Fusion Centers Forge Ahead
Signs of Cold-War-era threats to national security—troops massing, submarines departing, and missile launchers where they weren’t before—were easier to detect than today’s more subtle indicators of terrorist activity. Emerging terrorist threats can hide in plain sight on our own soil, scattered among millions of driver’s license applications and bank transfers or amid tourists snapping photos of national icons. In this new environment, vigilance is everyone’s job, and the tasks of vetting, analyzing, and sharing information about threats can’t be left to the federal government alone.
In recognition of that fact, there is a growing network of intelligence fusion centers. More than 70 operate at the state, regional, and urban levels. The question eight years after 9-11 is: How well are these centers fulfilling their goals of information collection, analysis, and dissemination—and to the extent that these efforts are falling short, what remains to be done to meet the goals and to ensure the future sustainability of these centers?
Fusion centers can gather information from two primary sources: government and commercial-sector repositories.
Government portals. Among the places fusion centers turn to for data are a growing number of national data portals. Even before 9-11, the Department of Justice (DOJ)-led Regional Information Sharing Systems (RISS) had evolved into the RISS Automated Trusted Information Exchange (ATIX). Meanwhile the Department of Homeland Security (DHS) offers its Homeland Security Information Network State and Local Intelligence Community Interest (HSIN-SLIC) for nonclassified information, and two secret-level portals—the Homeland Security Data Network (HSDN), which is geared expressly toward fusion center analysts, and the National Counterterrorism Center (NCTC) Online.
Most of the country’s fusion centers have access to the two secret-level portals, either via a secure HSDN connection or the FBI’s FBINET portal, according to John Cohen, a spokesman for the Program Manager, Information Sharing Environment (PM-ISE).
Many fusion center administrators embrace the multitude of portals, which they say gives them options for customizing data influx. It’s up to fusion center administrators themselves to decide which portals they choose to tap. When possible, federal administrators distribute the same information on different portals. Information is then “scrubbed” to different degrees depending on the portal’s security level to ensure that it reaches as many stakeholders as possible.
The process is, however, far from efficient, says Paul Wormeli, executive director of the IJIS Institute, a nonprofit research corporation formed by the DOJ and industry stakeholders to improve information sharing. “One of the complaints I hear is that they’ve got to check so many portals all the time that they don’t have time to do anything else,” he says.
The number of portals is not the only drawback to the current model. Another is the passive nature of the process. The model must change so that critical data is pushed out by its owners rather than waiting to be pulled in by those who need it in the field, says Wormeli.
The government should adapt the latest information technology to the ISE to help it deliver information to stakeholders.
Among the technologies that can be leveraged are custom content, RSS feeds, and blog technology, Wormeli says.
Commercial databases. A majority of state and local intelligence fusion centers subscribe to services from consumer database vendors such as LexisNexis, Lexis’s Accurint, and ChoicePoint, which house public-record data as well as personal data like credit applications or unlisted mobile telephone numbers.
Scott Weaver, a senior analyst at the Delaware Intelligence Analysis Center (DIAC), the state’s fusion center, says that information in these consumer databases can help center analysts assess whether an event is innocuous or bears the mark of a potential link to terror.
A fusion center analyst might pursue a lead stemming from a report of suspicious activity, such as possible surveillance of critical infrastructure. The officer who responded may have obtained the individual’s name, address, telephone number, and vehicle license plate number—all of which he forwarded to the fusion center via the state’s “tips and leads” system.
A check of government databases, including motor vehicle records or National Crime Information Center data, might not generate anything out of the ordinary. A consumer database check, however, might indicate that the individual applied for credit cards at an address not listed with that name in any government records. A further check might reveal that a permanent resident of that unlisted address is on the federal terrorist watch list, Weaver explains.
