.

02/19/04 THU 10:41 FAX ^002

U.S. Department of Homeland Security

Information Analysis and Infrastructure Protection Directorate

Response to the 9/11 Commission's Questions for Intelligence Community

Components

1. Please describe your organization's role in supporting counterterrorism

activities prior to September 11,2001, and your agency's CT role today.

The Department of Homeland Security was established on March 1,2003, and in

it, the Information Analysis and Infrastructure Protection Directorate (IAIP) was
set up to receive information and intelligence regarding terrorist threats to the
homeland, map those threats against the nation's physical and cyber critical
infrastructure and key assets, and issue timely warnings and preventive and
protective measures to protect American lives and property.

The IAIP combined the legacy capabilities of the Department of Energy's Office
of Energy Assurance, the General Services Administration's Federal Computer
Incident Reporting Center (FedCIRC), the Federal Bureau of Investigation's
National Infrastructure Protection Center, the Department of Commerce's Critical
Infrastructure Assurance Office, and the Department of Defense's National
Communications System, with the mission requirement to leverage these existing
capabilities, and to broaden and enhance them to provide information and services
to the federal government, state and local officials, and the private sector. As an
example of this broadening of legacy missions, IAIP maintains continual
situational awareness of the nation and its borders through the Homeland Security |~-? \J. ^.j 7-
Operations Center (HSOC). HSOC currently houses 26 federal (both Intelligence
and law enforcement) and local agencies, which provide a continual stream of
information which is further analyzed or transmitted to the appropriate federal or
local law enforcement agency for action.

Today, IAIP is providing the full range of intelligence support to DHS leadership,
mapping terrorist threats to the homeland against assessed vulnerabilities in order
to protect against terrorist attacks, conducting independent analysis of terrorist
threats to the homeland in the form of tailored, competitive and red team analysis,
developing requirements for collection of intelligence and threat-related
information, and coordinating information exchanges between the Department
and state and local governments and the private sector. Please see attached Fact
Sheet on IAIP, and its relationship to the Terrorist Threat Integration Center.

2. How do you decide between counterterrorism and other high priority

intelligence collection and analysis activities? Who makes these decisions?
How do you allocate resources in accordance with these priorities?

As outlined in the Homeland Security Act, the Secretary of Homeland Security,

t/19/04 THU 10:42 FAX El003

Tom Ridge, ensures that the responsibilities of the Department, including those
regarding information analysis and infrastructure protection, are carried out
through the Under Secretary for Information Analysis and Infrastructure
Protection, Frank Libutti. IAIP itself is not an intelligence collection agency, but
has access to foreign and domestically collected intelligence and other information
from throughout the government, as well as developing mechanisms to gain such
information from state and local governments and the private sector. In addition,
~T>K-'
IAIP plays a leading role in developing unique collection requirements related to ^ /- (,
protecting the homeland from terrorist attacks, both for the elements within DHS n Lf\k •, .;
which do have collection authority (e.g., the Coast Guard, Customs and Border </£ i
Patrol, Immigration and Customs Enforcement, Transportation Security £ '& *
Administration, and the Secret Service), and for other USG elements involved in
terrorism and homeland-security-related information collection.

LAJP's analytic mission is uniquely focused on the Homeland. LAJP's

responsibilities include those to: access, receive, and analyze intelligence, law
enforcement information, and other information from agencies of the Federal
Government, State and local government agencies, and private sector entities, and
to integrate such information in order to identify and assess the nature and scope
of terrorist threats to the homeland; detect and identify threats of terrorism against
the United States; and understand such threats in light of actual and potential
vulnerabilities of the homeland. These responsibilities are, in part, carried out ^•
through IA officers located at the Terrorist Threat Integration Center. IAIP, along
with all other key elements in our war on global terrorism, are full partners in the TTIC
effort, with their assignees at TTIC reporting directly back to their own chains-of-
command, communicating seamlessly with them, and retaining the authorities and
responsibilities of their assigning element. In a very real sense, then, TTIC is nothing ^ ,.,
more or less than each of these crucial USG elements "doing business as" TTIC, that is, | ',.
utilizing the TTIC as one way, but not the exclusive way, to carry out their unique J
missions.

