Better integrated intell could save lives

Officials discuss ways to correct intell failures that preceded failed Christmas Day attack

Senior officials from national security agencies told senators today that they plan to improve the searchability of terrorist watch lists, which have come under fire since a failed attempt to detonate a bomb on a flight bound for Detroit on Christmas Day.

Officials echoed an initial White House review that states that the inability to foil Umar Farouk Abdulmutallab, who has been charged in connection with the attempted bombing, was a failure of integration and analysis rather than a problem of information hoarding. President Barack Obama recently ordered Dennis Blair, director of national intelligence, to accelerate information technology enhancements that would improve database integration and facilitate cross-database searches.

“The search tools that we now have depend on certain characteristics…but they also have blind spots that don’t allow the sort of Google-like ideas we have from our own computers,” Blair told the Senate Homeland Security and Governmental Affairs Committee today. “Several of those shortcomings came up in this case, which we can fix.”

Blair also said more testing of systems needs to occur before they are placed in production to assess what-if scenarios before an incident occurs and monitor information flow. He indicated more emphasis would now be placed on testing systems.

Blair and Michael Leiter, director of the National Counterterrorism Center (NCTC), testified that Abdulmutallab’s name would have been placed on the consolidated watch list if national security agencies had linked all of the information related to the plot that the government had before the attack.

Abdulmutallab was listed in NCTC's Terrorist Identities Datamart Environment database, the government's central repository for international terrorist identities that includes data on about 500,000 people.

However, Abdulmutallab didn't make the cut to be on the government’s consolidated watch list that includes data on about 400,000 people whom authorities know or reasonably suspect are involved in terrorist activity. Abdulmutallab also wasn't on the no-fly list, a smaller subset of the consolidated list with more stringent standards comprised of people considered threats to civil aviation or national security.

In addition, Abdulmutallab’s visa wasn’t revoked because he wasn’t placed on a watch list, and a misspelling of Abdulmutallab’s name caused the State Department to believe he didn’t have a valid visa, the White House review of the incident found.

Sen. Joseph Lieberman (I-Conn.), the Senate Homeland Security and Governmental Affairs Committee's chairman, asked Leiter whether the NCTC had a search engine that could produce an alarm for terms such as "Umar Farouk," "Umar Farouk Abdulmutallab," "Nigeria" or "Dec. 25."

“Am I right? Do we not have that capacity within the NCTC?” Lieberman asked.

“Senator, we do not have that exact capacity,” Leiter responded, adding that experts have found such a capability to be difficult to put in place. “I think we have some potential technological solutions on the very, very near-term horizon that we’re attempting to implement within weeks,” Leiter added.

Leiter said he was surprised to learn the number of searches conducted by other agencies that don't tap critical datasets. In addition, Leiter said that before the failed attack, work was already under way to improve search capabilities. But he added that “we have obviously not gotten to the point that we need to get to, and we’re trying to accelerate that now.”

Meanwhile, during a separate hearing before the Senate Judiciary Committee, FBI Director Robert Mueller said computer changes are frequently necessary because of the growth of technology and different databases, in addition to statutory restrictions on sharing information.

Mueller said that as technology evolves, intelligence searches can access more information in more databases. But he said “the federal procurement schedule in order to get this done keeps us a step behind where we want to be.”

“But I think in the wake of what happened on Christmas Day, we’re all looking at particular fixes — short-term and long-term fixes — individually within our agencies but also across the [intelligence] community,” Mueller added.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Fri, Jan 22, 2010

Prosecuting the war offensively and defending against plausible attacks are necessary and complementary missions. Both need to be done simultaneously. It takes time to develop and field enhanced capability gather on-the-ground HUMINT, implement more flexible ROE and take all other actions necessary to "win" the war, whatever that means. In the meantime, people are flying. If only one of the several adverse reports on Abdulmutallab had resulted in his name being placed on the no-fly list, it is much less likely that he could have gotten on an Amsterdam flight bound for Detroit. Keeping suspicious characters off commercial airliners is in everyone's interest. The adverse report threshold for joining the no-fly list needs to equal one.

Thu, Jan 21, 2010 Jim Utah

The various watch lists are all very nice, but they do not stop the terrorists. The watch list denies the ability to board that aircraft, etc, but does not apprehend then. To make the statement that better intell will somehow stop the terrorists is naive at best. The bad guys will find another way to attack us. Better computer lists only postpone the problem. What we need is better on the ground HUMINT, and a more flexible ROE. We need to focus on winning the war rather than simply slowing the attacks.

Thu, Jan 21, 2010

The flaw that let Abdulmutallab slip through screening is obvious. Any negative report concerning an individual should result in immediate placement on the no-fly list. The consolidated watch list should be a subset of the no-fly list. The intel community has it backwards.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group