Skip navigation

Homeland Security Intelligence Perceptions Statutory Definitions and Approaches 2009

Download original document:
Brief thumbnail
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱ
Šž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ
Š›”ȱ ǯȱŠ—˜•ȱ
™ŽŒ’Š•’œȱ’—ȱ ˜–Žœ’Œȱ—Ž••’Ž—ŒŽȱŠ—ȱ ˜ž—Ž›ȬŽ››˜›’œ–ȱ
Š—žŠ›¢ȱŗŚǰȱŘŖŖşȱ

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ
ŝȬśŝŖŖȱ
   ǯŒ›œǯ˜Ÿȱ
řřŜŗŜȱ

ȱŽ™˜›ȱ˜›ȱ ˜—›Žœœ
Prepared for Members and Committees of Congress


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

ȱ

ž––Š›¢ȱ
Since the 9/11 terrorist attacks, Congress has focused considerable attention on how intelligence
is collected, analyzed, and disseminated in order to protect the homeland against terrorist threats.
Prior to 9/11, it was possible to make a distinction between “domestic intelligence”—primarily
law enforcement information collected within the United States—and “foreign intelligence”—
primarily military, political, and economic intelligence collected outside the country. Today,
threats to the homeland posed by terrorist groups are now national security threats. Intelligence
collected outside the United States is often very relevant to the threat environment inside the
United States and vice versa.
Although the activities involved in homeland security intelligence (HSINT) itself are not new, the
relative importance of state, local, and private sector stakeholders; the awareness of how law
enforcement information might protect national security; and the importance attached to
homeland security intelligence have all increased substantially since the events of 9/11.
There are numerous intelligence collection disciplines through which the U.S. Intelligence
Community (IC) collects intelligence to support informed national security decision-making at
the national level and the allocation of tactical military and law enforcement resources at the local
level. The collection disciplines are generally referred to as those which fall within national
technical means or non-technical means. Technical means include signals intelligence (SIGINT),
measurement and signatures intelligence (MASINT), and imagery intelligence (IMINT). Nontechnical means include human intelligence (HUMINT) and open source intelligence (OSINT).
Each of these collection disciplines is source-specific—that is, a technical platform or human
source, generally managed by an agency or mission manager, collects intelligence that is used for
national intelligence purposes.
HSINT, however, is generally not source specific, as it includes both national technical and nontechnical means of collection. For example, HSINT includes human intelligence collected by
federal border security personnel or state and local law enforcement officials, as well as SIGINT
collected by the National Security Agency. Reasonable individuals can differ, therefore, with
respect to the question of whether HSINT is another collection discipline, or whether homeland
security is simply another purpose for which the current set of collection disciplines is being
harnessed. Homeland security information, as statutorily defined, pertains directly to (1) terrorist
intentions and capabilities to attack people and infrastructure within the United States, and (2)
U.S. abilities to deter, prevent, and respond to potential terrorist attacks.
This report provides a potential conceptual model of how to frame HSINT, including geographic,
structural/statutory, and holistic approaches. Given that state, local, tribal, and private sector
officials play such an important role in HSINT, the holistic model, one not constrained by
geography or levels of government, strikes many as the most compelling. The report argues that
there is, in effect, a Homeland Security Intelligence Community (HSIC). Although the HSIC’s
members are diffused across the nation, they share a common counterterrorism interest. The
proliferation of intelligence and information fusion centers across the country indicate that state
and local leaders believe there is value to centralizing intelligence gathering and analysis in a
manner that assists them in preventing and responding to local manifestations of terrorist threats
to their people, infrastructure, and other assets. At the policy and operational levels, the
communication and integration of federal HSINT efforts with these state and local fusion centers
will likely remain an important priority and future challenge. This report will not be updated.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

ȱ

˜—Ž—œȱ
Introduction ..................................................................................................................................... 1
Some Perceptions of HSINT ........................................................................................................... 4
The National Intelligence Strategy, National Strategy for Homeland Security, and
Homeland Security Intelligence ................................................................................................... 7
DHS Intelligence Enterprise Strategic Plan..................................................................................... 8
Statutory Definitions of Intelligence and Homeland Security Information..................................... 9
Approaches to Framing Homeland Security Intelligence...............................................................11
Geographic Approach.............................................................................................................. 12
Structural/Statutory Approach................................................................................................. 12
Holistic Approach.................................................................................................................... 13
The Homeland Security Intelligence Community ......................................................................... 15

’ž›Žœȱ
Figure 1. Dimensions of Intelligence .............................................................................................. 5

Š‹•Žœȱ
Table 1. Approaches to Defining Homeland Security ................................................................... 12

˜—ŠŒœȱ
Author Contact Information .......................................................................................................... 17
Acknowledgments ......................................................................................................................... 17

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

—›˜žŒ’˜—ŗȱ
Since the 9/11 terrorist attacks, Congress has not only focused considerable attention on how
intelligence is collected, analyzed, and disseminated in order to protect the homeland against
terrorism, but also what should such intelligence encompass. A discussion of what constitutes
“homeland security intelligence” and how it nests within the broader intelligence discipline may
be useful background as Congress continues to examine a broad range of homeland security
issues.
Prior to 9/11, it was possible to make a distinction between “domestic intelligence”—primarily
law enforcement information collected within the United States—and “foreign intelligence”—
primarily military, political, and economic intelligence collected outside the country. Today, this
distinction is blurred. Threats to the homeland posed by terrorist groups are national security
threats, and intelligence collected outside the United States is often very relevant to the threat
environment inside the United States and vice versa.
The National Commission on Terrorist Attacks Upon the United States (hereafter the 9/11
Commission) stated that one of the challenges in preventing terrorist attacks is bridging the
“foreign-domestic divide.”2 The 9/11 Commission used this term for the divide that it found not
only within the Intelligence Community (IC), but also between the agencies of the IC dedicated to
the traditional foreign intelligence mission, and those agencies responsible for the homeland
security intelligence (HSINT) and law enforcement missions. Some might categorize security
intelligence and law enforcement (criminal) intelligence as “non-traditional” intelligence.3 Yet,
the scope and composition of this non-traditional or homeland security intelligence remains
somewhat nebulous.

1

A forthcoming report will describe the various elements of the DHS intelligence enterprise in homeland security
intelligence and the implementation of DHS Secretary Michael Chertoff’s intelligence initiatives outlined in the
department’s 2005, “Second Stage Review.” The question of how the U.S. government should organize to implement
an effective homeland security intelligence function, e.g., the appropriate roles and responsibilities, and attendant deconfliction of overlapping jurisdictions, of the FBI and DHS intelligence elements, are beyond the scope of this report.
2
See National Commission on Terrorist Attacks Upon the United States, The 9/11 Commission Report, July 22, 2004,
pp. 400-406.. Hereafter referred to as the 9/11 Commission Report. http://www.9-11commission.gov
3
See testimony of Charles Allen, Chief Intelligence Officer of the Department of Homeland Security, before the House
Committee on Homeland Security, Subcommittee on Intelligence, Information, and Terrorism Risk Assessment, and
the House Permanent Select Committee on Intelligence, Subcommittee on Terrorism/HUMINT, Analysis and
Counterintelligence, Oct. 19, 2005. Mr. Allen stated, “My role—and my goal—as Chief Intelligence Officer is to see
that homeland security intelligence, a blend of traditional and non-traditional intelligence that produces unique and
actionable insights, takes its place alongside the other kinds of intelligence as an indispensable tool for securing the
nation.”

