Twenty years ago, al-Qaeda hijackers carried out the worst-ever terrorist attack on American soil, killing nearly 3,000 innocents, terrifying the nation, and forever changing the course of history—ushering in America’s wars in Afghanistan and Iraq.
Yet September 11 was also something else: our worst intelligence failure in more than half a century. It was a surprise attack that should not have been a surprise. The agonizing truth is that American intelligence agencies saw the danger coming but failed to stop it because they were hardwired to fight a different enemy from a bygone era. My research found that when the Cold War ended and the threats shifted in the 1990s, America’s intelligence community failed to adapt.
Today, we face a similar challenge. Since 9/11, spies have become adept at countering al Qaeda but al Qaeda is no longer the overarching problem it once was. The global threat landscape has become much more crowded and complex, encompassing escalating cyberattacks, a rising China, Russian aggression, nuclear proliferation in Iran and North Korea, the fallout from climate change, and more. And once again, spy agencies are struggling to keep up.
Like generals, intelligence officials are often left fighting the last war even when new dangers are evident. Why? Because no matter what politicians and agency leaders say, no matter how clearly they see new adversaries looming over the horizon, government agencies are tailored to fight the enemy they already know. Bureaucracies are designed to last, not adapt. Businesses go under if they fail, but government agencies almost never die. Instead, over time, organizations harden, budgets balloon, capabilities and cultures become ingrained. Early innovations grow obsolete. Even when reports are issued, warnings are raised, and courageous champions press for action, change comes slowly. The old ways endure. Meanwhile adversaries grow stronger, and the nation is left vulnerable once again.
Throughout the 1990s, even as America’s spy agencies warned of al-Qaeda’s growing danger, these institutions were stuck in the Cold War. Money poured into technological platforms that could count Soviet warheads from space instead of human intelligence efforts better suited for penetrating terrorist groups on the ground. George Tenet, the CIA director on September 11, had tried but failed to upgrade his agency’s counterterrorist capabilities and better coordinate counterterrorism intelligence across the federal government. Although the FBI formally declared terrorism its No. 1 priority years before 9/11, in 2001 only 6 percent of FBI personnel were working on counterterrorism issues and FBI special agents received more time for vacation than for counterterrorism training. A massive effort to reform the bureau’s counterterrorism capabilities across the FBI’s U.S. field offices ended in disaster: Just weeks before 9/11, an internal report gave all 56 offices failing grades. The assessment was considered so embarrassing, it was highly classified and only a handful of copies was ever produced.
I found that organizational weaknesses led the CIA and the FBI to miss 23 opportunities to penetrate and possibly stop the 9/11 plot. Among them are the facts that CIA officers had identified two suspected terrorists attending an al-Qaeda planning meeting in Malaysia, learned their full names, and discovered that one held a U.S. visa and the other had traveled to the United States. More than 50 CIA officials had access to this information, yet nobody told the State Department or the FBI for more than a year. Until 9/11, there was no formal training, no clear process, and no priority placed on warning other government agencies about dangerous terrorists who might travel to the United States. When the CIA finally did tell the FBI, 19 days before 9/11, the bureau designated its manhunt for the two suspected terrorists as “routine,” the lowest level of priority, and assigned it to a special agent who had just finished his rookie year. This wasn’t a mistake, either: For the FBI, catching perpetrators of past crimes had always been far more important than gathering intelligence to stop a potential terrorist attack.
The pair should not have been that hard to find. They were hiding in plain sight inside the United States, using their true names on identifiers such as rental agreements and credit cards. One was even listed in the San Diego telephone directory. And while living in San Diego, they made contact with several targets of FBI counterterrorism investigations, at one point living with an FBI informant.
The two operatives went on to crash American Airlines Flight 77 into the Pentagon. They didn’t need secret identities or clever schemes to succeed. They just needed the CIA and the FBI to operate as they usually did.
In the 20 years since 9/11, American intelligence agencies have been retooled and revamped to combat terrorism. Reforms include the creation of a director of national intelligence, the National Counterterrorism Center, and the Department of Homeland Security—in sum, the largest restructuring of American intelligence since 1947. Budgets have skyrocketed, and integration between intelligence and military operations has reached new levels, yielding stunning counterterrorism successes, including the operation against the 9/11 mastermind Osama bin Laden.
But the threat landscape never sleeps. Today, American intelligence agencies face another moment that requires rapid adaptation. This time, the dangers arise from technology. Technologies such as artificial intelligence, the internet, biotechnology, and satellite miniaturization are profoundly changing global economics and politics, empowering old adversaries, unleashing new threats, and challenging every facet of the intelligence business. Never have so many technological advances converged so quickly and changed so much.
In the old days, power and geography protected America. Not anymore. Cyberspace is enabling adversaries to attack us across long distances without firing a shot, hacking machines as well as minds. China has prosecuted a sustained and successful campaign to steal huge amounts of American intellectual property for economic and military advantage. Russia is using cyber-enabled information operations to interfere in elections and undermine democracies from within. Criminal groups are waging ransomware attacks against American cities, energy suppliers, and other crucial infrastructure. The array of threats facing the country has never been greater because cyberspace is strengthening the weak and weakening the strong. Advanced industrial democracies are exceptionally vulnerable to cyber breaches of all kinds because they are the most digitally connected and because their freedom of speech enables nefarious actors to deceive at scale.
Technology is also disrupting the ability of American intelligence agencies to make sense of the world. Intelligence has always been a business of finding needles in haystacks to generate insight. Now the haystacks are everywhere and growing exponentially, because the amount of data on Earth doubles about every two years. Connective technologies are driving this data overload, with no end in sight.
The U.S. intelligence community needs a radical reimagining to succeed in this new era. In the past, advantage came from stealing secrets. Secrets still matter, but advantage more and more derives from harnessing open information available to anyone and from human thinking, augmented by machines, that can sift through enormous troves of data to find hidden patterns.
Success requires three key ingredients. The first is the creation of a new, independent intelligence agency dedicated to open-source intelligence. The CIA, the National Security Agency, and other elements of the intelligence community have open-source efforts under way, but secret agencies will always favor secrets. The U.S. will never be able to win the race for insight so long as open-source intelligence remains trapped inside agencies that believe more in their secret missions.
The second necessary ingredient is talent. Our intelligence community was designed for an era when intelligence officers were expected to be lifers. Today’s best and brightest typically move jobs multiple times in their career. What’s more, our greatest talent needs are in science and technology, precisely the areas with the toughest private-sector competition. Attracting the right workforce for the digital era starts by enabling technologists to move much more easily into and out of government at all stages of their career.
The third ingredient is strategy. We need to rethink what intelligence is and who it serves. Today, the policy makers who need intelligence to protect the nation don’t just live in Washington and hold security clearances. They include chief executives whose companies own and operate 85 percent of crucial American infrastructure—much of it vulnerable to a cyberattack—and tech leaders whose platforms have become disinformation superhighways.
Navigating the era of digital threats will not be easy. The private sector answers to global shareholders, not American voters. Our national security does not rest in the hands of the government as it once did. Protecting the nation from the next surprise attack requires faster action and a far-reaching transformation of intelligence.