May 25, 2021

Reassessing Homeland Security Intelligence

A Review of the DHS Office of Intelligence and Analysis

By Christian Beckner

Introduction

The discipline of intelligence has been a central element of the homeland security enterprise over the past two decades since the terrorist attacks of September 11, 2001. The 2002 National Strategy for Homeland Security emphasized “intelligence and warning” as one of the six “critical mission areas” of homeland security, and later that year, when Congress passed the Homeland Security Act, it created a new intelligence-focused directorate as one of two startup offices amid the broader reorganization of border security and emergency response agencies. That office—named since 2004 as the Office of Intelligence and Analysis—originally was envisioned to be the nexus of intelligence activities related to threats to the homeland, in partnership with the FBI and foreign intelligence agencies.

But since the creation of the Department of Homeland Security (DHS) in 2003, the Office of Intelligence and Analysis (I&A) has often struggled to live up to this vision. It remains a junior member of the intelligence community. It has found it challenging to influence and integrate intelligence-related activities across the components of DHS. And it faces difficulties in explaining its role to Congress and to the general public, leading at times to mistrust and confusion.

The underlying causes of these struggles are manifold. Some of them relate to forces beyond I&A’s control, including decisions made in 2003 to strip away responsibilities originally envisioned for DHS in the 2002 National Strategy, and give them instead to the FBI and what later became the National Counterterrorism Center (NCTC). Some of them have to do with decisions made by DHS leaders and Congress over the past 18 years to add new layers of authority at I&A and increase its complexity. Other underlying causes have to do with organizational and workforce-related issues within I&A.

But the primary cause of these struggles is the mismatch between the public expectations of I&A’s role and the underlying weakness of its statutory authorities. When I&A has found itself in the news cycle, it often has been framed pejoratively as a domestic spy agency and an unbounded civil liberties risk. But the reality of I&A’s statutory authorities and responsibilities is much meeker: It has no clandestine intelligence collection authority, and its primary role is as an integrator and disseminator of information among the DHS components; state, local, and tribal agencies; private sector entities; and other related elements of the intelligence community.

Nearly two decades after 9/11, the time has come for policymakers to decide what they want I&A to be and reduce the gap between the reality and perception of its authorities.

This mismatch between the perception and reality of DHS I&A’s authorities explains many of its challenges over the past 18 years, which often have arisen as a result of senior leaders’ well-intentioned efforts to overcome these impediments and take on additional responsibilities without corresponding increases to resources and statutory authorities. DHS I&A’s weaknesses also have left it exposed to political vicissitudes—as demonstrated most vividly by the political fallout in 2009 from its report on right-wing extremism and some of its activities during the final year of the Trump administration.

Nearly two decades after 9/11, the time has come for policymakers to decide what they want I&A to be and reduce the gap between the reality and perception of its authorities. One model going forward would be a slimmer I&A, modeled after the Department of State’s Bureau of Intelligence and Research, primarily focused on producing all-source analysis for the Secretary and other executive-level stakeholders. The second model would be a more robust I&A with new intelligence collection authorities, the transfer of related functions from other departments and agencies, and stronger authorities with respect to the operational components of DHS. Both of these options have their challenges, drawbacks, and risks—but both are preferable to the status quo.

To provide context for a consideration of these policy options, this paper first provides an overview of I&A’s history and evolution since its creation. This history and an appendix section (outlining I&A’s organizational structure, statutory authorities, budget, and mission priorities) provide the foundation for a detailed set of recommendations to reform I&A.

These recommendations are split into two sections. The report first elaborates on the competing options to “go big” or “go small” with respect to I&A’s role, weighing the benefits and drawbacks of these options, and establishing criteria for policymakers to assess them. The report then concludes with six near-term recommendations that can be addressed in advance of (or in lieu of) broader organizational changes.

Nearly two decades after the attacks of September 11, 2001, the threats to the homeland have evolved, but the need for an effective system of homeland security intelligence persists. The unfulfilled expectations for I&A over the past 18 years demand that senior leaders at DHS and members of Congress take a renewed look at its role and priorities and make tough decisions to ensure that I&A has authorities and resources that align with their expectations for it.

The Evolution of Homeland Security Intelligence, 2001–2021

A review of the concept of homeland security intelligence and I&A’s development over the past two decades is necessary context for an assessment of its current challenges. The role that intelligence would play in better protecting the country from terrorism, in particular, was central to the policy debate surrounding the creation of the new department. But shortly after the stand-up of DHS, the division of responsibility for intelligence analysis was spread among different components of the intelligence community. Over time, I&A has periodically struggled to demonstrate its value among its intelligence community peers.

9/11 and the Concept of Homeland Security Intelligence

The concept of “homeland security” was a nascent idea on September 11, 2001, and was first widely articulated in the Hart-Rudman Commission’s Phase III report, released in January 2001. But in the wake of the attack, this new homeland security concept quickly became the focal point of policy actions. On October 9, 2001, President George W. Bush appointed Pennsylvania Governor Tom Ridge to lead a new Office of Homeland Security in the White House and two days later, bipartisan legislation was introduced to create a Department of Homeland Security.

Over the course of the next year, as the White House and Congress weighed options for creating a Department of Homeland Security, the role of intelligence was central to this debate. The National Strategy for Homeland Security, released in July 2002, noted that “intelligence and information analysis is not a separate, stand-alone activity but rather an integral component of our Nation’s overall effort to protect against and reduce our vulnerability to terrorism” and it defined a high-level vision for homeland security intelligence that placed a future DHS at the core of this process, as illustrated in the following chart.

Source: Office of Homeland Security, National Strategy for Homeland Security (July 2002), https://www.dhs.gov/sites/default/files/publications/nat-strat-hls-2002.pdf, 16.

