U.S. national security faces rising challenges from insider threats and organizational rigidity, a Stanford professor says.

Amy Zegart, co-director of the Center for International Security and Cooperation at Stanford and a senior fellow at the Hoover Institution, wrote in a new study that in the past five years, seemingly trustworthy U.S. military and intelligence insiders have been responsible for a number of national security incidents, including the WikiLeaks publications and the 2009 attack at Fort Hood in Texas that killed 13 and injured more than 30.

She defines "insider threats" as people who use their authorized access to do harm to the security of the United States. They could range from mentally ill people to "coldly calculating officials" who betray critical national security secrets.

In her research, which relies upon declassified investigations by the U.S. military, FBI and Congress, Zegart analyzes the Fort Hood attack and one facet of the insider threat universe – Islamist terrorists.

In this case, a self-radicalized Army psychiatrist named Nidal Hasan walked into a Fort Hood facility in 2009 and fired 200 rounds, killing 13 people and wounding dozens of others. The shooting spree remains the worst terrorist attack on American soil since 9/11 and the worst mass murder at a military site in American history, she added.

Insights and lessons learned

Zegart's study of insider and surprise attacks as well as academic research into the theory of organizations led her to some key insights about why the Army failed to prevent Hasan's attack when clues were clear:

Image

In the Fort Hood case, she said, bureaucratic procedures kept red flags about Hasan in different places, making them harder to detect.

• Career incentives and organizational cultures often backfire. As Zegart wrote, several researchers found that "misaligned incentives and cultures" played major roles in undermining safety before the Challenger space shuttle disaster.

Zegart's earlier research on 9/11 found the same dynamic played a role in the FBI's manhunt for two 9/11 hijackers just 19 days before their attack. Because the FBI's culture prized convicting criminals after the fact rather than preventing disasters beforehand, the search for two would-be terrorists received the lowest priority and was handled by one of the least experienced agents in the New York office.

• Organizations matter more than most people think. Robust structures, processes and cultures that were effective in earlier periods for other tasks proved maladaptive after 9/11.

In the case of the Fort Hood attack, the evidence suggests that government investigations, which focused on individual errors and political correctness (disciplining or investigating a Muslim American in the military) identified only some of the root causes, missing key organizational failures.

Hasan slipped through the cracks not only because people made mistakes or were prone to political correctness, but also because defense organizations "worked in their usual ways," according to Zegart.

Adapting to a new threat

In terms of organizational weaknesses, Hasan's Fort Hood attack signaled a new challenge for the U.S. military: rethinking what "force protection" truly means, Zegart said. Before 9/11, force protection reflected a physical protection or hardening of potential targets from an outside attack. Now, force protection has evolved to mean that the threats could come from within the Defense Department and from Americans, she added.

"For half a century, the department's structure, systems, policies and culture had been oriented to think about protecting forces from the outside, not the inside," Zegart wrote.

In the case of Hasan, the Defense Department failed in three different ways to identify him as a threat: through the disciplinary system, the performance evaluation system and the counter-terrorism investigatory system run jointly with the FBI through Joint Terrorism Task Forces.

"Organizational factors played a significant role in explaining why the Pentagon could not stop Nidal Hasan in time. Despite 9/11 and a rising number of homegrown Jihadi terrorist attacks, the Defense Department struggled to adapt to insider terrorist threats," Zegart wrote.

Difficult to change

Another problem was that the Pentagon faced substantial manpower shortages in the medical corps – especially among psychiatrists. So the Defense Department responded to incentives and promoted Hasan, despite his increasingly poor performance and erratic behavior.

In addition, Zegart found the Defense Department official who investigated Hasan prior to the attack saw nothing amiss because he was the wrong person for the job – he was trained to ferret out waste, fraud and abuse, not counterterrorism, which is why he did not know how to look for signs of radicalization or counterintelligence risk.

"In sum, the Pentagon's force protection, discipline, promotion and counter-terrorism investigatory systems all missed this insider threat because they were designed for other purposes in earlier times, and deep-seated organizational incentives and cultures made it difficult for officials to change what they normally did," she wrote.

