Seventh public hearing of the National Commission on Terrorist Attacks Upon the United States

Statement of Claudio Manno to the National Commission on Terrorist Attacks Upon The United States
January 27, 2004

Chairman Kean, Vice Chairman Hamilton, and Commission members, I appreciate the opportunity to participate in your inquiry into the facts and circumstances surrounding the September 11, 2001, terrorist attacks against the United States. As your invitation letter requested, my statement will provide you with an understanding of my role as Director of the Federal Aviation Administration (FAA) Office of Intelligence and how we received, assessed, and disseminated intelligence prior to the Fall of 2001. I will also focus on how these processes have been improved and expanded since that time.

On September 11, 2001, I was the Director of the Office of Intelligence, which was part of the Office of Civil Aviation Security of the FAA. My responsibilities were to oversee and manage the receipt, identification, analysis and dissemination of intelligence information focusing on terrorism and other threats to U.S. civil aviation. In this role, I provided intelligence support to the Associate Administrator for Civil Aviation Security, other principal officials of the FAA, and the Office of Security and Intelligence at the Department of Transportation.

Although the magnitude of the events of September 11, 2001, had not previously been seen, FAA’s Intelligence Watch had managed multiple aviation crises prior to the tragic suicide hijackings. Given FAA’s experienced intelligence operations analysts and well-established set of standard operating procedures, the office was able to quickly transition into crisis mode. The normal 24-hour FAA Intelligence Watch was supplemented by subject matter experts in transnational and regional terrorism, as well as analysts specializing in military and unconventional threats. This cadre was able to provide senior FAA/DOT decision makers with an immediate assessment of the events, the most likely actors, and the possible additional near term threats. The entire FAA Office of Intelligence staff, many of whom transitioned over to become current members of the Transportation Security Intelligence Service (TSIS), was also immediately realigned to provide extended around-the-clock coverage of the incident and its aftermath. This augmentation included assigning two additional liaison officers to the FBI to provide 24-hour FAA expertise in the FBI Strategic Information Operations Center.

As the Commission requested, I will first address the process by which the FAA Office of Intelligence received and assessed potential threats to civil aviation, and how that office worked with the Intelligence Community to evaluate such threats prior to September 11, 2001. This review will lay the groundwork for a discussion about the improvements in information flow and coordination since that time.

As a “consumer” of intelligence, the FAA Office of Intelligence, like its successor TSIS, identified its information needs to the Intelligence Community in detailed “statements of intelligence interest” or “reading requirements.” The producing agencies keep these on file to determine to which agencies products (both raw intelligence and finished products) are disseminated. The agencies currently responsible for producing most of the intelligence on terrorism are the Central Intelligence Agency (CIA), the newly created Terrorist Threat Integration Center (TTIC), the Department of State (DOS), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Defense Intelligence Agency (DIA).

Prior to September 11, 2001, the FAA Office of Intelligence received, on a daily basis, a steady stream of raw reporting and finished intelligence from DOS, CIA, NSA, and DIA. The reporting included items that were sent electronically, hard-copy products received via courier, and cables and finished intelligence retrieved using a variety of Intelligence Community databases. From this intelligence flow, FAA analysts working on a 24-hour Intelligence Watch identified, on average, between one and two hundred classified cables, reports, hard-copy products, faxes and e-mails each day that merited closer review.

To further ensure the receipt of relevant information needed for the accurate assessment of threats to civil aviation, FAA assigned intelligence liaison officers to the CIA, FBI and DOS. Their primary duties were to identify and pursue information regarding actual or potential threats to civil aviation. By integrating FAA analysts into these agencies, additional access to intelligence was obtained. The access included the ability to read and review information that is disseminated externally to other agencies, as well as internal, operational, “in-house” e-mails and message traffic that is not shared with outside agencies. As a result, FAA liaison officers often gained insight and information about a terrorist threat or incident that was not officially passed to other agencies; in these cases, they requested release of the information and would educate the agencies as to why such information was of importance to the FAA. In some cases, they were successful in getting access for FAA; in other situations, due to sensitivity of sources and methods, the information was not approved for release. FAA understood that this was the trade-off for those agencies granting the liaison officers access to their information. FAA fully appreciated restriction of access based on the “need-to know” principle and the requirement to protect sensitive intelligence sources and methods.

Information received from the Intelligence and Law Enforcement Communities was examined by FAA intelligence analysts to assess the current and strategic threat to U.S. civil aviation. Most of the FAA intelligence analysts had vast experience working in the counter-terrorism field at other agencies within the Intelligence Community before they were hired by the FAA. Once on board, they were trained in aviation security operations to learn the operational environment of the aviation security system. In the Office of Intelligence, they studied the tactics used in previous attacks against commercial aviation and the history of terrorist groups most likely to attack U.S. civil aviation. The expertise developed by these analysts made them uniquely qualified to evaluate threats to civil aviation.

Analysts working in the FAA 24-hour Intelligence Watch reviewed the daily flow of intelligence information, looking for current or future threats to aviation. When such information was identified, a preliminary evaluation of its validity was made in coordination with input from the originating agency and other relevant agencies. FAA analysts examined the plausibility of the information based on their expertise regarding the known intent and capability of the alleged attackers, the method of attack and other aviation specific knowledge. The analysts, however, also had to rely in great measure on the characterization of the reliability of the source made by the agency supplying the information, since FAA had no way to independently assess it. The characterization of the source is a significant factor in the overall assessment of the validity of the threat information. Security decision makers depend on threat assessments based on credible information from reliable sources.

