As a Biden administration “reimagines national security,” it will need to address not only conceptual challenges but also a set of practical problems, namely, that today’s security issues require developing and implementing whole-of-government approaches. We don’t do that very well. Even though the United States is the richest, most powerful country in history, with the best technology and some of the biggest brains, our government has difficulty getting out in front of problems and bringing to bear all elements of state power to confront national security challenges. Why? What is it about existing structures and policies that leaves us reactive rather than proactive, siloed rather than unified?
The 9/11 Commission famously noted that the government lacked sufficient imagination to prevent the 9/11 attacks. Perhaps. But most senior national security officials are busy, not stupid. Confronted with 12-hour days necessary to run large organizations, they are time-pressed and bandwidth-constrained. And as security challenges increasingly cross particular department and agency lines, the government lacks the integrative mechanisms to identify, tease out, and raise issues to an informed decision-making level.
The problem does not arise with obvious high-priority issues. The National Security Council, for instance, will continue to bring together the full range of national security departments and agencies to work on Iran policy, or North Korean nuclear weapons, or Russian election interference. Anything on the front page of the New York Times will get whole-of-government consideration. We might still get the policy wrong, but the issues are considered broadly and in an integrated manner.
Unfortunately, there is an entire class of second-tier issues that don’t receive proper attention — until they manifest themselves as significant failures. How do our leaders in government give themselves a fighting chance at identifying and addressing non-obvious issues that implicate multiple department and agency equities before they become screw-ups? This is not simply an academic question, but rather has been symptomatic of the most significant government-wide failures of the past two decades.
This article provides three illustrative vignettes. It then offers fixes that wouldn’t involve the heavy lift associated with fundamentally remaking the executive branch but would advance “good government” in more modest ways: by enabling proactive, whole-of-government efforts to address significant, if not (yet) headline-grabbing, national security threats.
● September 11. As the 9/11 Commission noted, al-Qaeda’s attacks were a shock but not a surprise. The U.S. Intelligence Community had provided senior government officials with warnings that this type of attack could be coming, but two of the hijackers, previously identified as known or suspected terrorists, were able to acquire multiple entry visas, enter the United States, remain undetected during traffic stops, and eventually get on airplanes—all under their real names. Despite multiple screening opportunities, they were never discovered. It was only after the fact that we realized that we had a business process or “plumbing” problem when it came to watchlisting, screening, and border security: too many non-interoperable databases. An individual could be screened against any single agency’s database, but there was no integrated border security system that would make use of all data readily available to different parts of the government. The results were catastrophic. Why was no person or organization responsible, before the fact, for identifying these shortcomings, much less advancing solutions? Spoiler alert: this problem is reemerging, and we are not ready.
● Wikileaks and Snowden. In 2010, Wikileaks burst on the scene. For twenty years the government had been building technical architectures and pushing electrons as the way to convey information. “Need to share” had become the mantra after 9/11. But when Julian Assange obtained an entire State Department database from a Defense Department network and then leaked it, we who worked on sensitive information management scratched our collective heads, only belatedly realizing that we didn’t understand fully where data was going or who had access to it. And when we fashioned an executive order to remedy the situation, the governance regime consisted of an interagency committee because no one office had cognizance over all relevant networks. Predictably, with no one accountable, attention waned. Follow-through was inadequate. Other pressing issues came to the fore; and four years later Snowden executed a far more serious breach. Why was no person or organization responsible before the fact for evaluating the competing legal, policy, privacy, and operational equities of sharing and protecting information? Here, too, the problem is now reemerging as we struggle with finding the right balance between protecting and sharing the most sensitive information.
● COVID. As with 9/11, COVID was a shock but not a surprise. The Intelligence Community had warned of potential pandemics. The U.S. Government had developed plans and conducted interagency exercises. The Obama administration created an office in the National Security Council dedicated to addressing the pandemic threat. The Trump Administration retained part of the function, but it was subordinated to a counter-proliferation office. Executive branch leadership shortfalls made COVID far worse than it needed to be; but, irrespective of management failures, we simply weren’t prepared. Why? Despite years of planning, why, as one example, were we understocked in personal protective equipment? More importantly, from the earliest days of the crisis, professionals inside and outside the government recognized that our testing regime, our surveillance, and our tracing were all inadequate. Other countries had thought the issue through, but not the United States. Why hadn’t the basic approach and requirements for pandemic testing, tracking, and tracing been on the agenda? And who should have been identifying and advancing the issue?
The Government “Whole”: Less than the Sum of its Parts
These three vignettes, these three failures, all stemmed from underlying issues that crossed department and agency boundaries and simply didn’t get highlighted or addressed in a timely manner. That we have a problem is not revelatory. Concerns about interagency performance have been around for decades. In the 1990s, presidential directives sought to improve government performance in complex contingencies and interagency operations. They were followed by calls for a statutory restructuring for the interagency comparable to the Goldwater-Nichols Defense Department Reorganization Act, the recommendations of the 9/11 Commission, and ultimately the stillborn Project on National Security Reform (PNSR). The critiques have, over time, been remarkably similar:
● The 9/11 Commission finding: “It is hard to ‘break down stovepipes’ where there are so many stoves that are legally and politically entitled to have cast-iron pipes of their own.”