Zegart acknowledges the difficulties of learning lessons from tragedies like 9/11, the NASA space shuttle accidents and the 2009 Fort Hood shooting.

"People and organizations often remember what they should forget and forget what they should remember," she said, adding that policymakers tend to attribute failure to people and policies. While seemingly hidden at times, the organizational roots of disaster are much more important than many think, she added.

U.S. Sen. Dianne Feinstein (D-Calif.) told a Stanford audience Thursday that mass surveillance programs are designed to find possible terrorists, not snoop on American citizens.

She pointed to the rise of groups like ISIS – now in 12 countries, she said – and the gruesome spectacles of their brand of terrorism as proof that the world is more dangerous than ever.

"I don't think during my lifetime I've ever seen the degree of evil that is out there in the world today," said Feinstein, noting mass murders and beheadings of innocent civilians, including children. "These [surveillance] programs aim to protect this country, pure and simple. They're not aimed to go after Americans."

Feinstein was the final speaker in the yearlong series titled "The Security Conundrum." She spoke in a colloquy format with Stanford's Philip Taubman, consulting professor at Stanford's Center for International Security and Cooperation (CISAC) and former Washington bureau chief of the New York Times. 

Sen. Dianne Feinstein was the final speaker in the yearlong series titled 'The Security Conundrum.' 

Image

The discussion comes during a national debate on how to strike the right balance between security and liberty when technology now makes it possible for the government to collect phone and email data on citizens. With the USA Freedom Act expiring on June 1, Congress is considering legislation to reform the National Security Agency's mass surveillance program.

"We recognize that some reform is in order," said Feinstein, who plans to fly back to Washington for a rare Sunday Senate session on the expiring law.

"The big reform is that the data would be held by the phone companies and not the NSA," she said. If red flags resulted in queries, then warrants would have to be approved.

She took issue with descriptions of those programs as "mass surveillance." In 2013, warrants were sought in just 12 cases out of 288 queries about possible suspects. She said it is a selective process to find a suspect who raises enough concerns to trigger a query.

Feinstein's talk, titled "Congressional Oversight and the Intelligence Community," was held at CEMEX Auditorium.

Feinstein served as chair of the Senate Select Committee on Intelligence from 2009 to 2014 and is now the ranking minority member. She played a leading role in the Senate investigation of the Central Intelligence Agency detention and interrogation program following the terrorist attacks of Sept. 11, 2001.

'Miscarriages of justice'

Taubman asked Feinstein if she was worried that the surveillance programs could track law-abiding citizens, like more primitive efforts in the 1960s and '70s that targeted political and civil rights groups. Feinstein acknowledged that abuses happened in the past, but that congressional oversight of the programs – as is the case today – is essential to a fair process.

In particular, Feinstein decried the government's interrogation process of terrorism suspects at Guantanamo Bay that resulted in claims of torture. Her committee reviewed considerable intelligence data on that issue. "We found there were terrible miscarriages of justice," she said.

She described intelligence agencies as akin to "presidents" in the power they wield. "How do you make these agencies follow the law?" she asked. The only way is to "get in deep enough and close enough" to make it impossible for them to tell an "untruth" in a congressional hearing, she said.

Taubman suggested that it's extremely hard for a few dozen congressional staffers and members to oversee large agencies that employ thousands of people. "You're outgunned," he said.

Feinstein replied that "we have to look beyond the hearing." She said bipartisanship and a focus on producing effective legislation that addresses real problems is critical. "That's the nature of what we do."

She added that no other country in the world has an intelligence committee with as strong an oversight function as does the United States. China and Russia, for example, have growing intelligence agencies but no one watching them.

Feinstein agreed with Taubman that too much secrecy is detrimental to a democratic society. She said she wished she would have held more open, public meetings while in charge of the intelligence committee.

Feinstein expects that renewing the legislation will depend on perhaps three votes in the Senate. "It's possible. If not, the law ends at midnight and that creates a chink in our armor. There's no question in my mind," she said.