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

At the broadest level, there is a plethora of definitions for intelligence.4 Most explain the various
types of clandestine intelligence, the methods of intelligence collection (the “-Ints”), intelligence
consumers, the purposes for which intelligence is collected, and the intelligence cycle.5
Traditional intelligence collection done clandestinely6 and overtly,7 largely at the federal level, to
inform national-level policymakers is often differentiated from criminal intelligence gathered by a
broader set of federal, state, and local actors generally for law enforcement purposes. Some argue
that given that the end result in a criminal case is successful prosecution, that criminal
intelligence gathering is largely reactive—a crime takes place, and “intelligence” or evidence is
collected to support a prosecution. However, intelligence gathering can also be used to advance
the causes of national security, as state and local law enforcement agencies can be viewed as the
nation’s counterterrorism “eyes and ears.”8 Arguably, not all criminal intelligence gathering is
reactive, as some law enforcement organizations and intelligence fusion centers use proactive
intelligence gathering techniques, such as the recruitment of human assets, to prevent terrorist
attacks.
The terms domestic intelligence and homeland security intelligence are often used colloquially
and interchangeably by some observers. Depending on how one defines “homeland security,” this
may be understandable. If, however, one bounds the activities associated with intelligence
geographically, a systemic malady which was at least a proximate cause of the intelligence failure
resulting in the terrorist attacks of September 11, 2001, the two terms are inherently distinct. That
is, domestic intelligence could be defined as that which is collected, analyzed, and disseminated
within the United States; yet, homeland security intelligence may be much more broadly defined
4

The terms data, information, and intelligence are generally (mis)interpreted to have the same meaning. One manner of
differentiating among these terms is the extent to which value has been added to the raw data regardless of whether it
was collected through overt or clandestine means. The terms exist along a continuum, with data at the far left and
intelligence at the far right; as one moves from left to right, additional value and context is added to discrete or posited
facts to provide enhanced meaning to an ultimate consumer. Information collected clandestinely may or may not be of
any inherently greater value than information collected through open source methods. Information collected is “raw”
until its sources have been evaluated, the information is combined or corroborated by other sources, and analytical and
due diligence methodologies are applied to ascertain the information’s value. Lack of such critical evaluations can lead
to flawed “intelligence” being provided to consumers who may take action based on the intelligence.
5
The intelligence cycle is an iterative process in which collection requirements based on national security threats are
developed, and intelligence is collected, analyzed, and disseminated to a broad range of consumers. Consumers
sometimes provide feedback on the finished intelligence products, which can be used to refine any part of the
intelligence cycle to ensure that consumers are getting the intelligence they need to make informed decisions and/or
take appropriate actions.
6
Intelligence is collected clandestinely by the U.S. Intelligence Community and includes a wide variety of human and
national technical means, as outlined below.
7
Open-source intelligence, or that which is collected through sources available to the general public globally, while
long a tool of foreign intelligence-oriented agencies, has become relatively more important in the post-Cold War era.
Pursuant to a recommendation of the WMD Commission, Congress in the Intelligence Reform and Terrorism
Prevention Act of 2004, identified open source intelligence as a “valuable source that must be integrated into the
intelligence cycle.” The Act recommended that the Director of National Intelligence establish an Open Source Center
and this was done in November 2005. The Center’s mission is to “advance the Intelligence Community’s exploitation
of openly available information to include the Internet, databases, press, radio, television, video geospatial data, photos,
and commercial imagery. It would build on the established expertise of the CIA’s Foreign Broadcast Information
Service (FBIS), which has provided the U.S. Government a broad range of highly valued products and service since
1941.” See P.L. 108-458, Dec. 17, 2004, §1052, 118 Stat. 3683 and the Office of the Director of National Intelligence,
Press Release, Nov. 8, 2005. https://www.cia.gov/news-information/press-releases-statements/press-release-archive2005/pr11082005.html.
8
See Marilyn Peterson, Intelligence-Led Policing: The New Intelligence Architecture, U.S. Department of Justice,
Office of Justice Programs, Bureau of Justice Assistance, Sept. 2005.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

Řȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

without regard to the geographic origin of the intelligence collected. The rationale for the
integration of what is traditionally defined as foreign intelligence with that which is thought of as
domestic intelligence is concisely stated by former Director of National Intelligence (DNI)
Ambassador John Negroponte: “What happens abroad can kill us at home.”9
One of the broadest definitions of intelligence is that “intelligence is knowledge, organization,
and activity.”10 Arguably, one of the most meaningful purposes of intelligence is “to establish
where the danger lies.”11 Some would argue based on this definition that “intelligence is
intelligence”—that is, differentiating traditional from non-traditional intelligence is a theoretical
matter which may have little relation to the end result—protecting national security. This
argument might continue that threats to U.S. national security by and large originate overseas and,
since its formal and statutory inception in 1947, the U.S. Intelligence Community has always
been the first line of defense in identifying and understanding these threats. Although compelling,
this argument could lead some observers to conclude that the state, local, and private sector
intelligence players are simply “bolt on” modules to the existing federal community. Such a status
quo plus model could be interpreted by some to mean that state, local, and private sector entities
are new and passive consumers of federally gathered and analyzed intelligence products, yet not
necessarily full intelligence cycle partners. This may not necessarily be the case, as state, local,
and private sector organizations have taken on a more activist and proactive role in protecting
their populations and infrastructure, a role that includes collecting their own intelligence while
working with federal law enforcement and IC partners stationed in Washington, DC, and within
their respective districts.12
The “intelligence is intelligence” position might beg the question of what is the most appropriate
strategy for homeland security intelligence—a “top-down” federally driven model where the
traditional “Ints” are dominant, a “bottom-up” state, local, and private sector model where the
thousands of state and local law enforcement intelligence collectors are dominant, or some unique
partnership that strikes a balance between these two extreme models? To some extent, HSINT
may be perceived by some as a federally led “top-down” model through which the federal
government’s intelligence entities provide raw intelligence and/or finished terrorism threat
assessments to state, local, and tribal law enforcement entities which may make independent
determinations of whether the intelligence is actionable. Another alternative is a “bottom up”

9

See speech of John D. Negroponte, Director of National Intelligence, before the U.S. Chamber of Commerce, July 10,
2006.
10
Sherman Kent, Strategic Intelligence for American World Policy (Hamden, CT: Archon, 1965). Hereafter referred to
as “Kent, Strategic Intelligence.” Dr. Kent was, however, quick to point out that the knowledge, organization and
activity to which he referred was “high-level, foreign, positive intelligence.” According to Dr. Kent, it was important to
note that what was excluded from this definition of intelligence was (1) “the domestic scene ... it is not concerned with
what goes on in the United States,” and (2) the “police function.” The “positive comes into the phrase to denote that the
intelligence in question is not so-called counterintelligence and counter-espionage nor any other sort of intelligence
designed to uncover domestically produced traitors or imported foreign agents.” Not that Dr. Kent discounted the
importance of this other type of intelligence; indeed he referred to it as “security intelligence,” a definition which will
be explored further below. Dr. Kent is the namesake for the Central Intelligence Agency’s Sherman Kent School of
Intelligence Analysis.
11
See Thomas Powers, Intelligence Wars: American Secret History From Hitler to Al-Qaeda (New York Review
Books, 2002), p. 381.
12
Some of the benefits and challenges associated with using state and local law enforcement in the War on Terrorism
are outlined in K. Jack Riley, Gregory F. Treverton, Jeremy M. Wilson, and Lois M. Davis, State and Local
Intelligence in the War on Terrorism, a RAND, Infrastructure, Safety and Environment Study, 2005.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

řȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

model through which criminal intelligence,13 of the type collected long before the events of
September 11, 2001, provides an assessment of the local environments in which a national
security and/or a criminal threat might become a reality. A third model, among others, might
envision a less hierarchical or a more decentralized structure in which roles and responsibilities of
federal, state, and local players are more clearly delineated, information shared more widely, and
coordination between law enforcement and traditional intelligence actors closer. These models
will be highlighted below.
Some perceptions of HSINT among leaders in the IC and observers of the intelligence process are
illustrative.

