Failure to Connect the Dots

Failure to Connect the Dots

 

Steve Coles, Head of Security Strategy at VEGA, revisits the importance of information sharing for the UK in light of the failed Christmas Day airline bomb plot.

According to President Obama, it was an information sharing and analysis breakdown that nearly allowed a terrorist to kill 290 people on 25 December 2009, in what would have been the largest loss of life on an American airline since 9/11.

 

In his speech on 5 January, the President said: “The US government had sufficient information to have uncovered this plot and potentially disrupt the Christmas Day attack, but our intelligence community failed to connect those dots which would have placed the suspect on the no-fly list. In other words, this was not a failure to collect intelligence, it was a failure to integrate and understand the intelligence that we already had.”

 

In response to the President’s speech, Dennis Blair, the Director of National Intelligence in the US identified that whilst there were obviously failings in the process on this occasion, we must recognise that over the past five years, the US has changed its approach to information sharing, based on the 9/11 report and Executive Order 13356 (‘Strengthening the Sharing of Terrorism Information To Protect Americans’).

 

Blair stated: “The review also recognizes the barriers to information sharing that existed just five years ago, which we have worked so hard to dismantle, have indeed been broken down.” The development of a federated approach to information sharing across the intelligence environment and beyond has now allowed the US to focus on the application of more rigorous standards to analytical tradecraft to improve intelligence integration. The failure to intercept the plot to blow up flight 253 is only likely to drive them faster in the right direction, led by a most determined President Obama.

 

This prompts us to question whether the UK has the structure in place to allow our intelligence community to “join the dots” and effectively combat terrorist threats.

 

At VEGA, a member of the UK Security and Resilience Industry Suppliers' Community (RISC), we have already been working with some sectors of the UK intelligence community to develop answers to this the question. In my role as the Industry Chair of the RISC ICT Industry Advisory Group, I recently published a paper entitled “Does the UK need a national strategy for information sharing?”, which proposed an approach to this question, and made the call for clear direction. I suggested that the UK does not need to start from scratch, but can draw on the experiences of many of its close allies – not just the US – to develop its own strategy and architecture for sharing information. As we start 2010, and with 2012 just around the corner, how confident are we that we are doing all we can to ensure that “the dots are being connected”?

 

Just as President Bush directed the establishment of the US Information Sharing Environment – defined as "an approach that facilitates the sharing of terrorism information” – along with an Information Sharing Council, following the 9/11 attacks, the UK has the same requirement.

 

I believe, therefore, that based on the following tenets highlighted by President Obama, the UK can successfully develop the equivalent of an Information Sharing Environment:

 

  1. Defining and using common standards – These common standards, as adopted by the US and our allies, must accommodate and account for the need to improve upon the sharing of terrorism-related information across government, local government, the private sector and with our allies. As the President suggest, they are key to ensuring we "maximise the acquisition, access, retention, production, use, management, and sharing of terrorism information within the Information Sharing Environment, but with the right level of security protection for the intelligence, sources, methods, and activities."
  2. Exchanging information with foreign partners and allies – Terror organisations are not bound by national borders, so we must facilitate and support the appropriate exchange of terrorism data; We need to develop a single capability that protects UK infrastructure from external cyber attack whilst allowing our allies to access information we want to publish, just like a company website.
  3. Protecting information privacy and other legal rights of the UK – While looking to achieve our goal of more detailed, accessible intelligence, we must endeavour to ensure that any Information Sharing Environment be built on the firm foundation of legislation and policy that protects the rights of the individual.
  4. A public-private partnership – Any Information Sharing Environment must be the result of a co-ordinated a national effort, with the private sector being afforded appropriate opportunities to participate as full partners. This should include the development of a common agreement governing the roles and responsibilities of departments and agencies relating to the sharing of terrorism information, “homeland” security information, and law enforcement information among departments, agencies, and private sector entities.

 

Only with all the above in place, can we hope to gain the commitment of the whole intelligence community to ensure the UK develops a viable and successful Information Sharing Environment capable of dealing comprehensively with the ever-changing terrorist threats of the 21st century.

 

Contact VEGA for more details about information sharing