Beyond NOFORN: Solutions for increased intelligence sharing among allies
Three things to know now
- The US intelligence community should remove the NOFORN caveat entirely for Five Eyes representatives working in US intelligence agencies.
- Allies should collect intelligence with joint requirements to streamline intelligence sharing.
- Open source intelligence is the way of the future and will help overcome burdens to sharing information.
Foreword
As any good policymaker, planner, or military commander will tell you, the formulation and execution of an effective national security strategy is dependent on the availability of sound intelligence. Today’s complex security environment requires the cooperation and collaboration of like-minded nations to deal with a multitude of challenges. Facilitating the timely and robust sharing of intelligence among allies and partners therefore is critical to the development of a common understanding of global threats and a common approach to address those threats.
Governments quite rightly protect their intelligence sources, methods, and collection capabilities as critical national assets, but this must be balanced against the need to share high quality intelligence with allies and partners to ensure a compelling and united imperative to act. This dilemma has posed an enduring challenge to both policymakers and the intelligence community within the United States, as well as its allies and partners. With a federated approach to intelligence and an emphasis above all on protecting national capabilities, the priority has remained firmly on risk aversion. This has been a source of frustration for the United States’ most trusted international allies, some of which have adopted a more pragmatic approach. Where the political will is great enough, workarounds do exist. The Russian invasion of Ukraine has prompted a small revolution in better intelligence sharing, but unfortunately, this circumstance is the exception to the rule and not the norm. Even where there has been a desire at the leadership level to increase and enhance sharing, it has not translated into the instigation of a new systemic approach where information can be shared properly, and with the requisite sense of urgency.
This issue brief unpacks why intelligence sharing is so difficult and why, despite senior level attention, progress has been limited. It explores the factors inhibiting intelligence sharing at an unprecedented level of detail, importantly offering practical solutions. Co-written by a British former senior intelligence officer who spent two years within the US intelligence community enhancing intelligence sharing with close allies, and a former US national intelligence manager for Europe, the paper analyzes how policy, processes, and people can be addressed to deliver constructive, practical solutions without compromising sources and methods.
Leveraging a series of interviews and conversations with distinguished senior leaders from within the community, the Atlantic Council is breaking new ground with this issue brief and the overall message is this: a comprehensive approach that balances the vested interests and unique constraints of the US intelligence community with the real-time benefits of intelligence sharing will only make us collectively stronger, more unified and more secure as an alliance. But this can only be accomplished by revising Cold War-era sharing policies and practices, removing outdated classification caveats, and changing institutional cultures, while simultaneously protecting sources and methods and fostering sound counterintelligence and security. While there is always a risk involved in sharing intelligence, the greater risk lies in failing to develop a common intelligence picture of the threats of the twenty-first century. The future path is clear: increasing intelligence sharing among trusted allies and partners on security issues of common concern is in the best interest both of the United States and its allies and partners.
Lt Gen James Clapper, USAF (Ret.)
Former Director of National Intelligence
Read our in-brief summary of this report
Introduction: The challenge
In an increasingly connected world in which threats to global and national security are diverse, complex, and intensifying, information sharing among trusted allies and partners is essential to the formulation and implementation of any coordinated strategy. Despite this reality, national policy, security, process, and cultural considerations continue to limit the ability to optimize these relationships. One critical area in which efforts are underway to formalize and maximize information sharing between trusted allies is the US intelligence community (IC). Intelligence sharing between trusted allies and partners provides a critical component of international relationships, as it enables a common and more complete appreciation of a given environment or crisis, supports coalition coherence on operations, enables collaboration on capability development, and facilitates strategic and military planning. It also fosters fundamental trust between like-minded nations, where the provision of intelligence can be a highly effective tool of diplomacy. However, the secretive nature of intelligence, the need to protect sources and methods, and the federated approach within US IC elements continue to frustrate efforts to optimize the ability to share intelligence, even with the closest of allies. Many of the existing relevant policies and processes are dated, constructed in the pre-digital age, and inadequate for addressing contemporary global security challenges. With few exceptions, and despite the best of intentions, intelligence sharing is uneven, remains the exception rather than the norm, and the prospect of simultaneity at the point of need is remote. At the organizational level, local initiatives have made progress at the edges, particularly where leadership is supportive, but all efforts are constrained by policy, process, and regulation. Risk aversion, resource limitations, competing priorities, and cultural inertia further act as disincentives. Changing this status quo will require significant cross-community prioritization, starting with direction from the very top. It will need a coherent and integrated cross-IC effort, particularly with respect to policy revision, a different approach to risk, and a parallel, bottom-up approach where personal risk is reduced, and initiatives rewarded.
The current Ukraine crisis and the US-led counterterrorist response to 9/11 have both demonstrated an ability to surge intelligence sharing, even with non-traditional partners, where political will exists at the highest level and it is imperative to address a serious contemporary security challenge. This indicates that restrictive information-sharing practices and policies are not immutable but rather self-imposed and malleable. Policymakers should not wait until a crisis or conflict erupts to remove impediments to information sharing. For the IC, whose main mission is to predict and warn of potential crises to provide decision-support to policymakers, planners, and operators, this reactive approach is inadequate. Best practices must be identified, systemic and procedural constraints assessed, and measures adopted to ensure they contribute to an enduring strategic inflection.
Ivan Sutherland
Knowledge is a rare thing. You gain by giving it away.”
The time is right to address this issue, for two reasons. First, enhanced situational awareness among allies is needed to ensure a comprehensive, collaborative approach to addressing serious security challenges at a global inflection point. Second, technological advances in the way information is handled are changing the way the IC must function if it is to remain relevant. The sheer volume of data now available, both classified and unclassified, requires a progressive approach to information handling, using artificial intelligence (AI) and machine learning (ML) techniques, often involving direct machine-to-machine interfacing. As these tools develop and mature, they must also accommodate an increasingly automated approach to information sharing.
The aim
Noting that intelligence is only one form of information, the aim of this paper is to capture the impediments to optimizing intelligence sharing between the United States and its closest allies and make practical recommendations as to how these impediments can be overcome. In doing so, it also addresses many issues surrounding the sharing of more generic but sensitive information.