˜–ŽȱŽ›ŒŽ™’˜—œȱ˜ȱ
ȱ
Leaders within the Intelligence and Homeland Security communities often speak openly about the
responsibilities, priorities, accomplishments, and challenges their agencies face. The nation’s first
DNI, Ambassador John Negroponte, stated that the Intelligence Community has tasked itself with
“bolstering intelligence support for homeland security as enterprise objective number one.”14 He
spoke of this priority within the context of the DNI’s mandate resulting from the Intelligence
Reform and Terrorism Prevention Act of 2004 (IRTPA) to “integrate the foreign, military and
domestic dimensions of the United States intelligence into a unified enterprise” and “connecting
the dots across the foreign-domestic divide.”15 At the aggregate level, even if it is assumed that
there is one unified intelligence discipline, according to Ambassador Negroponte, there are three
different dimensions of intelligence—foreign, military,16 and domestic. Under this school of
thought, HSINT could become another dimension of intelligence that is distinct in some manners,
yet overlaps with the aforementioned dimensions. At a relatively simplistic level, the relationships
among the dimensions of intelligence could be depicted according to Figure 1 below.

13

Part of the complexity of framing HSINT is the relationship between criminal or law enforcement intelligence and
traditional foreign intelligence. Generally, the interpretation of traditional foreign intelligence is that it is collected
covertly and overseas, and is provided to policymakers to inform national security decisions and actions. By contrast
and in general, criminal intelligence is gathered overtly or clandestinely and domestically as evidence to support a
prosecution of a criminal act, or to learn more about a criminal enterprise. For further information on criminal
intelligence, see RAND, State and Local Intelligence in the War on Terrorism, 2005, by K. Jack Riley et al.; U.S.
Department of Justice, Office of Justice Programs, Bureau of Justice Assistance, Intelligence-Led Policing: The New
Intelligence Architecture, Sept. 2005; and David L. Carter Law Enforcement Intelligence: A Guide for State, Local and
Tribal Law Enforcement Agencies, Nov. 2004. For information on the relationships between law enforcement
intelligence and foreign intelligence, see CRS Report RL30252, Intelligence and Law Enforcement: Countering
Transnational Threats to the U.S., by Richard A. Best Jr. See also, Richard A. Posner, Remaking Domestic Intelligence
(Stanford, CA: Hoover Institution Press, 2005).
14
See speech of then-DNI John D. Negroponte before the U.S. Chamber of Commerce, July 10, 2006.
15
Ibid
16
At the most general level, military intelligence is that which is collected, analyzed, disseminated, and possibly acted
upon by Department of Defense entities (including the Armed Forces intelligence elements, the Unified Commands,
the combat support agencies of the National Reconnaissance Office, National Security Agency and National
Geospatial-Intelligence Agency, as well as the Defense Intelligence Agency) and is related to another foreign power’s
capabilities to attack U.S. national interests militarily. For more information, see “U.S. Intelligence Community” at
http://www.intelligence.gov/1-members.shtml

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

Śȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

Figure 1. Dimensions of Intelligence

Although each of the dimensions of intelligence (referred to above) could be further subdivided,
the domestic intelligence dimension, under a broad understanding of the term, would include the
role state, local, tribal, and private sector entities play in collecting, analyzing, and disseminating
information and intelligence within their respective areas of jurisdiction or industries. DNI
Negroponte has defined the domestic agenda as “institution building and information sharing
without damaging the fabric and values of our political culture.”17 With respect to institution
building, the approach remains federal-centric. Ambassador Negroponte referred specifically to
the refinement of the FBI’s National Security Branch, the further development of the National
Counterterrorism Center (NCTC), as well as the development of the DHS Office of Intelligence
and Analysis. State governments, local law enforcement, the private sector, and tribal entities
were mentioned at a procedural level—that is, in the sense of “facilitating these multidirectional
flow of information.”18
Former Secretary of Homeland Security Michael Chertoff provided his insights into and thoughts
about defining the scope of HSINT. Using the metaphor of intelligence as the “radar of the 21st
century” to provide early warning of terrorist attacks, he stated,
Intelligence, as you know, is not only about spies and satellites. Intelligence is about the
thousands and thousands of routine, everyday observations and activities. Surveillance,
interactions—each of which may be taken in isolation as not a particularly meaningful piece
of information, but when fused together, gives us a sense of the patterns and the flow that
really is at the core of what intelligence analysis is all about ... . We (DHS) actually generate
a lot of intelligence ... we have many interactions every day, every hour at the border, on
airplanes, and with the Coast Guard.19

17

Ibid.
Ibid.
19
See Remarks by Secretary of Homeland Security Michael Chertoff, 2006 Bureau of Justice Assistance, U.S.
(continued...)
18

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

śȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

Some observers have characterized domestic intelligence in the following manner:
Domestic intelligence entails the range of activities focused on protecting the United States
from threats mostly of foreign origin. Focused narrowly, it includes the FBI’s
counterterrorism work with local law enforcement. On a much broader scale, however, it
also involves a broader set of intelligence activities overseen by the Director of National
Intelligence, the secretary of defense, the attorney general, and the secretary of homeland
security. The goal is to integrate federal, state and local governments, and, when appropriate,
the private sector on a secure collaborative network to stop our enemies before they act.
Those enemies include individuals and groups attempting to transport weapons of mass
destruction, international terrorists, organized criminals, narcotics traffickers, and countries
that are working alone or in combination against U.S. interests.20

Another observer has defined “domestic national security intelligence” as
intelligence concerning the threat of major, politically motivated violence, or equal grievous
harm to national security or the economy, inflicted within the nation’s territorial limits by
international terrorists, homegrown terrorists, or spies of saboteurs employed or financed by
foreign nations.21

According to Dr. Sherman Kent, security intelligence is defined as
the intelligence behind the police function. Its job is to protect the nation and its members
from malefactors who are working to our national and individual hurt. In one of its most
dramatic forms it is the intelligence which continuously is trying to put the finger on
clandestine agents sent here by foreign powers. In another, it is the activity which protects
our frontiers against other undesirable gatecrashers: illegal entrants, smugglers, dope runners,
and so on... By and large, security intelligence is the knowledge and the activity which our
defensive police forces must have before they take specific action against the individual illwisher or ill-doer.22