Congressional leaders supported this vision for DHS intelligence during the fall of 2002. In remarks on the Senate floor, lead sponsor Senator Joseph Lieberman noted that the legislation “would create a new intelligence division focused on the threats to our homeland, equipped to truly connect the intelligence and law enforcement dots from Federal, State, and local agencies, from human and signal intelligence, from closed and open sources, from law enforcement and foreign sources, including particularly the Counterterrorism Center at the CIA.” The House and Senate bills both included provisions to create a new Office of Intelligence Analysis and Infrastructure Protection (IAIP), bringing together the intelligence function with infrastructure protection and vulnerability assessment. While the infrastructure protection side of the office was an awkward merger of five existing offices, the intelligence side of IAIP was a new creation, led by an assistant secretary for intelligence analysis.

Developing an Intelligence Function at DHS

IAIP came into existence in March 2003 with the formal creation of the Department of Homeland Security and was initially led by CIA veteran Paul Redmond. Redmond stayed in the role for less than three months, resigning for health reasons shortly after a tumultuous House oversight hearing. This hearing highlighted the founding flaw of DHS intelligence: the decisions in late 2002, after the passage of the Homeland Security Act but shortly before DHS was created, to locate key homeland security intelligence responsibilities within a new CIA-led Terrorist Threat Integration Center. As a Washington Post story recounted in late 2005:

On Jan. 24, 2003, Ridge was sworn in as the first secretary of homeland security; Bush hailed him as a “superb leader who has my confidence.” Four days later, Ridge learned from the president's State of the Union address that a new intelligence center for tracking terrorists—which he had expected to be the hub of DHS's dot-connecting efforts—would not be controlled by DHS.

Ridge and his aides thought the center was one of the key reasons the department had been created, to prevent the coordination failures that helped produce Sept. 11. Not only had the White House undercut Ridge, it also let him find out about his defeat on television.

The Terrorist Threat Integration Center (to become the National Counterterrorism Center in 2004) was given the primary threat-focused responsibilities from the National Strategy, leaving DHS IAIP with responsibilities related to vulnerability assessment, protective action, and warning. IAIP’s role was further diminished in September 2003 with the establishment of the FBI-led (but interagency) Terrorist Screening Center, responsible for coordinating operational activities related to the terrorist watch list.

With these diminished responsibilities and no distinct collection authority, and early challenges with office space and staffing, DHS struggled in 2003 and 2004 to develop its intelligence and analysis function. Lieutenant General Patrick Hughes became the new assistant secretary in November 2003, serving in the role until March 2005. When Michael Chertoff took over from Tom Ridge as DHS secretary in 2005, he carried out a “Second-Stage Review” of the organization of DHS, one outcome of which was the separation of the intelligence analysis and infrastructure protection functions, and the establishment of the Office of Intelligence & Analysis to be led by an under secretary who also would serve as the chief intelligence officer (CINT) of the department. Longtime CIA official Charlie Allen was appointed to serve in this role shortly after the completion of the review.

Allen was tireless in trying to build up DHS I&A, developing the first strategic plan for the DHS intelligence enterprise, working to improve I&A’s analytic tradecraft, and strengthening its ties with non-federal law enforcement agencies by embedding analysts at the new “fusion centers” that states and major cities were establishing. In August 2007, Congress passed the Implementing Recommendations of the 9/11 Commission Act, Title V of which updated I&A’s authorities to reflect the changes that had been made in the Second-Stage Review, clarify I&A’s authorities with respect to the operational components of the DHS, and elevate the leader of I&A to a Senate-confirmed under secretary position.

Maturing I&A: Ongoing Challenges and Notable Incidents

I&A’s statutory authorities today remain largely unchanged since this 2007 law. (For additional context on I&A’s authorities and organizational structure, see Appendix A). Since that time, through the Obama and Trump administrations, DHS I&A has made progress to mature its capabilities and institutionalize its policies and processes in a number of respects. It has demonstrated its value through its activities to develop and support state and local fusion centers, and through various activities carried out in coordination with DHS component agencies (including Customs and Border Protection, Immigration and Customs Enforcement, and U.S. Citizenship and Immigration Services) to leverage their information holdings in support of broader national security activities to counter terrorism, human smuggling, and organized crime.

However, DHS I&A has faced an ongoing set of challenges and setbacks throughout this time period. It has had low workforce morale, consistently ranking near the bottom of the annual federal workforce surveys over the past decade. It has continued to struggle to define its analytic value proposition with respect to peer intelligence agencies. It has taken on new responsibilities, including for department-wide information-sharing and counterintelligence operations, that have increased the burden on I&A leadership. At times, it has faced resistance from DHS components to efforts to increase department-wide intelligence integration. At times, it has been overburdened by the responsibility to produce intelligence for the DHS secretary and senior leadership team. And it has stumbled on occasion in responding to a media spotlight on its activities.

A few notable incidents—one from more than a decade ago, and several episodes from the past year—illustrate these challenges. In April 2009, I&A produced a non-public report (intended for law enforcement partners) entitled “Rightwing Extremism: Current Economic and Political Climate Fueling Resurgence in Radicalization and Recruitment.” This report was leaked to the news media, and DHS Secretary Janet Napolitano quickly faced backlash from members of Congress (many of whom were calling for her to be fired) and veterans’ organizations, based on how the report had characterized the right-wing extremist groups’ recruitment of former service members.

Secretary Napolitano initially defended the report, noting accurately that it was a continuation of reporting on domestic terrorism threats at I&A that had increased during the final two years of the Bush administration. But in the face of increased political pressure, Secretary Napolitano apologized to veterans’ organizations about the report and put into place a process for other elements of DHS—including the Privacy Office, Office of Civil Rights and Civil Liberties, and General Counsel—to review and clear analytic products that would be disseminated to non-federal recipients. This clearance process, which was formalized in 2010, had the effect of slowing down I&A’s ability to issue reports in a timely manner and had a harmful impact on the independence of I&A’s analytic judgments. DHS I&A also stopped producing reports on domestic terrorism threats for more than two years after this report, only resuming the issuance of such reports in July 2011.