The Assistant Secretary for Information Analysis, Patrick Hughes, has primary
responsibility for developing collection requirements, including domestic
collection requirements, for the Intelligence Community and other entities
including, but not limited to, those directly involved in counterterrorism activities
as part of their own missions. Those requirements are informed by the integration
of the Office of Mbrmation Analysis (IA), headed by Assistant Secretary Hughes,
with the Office of Infrastructure Protection (IP), headed by Assistant Secretary
Robert Liscouski. Those offices constantly exchange information about threats,
terrorist capabilities and planning, critical infrastructure vulnerabilities and
protective measures in place to gauge the likelihood of success and potential
impact of terrorist acts. This information exchange enables, for the first time, a
real pro-active, risk mitigation strategyfemerge for our Nation, as opposed to what
once was a primarily reactive strategy.

In addition, IAIP is tasked to carry out comprehensive assessments of the

#19/04 THU 10:42 FAX $004

vulnerabilities of the key resources and critical infrastructure of the United States,
to integrate relevant information, analyses, and vulnerability assessments in order
to identify priorities for protective and support measures by the Department, other
agencies of the Federal Government, State and local government agencies and
authorities, the private sector, and other entities.

IAIP disseminates, as appropriate, information collected and analyzed by elements

of the Department within the Department, to other agencies of the Federal
Government with responsibilities relating to homeland security, and to agencies of
State and local governments and private sector entities with such responsibilities
in order to assist in the deterrence, prevention, preemption of, and response to,
terrorist attacks against the United States. Through its analysts assigned to TTIC,
the IA Directorate ensures that information gathered by DHS reaches TTIC and
informs its work and that TTlC's work directly supports DHS' unique mission to
protect the Homeland,

IAIP consults with State and local governments and private sector entities to
ensure appropriate exchanges of information, including law enforcement-related
information, relating to threats of terrorism against the United States. To the
extent that this question seeks information about non-terrorism-related
intelligence collection and analysis and the relative priority of such activities vis-a-
vis counterterrorism activities, given lAIP's overriding statutory mission, the
question is largely inapplicable to IAIP.

IAIP has allocated the resources it received from the passage of the Homeland
Security Act after extensive consultation by the leadership team, though some
flexibility will be required as DHS continues to mature and develop an operational
history of its own in order to determine how best to allocate resources to better
meet mission requirements.

3. Which activities, if any, have been terminated in order to reallocate resources

to CT efforts over the past five years?

The Department of Homeland Security was established on March 1,2003. lAIP's

resources were reallocated from the legacy agencies identified above. There has
been no further reallocation to date.

4. How are your organization's priorities linked to guidance from the Secretary
of Defense and/or the Director of Central Intelligence? Are your priorities
solely directed by the cabinet secretary or agency head that leads your
department or agency?

The priorities for IAIP are set forth in the Homeland Security Act and by applicable
Presidential Directives, and are administered by the Secretary for Homeland Security,
Tom Ridge, and the Under Secretary for Information Analysis and Infrastructure
719/04 THU 10:43 FAX 1^1005

Protection, Frank Libutti. Within IAIP, the Office of Infonnation Analysis, headed by
Assistant Secretary Patrick Hughes, communicates with the Central Intelligence
Agency and other Intelligence Community entities under the direction of the DCI,
along with numerous Department of Defense elements, in order to ensure that DHS'
activities are informed by the broader counterterrorism and related priorities of the
USG and, equally important, to ensure that priorities and requirements developed by
IAIP and other DHS elements are appropriately integrated with collection activities of
all other USG counterterrorism elements. IAIP, both at DHS Headquarters and
through IAIP analysts physically located at TTIC, conducts its own, independent
analysis, in the form of competitive, tailored and "red team." analysis, and utilizes the
analytic resources of the Federal Bureau of Investigation, Central Intelligence Agency,
Department of Defense, and other entities in this effort. As such, DHS and its
leadership set forth priorities for the Department and the Office of Information
Analysis works with its fellow members of the Intelligence Community, coordinating
intelligence requirements.

5. What is your office's strategy to meet its responsibilities regarding

counterterrorism?