Some of the similarities between these perceptions include (1) a fundamental belief that
intelligence is the first line of defense for the nation,23 (2) threats to U.S. national security are
largely, although not solely, of foreign origin, and (3) there is a national intelligence role for nontraditional players (largely state, local, tribal law enforcement, as well as the private sector), a role
in which they make contributions to preventing terrorist attacks or other inimical acts directed
against U.S. citizens within the United States. Others, however, may account for the difference in
these perceptions as being associated with the explicit roles and responsibilities that these nontraditional entities play. Are these entities solely recipients of federally collected raw and finished
intelligence products? At a policy and, importantly, local level, are non-traditional players viewed
by federal personnel as equal partners, and/or “force multipliers?” At the federal level, what
(...continued)
Department of Justice and SEARCH Symposium on Justice and Public Safety Information Sharing, Mar. 14, 2006.
20
See Rand Beers et al., The Forgotten Homeland; A Century Foundation Task Force Report, 2006, p. 149.
21
See Posner, Remaking Domestic Intelligence.
22
Kent, Strategic Intelligence, pp. 209-210.
23
Intelligence played an important role in the alleged plot in 2006 to blow up several commercial air flights from
London to the United States. According to Deputy Commissioner Peter Clarke, Head of the United Kingdom’s (U.K.)
Anti-Terrorist Branch, “The Investigation has focused on intelligence, which suggested that a plot was in existence to
blow up transatlantic passenger aircraft, in flight.” See Statement of Peter Clarke, Aug. 10, 2006.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

Ŝȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

policies and mechanisms are in place to provide those non-traditional entities with feedback on
the intelligence they collect and provide to the federal government?
Although the breadth of these questions is beyond the scope of this report, it may be illustrative to
view HSINT through the eyes of national strategy.

‘ŽȱŠ’˜—Š•ȱ—Ž••’Ž—ŒŽȱ›ŠŽ¢ǰȱŠ’˜—Š•ȱ
›ŠŽ¢ȱ˜›ȱ
˜–Ž•Š—ȱŽŒž›’¢ǰȱŠ—ȱ
˜–Ž•Š—ȱ
ŽŒž›’¢ȱ—Ž••’Ž—ŒŽȱ
According to the DNI’s National Intelligence Strategy of the United States of America:
Transformation Through Integration and Innovation, one of the basic objectives is to “build an
integrated intelligence capability to address threats to the homeland, consistent with U.S. laws
and the protection of privacy and civil liberties.”24
The strategy stipulates that the nature of the transnational threats to the United States “force us to
rethink the way we conduct intelligence collection at home and its relationship with traditional
intelligence methods abroad.” Moreover, the strategy states that
U.S. intelligence elements must focus their capabilities to ensure that (1) Intelligence
elements in the Departments of Justice and Homeland Security are properly resourced and
closely integrated within the larger Intelligence Community, (2) all Intelligence Community
components assist in facilitating the integration of collection and analysis against terrorists,
weapons of mass destruction, and other threats to the homeland, and (3) state, local, and
tribal entities and the private sector are connected to our homeland security and intelligence
efforts.25

Any national strategy, one could argue, by definition focuses on and provides direction to only
those agencies that the federal government controls. A broader reach and/or direction to entities
beyond this purview might run the risk of presupposing that the affected community(ies) agree
with the national strategy and/or have the resources to implement such direction. Therefore, it
may be appropriate that the National Intelligence Strategy, while recognizing a homeland security
intelligence role for state, local, and tribal entities, as well as the private sector, does so only in a
general manner that does not stipulate the activities these communities will implement as part of
the broader community of entities working to protect U.S. national security.
It could also be argued, that while the National Intelligence Strategy calls for state, local, and
tribal entities to be “connected to our homeland security and intelligence efforts,” it nevertheless
envisions homeland security intelligence as being driven, in large part, by the federal entities
most associated with the domestic intelligence mission—that is, the activities undertaken by the
intelligence elements of the Departments of Justice and Homeland Security. How the term
“connected” is defined becomes of critical importance, as it implies communication and the
sharing of information among federal, state, and local intelligence officials.
24

Office of the Director of National Intelligence, The National Intelligence Strategy of the United States of America:
Transformation Through Integration and Innovation, Oct. 2005, p. 5.
25
Ibid, p. 11.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŝȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

ȱ

The National Strategy for Homeland Security published in October 2007, is more explicit about
the role of state, local, tribal, and even private sector elements. It stresses that homeland security
is a shared responsibility.26 Consistent with this theme, the strategy highlights the importance of
collaboration in the realm of homeland security intelligence. It characterizes the process of
identifying, locating, and uncovering terrorist activity—the core objective of homeland security
intelligence—as multifaceted. The strategy specifies the ways government at all levels and the
private sector need to contribute to the homeland security effort. It also notes the importance of
an “integrated Information Sharing Environment that supports the vertical and horizontal
distribution of terrorism-related information.... ”27
The sharing of homeland security intelligence has been a particular priority for the Congress,
which directed the establishment of the Information Sharing Environment in the IRTPA. Later, in
the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act), Congress
directed DHS to undertake additional initiatives, including the following:28
•

Establish department-wide procedures for review and analysis of information
provided by state, local, tribal, and private sector elements; integrate that
information into DHS intelligence products, and disseminate to federal partners
within the IC.

•

Evaluate how DHS components are utilizing homeland security information and
participating in the Information Sharing Environment.

•

Establish a DHS State, Local, and Regional Fusion Center Initiative to establish
partnerships with state, local, and regional fusion centers.

•

Coordinate and oversee the creation of an Interagency Threat Assessment and
Coordination Group (ITACG) that will bring state, local, and tribal law
enforcement and intelligence analysts to work in the National Counterterrorism
Center.


ȱ—Ž••’Ž—ŒŽȱ —Ž›™›’œŽȱ›ŠŽ’Œȱ•Š—ȱ
The DHS intelligence strategy has four main elements: (1) vision, (2) mission, (3) definitions, and
(4) goals and objectives.29 While the strategy does not specifically define HSINT, it provides a
vision for the DHS intelligence enterprise as being “an integrated ... enterprise that provides a
decisive information advantage to the guardians of our homeland security.”30 According to the
strategy, the mission of the DHS intelligence enterprise is to
provide valuable, actionable intelligence and intelligence-related information for and among
the National leadership, all components of DHS, our federal partners, state, local, territorial,
tribal, and private sector customers. We ensure that information is gathered from all relevant
DHS field operations and is fused with information from other members of the Intelligence
26

Executive Office of the President, Homeland Security Council, National Strategy for Homeland Security, Oct. 2007,
p. 4.
27
Ibid., pp. 19-20.
28
P.L. 110-53, August 3, 2007, §204 (a) and (c) 121 Stat. 307-8, and §210A, 121 Stat. 317-18.
29
See DHS Intelligence Enterprise Strategic Plan, Oct. 2006. http://www.fas.org/irp/agency/dhs/stratplan.pdf
30
Ibid, p.3.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

Şȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ
Community to produce accurate, timely, and actionable intelligence products and services.
We independently collate, analyze, coordinate, disseminate, and manage threat information
affecting the homeland.31

Implicit in this strategy is the DHS adoption of the definition of homeland security information
outlined in the Homeland Security Act of 2002.