I&A received heightened attention in 2020 and early 2021, following several years in which the office was largely able to avoid the public spotlight. In July 2020, The Washington Post wrote about open-source intelligence reports that I&A had produced in relation to the ongoing civil unrest in Portland, Oregon, including reports on a New York Times article and a blog post by the editor-in-chief of Lawfare. This raised concerns about potentially impermissible activity at I&A, including criticism from Acting DHS Secretary Chad Wolf and former I&A Under Secretary General Frank Taylor.

The following month, former I&A Acting Under Secretary Brian Murphy—a career official who had been reassigned from the role in the wake of this incident—filed a whistleblower reprisal complaint that was publicly released by the House Intelligence Committee. The complaint detailed a series of incidents of political appointees at DHS and the White House attempting to improperly influence analytic assessments, including those regarding Russian influence operations and white supremacist terrorism. The fact pattern in the complaint highlights the greater vulnerability of DHS I&A to political pressure, compared with agencies such as the FBI, due to its weaker stature and institutional norms.

The attack on the U.S. Capitol on January 6, 2021, prompted a new set of concerns about I&A’s activities, as information came to light that I&A had not released any reports in advance of the attack that previewed potential threats to the Capitol on that date. In hearings and letters after the attack, Congressional leaders queried I&A leadership about this inaction. Notably, this critique was in many respects the exact opposite of the one made in response to DHS activities in Portland: In this case, I&A was being faulted for inaction instead of excessive or overzealous action.

The Future of Homeland Security Intelligence: Options for Reform

Given this history, current leaders at DHS and in Congress face a variety of questions with respect to the path forward for I&A. How should its priorities adapt given shifts to the homeland threat landscape, particularly with respect to domestic terrorism threats? Who are the highest priority customers of I&A’s analysis? How should DHS address legitimate privacy and civil liberties concerns without impeding the timely production of reports? And most importantly, what is the long-term vision for I&A’s role, and what steps need to be taken to achieve and sustain this vision?

In addressing these issues, the most important issue that DHS leadership and Congress need to consider is the current misalignment between the scope of I&A’s authorities and resources and the expectations of its stakeholders. There are two broad options to address this issue: either expand its authorities and resources to meet the general expectations of its stakeholders, or alternately, reduce these expectations by slimming it down organizationally and moving ancillary responsibilities to other offices. In shorthand, these two options are to “Go Big” or “Go Small.”

Go Big: In this model, I&A would be given new authorities for clandestine collection of information, both directly and through tasking of other agencies. These authorities would be similar in nature to the FBI’s current collection authorities but decoupled from investigative authorities; its role would be similar in certain respects to MI5 in the United Kingdom or the Canadian Security Intelligence Service. I&A would wield these collection authorities in conjunction with its activities to integrate information from state and local law enforcement agencies and from DHS’s operational components, and use this data to inform strategic intelligence analysis and identify specific threats that then can be passed over to the FBI and other federal law enforcement agencies for investigation. To reinforce these authorities, the DNI could designate I&A as the mission manager for homeland security intelligence, pursuant to Sec. 1.3(b)(12) of Executive Order 12333 as amended.

In addressing these issues, the most important issue that DHS leadership and Congress need to consider is the current misalignment between the scope of I&A’s authorities and resources and the expectations of its stakeholders.

I&A in the Go Big model would need to have much more robust legal oversight, particularly with respect to the collection, retention, and dissemination of U.S. persons information. And it may also be warranted for I&A to assume the responsibilities of other offices with adjacent roles, including the interagency (but FBI-led) Terrorist Screening Center. I&A also could take on additional IC-wide responsibilities for other priority mission areas closely related to DHS’s core missions, (e.g., transnational organized crime, economic security) and would have primary analytic responsibility to assess the linkages among different types of homeland threats, helping to understand the seams and move the intelligence community away from siloed approaches to the assessment of cyber threats, transnational organized crime, terrorism, human smuggling, nuclear proliferation, and other threat domains.

Go Small: In the opposite direction from this approach is an option to reduce the size of I&A and focus it on effectively carrying out a small number of core missions, instead of continuing to tackle an overly diffuse set of responsibilities. Templates for this model include the Bureau of Intelligence and Research (INR) at the Department of State and the Office of Intelligence and Analysis at the Department of the Treasury, both of which are significantly smaller (in terms of budget and personnel) than I&A.

In this model, I&A would focus on providing all-source strategic analysis on homeland threats to departmental leadership and to other senior leaders in the executive branch and state and local government. It would emphasize mission areas and cross-mission threats that are not duplicative to other agencies’ primary areas of focus, and also proactively assess emerging threats to the homeland. I&A also would maintain its current relationship with state and local fusion centers and would still have a coordinating role with respect to intelligence offices within DHS components, but would be less involved in their operational activities.

I&A would devolve a variety of programs and authorities to other parts of DHS, including some of the “additional, non-statutory authorities” noted in Appendix A. It would transfer lead responsibility for counterintelligence back to the Office of Security and transfer information-sharing responsibilities (including relevant IT projects) to the DHS chief information officer. It would disengage from cybersecurity-related analysis, letting the Cybersecurity and Infrastructure Security Agency take the lead (as detailed in the next section) and narrow the scope of its terrorism-related analysis to reduce unnecessary duplication with FBI and NCTC reporting. It would scale back many of the other support activities within its Intelligence Enterprise Readiness branch and focus relentlessly on improving the agility and professionalism of its core analytic team.

These two competing visions for I&A could not be more different, and both have their benefits and drawbacks. The Go Big option increases the inherent risks to civil liberties, and to date there has not been a public appetite for a strong domestic intelligence agency within DHS. But this is a model that would make DHS I&A more effective at anticipating and identifying homeland threats and would synchronize reality with the current public perception of DHS’s authorities.

By contrast, the Go Small option creates risks of disunity and dysfunction, encouraging DHS components to operate within stovepipes and abandoning other programs to uncertain futures. A smaller I&A also may be less capable to respond to new and emerging threats to the homeland. But this option gives I&A an opportunity to become a more focused and effective agency, addressing core priorities, avoiding distractions, and improving the quality and relevance of strategic analysis.