The methodology
The methodology included a review of historical and current literature and publicly available policy documents, as well as a series of discrete individual interviews with several senior former executives from the US intelligence community (IC), all of whom have had distinguished careers in the full spectrum of IC activities and organizations. A policy workshop with very senior US and UK policy, IC, and defense leaders was also held, and identified challenges were banded into three broad themes that accommodate the complexity of the issue: policy (including regulatory), processes (including technological), and people (institutional and organizational culture), recognizing there are clear and significant overlap and dependencies existing between them, and none can be considered in isolation.
The issue
The challenges and why they matter
The 9/11 Commission Report identified several systemic deficiencies that prevented the totality of relevant data from being combined to predict the terrorist attacks. Included among these were structural, procedural, and human factors that prevented terrorist-related intelligence from being shared internally between agencies and externally with allies and partners. The report noted that “the problem is nearly intractable because of the way government is currently structured. Lines of operational authority run to the expanding executive departments, and they are guarded for understandable reasons.” Several of the major recommendations have been implemented, but many challenges endure and remain intractable. Some progress has been made around intelligence sharing in the years since 9/11, particularly in the context of counterterrorism and the duty to warn of potential terrorist attacks, but even local initiatives to enhance intelligence sharing with trusted allies and partners are hamstrung by many of these same issues. They impact a broad range of intelligence-related and intelligence-informed protocols such as strategic and operational planning, achieving common situational awareness, exchanging sensitive technology, and joint capability development initiatives. This has resulted in a general frustration that extant policies and processes do not support the intent and result in a risk averse approach. Many of these issues were reflected in the conversations with interviewees and it became clear while there are still steps that can be taken within extant regulations, major institutional hurdles will remain unless addressed in a strategic and coherent manner, with sufficient direction and prioritization at the highest policy level.
All interviewees were strongly in favor of intelligence sharing among allies and partners.
One interviewee stated they were, “not sure there is such a thing as too much intelligence sharing, as long as the appropriate security conditions are met.”
There were, however, nuanced perspectives of how much progress has been made, and how far intelligence sharing should be taken. Considering the example of the Five Eyes1The Five Eyes intelligence sharing alliance consists of Australia, Canada, New Zealand, the United Kingdom, and the United States. (FVEY) Sensitive Compartmented Information Facility (SCIF) in the Pentagon, one interviewee lamented the protracted bureaucracy that delayed its full establishment, noting administrative impediments remain at a time when the Ukraine conflict requires extended working hours and constant dialogue with incumbents’ home capitals. There were also differing views as to where the impediments to intelligence sharing were most keenly felt, depending on individual backgrounds and previous roles. Some felt intelligence sharing was optimized at the operational and tactical level, where there exists the greatest imperative, force integration, and familiarity with cooperation, while others experienced serious impediments to operating effectively in a coalition environment.
Which model?
While a generic intelligence sharing model was recognized as the most efficient, it would be extremely challenging to implement. Alliances and partnerships are often complex, based on trust, geopolitical consideration, and mutual need. At their tightest, in exceptional circumstances, bilateral arrangements even remain applicable where exquisite collection capabilities are hosted on a second party’s territory, or to address discrete, sensitive bilateral security challenges. Each bilateral relationship looks different however, and enabling necessary resources and bureaucracy involved can be a significant lift. The FVEY alliance has become the most visible allied intelligence sharing process and policy, providing the benchmark against which other intelligence sharing relationships are measured. It is worth noting that each of the non-US FVEY member nations also maintain discrete bilateral intelligence-related relations with the United States, based around issues of mutual national interest, geopolitical priorities, and hosted intelligence collection capabilities.
All interviewees defaulted to the FVEY as the optimum model for intelligence sharing, predominantly due to shared values, standards, national interests, and language, but also because the muscle memory already exists—the FVEY relationship has developed over a considerable period.2Formerly including DOMEPLATE (DIE), DISCCUS (USDI&S), IPF(DNI), and for the GEOINT discipline, ASG, each of which met on a regular basis, twice a year. These bodies were suboptimal due to their different intelligence-related structures and authorities in each country but have since been streamlined under the governance of the Five Eyes Intelligence Oversight and Review Council (FIORC), although less formal working level meetings still occur. The geographical spread of the FVEY partners also facilitates greater access to intelligence collection opportunities not readily available to all and, through far-flung regional alliances and partnerships, FVEY members can enable broader coalitions and intelligence sharing to address specific issues. There is an additional clear recognition of the need to share some intelligence with individual nations and coalitions beyond the FVEY, depending on security requirements and levels of trust. Small ad hoc groupings, or mini-laterals (such as with some Asia-Pacific nations), will become increasingly important as global security challenges evolve with a new emphasis on China, and there needs to be a way to adapt any intelligence sharing mechanisms to new coalitions and partners as situations dictate. The disparate challenges and requirements, therefore, pointed all those interviewed toward a tiered model (as opposed to a one-size-fits-all solution) as the best approach from a national security perspective. However, the policy implication and resource challenges of this approach were noted, and it was also highlighted that reviewed policies and processes should always accommodate a flexible model. One interviewee underscored the sensitivities of nations not in the club, particularly at the operational level, where it can be obvious when select nations have an intelligence advantage. They noted that, “as the circle grows, it becomes more challenging, with haves and have nots, and the risks increase. It’s not just about sharing the appropriate information, it’s who’s left on the outside. In coalition environments, people find out about small group meetings, etc. and feelings become hurt, trust is lost.”
Policy
Policy constraints were recognized as primary impediments to intelligence sharing at all levels, although this is a complex and multi-faceted issue. It was further noted that policy directly impacts both processes and culture. Get the policy right and the rest follows. However, the federated and distributed nature of authorities within the IC and defense, as well as the sheer number of applicable policies and directives, made this extremely challenging. Several examples below illustrate the scale of the challenge.