Šž˜›¢ȱ Ž’—’’˜—œȱ˜ȱ—Ž••’Ž—ŒŽȱŠ—ȱ
˜–Ž•Š—ȱ
ŽŒž›’¢ȱ—˜›–Š’˜—ȱ
Homeland security intelligence is not a term that is as yet defined or codified in law.32 The term
and activities associated with it include—and go beyond—the definitions of the two traditional
types of intelligence commonly defined in law and executive orders: foreign intelligence and
counterintelligence. And, more recently, definitions of these two types of intelligence have been
supplemented by the terms “national intelligence” and “intelligence related to national security.”
As with most intelligence-related terms, individuals attach their own interpretations and
perceptions to HSINT. While there may be some commonly held perceptions about how HSINT
is defined, it is also possible that individuals use the terms freely, but without a true common
understanding of the scope and breadth of activities that may be consistent with homeland
security intelligence. The primary statutory definition that applies is that which appears in the
Homeland Security Act of 2002, which defines homeland security information as
any information possessed by a federal, state, or local agency that (a) related to the threat of
terrorist activity, (b) relates to the ability to prevent, interdict or disrupt terrorist activity, (c)
would improve the identification or investigation of a suspected terrorist or terrorist
organization; or (d) would improve the response to a terrorist act.33

31

Ibid
Homeland security intelligence could likely be defined as a more refined and finished version of homeland security
information. The nexus to terrorism and terrorist-related events is direct and compelling. One complication of
discerning what is homeland security information remains how the investigator or operator knows that the activity
which they are investigating or monitoring is related to terrorism. At the early stages of an investigation, unless the
predicate for the investigation is terrorism-related, e.g., “pocket litter” (names, phones numbers, emails) taken off of a
terrorist suspect or gathered from a terrorist safe house, an investigator may not know the possibly criminal activity
they are monitoring is in preparation for a terrorist event. As a result, information gathered though investigation of a
criminal violation in the physical or cyber realm could very well be terrorism related and, as such, fall under the rubric
of homeland security information. Given that there are substantial national and homeland security penalties for not
sharing homeland security intelligence, at least at the policy level and to some extent at the operational level, arguably
there is now a bias in favor of sharing raw intelligence across levels of government more quickly than in the past. The
extent to which this information is shared systematically is an open question.
33
See P.L. 107-296, Sec. 892(f). The House Committee on Homeland Security also defines homeland security
information in a terrorism context. Under Rule IV, Subcommittees, it defines the jurisdiction of the Subcommittee on
Intelligence, Information Sharing, and Terrorism Risk Assessment as being, in part, “Intelligence and information
sharing for the purpose of preventing, preparing for, and responding to potential terrorist attacks on the United States;
the responsibility of the Department of Homeland Security for comprehensive, nationwide, terrorism-related threat,
vulnerability, and risk analyses; the integration, analysis, and dissemination of homeland security information,
including the Department of Homeland Security’s participation in, and interaction with, other public and private
entities for any of those purposes.” See Committee on Homeland Security, U.S. House of Representatives, Rules and
Appendix for the Committee on Homeland Security, Committee Print 109-B, Oct. 2005.
32

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

şȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

The DHS Office of Intelligence and Analysis has adopted this definition of homeland security
information.34 It is worthwhile to note that although DHS remains an organization designed to
protect against “all hazards,” the focus of homeland security information, at least as defined in
law, is counterterrorism. As illustrated below, HSINT can be more broadly interpreted to involve
intelligence designed to protect against the inimical activities of narcotics traffickers, organized
criminals, and others having international support networks and seeking to engage in activities
that could undermine U.S. national security.
Another type of intelligence defined in statute is traditional or foreign intelligence, which means
[i]nformation relating to the capabilities, intentions, and activities of foreign governments or
elements thereof, foreign organizations, or foreign persons, or international terrorism activities.35
The methods of traditional foreign intelligence collection fall into the following five areas:
imagery intelligence (IMINT), signals intelligence (SIGINT), human intelligence (HUMINT),
measurement and signatures intelligence (MASINT), and open source intelligence (OSINT).36
While the meanings of these disciplines are relatively well known and commonly understood
among intelligence professionals, HSINT is more nebulous. Because HSINT is not necessarily
source-specific, some would question whether it should be referred to as a collection “discipline.”
Although it is true that numerous unique entities are within DHS and at the state and local
government levels, as well as within the private sector, that are aggressively collecting homeland
security information, it is also true that many of the traditional aforementioned “INTs” collect
homeland security intelligence insofar as they provide information on terrorism threats that may
originate globally, yet are potentially manifested within U.S. borders. Within DHS Intelligence
itself, the OSINT37 and HUMINT38 collection methods are likely to be most prevalent.39
The other type of intelligence codified in law is counterintelligence, which is defined as
Information gathered and activities conducted to protect against espionage, other intelligence
activities, sabotage, or assassinations conducted for by or on behalf of foreign governments
34

DHS, Management Directive 8110, Intelligence Integration and Management, issued January 30, 2006.
See 50 U.S.C., §401a.
36
For a detailed description for each of these collection disciplines, see Mark M. Lowenthal, Intelligence: From Secrets
to Policy, 2nd Ed, (Washington, DC: CQ Press, 2003), pp. 63-83.
37
OSINT involves the “acquisition of any verbal, written, or electronically transmitted material that can be legally
acquired; this includes newspapers, magazines, unclassified journals, conference papers and preprints of articles,, as
well as the broadcasts of public radio and television stations and various material appearing on the internet.” Jeffrey T.
Richelson, The U.S. Intelligence Community, 5th edition, (Boulder, CO: Westview Press, 2008), p. 318. See also CRS
Report RL34270, Open Source Intelligence Issues for Congress, by Richard A. Best Jr. and Alfred Cumming. For a
review of the progress by DHS to harness OSINT to enhance information sharing, see U.S. Congress, House
Committee on Homeland Security, Giving Voice to Open Source Stakeholders: A Survey of State, Local & Tribal Law
Enforcement, Report Prepared by the Majority Staff, 110th Cong., 2nd sess., September 2008.
38
For purposes of DHS intelligence collection, HUMINT is used to refer to overt collection of information and
intelligence from human sources. DHS does not, generally, engage in covert or clandestine HUMINT.
39
IMINT could also be leveraged to contribute to border security by providing “snapshots” of U.S. borders. Unmanned
Aerial Vehicles (UAVs) have been used for purposes of border surveillance. See CRS Report RS21698, Homeland
Security: Unmanned Aerial Vehicles and Border Surveillance, by Christopher Bolkcom and Blas Nuñez-Neto. For an
assessment of DHS’s border intelligence strategy, see “Intelligence and Border Security,” a hearing held by the House
Homeland Security Committee, Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment,
June 28, 2006. Among others, testimony was provided by Charles Allen, DHS Chief Information Officer, and the
directors of the intelligence entities with DHS’s Bureau of Customs and Border Protection, Bureau of Immigration and
Customs Enforcement, as well as the U.S. Coast Guard.
35

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗŖȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ
ȱ

or elements thereof, foreign organizations, or foreign persons, or international terrorist
activities.40