Local databases. Criminal and threat data collection from local jurisdictions is a critical element in a fusion center’s construction of a complete threat picture, but the ability to query those multiple local databases has yet to mature. The obstacles to interoperability between fusion centers and local law enforcement agencies’ record management systems (RMS) are the same as those that prevent voice interoperability: technology, licensing restrictions imposed by individual agencies’ vendors, and cultural resistance. States that have succeeded in tying jurisdictions together credit leadership, hard work, and the ability to convince locals that buy-in is worth their while.
At the New Jersey Regional Operations Intelligence Center (ROIC), or “the Rock,” the fusion center’s staff faces the monumental task of establishing access to the RMS’s of 470 police departments representing 566 municipalities, explains director Richard Kelly. “We want to be able to search everything, so we could see if Mohammad Atta ever got a parking ticket in Roselle,” Kelly says. “You can’t connect the dots if you can’t see them.”
Thus far, ROIC has succeeded in the state’s two largest counties, thanks to “middleware” developed by DOJ’s Bureau of Justice Assistance. The program is most widely known under the name of the Global Justice XML Data Model. More recently, DOJ and DHS have rebranded their middleware initiative as the National Information Exchange Model.
Other states have applied commercial data management systems. Georgia accesses criminal records statewide with a customized application called Guide Star. Wayne Smith of the Georgia Bureau of Investigation (GBI), special agent in charge of the Georgia Information Sharing and Analysis Center (GISAC), says that securing buy-in from local jurisdictions was not a challenge for GISAC, due in large part to the state’s existing culture of intelligence-led policing, coordinated through the GBI’s Intelligence Unit.
Some states starting from scratch don’t have it so easy. In Utah, the Statewide Information and Analysis Center (SIAC) grew from an existing criminal intelligence operation, the Utah Criminal Intelligence Center. Yet that operation, which grew out of the state’s preparations for hosting the 2002 Winter Olympics in Salt Lake City, was mostly a state and federal operation.
When Utah Department of Public Safety Homeland Security Director Col. Keith Squires and colleagues engaged county and local jurisdictions about tying together data systems, they encountered resistance originating from local departments’ IT vendors. More recently, however, the Salt Lake City region has committed federal Urban Area Security Initiative funding for an information-sharing architecture to be developed along with the state. This commitment has brought the region’s three major RMS IT vendors to the table, which bodes well for statewide efforts, says Deputy Homeland Security Director Maj. Jeff Carr.
New Jersey’s ROIC encountered many of the same problems when it engaged county and local partners about middleware. But DOJ’s middleware simply “pings” outside databases to query relevant information and, thus, doesn’t violate agencies’ usage agreements with vendors. “Once folks saw how it works and the benefits, most of the resistance evaporated,” Kelly says.
Local coordination. To facilitate proper data collection at the local level, many fusion centers have assumed responsibility for coordinating local terrorism liaison officer (TLO) programs. Under the TLO programs, one or more officers in each local jurisdiction are trained in basic intelligence-led policing and counterterrorism. Those officers serve as information conduits between localities and fusion centers.
Local officers are more than willing to help. In Ohio, for example, William Vedra, executive director of the state’s Division of Homeland Security, says a volunteer officer from each of the state’s 88 counties has stepped forward to participate in the program.
Fusion centers need to get the information they collect to the people who need it most. But deciding on the best ways to deliver refined products to their stakeholders at the local level hasn’t been easy. Many centers began by sending out weekly bulletins of mostly open-source intelligence, but this method generated volumes of redundant information, most of it marginally useful to recipients. Centers now favor shorter weekly or monthly intelligence wrap-ups, supplemented by specific alerts or bulletins as threats dictate, usually designated “law enforcement sensitive.”
The Arizona Counter Terrorism Information Center (AcTIC) has added an extremely popular product to intelligence bulletins: a separate “analyst comment” following the intelligence content itself. The feature provides analysts a forum for their candid take on the nature and the severity of a threat. “Most of our consumers go straight to that,” says AcTIC spokeswoman Lt. Lori Norris of the state’s Department of Public Safety.