Among other things, IAIP is responsible for mapping terrorist planning, tactics and
capability against our vulnerabilities. IAIP does this by independently analyzing all
intelligence it receives and through constant and seamless communication with lAIP's
assignees at the TTIC and throughout the intelligence, law-enforcement, and
homeland security communities, in order to compile the most accurate domestic threat
picture possible. As stated before, the work of the HSOC informs this mission,
providing an unprecedented real time threat picture of the country. Warning products
are then produced and disseminated to the federal government, state and local
officials, and the private sector as is appropriate. IAIP implements its goal of
protecting the homeland by enabling, developing, and sustaining the capability to
continuously identify, assess, and prioritize current and future threats to the homeland
and map those threats against vulnerabilities. IAIP also issues timely warnings and
advisories containing preventive and protective measures for critical infrastructure
owners-and operators, and provides actionable information to state and local officials
and law enforcement to prevent and disrupt terrorist planning and activity.

In addition to analysis and warning, IP is continuously assessing vulnerabilities within

the nation's critical infrastructures and working State, local governments and the
private sector to reduce these vulnerabilities. Together the integration of information
and intelligence by IA and the vulnerability reduction efforts of IP enable focused
national risk mitigation programs. These organized programs are in stark contrast to
the Nation's previous capacity only to react to threats. This framework provides the
basis from which to organize protective measures to secure America, and assists in
coordinating the response and restoration of critical infrastructure functions should an
incident take place.
#19/04 THU 10:43 FAX 1^1006

6. Please describe your agency's linkages to the following entities: Terrorist

Threat Integration Center (TTIC); CIA Counterterrorist Center (CTC); DIA
Joint Task Force for Counter-terrorism; FBI Counterterrorism Division;
DHS Information Analysis and Infrastructure Protection Directorate (IAJP).

As noted above, IAJP is a full partner in - in effecCa "part owner of' ~TI]0; our
officers work day-in-day-out at TTIC, participating in processing and analyzing
terrorist threat-related information, shaping and disseminating TTIC products,
assessing gaps in available information, and ensuring that TTIC products reach
appropriate DHS Headquarters elements, as well as appropriate state, local and
private sector officials. The CIA, DOD, and FBI, as well as others, also are full
partners in the TTIC joint venture, and, as a result, IAIP is closely linked to them
through its work at TTIC.

Additionally, IAIP, as a full member of the Intelligence Community, shares

intelligence information not only with its component entities, but with other 1C
members, including, but not limited to, those listed in the question above. This
sharing of information involves regular meetings and exchanges of information.
For example, the Office of Information Analysis and the FBI Counterterrorism
Division meet weekly, and the Homeland Security Information Summary (HSIS)
is briefed and distributed electronically by IA daily to selected members of the
intelligence community.

7. Please characterize relations on Counterterrorism issues within the

Intelligence Community prior to September 11,2001, and today. How has
information sharing on CT issues changed, if at all?

IAIP, of course, did not exist until March 2003. From our perspective, however,
information sharing on Counterterrorism issues has increased greatly even since
IAIP came into being. Not only are members of the 1C communicating well,
including through frequent face-to-face and electronic meetings, vastly enhanced
dissemination of information throughout not just the traditional "1C," but with the
broader law enforcement and homeland security communities. New ways of
doing business, including IAIP itself, as well as, of course, the TTIC, and the
Terrorist Screening Center, are improving every day our ability not onlyto better
develop a better threat picture but to act rapidly to reduce our vulnerabilities and
to prevent threatened attacks against us. IAIP is currently assessing and analyzing
threat information from all sources, including the 1C, and sharing the results at an
unprecedented rate, at appropriate levels, with state and local homeland security
officials and the private sector.

8. Please identify the responsible policy official for CT issues in the Intelligence
Community from whom you take direction and guidance.

Direction and guidance to IAIP are provided by the Secretary of Homeland

Security, Tom Ridge, and the Under Secretary for IAIP, Frank Libutti, themselves
r!»/U4 IfilOO?

guided by applicable statutes and Presidential directives. The Office of IA, as a

member of the Intelligence Community, also is guided by directives and other
guidance materials promulgated by the DCI. Communication between the IAIP
Directorate and the rest of the Intelligence Community takes place between the
analysts in the Office of Monrjation Analysis and their counterparts in the
respective 1C organizations, including through our assignees physically located at
TTIC and TSC, both at the analyst level and through the DHS Senior
Representatives at both Centers, Mike Dunlavey and Rick Kopel, respectively,
who are provided by the Department of Homeland Security.
fl9/04 THU 10:44 FAX 0008

FACT SHEET:
DHS Directorate of Information Analysis and Infrastructure Protection

Summary
!