With respect to counterintelligence, DHS Intelligence has as one of its objectives to “consistent
with legal authorities, establish measures to protect the Department against hostile intelligence
and operational activities conducted by or on behalf of foreign powers or international terrorist
activities.”41 To some extent, however, at least for semantics if not necessarily for jurisdictional
purposes, the differences between foreign intelligence and counterintelligence were attenuated
with the passage of the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458).
The IRTPA sought to remedy numerous problems uncovered by the 9/11 Commission, one of
which was the aforementioned gap between foreign and domestic intelligence. The IRTPA
amended the National Security Act of 1947 (50 U.S.C. §401a) to read,
The terms ‘national intelligence’ and ‘intelligence related to national security’ refer to all
intelligence, regardless of source from which derived and including information gathered
within or outside the United States that (a) pertains, as determined consistent with any
guidance issued by the President, to more than one United States Government agency; and
(b) that involves - (I) threats to the United States, its people, property, or interests; (ii) the
development, proliferation, or use of weapons of mass destruction; or (iii) any other matter
bearing on U.S. national or homeland security.42

As such, HSINT could be interpreted as synonymous with intelligence related to national security,
or some subset thereof.
A framework for outlining the scope of HSINT, or at least the criteria by which it might be
framed could prove helpful. While there are numerous approaches to framing homeland security
intelligence, three possible approaches are discussed below.

™™›˜ŠŒ‘Žœȱ˜ȱ ›Š–’—ȱ
˜–Ž•Š—ȱŽŒž›’¢ȱ
—Ž••’Ž—ŒŽȱ
There are at least three different constructs that could be used to frame HSINT: (1) geographic (2)
structural, and (3) holistic. Table 1 summarizes some of the limits and boundaries of these three
possible approaches to framing HSINT. Beyond geographic bounds, another set of differentiating
factors between these approaches is the extent to which, if at all, one believes homeland security
intelligence is the sole purview of the federal government, or a more inclusive and cooperative
federal, state, local, tribal, and private sector model.

40

See 50 U.S.C., §401a.
See DHS Intelligence Enterprise Strategic Plan, p. 11.
42
See 50 U.S.C. §401a.
41

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗŗȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ
ȱ

Table 1. Approaches to Defining Homeland Security
Geographic Bounds

Government Level
Bounds

Geographic

Yes

No

Structural/Statutory

No

Yes

Holistic

No

No

Approach

Ž˜›Š™‘’Œȱ ™™›˜ŠŒ‘ȱ
Homeland security intelligence can be viewed, some might argue rather simplistically, in
geographic and federal/state/local government terms. That is, if the intelligence collection activity
takes place within the United States—whether it be by a federal agency or a state, local, tribal, or
private sector actor, it would be considered HSINT. Under this approach, while HSINT’s
activities are constrained by borders, the yield from homeland security’s collection and analysis
could be combined with foreign intelligence to develop a more complete picture of homeland
security threats. Others might counter that the problem with this type of approach is that, as the
events of September 11, 2001, demonstrated clearly, national borders increasingly have little
meaning in determining threats to U.S. national and homeland security. As has been well
documented by numerous studies,43 the planning for the events of 9/11 took place largely
overseas, but the acts were executed within U.S. borders. An intelligence approach that
considered only activities associated with homegrown threats, without a more integrated, global
perspective on the threat, would miss one of the central lessons learned from 9/11—the
importance of integrating intelligence related to threats to national security regardless of the
geographic location of the source.

›žŒž›Š•ȦŠž˜›¢ȱ ™™›˜ŠŒ‘ȱ
Homeland security intelligence could be viewed as primarily a federal activity. Geography is not
as important under this approach, as the federal entities that engage in homeland security
intelligence may, directly or indirectly, collect information outside the United States. For
example, the FBI, through its Legal Attaché (LEGAT) program, has 75 LEGAT offices and suboffices providing coverage for over 200 countries, islands, and territories.44 Through these offices,
it collects principally criminal information through open liaison with international law
enforcement counterparts. More specifically, under this approach, HSINT is a federal activity that
is engaged in by certain statutory members of the Intelligence Community. Thus, of the 16
agencies that are statutory members of the IC, under this approach perhaps only four would
engage in domestic intelligence activities—the intelligence elements of the FBI;45 DHS I&A and
43

See Joint Inquiry Into Intelligence Community Activities Before and After the Terrorist Attacks of September 11,
2001, a report of the U.S. Congress, Senate Select Committee on Intelligence and the House Permanent Select
Committee on Intelligence, S.Rept. 107-351; H.Rept. 107-792, Dec. 2002, pp. xv, xvi, 37-39, 337-338. (Hereafter cited
as JIC Inquiry.) See also Final Report of the National Commission on Terrorist Attacks Upon the United States and The
Commission of the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction, March
2005.
44
FBI, Legal Attaché Offices. http://www.fbi.gov/contact/legat/legat.htm
45
The intelligence elements of the FBI generally include the following four elements under the purview of the recently
established National Security Branch: (1) the Directorate of Intelligence, (2) the Counterterrorism Division, (3) the
Counterintelligence Division, and (4) the Weapons of Mass Destruction Directorate. If one defines “intelligence” as
(continued...)

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗŘȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

the U.S. Coast Guard; the intelligence elements of the Treasury Department; and the intelligence
elements of the Energy Department. Others might argue this approach is too parochial, as it
discounts the important homeland security intelligence roles played by other statutory members
of the IC and non-federal actors, such as state and local intelligence fusion centers and the private
sector.


˜•’œ’Œȱ ™™›˜ŠŒ‘ȱ
Under this approach, HSINT is not bounded by geographic constraints, level of government, or
perceived mutual mistrust between public and private sectors. That is, the approach recognizes no
borders and is neither “top down” nor “bottom up.” It involves and values equally information
collected by the U.S. private sector owners of national critical infrastructure, intelligence related
to national security collected by federal, state, local, and tribal law enforcement officers, as well
as the traditional “-Ints” collected by statutory members of the IC. It involves strategic and
tactical intelligence46 designed to prevent attacks on the U.S. homeland, as well as highly tactical
and event-driven information coordination that must take place in response to a terrorist attack or
national disaster.47