Intelligence Community Directives
US policies regarding intelligence sharing are primarily articulated in Intelligence Community Directives (ICD), the custodian of which is the Office of the Director of National Intelligence (ODNI). The primary ICD quoted when considering intelligence sharing policy is ICD 403, Foreign Disclosure and Release of Classified National Intelligence. This is supported by subordinated Intelligence Policy Guidance 403.1 (Criteria for Foreign Disclosure and release of Classified National Intelligence) and 403.2 (Procedures for Foreign Disclosure and Release Requiring Interagency Coordination, Notification and DNI Approval). Additional ICDs apply, however, including ICD 208 (Maximizing the Utility of Analytical Products), ICD 209 (Tearline Production and Dissemination), and ICD 710 (Classification Management and Control Markings System), supported by ICPG 710.2/403.5 (Application of Dissemination Controls: Foreign Disclosure and Release Markings).3Each of the ICDs is reviewed independently and many of them are now extremely dated.
While the authority for ICDs is clear,4ICD 101 Intelligence Community Policy System “establishes the IC policy system which is comprised of a hierarchy of policy documents; processes for the development, coordination, and evaluation of policy; and a governance structure to advise the Director of National Intelligence DNI) or the DNI’s designees regarding policy issues.” Of note, it also “delegates decision authority for the promulgation of certain policies and delineates the roles and responsibilities of the Office of the DNI, IC elements, and Functional Managers.” For more, see: “Intelligence Community Directive 101 Technical Amendment: Intelligence Community Policy System,” Office of the Director of National Intelligence, October 22, 2019, https://www.dni.gov/files/documents/ICD/ICD_101.pdf. policy development and coordination in practice is a collaborative process through the Intelligence Community Policy Review Board (IC-PRB), an advisory body to inform the development of policy and ensure an inclusive and collaborative process comprising deputy leaders from IC elements, and the Intelligence Policy Advisory Group (IPAG), comprising senior policy representatives from each IC element.
A common thread throughout the interviews was the extent to which authority lies within a single body for each of the FVEY nations. As one interviewee noted, “within the [United States] it’s a federated process. The DNI can write policies across the board, but can only go so far unless given more authority. They encourage and inform team activity rather than direct. In military terms, there is no OPCON [Operational Control] inside ODNI, which instead provides commander’s intent—information sharing policy is aspirational. All sorts of other policies surround it, technical, personnel, which makes it very difficult. It has to take all of these into account and is a jumbled mess.” Another interviewee put it more starkly: “the [United States] does not have any info sharing policies at all. It has information security policies and information sharing exceptions to those policies.”
IC policy development therefore requires consensus and the IC elements (i.e., IC agencies) play the critical role. This matters as some IC elements are significantly less comfortable with sharing intelligence than others and thus prioritize control of their source material over shareability. ICD 403, for example, last reviewed in March 2013, explicitly states that “Foreign disclosure and release actions can provide crucial support to national and foreign policy objectives. The production of intelligence reports and products at a level suitable for foreign disclosure and release supports both the IC and US policy makers. IC elements, therefore, in accordance with US national security and foreign policy objectives, should produce intelligence products and reports marked for foreign disclosure or release.” However, it also states that “US intelligence is a national asset to be conserved and protected and will be shared with foreign entities only when consistent with US national security and foreign policy objectives and when an identifiable benefit can be expected to accrue to the [United States].” It further states that “the authority within IC elements to make foreign disclosure and release decisions rests with IC element heads, SFRDAs [Senior Foreign Disclosure Officers] and FDROs [Foreign Disclosure and Release Officers].” Therefore, policy in this area is qualified, open to interpretation, and, in some places, contradictory. For those more risk-averse IC elements, the policy as it stands can be interpreted to support a default setting to NOFORN.
Alan Perlis
Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it.”
The 9/11 Commission Report is illustrative here, articulating that “too many agencies now have an opportunity to say no to change.” It recommended the establishment of a National Intelligence Director (NID) to “set information sharing and IT policies to [maximize] data sharing, as well as policies to protect the security of information.” This balance between optimizing intelligence sharing and ensuring that information is suitably protected is the nexus of the challenge. The aforementioned recommendation led to the creation of the ODNI, but the authorities required to direct IC elements were not implemented as envisaged by the report.
As long as the IC elements have responsibility for authorizing foreign disclosure, they will maintain associated resource calculations. Formal, senior-level decision-making processes and procedures to authorize foreign disclosure and the guidance are needed. ICD 403 states that “generally, originating agencies shall respond to routine foreign disclosure and release authorization requests with seven working days.” While this may appear rapid in strategic terms, intelligence reporting requirements are often time-sensitive, and the time necessary to approve disclosure does not encourage analysts to seek that approval. This is linked both to extant processes and organizational culture, which are discussed later.
Department of Defense policy
For the DoD, policy for the release of intelligence to trusted allies and partners is even more complex and federated. Given that DoD intelligence agencies constitute nine of the eighteen US IC entities and over half the IC budget, this presents a significant challenge to enhancing intelligence sharing. The release of multi-source finished intelligence, such as that produced by the Defense Intelligence Agency (DIA), in which source material from national intelligence agencies is used, is subject to ICDs. However, where intelligence is derived exclusively from organic defense assets or is qualified as classified military information (CMI), DoD policy applies under National Disclosure Policy (NDP). NDP governs the disclosure of US classified military information to foreign governments and international organizations and is subordinate to the National Security Decision Memorandum (NSDM) 119, for which responsibility is jointly assigned to the secretaries of state and defense. NDP-1 implements this policy and is issued by the secretary of defense with the concurrence of the secretaries of state and energy and the director of national intelligence. Department of Defense Directives (DoDD) implement the NDP within the DoD. DoDD 5143.01 details the responsibilities and functions, relationships, and authorities of the under secretary of defense for intelligence and security (USD(I&S)) and was, importantly, revised in April 2020 to transfer authority for the development of DoD personnel security policy and guidance and the DoD Information Security Program. This matters since, as articulated by two of the interviewees, a key impediment to intelligence sharing within the DoD was that while USDI&S was responsible for DoD intelligence policy, USDP was responsible for how that intelligence was handled, leading to a degree of confusion and inconsistency. The April 2020 review appears to have partly resolved this issue by bringing security policy under the renamed USD(I&S), although some relevant issues, including information security and foreign disclosure, remain under USDP authority. DoDD 5240.01, DoD Intelligence Activities was revised in November 2020 to reflect these changes and provide policy guidance for intelligence sharing within the US Defense Intelligence and DoD components, as well as with other government agencies, the IC, and external partners. It is worded in the most definitive manner of all the policy guidance reviewed by the authors of this paper as follows:
4.5.2. The broadest possible sharing of intelligence with coalition and approved partner countries shall be accomplished unless otherwise precluded from release by law, explicit direction, or policy.