To minimize the technical burden of its Homeland Security Information Reports and to increase use, Ohio’s Strategic Analysis and Information Center (SAIC) does not transmit them in file attachments via mass e-mails. Instead, SAIC posts them to its secure Contact Information Management System (CIMS). When new products are posted, SAIC sends a standard e-mail to its vetted subscribers—located in more than 700 agencies across the state. The e-mail then instructs the stakeholders to log into CIMS to read news bulletins or advisories.
Clearances and classifications. Access to government-held information is inexorably tied to the question of security clearances and classifications. While officials at the federal level continue to wrestle with clearance issues, fusion center administrators say they no longer consider them a significant problem.
Until a few years ago, many fusion center operators complained that the FBI, the historical issuer of secret clearances for law enforcement officials, would not recognize clearances issued by DHS. Now the agency does recognize them so long as DHS-issued clearances are passed through FBI headquarters for verification, says FBI spokesman Brian Hale.
For classifications below “secret” and “top secret,” the federal government has begun consolidating 56 different “sensitive but unclassified” (SBU) document designations under a single “controlled unclassified information” (CUI) designation, per a directive issued last year by the White House.
While fusion centers handle information bearing “secret” and various SBU designations, fusion center directors say they classify their products either “law-enforcement sensitive” or “open source.”
Like other directors, Smith, who runs GISAC, explains that his analysts do what they can to make data accessible to the largest number of stakeholders. For example, last year GISAC received a restricted DHS bulletin about the discovery of an improvised explosive device near railroad tracks that service a coal-burning power plant in rural Washington State. The bomb consisted of wires and a blasting cap attached to a household propane tank.
Before packaging and distributing the information as law-enforcement-only intelligence, GISAC looked for news reports about the event using public Internet search engines and found coverage. GISAC notified DHS. Because the threat had been disclosed publicly, DHS reclassified the bulletin, and GISAC was able to distribute the information more widely, Smith says.
New Jersey officials likewise strive to make information accessible. “It doesn’t do us any good if we have information we can’t share with anyone,” says Kelly.
State and local officials have urged federal partners, specifically NCTC, to adopt a “tear sheet” approach to the distribution of intelligence. That means that federal officials redact sources and methods from intelligence products, allowing broader distribution of the content. NCTC formed the Interagency Threat Assessment Coordination Group (ITACG) in 2007 for this very purpose.
Fusion centers may proactively take that approach themselves. Smith says that in the face of an imminent threat, his staff would use its own judgment and redact federal bulletins themselves to distribute information quickly.
The core of every fusion center is its analytical component. In the years since 9-11, however, intelligence operations at all levels of government have had to fight to hire and retain the nation’s limited number of qualified intelligence analysts. Kim Edd Carter, coordinator of the Oklahoma Information Fusion Center (OIFC) calls lack of analytical capability a critical “national intelligence deficiency.”
To address the need, DHS expanded the permissible uses of state Homeland Security Grant Program (HSGP) funding, which was formerly restricted to equipment and training, to include salaries of state intelligence fusion center analysts. Yet those grants only cover a maximum of three years. Many qualified analysts can choose between a potentially finite tenure at a state fusion center and a more secure and better paying job with a federal agency or government contractor. Arizona’s AcTIC and Georgia’s GISAC, for example, have lost analysts to the FBI.
Some fusion center directors have accepted the notion of providing entry-level analysts with training and benefiting from their service for a limited period before they accept other opportunities. “You can’t tell people, ‘Be committed to our mission, but don’t make any money,’” says Kelly of New Jersey’s ROIC.
The tight market has led to poaching among fusion centers as well. Arizona lost one of its analysts to the city of Phoenix, Norris says. Squires says Utah’s planned SIAC will be run by an official hired away from the Boston Regional Intelligence Center.
Capt. Bill Harris, director of DIAC, says Congress could alleviate the problem somewhat by making state analyst funding a reliable budgetary line item each year, as is the case with funding for several emergency management planning and targeted criminal justice initiatives.