(...continued)
including criminal intelligence, then the FBI’s Criminal Investigative and Cyber Divisions may also have an
intelligence role, but they are not formally part of the National Security Branch, as directed by the President. See
“Strengthening the Ability of the Department of Justice to Meet Challenges to the Security of the Nation,” a
Presidential Memorandum, June 29, 2005. The Presidential Memorandum approves the related recommendation from
the Weapons of Mass Destruction Commission. It can be found at http://www.whitehouse.gov/news/releases/2005/06/
20050629-1.html. For an assessment of the FBI’s implementation of intelligence reforms, see Report on the Status of
the 9/11 Commission Recommendations—Part II: Reforming the Institutions of Government, Oct. 20, 2005; CRS
Report RL33033, Intelligence Reform Implementation at the Federal Bureau of Investigation: Issues and Options for
Congress, by Alfred Cumming and Todd Masse; U.S. Department of Justice, Office of the Inspector General, The
Federal Bureau of Investigation’s Efforts to Hire, Train and Retain Intelligence Analysts, May 2005; National
Academy of Public Administration, Transforming the FBI: Progress and Challenges, Feb. 2005; 9/11 Public Discourse
Project, FBI Reform, Prepared Statement of Lee H. Hamilton, Former Vice Chair, National Commission on Terrorist
Attacks Upon the United States, before the Senate Committee on the Judiciary, July 27, 2005. The 9/11 Public
Discourse Project, in its final report assigned the FBI a grade of “C” with respect to the erstwhile Commission’s
recommendation that the FBI establish a national security workforce.
46
Strategic analysis provides a broad scope of analytical activities designed to assess national threats, threat trends, and
the modus operandi of individuals or groups that threaten U.S. national security. As defined by the 9/11 Commission,
the role of strategic (counterterrorism) analysis is to “look across individual operations and cases to identify trends in
terrorist activity and develop broad assessments of the terrorist threat to U.S. interests.” See “Law Enforcement,
Counterterrorism, and Intelligence Collection in the United States Prior to 9/11,” Staff Statement No. 9, p. 8. Although
strategic analysis can be highly useful to operational personnel, its intended consumer set includes, but is not limited to,
national-level policy and decision makers. Tactical analysis, on the other hand, is generally thought of as analysis
which provides direct support to an ongoing intelligence operation or investigation. Tactical and strategic intelligence
analyses are mutually supportive.
47
Pursuant to Homeland Security Presidential Directive (HSPD) 5, Management of Domestic Incidents, the Secretary
of Homeland Security is the “principal federal official for domestic incident management.” The Secretary of Homeland
Security “shall coordinate the federal government’s resources utilized in response to or recovery from terrorist attacks,
major disasters, or other emergencies.” Part of such coordination is the management of information or intelligence
sharing both within the federal government and between level of governments, as well as the private sector. The
management of information in the aftermath of Hurricane Katrina was criticized. The 9/11 Public Discourse Project
assigned a grade of “C” for the government’s effort to establish a unified incident command system. The report
concluded that, “although there is awareness of and some training in the Incident Command System (ICS), Hurricane
Katrina demonstrated the absence of full compliance during a multi-jurisdictional/statewide catastrophe—and its
resulting costs.” See Final Report of 9/11 Commission Recommendations, Dec. 5, 2005, p. 1.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗřȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

Although information sharing between levels of government is widely held to be an undisputable
public “good,”48 achieving effective levels of information exchange is a challenging goal.49 As
former Vice Chair of the 9/11 Commission, Lee H. Hamilton, stated: “You can change the law,
you can change the technology, but you still need to change the culture; you need to motivate
institutions and individuals to share information.”50 Administration officials have recognized
these challenges. Ambassador Thomas E. McNamara, the Program Manager for the Information
Sharing Environment (ISE), 51 testified that “the breadth and complexity of the information
sharing challenge should not be underestimated. Information silos, cultural issues, and other
barriers that inhibit sharing still exist today.”52
Under the holistic approach, the HSINT community might include the 16 statutory members of
the IC (as each collects national intelligence, or intelligence related to national security which
could have a profound impact on homeland security); the National Counterterrorism Center,
National Counterintelligence Center, National Counter Proliferation Center, and the Open Source
Intelligence Center; the 14 existing private sector Information Sharing and Analysis Centers
(ISACS),53 scores of state and local law enforcement entities charged with gathering criminal
intelligence, numerous state and regional “intelligence fusion” centers,54 and federal entities with
law enforcement responsibilities which may collect intelligence related to national security. This
holistic approach implies an interdependency between the diverse players of the statutory IC and
the broader HSINT Community. As Ambassador Henry A. Crumpton, a former CIA case officer
48

There are, however, some valid arguments for not sharing all intelligence with all stakeholders. Information security,
operational security, counterintelligence, and the “need to know” principle remain valid concerns in the national
security community. Moreover, some would argue that there may be limited utility to sharing classified information
with stakeholders that don’t have appropriate dedicated resources to enable them to take security and other
countermeasure actions based on the intelligence provided.
49
For an assessment of the current status of information sharing between the federal government and state, local, and
private sector law enforcement and security officials, see U.S. Congress, House Committee on Homeland Security,
Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment, A Report Card on Homeland
Security Information Sharing, 110th Cong., 2nd sess., September 24, 2008. See also Information Sharing: The Federal
Government Needs to Establish Policies and Processes for Sharing Terrorism Related and Sensitive But Unclassified
Information, General Accountability Office, GAO-06-385, March 2006.
50
See testimony of Lee H. Hamilton, before the Subcommittee on Intelligence, Information Sharing, and Terrorism
Risk Assessment, Committee on Homeland Security, U.S. House of Representatives, Nov. 8, 2005, p. 2.
51
The establishment of the Information Sharing Environment (ISE) was mandated under Section 1016 of the IRTPA
(P.L. 108-458).
52
Statement of Ambassador Thomas E. McNamara, U.S. Congress, Senate Committee on Homeland Security and
Governmental Affairs, Information Sharing: Connecting the Dots at the Federal, State, and Local Levels, 110th Cong.,
2nd sess., July 23, 2008, p. 2.
53
ISACS are private sector operational organizations which collect, distribute, analyze, and share sensitive information
regarding threats, vulnerabilities, alerts, and best practices in order to protect national critical infrastructures. They were
initially established in 1998 pursuant to Presidential Decision Directive 63 (PDD-63) Protecting America’s Critical
Infrastructures. PDD-63 has been superseded by Homeland Security Directive-7 (HSPD-7), Critical Infrastructure
Identification, Prioritization and Protection, Dec. 17, 2003. HSPD-7 establishes a national policy for Federal
departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect
them from terrorist attack. Although primarily focused on federal agency responsibilities, it also establishes
expectations related to government interaction with the private sector which, in fact, owns and manages most of the
critical infrastructure and key resources in the United States. The definition of critical infrastructure was codified in
P.L. 107-56 (42 U.S.C §5195c) as “systems and assets, whether physical or virtual, so vital to the United States that the
incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic
security, national public health or safety, or any combination of those matters.”
54
For background on state and regional fusion centers see CRS Report RL34070, Fusion Centers: Issues and Options
for Congress, by John Rollins.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗŚȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

and former Special Coordinator for Counterterrorism at the State Department states, although
there are differences between intelligence and law enforcement,
the primary customer for domestic foreign intelligence on near-term threats is law
enforcement. And law enforcement can provide valuable leads for intelligence officers. The
intelligence collector and the law enforcement consumer, therefore, must strive for more than
information sharing; they must seek interdependence.55

Calls for interdependence between foreign intelligence and security or criminal intelligence today
mirror those made nearly thirty years ago by Dr. Kent, who wrote
The real picture of the diversity in kinds of intelligence... lies in this truth: a very great many
of the arbitrarily defined branches of intelligence are interdependent. Each may have its welldefined primary target which it makes its primary concern, but both the pursuit of this target
and the byproducts of pursuing it bring most of the independent branches into some sort of
relationship with the others. Intelligence as an activity is at its best when this fact is realized
and acted upon in good faith.56

The challenge, then as now, is to implement such a vision where all players in the de facto HSINT
Community would be treated as partners with value to add. What has changed substantially since
Dr. Kent’s seminal work is the addition of state, local, and private sector actors as both producers
and consumers of intelligence. It is here—in the interaction with these relatively new players—
that the DHS Intelligence Enterprise has a great role to play. The clear elucidation of HSINT role
and responsibilities and implementation, particularly between the FBI and DHS Intelligence,
remains an evolving process. A broader understanding of the members and functions of the
HSINT Community and the DHS members of the community may be helpful in assessment of
these matters.

