U.S. national security faces rising challenges from insider threats and organizational rigidity, a Stanford professor says.

Amy Zegart, co-director of the Center for International Security and Cooperation at Stanford and a senior fellow at the Hoover Institution, wrote in a new study that in the past five years, seemingly trustworthy U.S. military and intelligence insiders have been responsible for a number of national security incidents, including the WikiLeaks publications and the 2009 attack at Fort Hood in Texas that killed 13 and injured more than 30.

She defines "insider threats" as people who use their authorized access to do harm to the security of the United States. They could range from mentally ill people to "coldly calculating officials" who betray critical national security secrets.

In her research, which relies upon declassified investigations by the U.S. military, FBI and Congress, Zegart analyzes the Fort Hood attack and one facet of the insider threat universe – Islamist terrorists.

In this case, a self-radicalized Army psychiatrist named Nidal Hasan walked into a Fort Hood facility in 2009 and fired 200 rounds, killing 13 people and wounding dozens of others. The shooting spree remains the worst terrorist attack on American soil since 9/11 and the worst mass murder at a military site in American history, she added.

Insights and lessons learned

Zegart's study of insider and surprise attacks as well as academic research into the theory of organizations led her to some key insights about why the Army failed to prevent Hasan's attack when clues were clear:

Image

In the Fort Hood case, she said, bureaucratic procedures kept red flags about Hasan in different places, making them harder to detect.

• Career incentives and organizational cultures often backfire. As Zegart wrote, several researchers found that "misaligned incentives and cultures" played major roles in undermining safety before the Challenger space shuttle disaster.

Zegart's earlier research on 9/11 found the same dynamic played a role in the FBI's manhunt for two 9/11 hijackers just 19 days before their attack. Because the FBI's culture prized convicting criminals after the fact rather than preventing disasters beforehand, the search for two would-be terrorists received the lowest priority and was handled by one of the least experienced agents in the New York office.

• Organizations matter more than most people think. Robust structures, processes and cultures that were effective in earlier periods for other tasks proved maladaptive after 9/11.

In the case of the Fort Hood attack, the evidence suggests that government investigations, which focused on individual errors and political correctness (disciplining or investigating a Muslim American in the military) identified only some of the root causes, missing key organizational failures.

Hasan slipped through the cracks not only because people made mistakes or were prone to political correctness, but also because defense organizations "worked in their usual ways," according to Zegart.

Adapting to a new threat

In terms of organizational weaknesses, Hasan's Fort Hood attack signaled a new challenge for the U.S. military: rethinking what "force protection" truly means, Zegart said. Before 9/11, force protection reflected a physical protection or hardening of potential targets from an outside attack. Now, force protection has evolved to mean that the threats could come from within the Defense Department and from Americans, she added.

"For half a century, the department's structure, systems, policies and culture had been oriented to think about protecting forces from the outside, not the inside," Zegart wrote.

In the case of Hasan, the Defense Department failed in three different ways to identify him as a threat: through the disciplinary system, the performance evaluation system and the counter-terrorism investigatory system run jointly with the FBI through Joint Terrorism Task Forces.

"Organizational factors played a significant role in explaining why the Pentagon could not stop Nidal Hasan in time. Despite 9/11 and a rising number of homegrown Jihadi terrorist attacks, the Defense Department struggled to adapt to insider terrorist threats," Zegart wrote.

Difficult to change

Another problem was that the Pentagon faced substantial manpower shortages in the medical corps – especially among psychiatrists. So the Defense Department responded to incentives and promoted Hasan, despite his increasingly poor performance and erratic behavior.

In addition, Zegart found the Defense Department official who investigated Hasan prior to the attack saw nothing amiss because he was the wrong person for the job – he was trained to ferret out waste, fraud and abuse, not counterterrorism, which is why he did not know how to look for signs of radicalization or counterintelligence risk.

"In sum, the Pentagon's force protection, discipline, promotion and counter-terrorism investigatory systems all missed this insider threat because they were designed for other purposes in earlier times, and deep-seated organizational incentives and cultures made it difficult for officials to change what they normally did," she wrote.