This report does not decide between these two alternatives, other than to suggest that both are preferable to the status quo, which is a path of sustained mediocrity and questionable overall value, even with strong leadership in place and diligence and commitment by the I&A workforce. Senior officials in the executive branch and in Congress need to recognize that dramatic reform is necessary, look carefully at the current and future threat landscape, and make the tough decisions about what sort of intelligence capability DHS needs, not just for the next few years, but in the decades to come.

Near-Term Recommendations

Apart from these broad considerations about DHS I&A’s authorities and organizational structure, there are a number of other reforms and policy changes that DHS leadership and Congress should consider, which would improve I&A’s strategic focus, operational efficiency, and public accountability. Each of these six recommendations can be undertaken in the near term, independent of considerations about broader organizational changes.

I&A should fully integrate its cybersecurity-related analytic activities with the Cybersecurity and Infrastructure Security Agency (CISA). Many reports released by I&A’s Cyber Threat Mission Center duplicate CISA’s cybersecurity reports for non-federal stakeholders, and I&A’s clearance review process frequently delays the release of these reports, reducing their utility to I&A’s customers. To limit this duplication and enhance I&A’s strategic focus, lead responsibility within DHS for cyber threat analysis should be shifted to CISA, led by an assistant director for analysis, who reports to the CISA director but is dual-hatted as a senior I&A official. A small cadre of I&A analysts, still operating under I&A’s Title 50 intelligence authorities, should be detailed to CISA to support these activities, liaise with other cyber intelligence–focused offices within the IC, and continue to produce strategic intelligence on cyber threats. Under this plan, cybersecurity-related reports no longer would need to go through I&A’s clearance processes, given existing policies at CISA to remove personally identifiable information from its reports.

I&A should continue to enhance its analytic focus on domestic terrorism threats, in close coordination with the FBI. The attack on the U.S. Capitol on January 6, 2021, reinforced the heightened nature of the domestic violent extremist (DVE) threat to the homeland—a threat that has been growing for the past decade, particularly with respect to racially or ethnically motivated violent extremists, as FBI Director Christopher Wray discussed in testimony before Congress in March 2021. While the FBI has primary responsibilities with respect to investigating and analyzing these threats, I&A can and should play a complementary role, primarily by using its own authorities to carry out open-source analysis of DVE. The FBI’s Assistant Director for Counterterrorism Jill Sanborn noted in another March 2021 hearing that it does not monitor publicly available social media conversations in the absence of a predicated investigation. DHS I&A can potentially fill this gap, given its lack of similar investigative constraints, and assess what former CIA Director Michael Hayden has referred to as the “spaces between cases.” DHS I&A also can utilize its active relationships with the state and local fusion centers in support of efforts to counter domestic terrorism, facilitating efforts by state and local law enforcement agencies to assist with the FBI’s investigative activities. The announcement by DHS Secretary Alejandro Mayorkas in early May 2021 of a new domestic terrorism branch at I&A is consistent with this recommendation, but it is critical that this initiative be closely coordinated with the FBI and that it leverages I&A’s open-source authorities.

DHS I&A should reform its processes for the review and clearance of reports, with the goals of improving efficiency and removing risks of politicization. As described earlier, since 2009 I&A has had processes for every intelligence product to be reviewed by several other DHS offices (including the Privacy Office, Office of Civil Rights and Civil Liberties, and General Counsel) before it can be released and disseminated to non-federal partners. These processes have inhibited I&A’s ability to issue reports in a timely manner, diminishing relevance to customers of their reports. State and local agencies at times have avoided partnering with I&A on “joint seal” reports to circumvent these processes.

There is a need for privacy, civil liberties, and legal concerns to be considered in DHS I&A’s intelligence reporting, but the role for these other offices should be to shape policies and participate in broad compliance activities—not to review individual reports. The process that has been in place for the past 12 years, however well intentioned, politicizes intelligence and undermines I&A’s independence.

Instead, I&A should enhance its internal staffing for reviewing reports, consistent with established analytic policies and its intelligence oversight guidelines, and only should involve other DHS offices in the review of individual reports at its own initiative. These activities should be led by an I&A official who is a direct report to the under secretary. Involvement of the DHS secretary, deputy secretary, or other non-I&A officials in the review of intelligence reports—as was promulgated in reported revisions to these policies in 2020—also should be curtailed.

DHS leadership should commission an independent review of workforce issues at I&A. This review should examine issues such as recruitment and retention, opportunities for professional development and advancement (including with other IC agencies), worksite conditions, and other issues with respect to organizational culture, leadership, and morale. I&A also should actively use existing federal programs to hire recent graduates and leverage the new authorities provided in the Department of Homeland Security Intelligence and Cybersecurity Diversity Fellowship Program Act, signed into law in December 2020.

The president and Congress should prioritize appointing and confirming an under secretary for I&A, and separately consider options to provide this position with a fixed term. As of the date of the issuance of this report, the Biden administration has not yet nominated an individual to serve as under secretary for Intelligence and Analysis. DHS I&A has had lengthy leadership gaps over the past 16 years, with Senate-confirmed leaders not in place for more than four years cumulatively over that time period. These leadership gaps have weakened the authority of the office and left it vulnerable to crises and organizational drift. The Biden administration should prioritize the nomination for this role, and the Senate Select Committee on Intelligence and Senate Homeland Security and Governmental Affairs Committee should move swiftly to act on a nominee.

As part of a broader review of I&A, Congress also should consider whether the under secretary for Intelligence and Analysis should have a fixed-term appointment of five or more years, to allow for greater continuity in the role. While this change would create the risk that the DHS secretary might not have a strong rapport with his or her intelligence chief, a greater degree of independence would reduce the risks of politicization and would allow for greater continuity in implementing high-priority initiatives and maturing the organizational culture.

The leadership of DHS and the relevant committees in Congress should work proactively to provide greater transparency into the activities of the Office of Intelligence and Analysis. Largely because of security classification, many of the activities of I&A are shielded today from public oversight. The result of this is a decrease in public accountability—and to the extent that there is oversight in the form of coverage by the news media or independent groups, that coverage is often incomplete or misleading.