‘Žȱ
˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽȱ ˜––ž—’¢ȱ
The Intelligence Community (IC) is defined in law, yet the homeland security intelligence
community (HSIC) remains a somewhat nebulous entity. As defined by the DHS Intelligence
Enterprise Strategic Plan, the HSIC “includes the organizations of the stakeholder community
that have intelligence elements.”57 The Homeland Security Stakeholder Community is defined
broadly as

55
See Henry A. Crumpton, “Intelligence and Homeland Defense,” in Jennifer E. Sims and Burton Gerber,
Transforming U.S. Intelligence, (Georgetown University Press, 2005), p. 210. Ambassador Crumpton differentiates
domestic foreign intelligence from domestic security intelligence. The former, according to Ambassador Crumpton,
would best be collected by formally trained intelligence case officers analogous to those within the Central Intelligence
Agency’s Directorate of Operations. By contrast, domestic security intelligence, according to Crumpton, would best be
undertaken by a new hybrid of professional, the special agent-case officer (SACO). Ambassador Crumpton
recommends the establishment of a domestic security intelligence corps “with its own budget and personnel, preferably
as part of the FBI but under the explicit direction of U.S. intelligence leadership.” Some would argue that the
establishment of the National Security Branch at the FBI, pursuant to a recommendation of the WMD Commission,
represents a step in this direction.
56
Kent, Strategic Intelligence, p. 220.
57
DHS Intelligence Enterprise Strategic Plan, p. 4.

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗśȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

ȱ

all levels of government, the Intelligence, Defense, and Law Enforcement Communities,
private sector critical infrastructure operators, and those responsible for securing the borders,
protecting transportation, and maritime systems, and guarding the security of the homeland.58

Notwithstanding the fact that a HSIC is not statutorily defined, and may not necessarily be a
useful construct from a managerial perspective, such a community, as traditionally defined, exists.
The members and collective responsibilities of this community depend, to some extent, on how
one bounds the function of HSINT. As mentioned above, the broader the definition of HSINT, the
wider the range of players in the community. If one adopts the holistic model of HSINT, the HSIC
would include a broad range of agencies, many of which are hybrid agencies undertaking
homeland security, law enforcement, defense, and/or traditional foreign intelligence functions.
These entities include, among others, the intelligence elements of the Department of Defense
(DOD) U.S. Northern Command (USNORTHCOM),59 and Counterintelligence Field Activity; the
Department of Justice’s Federal Bureau of Investigation; Bureau of Alcohol, Tobacco, Firearms,
and Explosives; and Drug Enforcement Administration; the Department of Treasury’s Office of
Terrorism and Financial Intelligence, and the Department of Energy’s (DOE) Office of
Intelligence and Counterintelligence.60 Numerous state and local law enforcement entities, and
the state and regional intelligence fusion centers, would fall under a broad interpretation of
homeland security intelligence. Finally, the private sector, particularly those sectors outlined as
being part of U.S. critical infrastructure (as defined under HSPD-7) would also fall into a broadly
defined concept of a homeland intelligence community.
An interesting comparison can be drawn between the HSIC and the statutory IC, as defined in the
National Security Act of 1947, as amended, and in subsequent Executive Orders. One general
definition of the IC is a “federation of Executive Branch agencies and organizations that conduct
intelligence activities necessary for the conduct of foreign relations and protection of national
security.”61 A federation differs from a community insofar as the constituent elements of a
federation, by definition, give up some degree of authority to a more central body. A community,
by contrast, implies a group of persons or entities merely having common interests, but not
necessarily bound together by any formal power sharing arrangements or agreements. While the
IC has arguably moved more in the direction of a federation with the establishment of a Director
of National Intelligence (DNI),62 one could argue the HSIC, broadly defined, remains very much
a community spread across federal, state, local government sectors, as well as the private sector.
The diffuse nature of a broadly defined HSIC may be dictated by the very nature of the function
itself. That is, if state, local, tribal and private sector members are valued and contributing
58

Ibid
The mission of USNORTHCOM is to anticipate and conduct Homeland Defense and Civil Defense operations within
its assigned area of responsibility to protect, defend, and secure the United States and its interests. Its assigned area of
responsibility includes the air, land, and sea approaches and encompasses the United States, Alaska, Canada, Mexico,
and the surrounding water out to approximately 500 nautical miles. It also includes the Gulf of Mexico and the Straits
of Florida. The defense of Hawaii and U.S. territories and possessions in the Pacific is the responsibility of U.S. Pacific
Command. The defense of Puerto Rico and the U.S. Virgin Islands is the responsibility of U.S. Southern Command.
http://www.northcom.mil/About/index.html
60
For more information on the recent consolidation of DOE’s intelligence and counterintelligence functions, see CRS
Report RL34595, Intelligence Reform at the Department of Energy: Policy Issues and Organizational Alternatives, by
Alfred Cumming.
61
U.S. Intelligence Community, Definition of the Intelligence Community. http://www.intelligence.gov/1definition.shtml
62
For further information on the DNI, see CRS Report RL34231, Director of National Intelligence Statutory
Authorities: Status and Proposals, by Richard A. Best Jr. and Alfred Cumming.
59

c11173008

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗŜȱ

ȱ


˜–Ž•Š—ȱŽŒž›’¢ȱ—Ž••’Ž—ŒŽDZȱŽ›ŒŽ™’˜—œǰȱŠž˜›¢ȱ Ž’—’’˜—œǰȱŠ—ȱ ™™›˜ŠŒ‘Žœȱ

members of the HSIC, an attempt at centralization may undermine the community’s effectiveness
and efficiency. Planned decentralization, with a clear understanding of the roles played by each
level of organization, and the parameters of how information is shared bi-directionally, is one
model of organization for the HSIC.63

ž‘˜›ȱ ˜—ŠŒȱ—˜›–Š’˜—ȱ
Mark A. Randol
Specialist in Domestic Intelligence and CounterTerrorism
mrandol@crs.loc.gov, 7-2393

Œ”—˜ •Ž–Ž—œȱ
This report was originally authored by Todd Masse, former CRS Specialist in Domestic Intelligence and
Counterterrorism.

63
An organization’s structure and business processes influence its performance. Large organizations with dispersed
operations continually assess the appropriate balance between decentralized and centralized elements of their
operations. Although the mission of National Aeronautics Space Administration (NASA) is unrelated to that of HSINT,
NASA also has dispersed operations. In a review of the causes of the 1986 Columbia shuttle accident, the board
investigating the accident found that “The ability to operate in a centralized manner when appropriate, and to operate in
a decentralized manner when appropriate, is the hallmark of a high-reliability organization.” See Columbia Accident
Investigation Board, Columbia Accident Investigation Report, vol. I, (Washington, DC: U.S. Government Printing
Office, Aug. 2003). (See http://caib.nasa.gov/news/report/pdf/vol1/full/caib_report_volume1.pdf).

˜—›Žœœ’˜—Š•ȱŽœŽŠ›Œ‘ȱŽ›Ÿ’ŒŽȱ

ŗŝȱ