Zegart acknowledges the difficulties of learning lessons from tragedies like 9/11, the NASA space shuttle accidents and the 2009 Fort Hood shooting.

"People and organizations often remember what they should forget and forget what they should remember," she said, adding that policymakers tend to attribute failure to people and policies. While seemingly hidden at times, the organizational roots of disaster are much more important than many think, she added.

U.S. Sen. Dianne Feinstein (D-Calif.) told a Stanford audience Thursday that mass surveillance programs are designed to find possible terrorists, not snoop on American citizens.

She pointed to the rise of groups like ISIS – now in 12 countries, she said – and the gruesome spectacles of their brand of terrorism as proof that the world is more dangerous than ever.

"I don't think during my lifetime I've ever seen the degree of evil that is out there in the world today," said Feinstein, noting mass murders and beheadings of innocent civilians, including children. "These [surveillance] programs aim to protect this country, pure and simple. They're not aimed to go after Americans."

Feinstein was the final speaker in the yearlong series titled "The Security Conundrum." She spoke in a colloquy format with Stanford's Philip Taubman, consulting professor at Stanford's Center for International Security and Cooperation (CISAC) and former Washington bureau chief of the New York Times. 

Sen. Dianne Feinstein was the final speaker in the yearlong series titled 'The Security Conundrum.' 

Image

The discussion comes during a national debate on how to strike the right balance between security and liberty when technology now makes it possible for the government to collect phone and email data on citizens. With the USA Freedom Act expiring on June 1, Congress is considering legislation to reform the National Security Agency's mass surveillance program.

"We recognize that some reform is in order," said Feinstein, who plans to fly back to Washington for a rare Sunday Senate session on the expiring law.

"The big reform is that the data would be held by the phone companies and not the NSA," she said. If red flags resulted in queries, then warrants would have to be approved.

She took issue with descriptions of those programs as "mass surveillance." In 2013, warrants were sought in just 12 cases out of 288 queries about possible suspects. She said it is a selective process to find a suspect who raises enough concerns to trigger a query.

Feinstein's talk, titled "Congressional Oversight and the Intelligence Community," was held at CEMEX Auditorium.

Feinstein served as chair of the Senate Select Committee on Intelligence from 2009 to 2014 and is now the ranking minority member. She played a leading role in the Senate investigation of the Central Intelligence Agency detention and interrogation program following the terrorist attacks of Sept. 11, 2001.

'Miscarriages of justice'

Taubman asked Feinstein if she was worried that the surveillance programs could track law-abiding citizens, like more primitive efforts in the 1960s and '70s that targeted political and civil rights groups. Feinstein acknowledged that abuses happened in the past, but that congressional oversight of the programs – as is the case today – is essential to a fair process.

In particular, Feinstein decried the government's interrogation process of terrorism suspects at Guantanamo Bay that resulted in claims of torture. Her committee reviewed considerable intelligence data on that issue. "We found there were terrible miscarriages of justice," she said.

She described intelligence agencies as akin to "presidents" in the power they wield. "How do you make these agencies follow the law?" she asked. The only way is to "get in deep enough and close enough" to make it impossible for them to tell an "untruth" in a congressional hearing, she said.

Taubman suggested that it's extremely hard for a few dozen congressional staffers and members to oversee large agencies that employ thousands of people. "You're outgunned," he said.

Feinstein replied that "we have to look beyond the hearing." She said bipartisanship and a focus on producing effective legislation that addresses real problems is critical. "That's the nature of what we do."

She added that no other country in the world has an intelligence committee with as strong an oversight function as does the United States. China and Russia, for example, have growing intelligence agencies but no one watching them.

Feinstein agreed with Taubman that too much secrecy is detrimental to a democratic society. She said she wished she would have held more open, public meetings while in charge of the intelligence committee.

Feinstein expects that renewing the legislation will depend on perhaps three votes in the Senate. "It's possible. If not, the law ends at midnight and that creates a chink in our armor. There's no question in my mind," she said.

Feinstein said there is a "backup" bill that is similar to the USA Freedom Act, but she would prefer to reform the original legislation.

Taubman asked her if the surveillance efforts were actually preventing terrorist acts.

