud claim of the intelligence community that everyday it sends to the policymakers a "threat matrix" containing 50-100 cells of information. This is a confession of an analytic vacuum, the more frightening because it seems to be unrecognized as such. This threat matrix is surely not the only analytical product sent to policymakers. But to give it pride of place suggests a defensive reflex at best, and a misappreciation of the function at worst. Clearly defensive reflexes are understandable and perhaps even forgivable in this situation. But to misappreciate the function is deadly.

Given that we had and publicly recognized strategic warning of terrorist attack on our homeland, why did we not create a real warning response system? Probably a variety of factors were at work: 1) The terrorism warning problem is different from and analytically harder than the military warning problem. It takes a lot of cerebration and invention to migrate the logic of the latter to the former task. 2) The counter-terrorism business is dominated by operators who are focused on running operations and collecting data, not on squeezing the most actionable judgments from limited information. 3) Throughout our national security establishment, including intelligence, there was a pervasive spirit of getting the Cold War behind us. Laudable to a degree, this may have blurred appreciation of Cold War lessons applicable to our new situation. 4) The peculiarities of the administration that governed through most of the past decade may have played a role. 5) The new administration, while festooned with people critical of the intelligence community, had other matters higher on its agenda than fixing intelligence problems. 6) Bureaucratically or organizationally, a fix to the terrorism-warning problem does not come naturally. During the Cold War, most of the intelligence entities responsible for warning, especially operational and tactical, were in the Department of Defense, as were nearly all the threat evaluation and response entities below the President (namely the military commands). Creating an I&W system for terrorism must lace together intelligence with many different entities, such as the Federal Aviation Administration (for airport security), the Department of Energy (for security at nuclear sites), and the Centers for Disease Control (in the event of a biological attack). Even with the shock of 9/11 and the creation of a Department of Homeland Security, this will be hard to do.