Cohen of PM-ISE says federal officials are focused on setting baseline capabilities for the country’s fusion center network, which will indicate the base of analysts needed. Simultaneously, his office coordinates training so that fusion center analysts, who come from disparate backgrounds, observe ISE guidelines and best practices.
The shortage may ease as current students enter the work force. Increased public familiarity with the analytical side of intelligence has led to more interest among students, such as those at Boston’s Northeastern University, which now offers an academic track in analysis.
Until recently, state and local law enforcement officials involved in information-sharing efforts complained that federal agencies were not “walking the walk.” Their agencies pushed all the information they could to Washington, only to receive a trickle in return.
That has started to change, with establishment of ITACG, which crafts intelligence for law enforcement and the standup of new data portals like HSIN-SLIC and NCTC Online.
But fusion center administrators say that success in state and federal information sharing relies on the same factor as success in the emergency management element of homeland security: trusted relationships. Those relationships can only develop with regular, face-to-face interaction. That occurs when federal agencies assign representatives to fusion centers or in the rare cases in which fusion centers are co-located with the primary units charged with investigating suspected terrorist plots: regional joint terrorism task forces (JTTFs), officials say.
As of late summer, DHS had posted officials at 36 fusion centers, while the FBI has more than 100 employees assigned to 38 fusion centers. At least six fusion centers are co-located with JTTFs.
AcTIC, one of those co-located, grew from a two-person campaign launched in 2002 by FBI Special Agent Ray Churey, former head of the Phoenix regional JTTF, and then-Arizona State Police Major Norm Beasley. AcTIC spokeswoman Norris says that law enforcement officials from other jurisdictions bear negative preconceptions about collaboration with G-Men.
“People’s reaction is, ‘You’ve got the FBI there? How can you work with them?’” But in AcTIC’s case, familiarity has bred cooperation, and Norris says federal information sharing is “greatly improved.”
At GISAC, another co-located facility, day-to-day collaboration has completely worn away any institutional egos and territorial tendencies. “They trust us like they’d trust other FBI agents,” Smith says.
Relationships forged at GISAC form a conduit. “The FBI may not trust the locals, but they trust the fusion center, and the fusion center trusts [the locals],” according to Smith.
Public-private cooperation. Achieving robust public-private collaboration in the collection, analysis, and dissemination of terrorism-related intelligence has proven a tall order. Some industry sectors have information sharing and analysis centers, but they have not yet adopted a framework for sharing information with government entities.
A few states, such as Illinois and Delaware, have succeeded in formally sharing nonclassified products with private-sector stakeholders. States where fusion center operators and private security officials have achieved some level of collaboration say it took a lot of work and is largely the result of having built up trusted relationships.
Illinois’ fusion center, the Statewide Terrorism and Intelligence Center (STIC), coordinates the state’s Infrastructure Security Awareness Program, through which 180 members from 111 different companies receive electronic bulletins on current threats, according to Illinois State Police spokesman Lt. Scott Compton. To further public/private communication, this year STIC established a position for a private-sector critical infrastructure specialist funded by the Illinois Law Enforcement Alarm System and the ASIS International Foundation, Inc.
In Delaware, State Police Det. Jim Woznicki, DIAC’s critical infrastructure liaison and a member of ASIS International’s Delaware Chapter, worked with fellow ASIS members—including Raymond Johnson Jr., CHS-III, a security section manager with Wilmington Trust—to coordinate public-private programs such as ASIS’s Operation Cooperation. In that program, ASIS members met with public-sector counterparts to stay abreast of government counterterrorism efforts.
The collaboration gave way to regular DIAC threat briefings at ASIS chapter meetings, private-sector access (for vetted private-sector partners) to electronic threat bulletin boards on the DOJ’s ATIX, and perhaps most important, personal interaction among private security officials and DIAC personnel.
Johnson recalls a report of suspicious activity near a Wilmington Trust facility. It fell to him to make a report to law enforcement via the state’s suspicious activity tip line. The line went to a duty officer at DIAC, one Johnson knew personally. “You call the tip line, and you get someone you know, a real live person at the DIAC,” Johnson says. “With everyone at ease, the information flows a lot better. That level of familiarity definitely means better opportunities for cooperation.”