One option to increase transparency would be a review, directed by the secretary in coordination with the director of national intelligence, of the use of security classification and control markings with respect to I&A’s activities. Because I&A’s budget is embedded within the much larger National Intelligence Program budget, all of the details about the funding of I&A are classified, even for programs that otherwise are unclassified and publicly detailed, such as its engagement with state and local fusion centers. In 2012, I&A created the separate Homeland Security Intelligence Program budget with the intention of doing this, but there is no public transparency with respect to this budget as well. DHS I&A also should be more forward-leaning with proactive disclosure of its internal policies and procedures, the majority of which can be released publicly with no apparent security risks.

Congress has a critical oversight role to play here as well. In the first decade of the department’s existence, the House and Senate homeland security and intelligence committees held frequent oversight hearings with I&A leadership, compelling I&A to produce public, unclassified testimony that provided details on I&A programs and activities. These hearings gradually have decreased over time—and the majority of hearings with I&A leaders in recent years have been panels on current threats, not oversight hearings on I&A’s programs and operations. The House and Senate committees should hold public oversight hearings with I&A leadership on an annual basis and compel the production of public testimony.

Conclusion

In its 2002 report, which put forward a detailed vision for homeland security intelligence, the Markle Task Force on National Security wrote, “Information analysis is the brain of homeland security. Used well, it can guide strategic, timely moves throughout our country and around the world. Done poorly, even armies of guards and analysts will be useless.”

Nearly 20 years later, these words ring true, and it is incumbent on policymakers to assess and review the performance of the DHS Office of Intelligence & Analysis and take steps to update and rebalance its authorities and responsibilities. This reassessment and update of I&A’s role needs to be undertaken with urgency, so that the office can anticipate risks more effectively and prepare DHS and other homeland security stakeholders to address the complex and growing threats to the homeland that the United States faces today.

Appendix: DHS Intelligence & Analysis Organizational Overview

This brief organizational overview of I&A is intended to provide additional context to the narrative and recommendations in this report. It briefly describes I&A’s organizational structure, budget and personnel, authorities and responsibilities, priority mission areas, and the structure for Congressional oversight of the office.

Leadership and Organizational Structure: The DHS Office of Intelligence & Analysis is led by an under secretary for intelligence & analysis, who is a Senate-confirmed official and a direct report to the Secretary of DHS. The principal deputy under secretary is the second-in-command in the office and is a career official. At present, two deputy under secretaries report to these two leaders—one for Intelligence Enterprise Operations, under which are I&A’s mission-focused analytic activities and its field operations—and one for Intelligence Enterprise Readiness, which has responsibility for strategic planning and mission support activities, including training, finance, and information technology. A Chief of Staff office also separately supports the two senior officials at I&A.

Additional details on this structure are found in the organization chart below, released by DHS in 2019.

Source: Department of Homeland Security’s Office of Intelligence and Analysis, Office of Intelligence and Analysis Organizational Chart (July 22, 2015), https://www.dhs.gov/publication/office-intelligence-and-analysis-organizational-chart.

Budget and Personnel: The budget for the DHS Office of Intelligence and Analysis, like all intelligence community elements, is not publicly disclosed due to security classification. However, DHS annually releases budget documents for its Analysis and Operations account, which blends the budget for I&A and the Office of Operations Coordination. In fiscal year 2020, the enacted Analysis and Operations budget was $284 million, supporting 897 positions. DHS requested $312 million for FY 2021, in support of the same number of positions, and in December 2020 Congress appropriated $298.5 million for this budget account.

Authorities and Responsibilities: I&A’s statutory authorities are found primarily in Title II of the Homeland Security Act (as amended). Sec. 201 of the act establishes the under secretary for intelligence and analysis as the chief intelligence officer of the department; subsection 201(d) outlines 23 specific responsibilities related to intelligence and analysis, which are explicitly given to the secretary, not to the under secretary for I&A—but then delegated to the under secretary in DHS Delegation 08503. These 23 provisions define I&A’s broad responsibilities with respect to analysis, information integration, and dissemination, clarify its role with respect to the intelligence community, and give it responsibilities for mission support in areas such as training and information technology. Section 207 of the Homeland Security Act outlines the responsibilities of the intelligence components of DHS with respect to I&A, and Sec. 210A outlines DHS’s responsibilities with respect to support for state and local fusion centers.

Executive Order 12333 (as amended) also clarifies I&A’s authorities as a member of the intelligence community, including general responsibilities in Section 1.4 of the order, and authority in Section 1.7(i) to “collect (overtly or through publicly available sources), analyze, produce, and disseminate information, intelligence, and counterintelligence to support national and departmental missions.”

DHS I&A also has taken on additional non-statutory responsibilities at the direction of the DHS secretary over the past 15 years. For example:

  • In February 2007, Secretary Chertoff issued the DHS Policy for Internal Information Exchange and Sharing (also known as the “One DHS” memo) and designated the assistant secretary for intelligence and analysis as the principal responsible for internal information-sharing among DHS offices and components.
  • In September 2010, Secretary Napolitano designated I&A as the lead office for the DHS Counterintelligence Program, following a period when responsibility for counterintelligence activities within DHS had been bifurcated between I&A and the DHS Office of the Chief Security Officer.
  • In April 2011, Secretary Napolitano established the under secretary for I&A as the vice-chair of the Department’s new Counterterrorism Advisory Board, and subsequent leaders of I&A have served as the counterterrorism coordinator for DHS as a whole. In December 2020, the Counter Threats Advisory Board Act, passed into law as part of the Consolidated Appropriations Act, codified that the under secretary for I&A will serve as the chair of this board.

Priority Mission Areas: The FY2020–24 Strategic Plan for the Office of Intelligence & Analysis identifies five priority mission areas for I&A: counterintelligence, counterterrorism, cyber, economic security, and transnational organized crime. In each of these five areas, I&A has established Mission Centers that are tasked to “collect information to address DHS and national intelligence priorities and provide available reporting gathered by our Components and State, Local, Tribal, and Territorial (SLTT) partners to the Intelligence Community (IC) and other customers.”