Feinstein said that people are arrested every week under the program, and that relevant information also goes to other countries to help them.

But more than ever, she noted, it's the private sector – not the government – that is extremely enterprising in collecting vast amounts of data from people, such as how they use their cellphones or surf the web.

CIA, China an issue

A California Democrat and Stanford graduate, Feinstein has served in the U.S. Senate since 1993.

When asked why she continues to work as a public servant, she said that 9/11 was a pivotal point in her life. That tragic event and flawed intelligence regarding the justification for the war in Iraq convinced her that a senior position on the intelligence committee would give her a way to help protect her country and fellow citizens.

Taubman expressed amazement that the CIA was actually spying on Feinstein's committee during its review of the hostage intelligence data.

"It was a real dust-up, there's no question about. I think it was a real violation of the separation of powers," she said.

On other issues, such as the rise of China, Feinstein said that country is now practicing "soft power" and flexing its muscles in the South China Sea. Plus, China is "eating our lunch" in regard to cybersecurity.

"I am very worried," she said. "I do not see China as a necessary enemy, but it seems to be going the opposite direction now."

In addition to CISAC, sponsors of "The Security Conundrum" series included the Freeman Spogli Institute for International Studies, the Hoover Institution, Stanford Continuing Studies, Stanford in Government and Stanford Law School.

The series "was designed to be an open inquiry in the ongoing debate on how to balance security and liberty," said Amy Zegart, co-director of CISAC and a senior fellow at the Hoover Institution.

This year the series has also included Gen. Michael Hayden, the former director of the National Security Agency and the CIA; journalist Barton Gellman; and former U.S. Sen. Mark Udall.

U.S. Sen. Dianne Feinstein will speak at Stanford next Thursday, May 28, about striking a balance between security and liberty at a time when Congress is considering legislation to reform the National Security Agency's mass surveillance programs.

Feinstein, D-Calif., is the final speaker in the yearlong Security Conundrum lecture series. She will engage in conversation with Stanford's Philip Taubman, a consulting professor at Stanford'sCenter for International Security and Cooperation and former Washington bureau chief of the New York Times.

Feinstein is expected to discuss Congress' role in overseeing America's intelligence agencies, such as the National Security Agency and the Central Intelligence Agency, and laws that govern their operations. The idea behind the Security Conundrum series is to invite national experts to Stanford to explore issues raised by the federal government's mass surveillance programs, especially in the area of national security, privacy and civil liberties.

The talk, titled "The Security Conundrum: An Evening with Senator Dianne Feinstein," is free and open to the public. It starts at 6:30 p.m., and will be held at the Cemex Auditorium, 641 Knight Way on campus. No TV cameras or film equipment are permitted. Advance registration is required – register here for tickets.

Feinstein has been at the center of the debate about the NSA since Edward Snowden's disclosures exposed an array of mass surveillance programs in 2013. She served as chair of the Senate Select Committee on Intelligence from 2009-2014 and is now the ranking minority member.

Feinstein also played a leading role in the Senate investigation of the CIA detention and interrogation program following the terrorist attacks of Sept. 11, 2001. She pressed to make the Senate report public, and some parts of it were eventually released. A Stanford graduate, Feinstein has served in the U.S. Senate since 1993.

The Security Conundrum is co-sponsored by Stanford's Freeman Spogli Institute for International Studies, the Center for International Security and Cooperation, the Hoover Institution, Stanford Continuing Studies, Stanford in Government and Stanford Law School.

Amy Zegart, CISAC co-director and a senior fellow at the Hoover Institution, has said CISAC and the Hoover Institution would conduct a similar series on international cybersecurity challenges in the coming academic year.

The Security Conundrum series for this past year included Gen. Michael Hayden, the former director of the National Security Agency and the CIA; journalist Barton Gellman; and former U.S. Sen. Mark Udall.

Former U.S. Sen. Mark Udall remembers how members of Congress gathered on the steps of the Capitol Building on the day of the 9/11 terrorist attacks. They clasped one another’s hands and spontaneously broke out singing, “God Bless America.”