The Directorate of Information Analysis and Infrastructure Protection ('TAIP") of

the Department of Homeland Security! (DHS) is firmly committed to carrying out each of
the 19 responsibilities assigned to it in Section 201 of the Homeland Security Act. As
indicated in the Reorganization Plan, submitted to Congress on November 22,2002, and
graphically represented in the attached table,; the Office of Information Analysis ("IA")
will carry out 16 of the 19 responsibilities (working together with the Office of
Infrastructure Protection ("IP") on sevien of these). IP itself will carry out three of the 19.
IA will carry out one of the 19 responsibilities -. identifying, detecting, and assessing
terrorist threats to the homeland -- both through analysts at DHS Headquarters and
through operating as one of the Terrorist Threat Integration Center ("TTIC") partners in
collaboration with analysts from other key agencies. Although only a few months old,
IAEP is moving forward to increase its' staff to carry out these statutory responsibilities,
and will have 86 full time analysts by September 2003, and 113 by March 2004, lAIP's
first anniversary. Among the key missions oif IA, which it is now carrying out and for
which IA will continue to increase its capability, are:

• Providing the full range of intelligence support to senior DHS leadership, as do

intelligence components of other departments and agencies;
!'
• With IP, mapping terrorist threats to the homeland against our assessed vulnerabilities
in order to drive our efforts to protject against terrorist attacks;

• Conducting independent analysis of terrorist threats to the homeland based on DHS'

"7 robust access to information and intelligence, including competitive analysis, tailored
analysis, and "red teaming;"

• Supporting the work of all of DHS' components, including the Directorates of Border
and Transportation Security, Science and Technology, and Emergency Preparedness
and Response. This analytic support will also be provided to DHS' decisionmakers
under pending Bioshield legislation, if enacted;

\ • Analyzing terrorist threats to the homeland, both at DHS Headquarters, and through
IA analysts physically located at ljTIC;
i
• Developing requirements for the collection of intelligence and other information
related to terrorist threats to the homeland for use by the Intelligence Community and
U.S. law enforcement agencies; j

• Coordinating exchanges of terrorist threat-related information with state and local

governments and the private sector; and
I
ii
i
I
ii
19/04 THU 10:44 FAX 1^009

• Managing the collection and processing of information into usable intelligence from
DHS' inherited intelligence components, e.g., Customs, Coast Guard, Secret Service.
To carry out these critical responsibilities, the President and Congress have provided
DHS/IAIP with unique and powerful authorities and capabilities, outlined in greater detail
below.

A Unique Organization. IAIP is unique among federal agencies with

intelligence and law enforcement functions iji terms of its combination of authority,
responsibility, and access to information. Np other entity combines lAIP's:
i

• Robust, comprehensive, and independent access, mandated by the President and in the
law, to information relevant to homeland security, whether raw or processed;

• Mission and authority to obtain information and intelligence, including through DHS
components, analyze that data, and take action to prevent, and respond to, terrorist
attacks directed at the U.S. homeland; and

• Ability to conduct its own, independent threat and other analysis and to leverage the
analytic resources of the Federal Bureau of Investigation (FBI), Central Intelligence
Agency (CIA), Department of Defense (DOD), TTIC, and other entities, to manage
the protection of the homeland.

IAIP - Focus on the Homeland. lAIP's anti-terrorism mission is singularly

focused on the protection of the American homeland against terrorist attack. This is
unique among all intelligence, law enforcement, and military entities (such as CIA, FBI,
and DOD), whose missions extend both worldwide, and to subject-matter areas and
purposes well beyond anti-terrorism. This focus allows IAIP to concentrate its energy on
protecting against threats at home, while working closely with other U.S. Government
components with explicit overseas-focused, or both overseas- and domestic-focused,
missions to ensure unity of purpose and effort against terrorist threats worldwide.
Precisely because DHS/IAIP is domestically focused, it can concentrate its considerable
authorities and capabilities on a critical mission that was fragmented prior to the
President's proposal to create DHS: protecting against terrorist attacks at home.

