Nick Selby

Fintech Chief Security Officer. Former NYPD apparatchik. Co-author Cyber Attack Survival Manual; In Context: Understanding Police Killings o

May 31, 2017
Published on: Los Angeles Times
1 min read
The driver's licenses of Boston Marathon bomber Tamerlan Tsarnaev. Federal officials chose not to disseminate information about Tsarnaev to local authorities prior to the bombing, despite having investigated him.
The driver’s licenses of Boston Marathon bomber Tamerlan Tsarnaev. Federal officials chose not to disseminate information about Tsarnaev to local authorities prior to the bombing, despite having investigated him.

Everyone in the security world is worried about leaking. Last week, for instance, the U.K. government excoriated U.S. officials for leaking sensitive information about the Manchester terrorist attack. Americans, the British say, cannot keep secrets. In the context of domestic terrorism, however, the real crisis isn’t what we leak — it’s what we don’t share. More than 15 years after the Sept. 11 attacks, federal agencies are somewhat more willing to share information with one another, but they still hold back when it comes to local law enforcement.

To cite one example: In 2015, federal officials chose not to warn police in Garland, Texas, that known terrorism suspects were in the area before those suspects, inspired by Islamic State propaganda, opened fire outside a Prophet Muhammad cartoon contest. Federal officials also chose not to disseminate information about Tamerlan Tsarnaev, one of the 2013 Boston Marathon bombers the FBI had looked at repeatedly.

Intelligence sharing is hard, for some not-so-obvious reasons. Collaboration requires that agencies understand one another’s professional culture and their own limitations. What is shared must convey actionable information without betraying the sources and methods used to glean that information, because doing so could endanger operations and even lives. This is a tough line to walk.

Intelligence leaks and unnecessary noncollaboration arguably have the same root cause: The desire to feel important.

Moreover, most agencies don’t want to share intelligence that isn’t rock solid — even though widening the circle of trust could help fill in the gaps. All too often, there’s a bias toward hoarding that’s both cultural and legal: There’s no penalty for not sharing, but there are stiff penalties for sharing what you shouldn’t have.

Intelligence leaks and unnecessary noncollaboration arguably have the same root cause: The desire to feel important.

When people see classified information, they know they are among an elite few.

Some leakers are politically or financially motivated, but often they just want other people to know that they have access to sensitive data. Leakers share details they convince themselves won’t be damaging, in exchange for an ego boost.

Similarly, people who keep information closer than is really necessary may feel that the more people are in the know, the less special they will seem. If a lowly local cop has access to the same data as a federal intelligence officer, maybe it’s not so valuable.

Of course most of what local cops do has nothing to do with terrorism. Police departments use their limited resources to combat everyday crime; they won’t send officers to patrol a controversial art show unless they have good reason to believe that’s necessary.

That’s why it’s so important for national intelligence agencies to keep police departments in the loop about specific threats.

Proactive police leaders, however, are doing what they can to improve matters at the local level, creating interdepartmental intelligence and sharing capabilities that sidestep the federal system. They are using relatively simple communication platforms — often email and file sharing — on which groups of trusted individuals discuss intelligence and common challenges.

Some sharing networks are run by large departments. Others, like one that connects nearly 1,000 investigators, analysts and agents from more than 120 North Texas agencies, are run by individual officers. They tend to share publicly available and unclassified — but highly valuable — information.

These groups help build relationships among trusted members, so that if there’s specific intelligence available about an imminent threat, breakout groups — small trusted circles — form quickly and naturally.

A “threat” might mean a minor but multi-jurisdictional crime, like a burglary series hitting several towns. For example, recently a Texas detective posted about bulk thefts of baby formula. Within an hour, a detective from another agency about 20 miles away responded with the name of a suspect he had in custody for the same thing. As it turned out, the first detective’s thefts had been committed by the second detective’s prisoner. Until recently, that kind of interagency collaboration was difficult.

These same groups also post information about terrorist threats — not necessarily with the goal of stopping a specific action, but for the sake of better understanding how local officers might recognize pre-attack indicators, among other more general issues. A post might be a link to an academic paper, like one on terrorist network communication strategies. Or an unclassified paper on plot recognition, or domestic violent extremism, or case studies of recent terrorist attacks.

While the news media were publishing Manchester-related leaks last week, local police were sharing unclassified but critical analyses of how the attack was probably carried out, and the implications for those seeking to protect the public.

It would be helpful if national intelligence agencies were involved in such conversations, because they can see some attacks coming well before local departments can.

Intelligence is a process, not just a product. When intelligence is not shared appropriately, the process breaks. That’s a bigger problem than leaks.

Nick Selby is a Dallas-area police detective who runs a North Texas police intelligence sharing group. He is co-author of “Cyber Attack Survival Manual.”