Congressional Oversight: The House and Senate intelligence committees have primary authorizing jurisdiction over DHS I&A, and the Senate Select Committee on Intelligence receives the primary referral for the nomination of the under secretary. But the Senate Homeland Security and Governmental Affairs Committee (HSGAC) has the right (but not the obligation) to hold its own second hearing for the nominee as part of the confirmation process. Both HSGAC and the House Committee on Homeland Security actively engage with I&A as part of their broader oversight of the Department of Homeland Security and have jurisdiction over the provisions in the Homeland Security Act that define I&A’s substantive responsibilities. The House and Senate Appropriations Subcommittees for the Department of Homeland Security also play an active role in oversight of I&A.

Further Reading

In addition to the sources cited in the endnotes, the following reports, articles, and videos were consulted in the development of this report and provide additional relevant context on the DHS Office of Intelligence and Analysis:

“The Evolving Terrorist Threat and the Importance of Intelligence to Protect the Homeland,” policy event, Center for Strategic and International Studies, September 7, 2011, video and transcripts at https://www.csis.org/events/evolving-terrorist-threat-and-importance-intelligence-protect-homeland.

Congressional Research Service, The Department of Homeland Security Intelligence Enterprise: Operational Overview and Oversight Challenges for Congress, (March 19, 2010), https://fas.org/sgp/crs/homesec/R40602.pdf.

Government Accountability Office, DHS Intelligence Analysis: Additional Actions Needed to Address Analytic Priorities and Workforce Challenges, (June 4, 2014), https://www.gao.gov/products/gao-14-397.

“The Homeland Security Intelligence Enterprise at 15: Looking Back and Assessing Future Challenges,” GW Center for Cyber & Homeland Security, October 13, 2017, archived webcast available at https://www.youtube.com/watch?v=D7Uo4UqP-3U.

House Committee on Homeland Security Majority Staff, Reviewing the Department of Homeland Security’s Intelligence Enterprise: Fighting Terrorism by Addressing Key Gaps, (December 2016), https://www.hsdl.org/?view&did=797351.

Inspectors General of the Intelligence Community, Department of Homeland Security, and Department of Justice, Review of Domestic Sharing of Counterterrorism Information, (March 30, 2017), https://www.oig.dhs.gov/reports/2017/review-domestic-sharing-counterterrorism-information/oig-17-49-mar17.

“Protecting the Homeland: Intelligence Integration 15 Years after 9/11,” (Intelligence and National Security Alliance (INSA), November 2016), https://www.insaonline.org/wp-content/uploads/2017/04/INSA_WP_ProtectHomeland.pdf.

Brian Michael Jenkins, Andrew Liepman, and Henry H. Willis, “Identifying Enemies Among Us: Evolving Terrorist Threats and the Continuing Challenges of Domestic Intelligence Collection and Information Sharing,” (RAND Corporation, 2014), https://www.rand.org/content/dam/rand/pubs/conf_proceedings/CF300/CF317/RAND_CF317.pdf.

About the Author

Christian Beckner is an Adjunct Senior Fellow at the Center for New American Security (CNAS), supporting its work on homeland security and counterterrorism issues. His prior homeland security–related experience includes six years on the professional staff of the Senate Homeland Security and Governmental Affairs Committee, from 2007 to 2013, where he had lead responsibility for oversight of the DHS Office of Intelligence and Analysis (I&A) and other homeland security intelligence programs, among other responsibilities. From 2013 to 2017, he was Deputy Director at the Center for Cyber and Homeland Security at the George Washington University, and since 2018 he has led member-focused cybersecurity and technology programs at the National Retail Federation. Prior to working at the U.S. Senate, he held homeland security–related positions at the Center for Strategic and International Studies, IBM, and the O’Gara Company. Beckner has an MSc in foreign service and an MBA from Georgetown University and a BA from Stanford University.

Acknowledgments

The author thanks the current and former DHS officials who have spoken candidly over the past 15 years about I&A and its progress and challenges, including individuals who agreed to anonymously review the draft report and provide their feedback on it. Thank you to Carrie Cordero and Katie Galgano for their leadership at CNAS on homeland security issues, and to the editing and design team that supported the publication of this report. The views expressed in this report are the author’s own and do not reflect the views of CNAS or any other organization with which the author is affiliated. This project and briefing paper are made possible by the generous support of the Democracy Fund.