Central Role. Central to the success of this singular DHS mission is the
coordination of the Office of Information Analysis ("IA) with the Office of Infrastructure
Protection (8TP") to ensure that threat information is correlated with critical infrastructure
vulnerabilities and protective programs. This correlation provides the essential context to
determine the relevance and efficacy of threat information to the protection of critical
infrastructure components and key assets. IAIP is the center of strategy coordination for
all of DHS' Critical Infrastructure Protection efforts. Working through its Headquarters-
based analysts, IA, in close collaboration and coordination with IP, will choreograph an
interactive relationship between analysis of terrorist threats against the United States
homeland, comprehensive vulnerability assessments, and domestic preventative and
protective measures. The IA-IP partnership significantly reduces the potential for
./19/04 THU 10:44 FAX B010

intelligence gaps and communications failures. This linkage of information access and
analysis on the one hand and vulnerabilities Analysis and protective measures on the other
is what is entirely new, and unduplicated elsewhere, about the President's vision for
DHS. ! i •; i

Partnership with State and Local Governments and the Private Sector.
Unlike other members of the Intelligence Community, including others represented at the
TTIC, IA has both the authority and responsibility for providing Federally-collected and
analyzed homeland security information to first responders and other state and local
officials and, as appropriate, security managers and other key private sector contacts.
Likewise, only IA, in coordination with IP, is in the position effectively to manage the
collection from state and local governments, jand private sector officials, of the crucial
homeland security-related information that may be, in the first instance, available only to
those officials. DHS will work closely with pther U.S. Government agencies to
coordinate relations with state, local, and private sector officials, including coordinating
with FBI on contacts with state and local law enforcement.
; : !
I i :

Beyond the unique IA-IP partnership] IA is also the central information nerve
center of DHS' efforts to coordinate the protection of U.S. homeland security. IA will:
M i .

• Facilitate the creation of requirements, on behalf of the Secretary and DHS

leadership, to other DHS components, and to the ^Intelligence Community, and law
enforcement, informed by the integration' of homeland-security-related intelligence
from all sources with vulnerability and risk assessments for critical infrastructure
prepared by IP; , ;

• Provide the full-range of intelligence support -- jbriefings, analytic products,

including tailored analysis responding tp (specific inquiries, and other support - to the
Secretary, DHS leadership, the Undersecretary for IAIP, and DHS' operational
components, as well as the rest of DHS; j
! i i :
i ! i '

• Serve as the collection, processing, integration, analytic, and dissemination

manager for DHS' information cdllectioin and operational components (Coast Guard,
Secret Service, Transportation Security lAdministration, Immigration and Customs
Enforcement, Customs and Border' Protection), turning the voluminous threat
information collected every day at pur borders, ports, and airports, into usable and, in
many cases, actionable intelligence; ! ;

i [ | •
• Ensure (in coordination with FBI and others) that homeland security-related
intelligence information is shared with pthers who need it, in the Federal, state, and
local governments, as well as the private!sector; and
1 '• i •
• Support the Homeland Security Advispry System. lA's activities also will be in
support of the Secretary's responsibility to administer the Homeland Security
Advisory System, including independently analyzing information supporting
decisions to raise or lower the national warning level.

! 3
U
'19/04 THU 10:45 FAX

Terrorism Threat Analysis: IA and TTIC In addition to mapping terrorism

threats to the homeland, and carrying out its many other intelligence analytic functions,
IA, as directed by the President and Congress, will identify, detect, and assess the nature
and scope of terrorist threats to the homeland. Some of DHS' work in this area will be
carried out in part by IA analysts who are full participants in the President's Terrorism
Threat Integration Center (TTIC) initiative,! and physically located at TTIC. Other threat
analysis will be carried out by IAD? analysts located at Headquarters, in close
coordination with those located at TTIjC. !
; • I I

IA "Doing Business As" TTIC \n IA officers will be located at TTIC, working day-in-day-out, pa

in processing and analyzing terrorist tiireat-jelated information, developing, shaping, and

disseminating TTIC products, assessing gaps in the available information, and ensuring
that TTIC products reach appropriate DHS jHeadquarters elements, as well as appropriate
state, local, and private sector officials. lAjanalysts Assigned to TTIC will ensure that
information gathered by DHS (from its bwiii collectors as well as state and local
governments and the private sector) reaches TTIC and informs its work and, equally
important, that TTlC's work directly supports DHS' unique mission to protect the
homeland. IA analysts at TTIC are there, ii significant part, to carry out DHS' mission.
The threat information integration and: analysis that is the beginning, not the end, of DHS'
protective mission, will most effectively be; carried out, as Congressional and other
reviews have recommended, when all jterrojism threat-related activities of the U.S.
Government work together seamlessly. This includes counter-terrorism activities
directed against threats overseas, as well as criminal investigation and prosecution
activities, which the President and Congress did not, and, as a matter of effective
government and common sense, should not, direct be carried out exclusively by DHS.