● PNSR’s finding: “[T]he basic deficiency of the current national security system is that parochial departmental and agency interests, reinforced by Congress, paralyze interagency cooperation even as the variety, speed and complexity of emerging security issues prevent the White House from effectively controlling the system ….”
There is an entire class of second-tier issues that don’t receive proper attention — until they manifest themselves as significant failures
More recently, former Defense Secretary Robert Gates characterized U.S. whole-of-government efforts as “smoke and mirrors.” His critique goes so far as to conclude that the National Security Act of 1947 has outlived its usefulness. Many with senior interagency experience would probably agree. However, his proposal to resolve the lack of coordination by empowering the State Department to serve as the “hub” for managing nonmilitary resources to address national security problems could have massive implications. How far would that approach extend? Imagine the changes required if the State Department was to be empowered to tell other departments and agencies how to spend their appropriated funds.
Pursuing fundamental change in departmental authorities may well be the correct long-term answer. But a legislative overhaul of government operations would be daunting, involving a bureaucratic bloodbath. And like any major transition, it would be very tricky to implement. The evolution of the Defense Department, eventually culminating in the Goldwater-Nichols legislation in 1987, took four decades – and then another 15 years for the dust to settle. And that was just to achieve “whole-of-Department” unity for the Defense Department itself.
We don’t have the luxury of waiting decades for change. We are 20 years into the twenty-first century and we keep proving that this complicated government can’t successfully navigate this complicated world. We need near-term change and, consequently, will need to play some variant of the hand we’ve got. Fortunately, better use of existing mechanisms could partially mitigate our bureaucratic pathologies.
Achieving Whole of Government: The Art of the Doable
Simply stated, we lack effective cross-governmental integrative mechanisms. The Trump administration’s answer was to move most issues out of the White House and back to departments and agencies for them to handle on their own, or coordinate with one another as they saw fit. Superficially attractive, perhaps — for issues that don’t implicate multiple department or agency equities. But there simply aren’t many such security issues of any consequence. The better answer would be to improve on existing integrative mechanisms to anticipate and address complex security problems.
The Role and Size of the National Security Council
The NSC seems to be everyone’s bogeyman. The general critique of the NSC in recent years has been that it needs to shrink because it micromanages the operations of departments and agencies. Invariably, the point of reference is the size of the NSC 20 to 30 years ago. And there is no question that its size has expanded substantially; that’s due, in part, to increases in the size of the White House Situation Room, the growth in mission support activities (such as legal, administration, information technology, and records management), and the amalgamation of the Homeland Security Council.
More importantly, though, expansion was driven by a vastly more complicated security environment. Instructively, the same was true of the Joint Staff at the Pentagon; it grew (substantially) because achieving jointness among the military services across the entire spectrum of military operations grew increasingly complicated. NSC substantive portfolios similarly needed to grow in hopes of improving government-wide coordination in a globalized world. Perhaps there have been legitimate micromanagement concerns. And, if so, the National Security Advisor needs to rein in such micromanagement. But my own experience–serving two Senior Director-level tours during the Obama Administration—was different. Departments and agencies came to me to help referee issues that had important, but competing, equities. If the NSC doesn’t help to resolve such problems, how exactly do they get resolved? And note the role of the NSC even when it gets involved: it does not “manage” operations but rather identifies and tees up issues for consideration by the Deputies and Principles of the departments and agencies themselves.
As a rule of thumb, there should be at least one Senior Director–someone authorized to assemble the interagency at the Assistant Secretary-level—for every major national security issue not falling overwhelmingly within the purview of a particular department or agency. These Senior Directors must be recognized experts in their respective fields and well versed in the operations of the government, able to reach out to appropriate individuals and offices across the interagency. In my experience, this is the level at which innovative thinking occurs on the NSC, as regional and functional expertise can be brought to bear to identify otherwise non-obvious issues. Any higher, and the portfolio is so broad and the demands so great that there is little time to identify new issues. Any lower, and there is insufficient bureaucratic weight to get the government’s attention and to bring it together at the necessary level of seniority.
This, for instance, is why it mattered that the NSC pandemic office stood up during the Obama Administration was, during the Trump Administration, whittled down in scope and subordinated to a counterproliferation office. If the NSC office responsible for an issue doesn’t have a deeply substantive Senior Director, supported by a critical mass of Directors (and, depending on the complexity of the portfolio, this may be the level at which an argument could be made for selective cuts), there is virtually no chance of being out in front of a problem. It’s a matter of bandwidth, expertise, and bureaucratic heft. That is a simple reality of Washington.