4.5.3. Original classifiers shall draft intelligence products with a presumption of release
and in such a manner as to allow the widest dissemination to allies, coalitions, and international organizations.
However, it still provides a get out clause by deferring to policy, although it is not explicit as to what that policy is. Furthermore, disclosure of Classified Military Information (CMI) to foreign governments and international organizations is covered through a separate directive, DoDD 5230.11, currently under the authority of USD(P). CMI is defined in the DoDD as “information originated by or for the Department of Defense or its Agencies . . . may be in oral, visual or material form.” It further subdivides CMI into eight categories, one of which is Category 8 – Military Intelligence, defined as “information of a military character pertaining to foreign nations. This category of information does not include national intelligence or sensitive compartmented information under the purview of the Director of Central Intelligence.” The fact that DoDD still references the DCI (replaced in 2005 by the DNI) demonstrates how dated the policy is.
The depth of policy analysis detailed above may have dissuaded the casual reader from reading any further, but it highlights a fundamental reason why intelligence sharing with trusted allies and partners is suboptimal. Only the most avid policy expert would be able to reconcile the various policy documents that apply to intelligence sharing and, even then, the degree of ambiguity leaves significant scope for interpretation. The busy analyst is therefore far more likely to opt for the safe option of defaulting to NOFORN, particularly within the processes and culture that exist within their working environment.
One of the more radical but potentially impactful proposals put forward by a distinguished former very senior IC leader was to eliminate the NOFORN caveat altogether for FVEY representatives embedded in each other’s intelligence footprint. This would be achieved by extending dual-citizenship privileges and obligations to those involved for the duration of their assignment, with an expectation that the other FVEY members introduce reciprocal arrangements.
Policy recommendations
Undertake a comprehensive review of policy guidance to remove policy constraints, encourage intelligence sharing, and ensure a uniform approach.
Policy guidance in this area is complex, federated, open to interpretation, occasionally contradictory, and in many cases defaults to sharing by exception only. Intelligence Community Directives (ICDs) are reviewed in isolation, and many are out-of-date, written in a different age. A comprehensive, coherent review of cascaded policy and policy guidance, that more explicitly encourages intelligence sharing (within appropriate national security bounds), while time consuming and resource intensive, would go a long way to removing perceived policy constraints and encouraging a ubiquity of approach.
Empower the Director of National Intelligence with greater authority to oversee the intelligence sharing process. Adopt “Releasable to FVEY” as the default classification.
The Director of National Intelligence (DNI) should have greater vested authority over the intelligence sharing process, initially establishing policies in partnership with intelligence community (IC) elements to maximize intelligence sharing within specific and limited NOFORN (not for release to foreign nationals) guidance. Adopting “Releasable to FVEY” (the Five Eyes Alliance) as the default IC classification, with specific justification required for the use of a NOFORN or “US Only” classification, should be prioritized. The DNI should further both have executive authority to ensure policy is followed and participate in a National Security Council (NSC) executive committee that can resolve significant disputes. The DNI should set the rules for, direct, and control disclosure policy for all IC products and the US under secretary of defense for intelligence & security (USD(I&S)) for all US Department of Defense (DoD)-derived intelligence.
Empower the under secretary of defense for intelligence and security.
Responsibility for classified military information (CMI) should be transferred from the under secretary of defense for policy (USD(P)) to USD(I&S).
Devise a template with parameters to define and standardize intelligence sharing classifications.
At the highest national level, a policy statement setting the strategic guidance should be considered: e.g., to ensure the security, prosperity, and commercial and intellectual advantage of the nation, we should be able to share:
- [specify purpose] intelligence with [defined] allies and partners within [given time period], the exception being [specific national and security caveats].
Remove the NOFORN caveat entirely.
For FVEY personnel working in US IC spaces, the removal of the NOFORN caveat entirely for the duration of their assignment, by affording the privileges and obligations of dual-citizen status, would ensure they are fully integrated and able to fill their role completely and efficiently.
Process
The challenge
Process5Defined in the OED as a series of actions or steps taken to achieve a particular end. is closely linked to policy, in that processes are adopted according to the understanding of the policies within which they operate. As detailed above, where policies are open to interpretation, processes are likely to be risk averse. Within the IC, the primary end state is generally associated with providing the best possible intelligence outputs to key decisionmakers in a timely and efficient manner. Timeliness is a key factor, but intelligence sharing is uneven across the community. The collection agencies are, understandably, highly protective of the material they produce, and are reluctant to lose control of their output. Multi-source intelligence producing agencies, such as the DIA, are heavily dependent on single-source collection agencies for their source material and therefore they must abide by each agency’s individual sharing protocols. This makes it difficult for them to write for release, as they invariably need to revert to the appropriate source agency for release authority. This requires time and resources, and is therefore extremely inefficient—by the time release authority is provided, or tearlines produced, it is often too late to be of use.