Leveraging Co-Located Resources*

With the early fall 2004 co-location of TTIC (including the IA analysts working
for DHS there), with CIA's Counterterrorist Center, and the FBI's Counterterrorism
Division, DHS will be able to leverage the presence of its personnel at this combined
facility to: reduce transmission and coordination time for critical information; and
facilitate comprehensive assessment of not only domestic threats but also foreign-based
threats that may ultimately impact thejhomeland. As provided by Congress and the
President, authorities and capabilities to deter and disrupt terrorist threats, particularly
overseas, are shared among a number of departments and agencies and such activities
often must be undertaken in concert with state, local, and foreign governments. Recent
experience has shown that terrorist groups may attempt to coordinate multiple attacks,
both overseas and within the United States! and that threats that appear to be directed
overseas may actually be directed towards the homeland, and vice versa.

Robust and Independent Access to Intelligence

,719/04 THU 10:45 FAX

To carry out portions of its mission performed by IA analysts physically located at

TTIC and those at DHS Headquarters, IA will have robust, comprehensive, and
independent access, mandated by the President and in the law, to information relevant to
homeland security, whether raw or processed. LA's access is not an "either" IA at TTIC
"or" IA at DHS Headquarters issue. IA will have the'mandated access to, and the
physical electronic means to receive information, independent of its participation in the
TTIC. DHS' robust access to homeland security information - provided by the
President, by Congress, and by written agreement between the Secretary, Director of
Central Intelligence, and Attorney General - is in no way limited to those IA officers
physically working at TTIC. A copy of the Memorandum of Understanding between the
Intelligence Community, Federal Law Enforceinent Agencies, an(j tne Department of
Homeland Security Concerning Information SharingJ dated March 4,2003 ("the MOU")
is attached hereto. ; ' : •

Leveraging Federal, State and Local Information, and DHS/IP

In carrying out their analysis, IA analysts at DHS Headquarters not only will have
access to all relevant information from U.S^ intelligence and law enforcement agencies
and from officials in state and local governments andi the private sector, but they will be
able to reach out, via the IA analysts located at TTICJ to leverage their expertise and
direct contacts to the overall U.S. counterterrorism operational and analytic efforts co-
located there. DHS/IP will rely upon the analysis produced by LA, to help determine
priorities for protective and support measures and provide them to federal, state, and local
government agencies and authorities, and to private sjector entities. In support of its
mission, DHS/IP will drive, through and with lA, reduirements to the Intelligence
Community, law enforcement, and other parts of DHS, to ensure that vulnerabilities and
threats are correlated and appropriate protective actioins are defined and implemented.
\: j

IA's Independent Analytic Work '•• ' \n addition to the critical role, outlined above' of mappin

vulnerabilities against threats to the homeland, IA als,o will conduct other analysis distinct
from that hi which IA analysts participate at TTIC, including:

• Tailored Analysis. LA Headquarters-based analysts will routinely be tasked to take a

different "cut" at a similar universe of information as that analyzed at TTIC. For
example, TTIC may reach a conclusion about a g aoeral terrorist threat to the United
States, while DHS Headquarters may want a mor; targeted and specific analysis
directed at how such a threat might affect ajpartieular sector of the U.S. infrastructure,
Such threat analysis would be different;than that performed at TTIC, but crucial to the
overall DHS mission and to our homeland Security, Similar tailored analytic products
are systematically used by the leaders of other Ini elligence Community member
Departments and Agencies based on each agency s individual mission.

• Competitive Analysis. LAP analysts located at Headquarters will also conduct

competitive terrorism threat analysis to that takirig pi;ace at TTIC. For example, the
yi9/04 THU 10:46 FAX i!013

Secretary may want an independent look at a particular conclusion reached by

analysts - including IA analysts - at TTIC. Such :ompetitive analysis not only is
sound practice, but it has been for decades a cornerstone of U.S. Intelligence
Community analytic efforts.