  1. Office of Homeland Security, National Strategy for Homeland Security, (July 2002), https://www.dhs.gov/sites/default/files/publications/nat-strat-hls-2002.pdf. The other start-up agency within DHS at its inception was the new Science and Technology Directorate.
  2. See “Road Map for National Security: Imperative for Change,” (The United States Commission on National Security/21st Century, January 31, 2001), https://fas.org/irp/threat/nssg.pdf.
  3. See U.S. Senate, Department of National Homeland Security Act of 2001, S. 1534, 107th Cong., 1st sess., https://www.congress.gov/bill/107th-congress/senate-bill/1534. This legislation was modeled on a House bill, H.R. 1158, originally introduced in March 2001, after the issuance of the Hart-Rudman report; U.S. House of Representatives, National Homeland Security Agency Act, S.1158, 107th Cong., 1st sess., https://www.congress.gov/bill/107th-congress/house-bill/1158.
  4. Office of Homeland Security, National Strategy for Homeland Security, 28.
  5. Congressional Record Senate Articles, Homeland Security Act of 2002, S8156, (September 4, 2002), https://www.congress.gov/congressional-record/2002/09/04/senate-section/article/S8155-2.
  6. Infrastructure and cybersecurity-focused offices integrated into IAIP from Commerce, Defense, Energy, FBI, and GSA are listed in Sec. 201(g) of the Homeland Security Act; U.S House of Representatives, Homeland Security Act of 2002, H.R.5005, 107th Cong., https://www.congress.gov/bill/107th-congress/house-bill/5005/text.
  7. “Personnel Announcement,” The White House, press release, March 13, 2003, https://georgewbush-whitehouse.archives.gov/news/releases/2003/03/20030313-16.html.
  8. House of Representatives Select Committee on Homeland Security, Does the Homeland Security Act of 2002 Give the Department the Tools It Needs to Determine Which Bio-Warfare Threats Are Most Serious?, (June 5, 2003), https://www.govinfo.gov/content/pkg/CHRG-108hhrg97365/pdf/CHRG-108hhrg97365.pdf; Siobhan Gorman, “Lawmaker decries disconnect between intelligence, security,” GovExec, June 9, 2003, https://www.govexec.com/technology/2003/06/lawmaker-decries-disconnect-between-intelligence-security/14270/.
  9. Susan B. Glasser and Michael Grunwald, “Department’s Mission Was Undermined from Start,” The Washington Post, December 22, 2005, https://www.washingtonpost.com/archive/politics/2005/12/22/departments-mission-was-undermined-from-start/df1251f0-c7f7-442c-b71a-92a57a2351f0/.
  10. Details on the Second-Stage Review are available in Congressional Research Service, Department of Homeland Security Reorganization: The 2SR Initiative, (August 19, 2005), https://fas.org/sgp/crs/homesec/RL33042.pdf.
  11. Greta Wodele, “DHS Intelligence Chief Seeks Improved Information Sharing,” GovExec, October 20, 2005, https://www.govexec.com/federal-news/2005/10/dhs-intelligence-chief-seeks-improved-information-sharing/20453/; Eric Lipton, “CIA Veteran Races Time to Rescue Fledgling Agency,” The New York Times, February 16, 2007, https://www.nytimes.com/2007/02/16/washington/16allen.html; and Department of Homeland Security, DHS Intelligence Enterprise Strategic Plan, (January 2006), https://fas.org/irp/agency/dhs/stratplan.pdf.
  12. See Implementing Recommendations of the 9/11 Commission Act of 2007, Pub. L. No. 110-53, 121 Stat. 266 (2007), https://www.congress.gov/110/plaws/publ53/PLAW-110publ53.pdf.
  13. See “Fusion Centers,” Department of Homeland Security, September 19, 2019, https://www.dhs.gov/fusion-centers; Andrew Coffey, “Evaluating Intelligence and Information Sharing Networks: Examples from a Study of the National Network of Fusion Centers,” (The George Washington Center for Cyber and Homeland Security, October 2015), http://cchs.auburn.edu/_files/evaluating-intelligence-and-information-sharing-networks.pdf.
  14. “Agency Report: Office of Intelligence and Analysis,” Partnership for Public Service’s Best Places to Work in the Federal Government, https://bestplacestowork.org/rankings/detail/HS07. The author also reviewed Federal Employee Viewpoint Survey reports for I&A from 2009 to 2012 that were previously available on the DHS website but have been removed.
  15. Office of Intelligence and Analysis, Rightwing Extremism: Current Economic and Political Climate Fueling Resurgence in Radicalization and Recruitment, IA-0257-09 (April 7, 2009), https://fas.org/irp/eprint/rightwing.pdf.
  16. “Statement by U.S. Department of Homeland Security Secretary Janet Napolitano on the Threat of Right-Wing Extremism,” Department of Homeland Security, press release, April 15, 2009, https://www.dhs.gov/news/2009/04/15/secretary-napolitanos-statement-right-wing-extremism-threat.
  17. Eric Marrapodi, “Napolitano Apologizes to Veterans Over ‘Extremist’ Flap,” CNN, April 24, 2009, https://www.cnn.com/2009/POLITICS/04/24/napolitano.am.legion/.
  18. Department of Homeland Security, DHS Office of Intelligence and Analysis Policy Directive 900.1, “Review and Clearance of Analytic Products Disseminated Outside the Federal Government,” October 2010.
  19. Spencer Ackerman, “DHS Crushed This Analyst for Warning about Far-Right Terror,” Wired, August 7, 2012, https://www.wired.com/2012/08/dhs/.
  20. Shane Harris, “DHS Compiled Intelligence Reports on Journalists Who Published Leaked Documents,” The Washington Post, July 30, 2020, https://www.washingtonpost.com/national-security/dhs-compiled-intelligence-reports-on-journalists-who-published-leaked-documents/2020/07/30/5be5ec9e-d25b-11ea-9038-af089b63ac21_story.html.
  21. Francis X. Taylor, “I Ran the DHS Intelligence Unit. Its Reports on Journalists are Concerning,” Lawfare, August 7, 2020, https://www.lawfareblog.com/i-ran-dhs-intelligence-unit-its-reports-journalists-are-concerning.
  22. “House Intelligence Committee Releases Whistleblower Reprisal Complaint Alleging Serious Misconduct by Senior Trump Administration Officials to Politicize, Manipulate and Censor Intelligence to Benefit Trump,” U.S. House of Representatives Permanent Select Committee on Intelligence, press release, September 9, 2020, https://intelligence.house.gov/news/documentsingle.aspx?DocumentID=1054.
  23. Dina Temple-Raston, “Why Didn't the FBI and DHS Produce a Threat Report Ahead of the Capitol Insurrection?” NPR, January 13, 2021, https://www.npr.org/2021/01/13/956359496/why-didnt-the-fbi-and-dhs-produce-a-threat-report-ahead-of-the-capitol-insurrect.