Ironically, where allied inter-agency cooperation, coordination, and even integration is long established (such as between the FVEY SIGINT organizations), it is often easier to share within the same discipline of the partner nations than to share across agencies within the same nation. One of the reasons for this is the priority afforded by each of the agencies to ORCON (Originators Control), highlighted by one of the interviewees as a key impediment to intelligence sharing. For example, at DIA, permission to share or even discuss a US Central Intelligence Agency (CIA) HUMINT or US National Security Agency (NSA) SIGINT report within FVEY had to go to each agency to determine if they had already shared it with a FVEY partner. Sometimes they had not, and the process to secure permission for the future was often long and bureaucratic. Even when it had been previously shared, confirmation would still often take weeks. The tracking numbering system for reports is changed at each stage of the process and could be streamlined by standardizing the referencing system to at least provide a consistent awareness of what was being shared. To secure disclosure for display to intelligence services outside the FVEY consortium was even more arduous and time consuming.
A consistent theme during the interviews was Write for Release versus Collect for Release. As one interviewee noted, “collect for release is a good approach, but should start at the beginning of the process, in which collection requirements are produced at a releasable level. Coordinating the collection effort by engaging early with allies and partners will both determine what they already have and ensure economy of effort. Setting collection requirements at a Higher Classification should only occur for particularly sensitive collection capabilities and sources. Protecting your intelligence gaps from partners will not allow them to fill those gaps.” Establishing intelligence requirements and collection plans with trusted partners and then filtering source reporting to remove only the most sensitive material would negate the need for analytic organizations to retrospectively request downgrades, since material collected should already be at a releasable classification. This model has worked well at the operational level, for example in Afghanistan, where coalition partners declared organic collection assets and allowed them to be tasked against agreed priority information requirements. This approach would be more challenging for nationally controlled strategic assets whose capabilities are more sensitive, however.
Set requirements and collect information with allies in mind.
Establishing intelligence requirements and collection plans with trusted partners and then filtering source reporting to remove only the most sensitive material would negate the need for analytic organizations to retrospectively request downgrades.
The provision of single-source reporting at a releasable level by IC elements would clearly be fundamental to improved intelligence sharing. There will always be exceptions, dependent on the sensitivity and fragility of the source. In the counterterrorism (CT) role, for example, analysts often need more detail on the source to provide high value insights, but this should become the norm. Defaulting to a releasable level would likely be a highly unpopular proposition, but addressing the classification issue as close to the start of the collection process as possible would negate much of the bureaucracy involved in retrospectively downgrading source reporting, and the entire report writing process would be more efficient. Instead of having to write a report multiple times, depending on the audience, the analyst would only have to write one version. It would, however, place additional resource burden on the originating organization, which would have to invest more heavily in their own clearance procedures and foreign disclosure expertise. A more palatable alternative to putting the onus for downgrading source material on IC collection elements would be to develop a centralized clearinghouse under DNI to review material to maximize releasability. It would still need to be fully resourced, likely with IC element representatives, and would require the compliance and support of IC elements and the DoD, but would provide a single focal point to increase efficiency.
Foreign disclosure professionals
Within the DoD, a foreign disclosure officer (FDO) cadre is maintained both to enable release of single-source reports to allies and partners and to facilitate the release of multi-source reporting. Each of the other IC elements are believed to have professionals filling a similar role. Within the DoD, there is internal friction over the numbers and role of FDOs, as they are seen to take numbers otherwise dedicated to the analytical workforce. Consequently, analysts are often tasked with an FDO role as an additional duty, with minimal training and often with no real capacity to take on the duty, to the detriment of the process. There is inconsistency in how the foreign disclosure process is implemented and there is not sufficient critical mass and dedication to maintain a professional FDO workstream. This is an enduring issue and was identified in the Inspector general evaluation of intelligence sharing in Operation Inherent Resolve as a key finding; “The DoD Foreign Disclosure Officer Program lacks a tracking management system, professionalization structure and standardized training, which inhibits sharing information with OIR PN [Operation Inherent Resolve partner nations].” Since then, some progress has been made in improving FDO training and establishing a handful of additional dedicated FDO positions within the DoD, however progress has been piecemeal, under-resourced, and does not appear to have made a demonstrable impact. As one interviewee put it, “education about where the help lies is important, but people forget about FDOs. The process needs to be industrialized and standardized. It all depends on leadership priorities—if leadership puts the priority at the right level needed to invest (e.g., FDOs), then we have a chance.” Associated with this is the requirement to better articulate and delegate the authorities and responsibilities of the FDO, and therefore better empower them. For example, the RELIDO (Releasable by an Information Disclosure Officer) marking, widely used by the IC, has not been adopted by the DoD.
Jerry Moran
Perfection has to do with the end product, but excellence has to do with the process.”
The dependency on single-source IC element reporting and a dearth of foreign disclosure capability within the DoD combined significantly reduce the ability to share their products. This contrasts with the Australian Defence Intelligence Organisation (DIO) model, which, as agreed by all interviewees, demonstrates best practice and merits further investigation. Here, the default classification for every finished intelligence product is Releasable FVEY. Anything written for release at a higher classification level requires strong justification and very senior level sign-off.
The technology challenge
Advances in technology, such as AI and ML, are strongly considered by all stakeholders as potentially game changing for intelligence sharing, particularly given the huge amount of data now being collected. As one put it, “faster decision making will be needed, informed by voluminous data sets. Today’s way of doing business (manual FDO process, tear lines, and reviews) isn’t going to cut it when you have massive data lakes, advanced data processing, and AI/ML tools to help make sense of that data at machine speed.” It will become unrealistic to manually vet each piece of data, and confidence levels will need to shift from individual data-points (which could comprise billions of files at a time) to the process and the data source. The question as to where the foreign disclosure process fits within a machine-to-machine environment will need to be addressed, particularly with true AI where the algorithm self-learns. Therefore, while all those interviewed considered technology to be an opportunity rather than a threat, it was nevertheless recognized that it would be extremely challenging to apply AI techniques to the disclosure process and there was a long way to go before machine-to-machine interfacing algorithms would be sufficiently trusted and able to automate this process in toto. Lessons could be learned from commercial big data and social media platforms, however, many of which address similar challenges. Media companies, for example, were struggling to identify risks across their platforms and started to use AI to flag information that looks suspicious—highlighting areas for humans to triage. If trained correctly, ML is very good at pattern matching, although applying it to intelligence will require an incremental approach and be subject to trial and error in a controlled environment. The level of risk would need to be calibrated and probably not appropriate for highly sensitive compartments. All the interviewees believed that a bounded, small-scale test case would present the best initial approach, and one opined that the twenty- and fifty-year review cycles for releasability of classified IC documents may be an appropriate start point. Once this has been trialed successfully, it could be adopted for a low-risk subset of current intelligence, such as non-traditional issues like the arctic or climate change, which would have reduced risk and could potentially be widely shared. A higher visibility, more strategically relevant example, such as the exchange of information required to enable the Australia, United Kingdom, United States (AUKUS) security partnership, may attract more support and resources, but with greater risk. Ultimately, AI methodology will need to be applied throughout the community, from the strategic to theatre level time-sensitive intelligence challenges, such as the joint all-domain command and control (JAD C2) missile tracking case, where a networked approach to sharing near-real time information between platforms and allies will be useful.