At the Iowa Intelligence Fusion Center (IIFC), director Russ Porter says officials have developed trusted relationships with firms such as The Conley Group Inc., a guard service firm headed by Tom Conley, CPP, CFE, CISM .
Conley’s degree of collaboration with partners in the public-safety sector from IIFC to the Iowa State Patrol Division to Des Moines International Airport has reached exceptional levels. His firm shares radio frequencies with state agencies during special events and responses and is even incorporated into the airport’s emergency management plans.
Conley says that fault for the overall lack of public-private information sharing involving fusion centers varies. The private sector itself can, however, work to improve matters by taking the public sector’s hand when it’s extended and by improving professionalism in general to counter what Conley calls the unwanted, but warranted, stereotype of the underpaid, ineffectual uniformed security guard.
“A police officer sees enormous incompetence. Then he moves onto other assignments in his career [like a fusion center], but he will never trust private security again,” Conley says.
Government fusion center operators must, however, be able to assure private sector partners of their own security. “The public sector has to protect what the private sector wants to share,” Conley says.
Concern about privacy and the protection of civil liberties runs through every facet of information sharing, in particular at fusion centers. A central question raised by the public is whether the privacy of ordinary citizens is being violated by law enforcement agencies in the hunt for terrorists.
Civil libertarians may see violations where others see legitimate law enforcement action. For example, the American Civil Liberties Union (ACLU) has strongly opposed the use of commercial databases of personal consumer information by fusion centers.
Other alleged transgressions concern rights guaranteed by the First Amendment. This year a North Central Texas Fusion System bulletin alerted police to the activity of religious groups that espouse the superiority of Islam. In a recent white paper on the American militia movement, the Missouri Information Analysis Center listed support for 2008 presidential candidates U.S. Rep. Ron Paul, (R-TX) and libertarian Bob Barr as characteristic of members of that movement, which garnered complaints.
To protect civil liberties, federal regulation 28 CFR Part 23 precludes federally funded criminal intelligence operations from collecting data about an individual’s religious, political, or social views. Sensitive information that can be collected can only be shared with other intelligence units or fusion centers on a need-to-know basis. Thus, any DIAC intelligence product incorporating consumer database information is automatically designated law-enforcement sensitive and not widely shared.
The regulation also mandates that intelligence outfits review data on a “periodic” basis—not defined in the regulation—and purge any without “relevancy and importance.” Data cannot be kept for longer than five years.
Porter of Iowa’s IIFC, who is a 25-year veteran of criminal and counterterrorism intelligence, says that the regulation’s value lies in removing discretion about whether to hold or purge data long term.
Further, many state privacy laws go further than the federal regulation, and all fusion centers have drafted, or are in the process of drafting, their own privacy policies that reinforce, and in many cases go beyond, federal guidelines in order to address critics’ concerns.
Reporting. To ensure observance of state and federal privacy guidelines, all fusion centers interviewed for this article said that they segregated reports of suspicious activity into separate databases. If a nexus with criminal activity or terrorist planning is suspected, the information is automatically forwarded to criminal investigators or to the JTTF via the FBI’s eGuardian system. It is not automatically sent to other federal entities, such as NCTC or DHS and its Office of Intelligence and Analysis, responsible for spotting trends on the national level; those types of information transfers have been handled on an ad hoc basis, says Cohen.
That is changing with the current pilot of PM-ISE’s National Suspicious Activity Reporting (SAR) Initiative. Cohen and his counterparts at the state, regional, and local level say the new SAR construct will facilitate reporting, vetting, and tracking of suspicious activity incidents, while preventing encroachment on civil liberties.