It was a moving moment of patriotic bipartisanship. “It was our generation’s Pearl Harbor,” he recalled, and politics were momentarily subsumed by love of nation.

Then it was time to investigate and bring those responsible to justice.

“For many of us who were policymakers, it was time to take a crash course in understanding the tools of terrorism, trying to penetrate who al-Qaida was, who was this figure, Osama bin Laden – and then how do we respond?”

But the government went into overdrive, the Colorado Democrat believed, and put civil liberties at risk. He recalled other decisions in American history – such as the internment of Japanese-Americans during World War II – that were made in panic and secrecy.  

“It became clear to me that bin Laden’s motive was to create greater suspicion in the world, to incent us to build higher and higher walls,” he told a sold-out crowd at CEMEX Auditorium on Thursday night. His talk was part of Stanford “Security Conundrum” lecture series co-sponsored by CISAC, the Hoover Institution, the Law School, Stanford in Government and Continuing Studies.

“And in an interesting way, it led me to look at civil liberties and civil rights, which are the biggest, baddest weapons that we have,” he said in conversation with Philip Taubman, a CISAC consulting professor and a former reporter at The New York Times.

Taubman is one of the organizers of the special series has brought together nationally prominent experts this academic year to explore the critical issues raised by the National Security Agency's activities, including their impact on security, privacy and civil liberties.

On April 10, the speaker will be Judge Reggie Barnett Walton, former presiding judge of the Foreign Intelligence Surveillance Court, known as the FISA court. California Sen. Dianne Feinstein, vice chair of the Senate Intelligence Committee, will close the series before the end of the academic year.

Udall told the audience that in the powerful wake of fear that swept the nation following the 9/11 attacks, the House was presented with the Patriot Act “to strengthen and broaden our capacity to surveil those who might do us harm.”

Image

Udall was a congressman from 1999 to 2009 and then senator from 2009 until losing his seat in the mid-term elections last year. He had been a one-term congressman when the Bush administration put the Patriot Act to a vote on Oct. 24, 2001.

He was one of only 66 House members to vote against the act. It would then also pass through the Senate the following day.

Udall called his no-vote an unpopular one and a lonely period of his political life. But he believed the Act had been hastily drafted without due process and that some of the law’s provisions could lead to violations of privacy and freedoms.

“I was very conscious of what Ben Franklin famously said. He said that a society that trades essential liberties for short-term security deserves neither,” Udall said. “And I believed that we were strong enough to stand behind the civil liberties included in the First Amendment, the Fourth Amendment and the Fifth Amendment – including the explicit right to privacy – and that we would outlast these adversaries that were in front of us by hewing to those principles, not abandoning those principles.”

Udall also voted against the Obama administration’s four-year extension of three key provision of the act in 2011, which included roving wiretaps, searches of business records and conducting surveillance of those suspected of terrorist-related activities.

He would then gain notoriety for his vocal opposition to NSA surveillance programs in the wake of the Edward Snowden disclosures of June 2013. He became one of the staunchest critics of the U.S. spy agency for conducting massive, warrantless data grabs on millions of Americans without their knowledge.

Udall said the NSA gathers more than 700 million data sets from phone calls each day.

“I was told, don’t worry Mark, this is metadata. We just collect it; we don’t do anything with it,” Udall said. “But I realized that it wasn’t just metadata, that it was how that metadata was being used and the fact that it was a secret program and under a secret interpretation of the law.”

Udall said the metadata can be manipulated for form a pattern of an individual’s behavior, of his religious and political beliefs, his medical issues, his likes and dislikes.

“We haven’t done anything with this data and that’s all well and good,” he said. “But history shows us that the government will overreach, particularly when it operates in secret. The Fourth Amendment was put in place for a reason.”

He also worries the metadata program has undercut the trust in the intelligence community.

“I want to be clear: We need to gather intelligence,” he said. “There are forces at play in the world that would do us great harm. But again, we ought to gather that intelligence in ways that fit with what the public understands.”

Udall called on the audience to push for transparency reforms to the FISA court – which oversees requests by the NSA and FBI to issue surveillance warrants against suspected foreign intelligence agents. From 1999 to 2012, the court has granted nearly 34,000 warrants; only 12 have been denied.