Red-Teaming. lA's tailored and, at times, comp btitive terrorism threat analysis, will
take another form as well: "red teaming." lA's arialysts will not only look
independently at threat data from a traditional analytical perspective, i.e., "connecting
the dots," but will also undertake "red team" anal; reis. In this mode, analysts will
view the United States from the perspective of;th«i terrorists, seeking to discern and
predict the methods, means and targets of the terri >ristB. The analysis produced as part
of this red teaming will then be utilized to uncbve r weaknesses, and to set priorities
for long-term protective action and target hardeni ig.

TTIC's Mission

TTIC is an interagency joint venture: of its partners. The TTIC members include,
but are not limited to, the Department of Justice/FBIj DHS, CIA, National Security
Agency, National Imagery and Mapping Agency, Peiense Intelligence Agency, and the
Department of State. Through the input and participj tion of these partners, TTIC will
merge and analyze terrorist threat-related informatiorj, collected domestically and abroad,
in order to form the most comprehensive possible thr jat picture, and disseminate such
information to appropriate recipients. TTIC, through its structure, will draw on the
particular expertise of its participating members - such as DHS' focus on homeland
security and CIA's focus on terrorism information; collected overseas - thereby ensuring
that the terrorist analytic product takes advantage of, land incorporates, the specialized
perspectives of relevant federal agencies, hi addition! TTIC will have access to, and will
aggressively seek to analyze, information from state and local entities, as well as
voluntarily provided data from the private sector. TIJIC will work with appropriate
partners to ensure that TTIC's products reach not 6rJy federal customers, but also state
and local, as well as private sector, partners.

TTIC will provide comprehensive, all-source terrorist threat analysis and

assessments to U.S. national leadership. It will also play a lead role, along with other
organizations, in overseeing a national terrorist threa tasking and requirements system.
In addition, TTIC will maintain an up-to-date database of known and suspected terrorists
accessible to appropriate officials. A copy of Direct* r of Central Intelligence Directive
2/4, concerning TTIC, is attached hereto.
,/19/04 THU 10:46 FAX ®014

Statutory Function" ; •• j Component Performed, in

Part, at TTIC?
Vulnerabilities Assessment • IP NO
National Plan to Secure Infrastructure : •' • IP NO
Recommend Infrastracture Protective Measures ' IP NO
"Map" threats against vulnerabilities • i IA/IP NO
Ensure timely and efficient access to DHS 6f all ; IA NO
homeland security information '•..'•• ; ;
Administer the Homeland Security Advisory System 1A NO
Make recommendations for homeland security •. •. : ; . IA NO
information sharing policies j '•• i ; • i
Disseminate information analyzed by DHS to other IA NO
federal, state, and local government entities and the
private sector ,i .• ~. ;
Consult with appropriate federal Intelligence ; IA NO
Community and law enforcement officials to establis i
collection priorities and strategies and represent DHi in
"requirements" processes ; ; '•'".:'•
Consult with state and local governments and the IA NO
private sector to ensure appropriate exchanges of
terrorist threat-related information 1 'J.
Ensure that information received is protecte'd from IA/IP NO
unauthorized disclosure and handled and used only i >r
the performance of official duties I ! ,..;••
Request additional information from other federal, s ite, IA/IP NO
local government agencies and the private sector
Establish and use secure information technology '. • IA/IP NO
infrastructure ' ^ '
Ensure that information systems/databaises lire ; ; IA/IP NO
compatible with one another and other federal agent es
and treat information in accordance with applicable
Federal privacy law j . ,
Coordinate training and other support to DlIS and 6' ler IA/IP NO
agencies to identify and share information ! '••,.'',
Coordinate with 1C elements and federal, gjiatej arid IA NO
local law enforcement agencies "as appropriate" ;
Provide intelligence analysis and other support to th IA NO
rest of DHS ..'. • ; ' i i
Perform such other duties as the Secretary inay prt>V de IA/IP NO
Identify, Detect, and Assess Terrorist Threats to ; : IA YES
Homeland ' ,; ;
< !. : . '

' This chart is intended only to describe in general terms lAff'S-divlsion of Ik or with regard to functions assigned DHS by the
nd all other federal Departments and Agencies, remain
responsible, with regard to their own work and information in t&eir poiseesi&r for many of these same functions, e.g., protecting
information against unauthorized disclosure. :| :

i i "',• •
:|v ^!: ' ! •:
•'• i-7^!.
; i : l : ' !* =