Feinstein said there is a "backup" bill that is similar to the USA Freedom Act, but she would prefer to reform the original legislation.

Taubman asked her if the surveillance efforts were actually preventing terrorist acts.

Feinstein said that people are arrested every week under the program, and that relevant information also goes to other countries to help them.

But more than ever, she noted, it's the private sector – not the government – that is extremely enterprising in collecting vast amounts of data from people, such as how they use their cellphones or surf the web.

CIA, China an issue

A California Democrat and Stanford graduate, Feinstein has served in the U.S. Senate since 1993.

When asked why she continues to work as a public servant, she said that 9/11 was a pivotal point in her life. That tragic event and flawed intelligence regarding the justification for the war in Iraq convinced her that a senior position on the intelligence committee would give her a way to help protect her country and fellow citizens.

Taubman expressed amazement that the CIA was actually spying on Feinstein's committee during its review of the hostage intelligence data.

"It was a real dust-up, there's no question about. I think it was a real violation of the separation of powers," she said.

On other issues, such as the rise of China, Feinstein said that country is now practicing "soft power" and flexing its muscles in the South China Sea. Plus, China is "eating our lunch" in regard to cybersecurity.

"I am very worried," she said. "I do not see China as a necessary enemy, but it seems to be going the opposite direction now."

In addition to CISAC, sponsors of "The Security Conundrum" series included the Freeman Spogli Institute for International Studies, the Hoover Institution, Stanford Continuing Studies, Stanford in Government and Stanford Law School.

The series "was designed to be an open inquiry in the ongoing debate on how to balance security and liberty," said Amy Zegart, co-director of CISAC and a senior fellow at the Hoover Institution.

This year the series has also included Gen. Michael Hayden, the former director of the National Security Agency and the CIA; journalist Barton Gellman; and former U.S. Sen. Mark Udall.

U.S. Sen. Dianne Feinstein will speak at Stanford next Thursday, May 28, about striking a balance between security and liberty at a time when Congress is considering legislation to reform the National Security Agency's mass surveillance programs.

Feinstein, D-Calif., is the final speaker in the yearlong Security Conundrum lecture series. She will engage in conversation with Stanford's Philip Taubman, a consulting professor at Stanford'sCenter for International Security and Cooperation and former Washington bureau chief of the New York Times.

Feinstein is expected to discuss Congress' role in overseeing America's intelligence agencies, such as the National Security Agency and the Central Intelligence Agency, and laws that govern their operations. The idea behind the Security Conundrum series is to invite national experts to Stanford to explore issues raised by the federal government's mass surveillance programs, especially in the area of national security, privacy and civil liberties.

The talk, titled "The Security Conundrum: An Evening with Senator Dianne Feinstein," is free and open to the public. It starts at 6:30 p.m., and will be held at the Cemex Auditorium, 641 Knight Way on campus. No TV cameras or film equipment are permitted. Advance registration is required – register here for tickets.

Feinstein has been at the center of the debate about the NSA since Edward Snowden's disclosures exposed an array of mass surveillance programs in 2013. She served as chair of the Senate Select Committee on Intelligence from 2009-2014 and is now the ranking minority member.

Feinstein also played a leading role in the Senate investigation of the CIA detention and interrogation program following the terrorist attacks of Sept. 11, 2001. She pressed to make the Senate report public, and some parts of it were eventually released. A Stanford graduate, Feinstein has served in the U.S. Senate since 1993.

The Security Conundrum is co-sponsored by Stanford's Freeman Spogli Institute for International Studies, the Center for International Security and Cooperation, the Hoover Institution, Stanford Continuing Studies, Stanford in Government and Stanford Law School.

Amy Zegart, CISAC co-director and a senior fellow at the Hoover Institution, has said CISAC and the Hoover Institution would conduct a similar series on international cybersecurity challenges in the coming academic year.

The Security Conundrum series for this past year included Gen. Michael Hayden, the former director of the National Security Agency and the CIA; journalist Barton Gellman; and former U.S. Sen. Mark Udall.