Not embracing technology is a significant risk to intelligence sharing. As national information integration strategies drive the adoption of cloud computing and human-machine interfacing, associated mutual protocols and controls and accreditation must be developed in parallel to accommodate an ability to share systemically. Without this capability, intelligence sharing in any meaningful way may become impossible.
Information exchange mechanisms
There are pragmatic impediments to increased intelligence sharing, caused by myriad platforms and information technology (IT) systems maintained by nations and agencies that were developed in isolation and often deliberately configured not to communicate with each other. Within the UK, for example, there is a deliberate policy to air-gap defense intelligence from the Single Intelligence Account (UK intelligence agencies), which therefore limits the amount of source material able to be shared and disseminated. A similar arrangement exists in the United States, where each agency maintains its own system despite huge efforts to develop a single Desk Top Environment within the IC. The situation is compounded by the different accreditation processes and standards, for example between the United States and the United Kingdom, where national versions of STONEGHOST (the jointly sponsored FVEY Above Secret Defense IT system), are not fully aligned. As the US IC moves to a Public Key Infrastructure (PKI) approach, this may address the technical information exchange challenge, although the technology currently lags behind the intent and even searching for e-mail addresses online, live chat, and sending e-mails between partners is difficult. A shift to zero trust architectures should help. One positive regarding information exchange mechanisms is the recognition and acceptance, between the FVEY partners, of each other’s security clearance standards and practices. Even here though, existing process and bureaucracy impede the efficient passing of clearances to facilitate meetings and dialogue. Clearances have to be manually forwarded on a case-by-case basis well in advance of events and it is not unusual for delays to the process to prevent attendees from actually participating. Typically, clearance passing is required six weeks in advance, which often precludes short-notice meetings, for example in support of joint contingency planning. A regularly updated, common FVEY database in which all FVEY cleared personnel are maintained with their respective clearances would go a long way in addressing this issue. This may not be as simple as it sounds due to different standards adopted by individual agencies and would require dedicated resources to keep current by each FVEY partner, but it would likely be more efficient than the current individual push-pull process.
Open Source Intelligence
Leveraging insights and analyses derived from publicly available information (PAI) and commercially available information (CAI) was also considered a potentially valuable tool in facilitating intelligence sharing at the more classified level. The development of very high-quality commercial sensors, the explosion of data accessed through the Internet, and the ability to curate and filter that data has changed the intelligence landscape and while there will always be a need for highly classified government intelligence derived from exquisite sources, OSINT can often now facilitate information sharing without compromising sources and methods, as evidenced with the war in Ukraine. As the IC becomes more comfortable with and explores the benefits of OSINT and the relationship with open source providers matures, this trend is likely to continue and become increasingly important.
Process recommendations
Classify single-source reporting at the NOFORN level on rare occasions.
Single-source intelligence collection normally happens at the NOFORN level. At times, this is to specifically protect sources and methods, but it is often merely a default setting. IC collection agencies should adopt a policy and practice of classifying single-source reporting at the NOFORN level by exception only. This would need to be enabled by an increase in empowered foreign disclosure experts at the IC element level.
Develop joint intelligence requirements with allies to enable releasable collection plans and ensure allied buy-in.
Baking in a collaborative approach to the entire intelligence cycle would go a long way to regularize intelligence sharing. The development of joint intelligence requirements with trusted allies and partners through a collaborative process, at every level of command and within each IC element on issues of mutual interest, would enable the creation of releasable collection plans in which relevant trusted allies and partners are both actively involved in the development of the requirements and contribute to collection activities. In turn, this would significantly increase the ability to produce source reporting at the releasable (REL) level, with the added benefits of burden-sharing and optimizing collection capabilities.
Create a centralized clearinghouse function in the ODNI.
Eliminating the originator controlled (ORCON) caveat for most IC agency released intelligence reports would forgo the need to secure permission from the collecting agency. An alternative would be having a centralized clearinghouse under the DNI, with representatives from each IC element to downgrade source reporting to the appropriate releasable level. In all cases, a substantial uplift of suitably trained and qualified foreign disclosure (FD) professionals would be needed.
Adopt a common referencing system for single-source intelligence reports.
A unified, common referencing system for all single-source intelligence reports should be adopted to allow their distribution to be tracked easily, both between agencies and with allies.
Explore artificial intelligence and machine learning applications to automate the foreign disclosure process.
As the technology matures, the application of artificial intelligence (AI) and machine learning (ML) technology to facilitate big data wrangling and processing, within cloud environments and at the edge, will inevitably change the way the IC does business. This provides a huge opportunity to, in parallel, address the intelligence sharing issue. A discrete trial, potentially using low risk historical IC data due for review, could be used to develop algorithms that, where practicable, conduct the foreign disclosure process in an automated manner.
Maximize usage of open source intelligence.
Maximum utilization of open source intelligence (OSINT) by the IC would present an ideal mechanism to share the findings of sensitive intelligence with a broad range of allies and partners without compromising sensitive sources and methods. To be successful, this would require OSINT to be further adopted and embraced by IC elements and greater resources be committed to developing processes to operationalize this approach. The unclassified element of the National Geospatial-Intelligence Agency (NGA) St. Louis may provide a suitable template.