  24. See House Committee on Homeland Security, Letter to Acting DHS Under Secretary Melissa Smislova, (February 18, 2021), https://homeland.house.gov/imo/media/doc/2021-02-18%20T%20DHS%20I&A%20-%20WSJ%20inquiry%20[3].pdf.
  25. The budget for State/INR was $24 million in FY 2020; Department of State, Congressional Budget Justification Department of State, Foreign Operations, and Related Programs, (February 10, 2020), https://www.state.gov/wp-content/uploads/2020/02/FY-2021-CBJ-Final-508compliant.pdf.
  26. Christopher Wray, Director of the FBI, “Oversight of the Federal Bureau of Investigation: The January 6 Insurrection, Domestic Terrorism, and Other Threats,” Statement to the Senate Judiciary Committee, U.S. Senate, March 2, 2021, https://www.fbi.gov/news/testimony/oversight-of-the-federal-bureau-of-investigation-the-january-6-insurrection-domestic-terrorism-and-other-threats.
  27. “FBI and DHS Aren’t Using the Free Expertise on Right-Wing Terrorism While Looking to Pay for It,” Emptywheel, March 6, 2021, https://www.emptywheel.net/2021/03/06/fbi-and-dhs-arent-using-the-free-expertise-on-right-wing-terrorism-while-looking-to-pay-for-it/.
  28. Hon. Michael V. Hayden, Principal for the Chertoff Group, testimony to the Committee on Homeland Security and Governmental Affairs, U.S. Senate, July 11, 2012, https://www.govinfo.gov/content/pkg/CHRG-112shrg76059/html/CHRG-112shrg76059.htm.
  29. “DHS Creates New Center for Prevention Programs and Partnerships and Additional Efforts to Comprehensively Combat Domestic Violent Extremism,” Department of Homeland Security, press release, May 11, 2021, https://www.dhs.gov/news/2021/05/11/dhs-creates-new-center-prevention-programs-and-partnerships-and-additional-efforts.
  30. Betsy Woodruff Swan, “Cuccinelli Relaxed Oversight of DHS Intel Office,” Politico, August 2, 2020, https://www.politico.com/news/2020/08/02/cuccinelli-oversight-homeland-security-intel-390185; Benjamin Wittes, “How the DHS Intelligence Unit Sidelined the Watchdogs,” Lawfare, August 6, 2020, https://www.lawfareblog.com/how-dhs-intelligence-unit-sidelined-watchdogs.
  31. Legislation included in the Consolidated Appropriations Act of 2021, “Congress Passes Thompson Legislation to Establish a DHS Intelligence and Cybersecurity Diversity Fellowship Program,” House Committee on Homeland Security, press release, December 22, 2020, https://homeland.house.gov/news/legislation/congress-passes-thompson-legislation-to-establish-a-dhs-intelligence-and-cybersecurity-diversity-fellowship-program.
  32. Notably, many of the incidents mentioned in this report (including the issuance of the right-wing extremism report in 2009 and the Portland-related reports in 2020) took place when I&A was led by acting officials.
  33. Because I&A’s budget is bundled with the DHS Office of Operations Coordination into an “Analysis and Operations” account in the department’s annual budget request, this also constrains public oversight of that office.
  34. For more information on the Homeland Security Intelligence Program budget, see Appendix D of Congressional Research Service, Intelligence Community Programs, Management and Ensuring Issues, (November 8, 2016), https://fas.org/sgp/crs/intel/R44681.pdf. This budget is also cited in the House report for the Intelligence Authorization Act of 2021, House of Representatives, Intelligence Authorization Act for Fiscal Year 2021, (October 30, 2020), https://www.congress.gov/116/crpt/hrpt565/CRPT-116hrpt565.pdf.
  35. See House hearing with I&A Under Secretary Caryn Wagner and Principal Deputy Under Secretary Bart Johnson; House of Representatives, DHS Intelligence Enterprise: Still Just a Vision or Reality? Hearing before the Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment of the Committee on Homeland Security, (May 12, 2010), https://www.govinfo.gov/content/pkg/CHRG-111hhrg63090/html/CHRG-111hhrg63090.htm.
  36. “Protecting America’s Freedom in the Information Age,” (The Markle Foundation Task Force on National Security, October 2002), https://www.markle.org/sites/default/files/nstf_full.pdf.
  37. See Department of Homeland Security, I&A Organizational Alignment, https://www.dhs.gov/sites/default/files/publications/18_0817_ia_organizational-chart.pdf.
  38. Department of Homeland Security, Analysis and Operations Budget Justification, Fiscal Year 2021, https://www.dhs.gov/sites/default/files/publications/analysis_and_operations.pdf; Appropriated FY 2021 funding level, see U.S. House of Representatives, Consolidated Appropriations Act, 2021, H.R. 133, 116th Cong., 2nd sess., https://www.congress.gov/116/bills/hr133/BILLS-116hr133enr.pdf, 269.
  39. For the most recent compilation of the Homeland Security Act (through December 31, 2020), see Homeland Security Act of 2002, Pub. L. No. 116-283, (2021), https://www.govinfo.gov/content/pkg/COMPS-1143/pdf/COMPS-1143.pdf.
  40. Department of Homeland Security, DHS Delegations Report, (September 12, 2017), https://www.dhs.gov/sites/default/files/publications/2017-HQFO-01350%20records.pdf.
  41. U.S. Senate Select Committee on Intelligence, Executive Order 12333 (as amended), (2008), https://www.intelligence.senate.gov/laws/executive-order-12333-1981-amended-executive-orders-13284-2003-13355-2004-and-13470-2008.
  42. Department of Homeland Security, DHS Information Sharing and Safeguarding Strategy, (January 2013), https://www.dhs.gov/sites/default/files/publications/12-4466-dhs-information-sharing-and-safeguarding-strategy-01-30-13--fina%20%20%20_0.pdf.
  43. See Department of Homeland Security, Privacy Impact Assessment for the DHS Counterintelligence Program, (August 31, 2020), https://www.dhs.gov/sites/default/files/publications/privacy-pia-dhsall086-ciprograms-august2020.pdf.
  44. See Division U, Title V of U.S. House of Representatives, Consolidated Appropriations Act 2021.
  45. Department of Homeland Security, The Office of Intelligence and Analysis FY 2020–2024 Strategic Plan, (February 6, 2020), https://www.dhs.gov/publication/office-intelligence-and-analysis-fy-2020-2024-strategic-plan.
  46. “Mission Centers,” Department of Homeland Security, July 10, 2020, https://www.dhs.gov/mission-centers.

Authors

  • Christian Beckner

    Adjunct Senior Fellow

    Christian Beckner is currently the senior director of retail technology and cybersecurity at the National Retail Federation. In this capacity, Beckner leads NRF’s CIO Council,...

View All Reports View All Articles & Multimedia