Udall believes that privacy, which is implicit in the Bill of Rights, is essential to all other American freedoms that are protected by law.

“This has long-term and important ramifications about how we look at ourselves as Americans,” he said. “We all need to be in the mix; we all need to be having these discussions to be ever-vigilant and protect these fundamental freedoms.”

Former U.S. Sen. Mark Udall gained notoriety for his vocal opposition to National Security Agency surveillance programs in the wake of the Edward Snowden disclosures of June 2013.

Before losing his seat in the mid-term elections last year, the senior senator from Colorado had become one of the staunchest critics of the U.S. spy agency for conducting massive, warrantless data grabs on millions of Americans without their knowledge.

Even before the Snowden leaks, Udall had warned on the Senate floor in 2011 that the Patriot Act was being interpreted in a way to allow domestic surveillance activities that many members of Congress and the American public do not understand.

"Americans would be alarmed if they knew how this law is being carried out," he told fellow senators before he introduced amendments to the Patriot Act that would have secured tougher privacy mechanisms. The act was renewed without the amendments.

Udall – who served on the Senate's Intelligence and Armed Services committees – will be in conversation with Center for International Security and Cooperation Co-Director Amy Zegart Thursday, April 2, at 7:30 p.m. in CEMEX Auditorium as part of Stanford's Security Conundrum lecture series. The event is open to the public but an RSVP is required by 5 p.m. April 1.

The special series has brought together nationally prominent experts this academic year to explore the critical issues raised by the NSA's activities, including their impact on security, privacy and civil liberties. The series ends April 10 with a public conversation with Judge Reggie Barnett Walton, former presiding judge of the Foreign Intelligence Surveillance Court, known as the FISA court.

The Foreign Intelligence Surveillance Act of 1978 empowered the FISA court to oversee government requests for surveillance of foreign intelligence agencies. During its existence, the court has granted more than 30,000 warrants; it has denied only 11.

Walton, in conversation with Stanford Law School Professor Jenny Martinez, will explain the role that the secretive institution attempts to play in maintaining the balance between civil liberties and national security.

"We're delighted to end the Security Conundrum series with a view from Congress and the courts," said Zegart, who is also a senior fellow at the Hoover Institution. "Holding serious campus-wide conversations about issues of national importance is an essential part of the Stanford experience."

Zegart said CISAC and Hoover would conduct a similar series on international cybersecurity challenges in the coming academic year.

Udall, the third speaker in the series, also advocated for the declassification of the Senate Intelligence Committee's study on the CIA's enhanced interrogation program. The post-9/11 program allowed the government to ship suspected terrorists to secret overseas prisons and subject them to waterboarding and other torture techniques.

Gen. Michael Hayden, the former director of the NSA and CIA who has defended the government surveillance programs, kicked off the Security Conundrum series in October. In that talk, he said the metadata collection "is something we would never have done on Sept. 9 or Sept. 10. But it seemed reasonable after Sept. 11. No one is doing this out of prurient interests. No – it as a logical response to the needs of the moment."

The second speaker in the series, journalist Barton Gellman, gave a detailed account of his relationship with former NSA contractor Snowden and how he worked with him to reveal the details of the NSA's global and domestic surveillance programs.

One of the first Snowden revelations, Gellman said, was the top-secret PRISM surveillance program, in which the NSA tapped into the servers of nine large U.S. Internet companies, including Google, Microsoft, Yahoo and Facebook. Snowden said he believed the extent of mass data collection on American citizens was far greater than what the public knew.

The PRISM program allows the U.S. intelligence community to gain access from the tech companies to a wide range of digital information, including audio, video chats, photographs, emails and stored data, that enables analysts to track foreign targets. The program does not require individual warrants, but instead operates under the broad authorization of the FISA court.

"I asked him very bluntly, 'Why are you doing this?'" Gellman said of Snowden.

"He gave me very persuasive and consistent answers about his motives. Whatever you think of what he did or whether or not I should have published these stories, I would claim to you that all the evidence supports his claim that he had come across a dangerous accumulation of state power that the people needed to know about."