People
The burden
As one interviewee described it, culture is “where the rubber hits the road” and is very personality driven, with differences arising, for instance, between people who are and are not risk averse. “While [people cannot be standardized], setting a tone from the top for risk acceptance is the key.” Another opined that, “culture needs to be fully encompassing; workplace and institutional culture are important, but they are woven into policies and processes, and we can’t delink the three.” There are very few within the IC who still do not philosophically believe in sharing intelligence outside of national boundaries. The greatest individual impediment, agreed by all those interviewed, is simply the additional burden on the analyst to go the extra mile, particularly as they tend to be extremely busy and working within tight deadlines. For this reason, middle level management often discourages writing for release and analysts feel disincentivized. An additional element is risk aversion, in which analysts are indoctrinated about the consequences of accidental breaches by security specialists. There is also an educational and training element, which does not adequately both underscore the mutual benefits of intelligence sharing and increase awareness of processes that must be followed and the help that is available, for example through empowered foreign disclosure experts.
The frozen middle level of management was often highlighted as a particular challenge when pursuing increased intelligence sharing. This was considered to be in part due to risk aversion and resource limitation, but there also exists an issue with education and training. As one of those interviewed opined, “we bring in senior leaders from industry and academia at the cutting edge of technology and we criticize the frozen middle, but what are we doing to help them? We are not sending them to Silicon Valley or out on op rotation or to foreign LO appointments. We should be offering these opportunities at the GG 14 & 15 level.”
Risk vs. reward
Taken together, these issues ensure a climate in which analysts often consider costs of intelligence sharing to outweigh benefits. What is in it for them? Culture takes a long time to evolve and can only be fully achieved through an alignment of policies, processes, education, and incentivization over a sustained period, and genuine buy-in from leadership at all levels.
This challenge was reflected in the 9/11 Commission Report and the risk aversion culture does not appear to have changed since its publication; “Each agency has its own security practices. Current security requirements nurture over classification and excessive compartmentation of information among agencies. Each agency’s incentive structure opposes sharing, with risks (criminal, civil, and internal administrative sanctions) but few rewards for sharing information.” While guidance and encouragement can come from the very top, behaviors will not be changed without mechanisms that protect individuals at the functional level. There is a huge difference between espionage and inadvertent disclosure and, for the latter, mitigation and punishment need to be regularized. It is currently a very much personality- and organization-driven approach. As argued by one of the interviewees, “leadership must be involved here. Someone has to assume the risk; it won’t work at an individual level without someone with the authority to protect the analyst. It is a personality-driven process right now.” An ability to quantify risk is an associated issue. Finished intelligence, by definition, has been through a rigorous editing and approval process, and the chances of a serious disclosure breach are minimal. Additionally, FVEY partners take their responsibilities to protect extremely seriously and even in the event of an inadvertent disclosure, damage is likely to be minimal.
Reverse engineering
There is often a perception that the higher the classification marking, the better the report (or at least the greater credibility and attention it is afforded). Both authors have personally witnessed this, including deliberate re-classifications of releasable reporting to NOFORN in misguided attempts to increase credibility. In some cases, the opposite is true, in that allies and partners can fill intelligence gaps and provide unique context to a given problem set. To an extent, this issue relates to the interpretation of analytical tradecraft, which requires all relevant source material to be considered and referenced when compiling a report. This results in the overall classification of any report in which NOFORN material has even been considered, but not used, to default to NOFORN. Underpinning any intelligence sharing process is trust: trust in the data, analysis, and partner. A key enabler therefore is partners adopting common analytical standards and tradecraft. Using common terminology, definitions, and techniques ensures shared reporting can be trusted, and its value understood. While some progress has been made in this area within the FVEY, there has been a reluctance to completely adopt a fully integrated approach.
Paolo Coelho
Culture makes people understand each other better. And if they understand each other better in their soul, it is easier to overcome the economic and political barriers. But first they have to understand that their neighbor is, in the end, just like them, with the same problems, the same questions.”
Working together
The disproportionately positive value of routinely working in collaboration with allies and partners, either virtually or, even better, in the same workspace (embeds, liaisons, and exchange personnel), was highlighted by all those interviewed, each of whom had filled one or more of those roles in the past. Some IC elements were better than others at facilitating this collaboration and some over-interpreted the policy to the extent that even embeds were not afforded the access they needed to become fully integrated and included. The trend towards establishing FVEY centers within DoD organizations as a mechanism to encourage intelligence sharing is very much a double-edged sword. They demonstrate a positive and proactive intent by leaders, provide a helpful clearing house and information conduit, and perform an advisory role. However, as discrete entities often physically dislocated from the rest of the organization in which they sit, they can actually prevent the normalization of working with allies and inculcate an attitude among analysts of intelligence integration being conducted somewhere else. Familiarization, dedicated trust building, and fostering a sense that members are a valued part of a wider team where each partner has skin in the game and genuinely contributes, was considered a strong force multiplier, both at the strategic HQ and deployed levels.
Culture recommendations
Establish and sustain a network of officers committed to facilitating intelligence sharing.
Currently, there is too much personality involved in facilitating intelligence sharing, requiring the right people to be in the right positions. There is a need to institutionalize the process, making it less dependent on individuals. This will require both prioritization by leadership and attention to governance and legal issues. A formalized network of key joint and integrated intelligence officer positions should be established, strategically placed at senior and mid-level grades within the FVEY partner services, mandated and empowered to facilitate intelligence sharing and overcome institutional and cultural barriers. This could be accompanied by the creation of a FVEY officer certification program, a designation which could be a pre-requisite to attain the senior ranks of each respective national intelligence service.
Change the risk calculus of intelligence sharing at the analytical level.
Changing risk calculation is a key facilitator of intelligence sharing at the analytical level. This can be done through education and training, and by leadership at the organizational level adopting more risk. There is a huge difference between inadvertent disclosure and spying—checks and balances already exist to address this difference and should be reinforced to mitigate the former, when necessary. This will require additional FD professionals at the organizational level, and a recalibration of information security policies.