Lessons Learned from Counterterrorism and the Creation of the National Counterterrorism Center
But even assuming the NSC returns to its roots—not a parallel planning shop, not a political extension of the White House, but rather a robust staff that works with the interagency to bring issues to the attention of seniors—a robust NSC alone won’t be sufficient to tackle some security challenges. Some functional problems are so broad and so complicated that they require an interagency effort below the level of the White House to handle a problem that demands attention 24 hours a day, seven days a week. Counterterrorism provides a template for how to proceed for these kinds of issues.
The National Counterterrorism Center (NCTC), created after 9/11, was a first tentative step toward a Goldwater-Nichols reform for the interagency – at least as applied to counterterrorism. This “interagency joint venture,” staffed primarily by individuals detailed (or “loaned”) from departments and agencies, had both intelligence and operational planning responsibilities. The intelligence side was intended to address a raft of problems highlighted by 9/11: inadequate information sharing and access, the government’s difficulty in addressing the blurring of foreign and domestic matters, the existence of non-interoperable databases, and the inefficient utilization/redundancy of analytic resources. Mind-numbing issues, perhaps; but addressing them remains a prerequisite to achieving an effective counterterrorism strategy.
In addition, the 9/11 Commission and the Congress recognized that a true whole-of-government effort against terrorism required far more than a small counterterrorism staff at the NSC. NCTC’s Directorate for Strategic and Operational Planning (DSOP) was intended to supplement the work of the NSC and, moreover, to provide critical mass to evaluate progress against terrorism, identifying gaps, assessing risk, and working with the interagency to tee up issues for NSC-led consideration. Importantly, though, it would not interfere with department and agency operations. Some administrations have made better use of DSOP than others; and, given a lack of organic and broader statutory authority, the Directorate will succeed only if the White House makes clear that it values the integrative function. Unfortunately the Trump administration substantially undervalued and diminished NCTC’s role in part by severely under-utilizing DSOP.
The DSOP model could provide a mechanism for the government to get beyond departmental stovepipes; but that would require a willingness to invest in the greater good – consciously thinking beyond narrow departmental and agency equities. Such an approach could be applicable far beyond counterterrorism. For instance, the U.S. government’s efforts against transnational organized crime (TOC) would be a perfect candidate for a TOC Center, which could improve on a currently balkanized approach by bringing together analysts and data on the intelligence side and also creating a Strategic Operational Planning effort to support and help coordinate (but not interfere with) the various operational efforts within FBI, DEA, and DHS elements.
In the case of other transnational threats–cyber, counterintelligence, proliferation, and more–there is a semblance of interagency fusion, but it is simply inadequate. No cookie-cutter Center approach will work for all of these diverse threats. Individual roles, missions, and overall effectiveness need to be examined for each threat – as was the case with the recent Cyberspace Solarium Commission as it grappled with how to unify U.S. government efforts against varied cyber-enabled threats. We need to think broadly and grapple systematically with how the government should relate to the private sector in the face of cyber-enabled and counterterrorism threats, for example. Indeed, even more limited efforts by NCTC leadership to bring private sector representatives into the Center faltered on legal constraints. Increasingly, “whole-of-government” is proving to be insufficient, and we need to bring “whole-of-society” to bear.
For those who remain unconvinced and still theoretically support shrinking the NSC and deemphasizing NCTC, test your hypothesis. Where exactly in today’s complicated government, at a moment when all issues of any importance cross departmental boundaries, are critical second-tier interagency problems going to be systematically identified, examined, and ultimately teed up to senior leaders before they manifest themselves as government-wide failures? History teaches us that the answer is: “nowhere.” That’s nowhere, unless interagency entities like the NSC and NCTC provide sites for that work to get done.
No organizational construct will ever compensate for inadequate political leadership. But even the most competent political leadership won’t be able to cope with the nature of today’s globally integrated problems without a better integrated government. As described above, there are “art of the doable” fixes for the short term. But make no mistake: if they aren’t implemented, it will be déjà vu all over again as we are forced to respond to more failures like 9/11, Wikileaks and Snowden, and COVID.
– – – – – –
 While NCTC played an integral part in addressing many of these issues, the last 20 years have highlighted yet another “integration” problem –the Intelligence Community itself remains largely a confederation of independent actors. Post-9/11 legislation and the creation of the DNI did little to fix this problem. The “reimagining of national security” will require the government to “reimagine” the Intelligence Community. That work is both essential and exceedingly difficult.
 When I was Acting Director of NCTC, the leadership of DHS turned to me at a senior meeting and evinced a desire for an “NCTC for TOC.” It was never pursued because of Center “fatigue;” but the sentiment was completely understandable. This NSC, like its predecessors, has attempted to cover TOC – a transnational threat that is vastly more complicated than terrorism—with only one or two officers. And, with the myriad departments and agencies that operate in the TOC space, the problem set cries out for a more integrated effort.
 The National Cyber Forensic and Training Alliance is an interesting, innovative approach. A 501(C)3 created in 2002, this nonprofit focuses on information sharing to identify, mitigate, and neutralize cyber threats. It is staffed by government, private sector industry, and academics and is a model that should be evaluated for broader application.