“Fusion centers often produced irrelevant, useless, or inappropriate intelligence reporting to DHS, and many produced no intelligence reporting whatsoever.”
And that was one of the nicer observations contained in a bi-partisan U. S. Senate Permanent Subcommittee on Investigations141-page report into the effectiveness of some 70 Department of Homeland Security (DHS) supported data sharing fusion centers. For instance, the report quotes a former reporting branch chief who “said that while he was sometimes proud of the intelligence his unit produced, “There were times when it was, ‘what a bunch of crap is coming through.’ ”
The DHS fusion centers were created in 2003 as an outgrowth of a recommendation in the 2002 National Strategy for Homeland Security investigation and report (pdf) (conducted in the aftermath of the 9/11 terrorist attacks), which said in part that, “We must link the vast amounts of knowledge residing within each government agency while ensuring adequate privacy.” In other words, by not "connecting the (information) dots," the government missed opportunities to disrupt the attacks.
According to the DHS web site, the fusion centers “serve as focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information between the federal government and state, local, tribal, territorial (SLTT) and private sector partners.”
Also according to DHS Secretary Janet Napolitano, the fusion centers produce valuable intelligence, so much so that they are “the centerpiece of state, local, [and] federal intelligence sharing for the future.” It is little wonder that DHS has taken extreme umbrage to the Senate report, which it says is “fundamentally flawed” and uses information that “is out of date, inaccurate and misleading,” the LA Times reports.
The Wall Street Journal reported DHS officials also stated that the senators on the subcommittee did not apparently know that “the centers' primary purpose is to spread information down to local and state officials, not just push tips up to Washington.” That is a bit surprising, given that the senators have been briefed on these fusion centers by DHS for the past eight years (as well as voted on their appropriation requests), and that according to DHS’s own website, data centers are focal points for “gathering tips, leads, and suspicious activity reporting (SAR) from local agencies and the public” and passing them up to DHS. I bet those operating the fusion centers are surprised to learn as of today that their primary purpose is not to report tips to Washington. I guess “information sharing” means information travels only in one direction: from Washington DC downward and outward to the hinterlands.
Furthermore, the Senate report states that the DHS can’t determine how much money has been spent on supporting the fusion centers between 2003 and 2011. It guesses it ranges somewhere between US $289 million to $1.4 billion – I kid you not. Not surprisingly, the report observes that DHS also doesn’t “know with any accuracy how much grant money it has spent on specific fusion centers, nor could it say how most of those grant funds were spent, nor has it examined the effectiveness of those grant dollars.”
In one case, the DHS didn’t seem to even know how many data fusion centers were in operation. “A 2010 internal assessment by the department discovered, for instance, that four of its claimed 72 fusion centers did not exist, even as department officials kept using the 72 figure publicly with Congress,” the NY Times reported yesterday.
Maybe another explanation is that there are four data centers in operation out there, somewhere, and they've studiously obeyed the rule never to send any information back to the mothership, so much so that DHS has lost track of them entirely. Hey, it's not like DHS is keeping track of how fusion centers spend money or anything.
By keeping quiet, these missing fusion centers also are spared the embarrassment felt by the Illinois Statewide Terrorism & Intelligence Center (STIC) which reported upwards to DHS last November that “a hacker in Russia had stolen an unknown number of usernames and passwords to sensitive utility control systems, and used that information to hack into a local water district’s computerized control system. Once inside the system, the fusion center report alleged, the hacker sent commands which caused a water pump to burn out.”
The hacking report caused a lot of concern, since it apparently signaled that U.S. infrastructure SCADA systems might be coming under cyber-attack. The news hit the mainstream press, thanks in part because of a DHS intel brief to Congress and other intelligence agencies concerning the “attack.”
However, upon investigation, it quickly turned out that it wasn’t an attack at all. The report says that, "The so-called 'intrusion' from Russia was actually an incident of legitimate remote computer access by a U.S. network technician who was working while on a family vacation. Making the intrusion allegations all the more perplexing, the contractor had logged on from Russia in June, five months before the pump broke; and although the access had been under his username and password, no one from the fusion center, the water utility, or DHS had contacted him to find out if he had logged on from Russia.”
DHS, however, was unapologetic, the report stated, and professed that it didn’t matter that the false ”cyber- attack” alarm was based on hyped-up and unconfirmed information and rumors. Its report did “exactly what it’s supposed to do—generate interest.
A report that aliens from space have landed again in Roswell, New Mexico, would also generate interest. The phrase "DHS intelligence" is quickly becoming just another oxymoron.
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.