Increase embeds, liaisons, and exchange personnel to encourage intelligence sharing.
Familiarization, collaboration, and integration between trusted allies and partners is the best way to facilitate a positive culture to encourage intelligence sharing. This should be achieved by increasing numbers of embeds, liaisons, and exchange personnel, both at headquarters (HQs) and deployed on operations. This needs to be two-way, however, and will need additional resources (financial and personnel) to be applied by trusted allies and partners.
Other considerations
Classified military information (CMI)
Although outside the direct scope of this study, the ability to share commercially sensitive information and CMI, between both defense and industry and business to business, suffers from similar policy challenges to intelligence sharing and has a significant impact on technological collaboration. At the leadership level, all are being encouraged to collaborate with emerging technological capabilities, but US export control policy, as it stands, is incompatible and restrictive. The issue is similar to that of intelligence sharing as a dispersed inter-agency issue. The State Department has responsibility for International Traffic in Arms Regulations (ITAR) policy, the Commerce Department has export relations, and ODNI and IC elements review all requests to share tech and data with allies. CMI policy constraints have further implications for defense planning, exercising, war-gaming, and capability development.
Counterintelligence
Finally, any consideration for increased intelligence sharing must be accompanied by a comprehensive and integrated counterintelligence (CI) strategy. Related to issues of trust and risk management, one of the most widely expressed concerns of US intelligence officials associated with the issue of intelligence sharing beyond the FVEY was the ability of partners to protect intelligence being shared. In order to proceed with a more robust intelligence sharing regime, it must be demonstrated that both provider and receiver of shared intelligence are committed to implementing sound counterintelligence and security measures to ensure shared intelligence does not come into the possession of adversaries. This will require increased focus on CI and security training and education, certification protocols, and constant monitoring, particularly as it pertains to the establishment of new intelligence partnerships.
Conclusion
Impediments to sharing intelligence between trusted allies and partners have both political and practical implications well beyond the confines of the IC. They prevent a common understanding of global, regional, and national security risks; impede strategic and operational planning between the United States and its allies; impact crisis response; and impede both force and capability development and technology and industrial collaboration. They also undermine trust. Existing policies and processes related to intelligence sharing are inadequate, engender a highly risk averse attitude, and are often ultimately unable to address time-sensitive or dynamic issues. Simply put, NOFORN, as the default classification of the US IC, is no longer a viable policy and practice to address the fast-moving and complex global security challenges which require greater collaboration between the United States and its allies and partners to solve. While there has been laudable effort conducted at local levels to optimize intelligence exchange, progress has been largely piecemeal and is approaching the limits of what can be interpreted within the existing framework. As national information management and integration strategies embrace and adopt transformative technologies, including cloud computing, AI/ML, machine-to-machine interfacing, and eventually quantum computing in order to cope with the huge amounts of data now available, the current, heavily human-centric way of sharing intelligence will become obsolete and may even actively prevent the ability to share information in the future.
The paper identifies many of the systemic constraints present in intelligence sharing and identifies several solutions—some of which will be culturally and institutionally unpalatable, but without which real progress will be unachievable. Many of these constraints were identified in the 9/11 Commission Report, which, while heavily focused on internal intelligence sharing, also reflected many challenges of broader intelligence sharing. Senior stakeholders engaged in the development of the paper revealed that several of the impediments identified in that report remain valid today.
Real progress is dependent on two critical factors. The first factor is the need for sufficient political will and high-level direction to address the issue in an institutional manner, affording it the priority and resources needed. Intelligence sharing is often seen as an IC-exclusive issue, but, as described above, has much wider implications and is often a critical enabler for work on strategically important issues. Successful execution of the AUKUS security partnership, for example, will be highly dependent on an ability to share sensitive information, which is currently proving extremely challenging. Without direction from the highest level and authority to act vested in a single individual or organization, the incentive for change will remain limited. As queried in the 9/11 Commission Report, “who is the Quarterback”? In a highly federated model such as the US IC, buy-in and leadership from the IC elements will be essential to a collaborative approach. But this collaboration must adopt a position of forward-thinking ambitious intent that avoids doing the bare minimum. The second factor is the need to address the issue in a holistic manner, which encompasses policy, process, and mindset, within both the IC and DoD. It is not enough to review individual ICDs or DoDDs in isolation, and cross-departmental cooperation and coherence is essential. In an environment in which changing policy is often seen as an anathema, the importance of the key roles of cultural evolution and dedicated resources in adopting this approach should not be underestimated.
Lastly, while this paper focused almost exclusively on what needs to be done within the US intelligence establishment, US allies and partners have a similar role to play in optimizing intelligence sharing. They need to reciprocate with their own resources, as well as cohere and adapt their own information management capabilities and mechanisms to accommodate the new model of information exchange, earning the enduring trust of the United States by demonstrating a rigorous process to protect US-derived intelligence in an appropriate manner. In taking a proactive approach to intelligence sharing, the genuine concerns of inadvertent disclosure must be addressed, and the proper protection of critical national capabilities, methods, and sources must be afforded the attention they merit.
Acknowledgements
This publication was produced in part with support from the United Kingdom under the auspices of a project focused on rethinking alliances for the 21st century. The views expressed within are those of the authors and do not represent the official positions of His Majesty’s Government or the Atlantic Council.
About the authors
AVM Sean Corbett, CB MBE is the CEO of InSight Global and is retired from a 30-year career as a professional intelligence officer with the UK Royal Air Force.
James Danoy is a nonresident senior fellow with the Atlantic Council’s Scowcroft Center for Strategy and Security and a former US defense intelligence executive with the Defense Intelligence Agency.
This issue brief is written and published in accordance with the Atlantic Council Policy on Intellectual Independence. The authors are solely responsible for its analysis and recommendations. The Atlantic Council and its donors do not determine, nor do they necessarily endorse or advocate for, any of this issue brief’s conclusions.
Icon acknowledgements: Policy icon made by Kiranshastry from www.flaticon.com; Process icon made by Freepik from www.flaticon.com; People icon made by photo3idea_studio from www.flaticon.com.