Cohen describes SAR as a “standardized national approach” that relies on a standard lexicon of variables for suspicious activity reporting, such as personal or vehicle traits, and standard procedures for their handling. (See “Fusion Centers and Civil Rights,” Homeland Security, August 2008)
In smaller jurisdictions, the SAR would likely be vetted at a state fusion center; whereas in large, high-risk cities, it would likely be vetted by a designated terrorism analyst. In either case, the analyst must determine whether the report meets two SAR thresholds: first, that it was legally gathered and documented; second, that it bears a reasonable nexus to terrorism or terrorism-related crime. If the item meets both criteria, it is forwarded to the regional JTTF and shared with analytical officials at state fusion centers and the national level.
All of the fusion center directors interviewed understand the need to safeguard civil liberties, but many of them chafe at how civil libertarians have cast the fusion center concept in negative terms.
“If you talk to the ACLU and then the fusion center directors, there’s a real disconnect, because I don’t think they understand what we’re doing,” says Harris of Delaware. “We’re very much in tune with the potential problems the ACLU objects to.”
Wormeli, of IJIS, also expresses frustration. “The truth is a lot of people have worked very hard on [the privacy issue],” he says. “I think a lot has been done, and frankly, I get really tired of the people who wave that flag without acknowledging all the work that’s being done.”
If fusion centers fail to honor their commitment to civil liberties, they will not only flout the values they’re protecting but may doom the nation’s information-sharing effort altogether. “We’ve got to get that part right. If we don’t get that part right, then close the doors,” Porter says.
Critical to the success of state and regional intelligence fusion efforts, according to the federal government, is “sustainability.” Translation: Make sure that your state’s fusion center can survive lean fiscal times and the absence of federal grant funding.
The first of those two contingencies has arrived, and the second is probably coming. While the federal government has spent at least $380 million to aid establishment of fusion centers nationally, most expect the federal government will turn off the spigot.
“I don’t think the intention was for [federal funding] to be permanent,” says Will Logan, homeland security program director for the National Governors Association’s Center for Best Practices. “The idea was a shared responsibility and for the federal government to help with the start-up and then for states to take over.”
And, as Logan says, “in the current economic climate, that’s very difficult.”
If federal partners could document how shared state information is used to detect threats, that might help fusion centers convince state legislatures to provide more funding in a period of tight budgets, says Lance Clem, spokesman for the Colorado Department of Public Safety, which operates the Colorado Information Analysis Center.
“We would like to know what becomes of the information we’ve pushed up and be able to describe to state legislators what happens,” Clem says. “Now we’re only saying what incidents we passed on, but we have no idea how much of it has really paid off.”
While centers vary in their scope and funding sources, Harris placed the start-up cost of a center like DIAC at $1 million, and annual costs average around $300,000. Generally, federal funding helps with start-up and analysts’ salaries, while states pay a fusion center’s rent and administrative salaries.
Lt. Tom Brackin, of DIAC and the state’s Critical Infrastructure Protection Unit, points to IT maintenance as an unresolved cost burden. Fusion centers like DIAC, which uses commercial analysis and case management applications, must purchase software upgrades as they come out or go without tech support. “You’re forced to buy the upgrade, because the companies won’t support the old system,” Brackin says.
Another issue is scope. The centers’ core mission remains counterterrorism, although many states see a benefit to broadening the mission. They have taken on an “all-crimes” or “all-hazards” model, with the latter incorporating natural and accidental threats.
To the great frustration of guiding stakeholders like PM-ISE, the media has branded the trend “mission creep,” a military term implying unintended expansion of responsibilities. The approach is viewed instead by insiders as a matter of synergy and common sense.
“I don’t know how you can tell something is terrorism-related until you’ve investigated it,” says Carter of Oklahoma’s OIFC. “There are all kinds of ways to make money illegally, and those dollars can be used to fund terrorism.” As Porter of Iowa’s IIFC says, “Information does not come in labeled ‘terrorism.’”
State stakeholders agree that the country has achieved much in terms of information sharing. Norris, of Arizona’s AcTIC, feels that some federal partners are still hesitant.
Moreover, both Wormeli, of the IJIS Institute, and Utah’s Squires say that federal and state officials must do more to educate the nation’s rank-and-file police officers a