Working closely with specialists in aviation operations, the threat assessment was then viewed against the vulnerability of the target, in an attempt to establish the level of risk of a successful attack. In FAA, the Offices of Civil Aviation Security Policy and Operations would evaluate the susceptibility of a target to a given threat and promulgate security countermeasures to reduce the level of risk as appropriate. This threat and risk assessment process was applied to both current and strategic threats. Strategic threat assessments were used to determine the long-term baseline aviation security posture for a region or country. They were based on elements such as the history of attacks against civil aviation in a particular locale and the presence/activities of terrorist groups representing a potential threat to U.S. civil aviation. Current threat assessments usually concerned the potential for near term attacks and occasionally contained information that was specific in nature regarding terrorist plans to attack a particular aviation target.

Once a piece of information was identified as an actual or potential threat, FAA analysts opened an Intelligence Case File (ICF) to isolate it for follow up and evaluation. The 24-hour Intelligence Watch or FAA intelligence liaison officer notified the originating agency of FAA’s concern, and additional information was requested from the source and/or the agency to facilitate an assessment of the threat. In both cases, FAA analysts would coordinate assessments with analysts at the FBI and CIA to ensure factual accuracy and analytic logic. FAA analysts also conducted independent research in FAA’s files, Intelligence Community databases, and other sources as appropriate. FAA analysts continued to follow up on the ICFs as new information was received to validate or discount the threat.

Intelligence is only useful, however, if it reaches the operators and policymakers in an actionable format and a timely manner. Within FAA prior to September 11, 2001, notification of actual or potential threats to government and industry decision makers depended on the degree of validity that could be established within the time frame of the alleged threat. If an alleged attack appeared imminent, and an initial analysis deemed it plausible, notifications would be made immediately. If the threat information was not specific and/or the time frame of the threat was in the future, the analysts had more time to research and evaluate it.

The process of communicating potential aviation threat information to those that needed it at the operational level, state and local law enforcement and the affected stakeholders in the private sector, was accomplished primarily through the preparation and issuance of written notifications, such as information circulars and security directives (SDs). Law enforcement officers responsible for security at airports had access to these notices, which were transmitted to them via the Airport Law Enforcement Agencies Network, or ALEAN. This information was provided as sensitive security information, which in most cases consisted of a declassified version of originally classified threat information. The declassified versions were prepared with the assistance and cooperation of the originating agencies. FAA’s Office of Intelligence coordinated these advisories with other government agencies. Regulated entities, such as air carriers and airports, received the notices directly from FAA. In the case of security directives, the threat information was coupled with mandatory security countermeasures that the air carriers and airport authorities were required to carry out. In addition to communicating intelligence concerning threats via written notices, FAA’s 24-hour Intelligence Watch alerted aviation industry representatives to threats or events that were of potential interest and that would not necessarily result in the issuance of written notification. When declassification of information was not possible, the Watch relayed pertinent classified threat information to properly cleared industry representatives.

Now that I have explained how the FAA Office of Intelligence received and processed threat information prior to the events of September 11, 2001, I would like to highlight intelligence support that the FAA Office of Intelligence, as it transitioned over to TSA, provided to transportation industry stakeholders and other government agencies.

Immediately after the suicide hijackings of September 11, 2001, in an effort to assist aviation security stakeholders in identifying individuals who may pose additional threats to aviation, the FAA Office of Intelligence provided an assessment of the characteristics common to the September 11, 2001, hijackers. FAA intelligence analysts also briefed the U.S. air carriers at the classified level about other possible near term threats to aviation, which began flowing into the Intelligence and Law Enforcement Communities at a significantly increased rate. In addition to an enhancement and expansion of the normal duties of the FAA Office of Intelligence, several new intelligence support programs were developed in the weeks and months after the September 11, 2001 attacks:

1. Prior to September 11, 2001, the FAA had published several SDs and companion Emergency Amendments that required air carriers to not transport certain individuals who were known or suspected threats to aviation security. Immediately after September 11, the FAA began to administer a watch list for the FBI as part of the investigation of the suicide hijackings. By the end of 2001, the FAA assumed responsibility for this watch list and included the previously prohibited passengers. This list includes individuals known to pose, or suspected of posing, a threat to aviation or national security. This mechanism enables the Intelligence and Law Enforcement Communities to identify individuals who may present a terrorist threat.

2. The FAA Office of Intelligence expanded the amount and type of intelligence provided to the Federal Air Marshals (FAMs) to assist them in effectively targeting their missions. In fact, the FAA Office of Intelligence/TSIS stood up a new division with analysts whose primary duty was intelligence support to the FAM Service. This division was recently consolidated into a 24-hour Intelligence Watch at TSA’s Transportation Security Coordination Center (TSCC) to provide on-site intelligence support to FAM operations.

3. According to the Aviation and Transportation Security Act of November 2001, TSA must “receive, assess, and distribute intelligence information related to transportation security; [and] assess threats to transportation security.” Therefore, with the inception of TSA in November 2001, FAA Office of Intelligence/TSIS became responsible for assessing threat information and disseminating intelligence to all modes of transportation—aviation, maritime, and land. This transition meant TSIS had to develop an organic capability to assess threats to other modes of transportation and establish procedures, like those in place for aviation, for transmitting information to the private industry security representatives involved in maritime and land transportation. TSIS now provides threat warning products, such as information circulars (ICs), to aviation, maritime, and land transportation industry stakeholders.

TSIS, as the successor of the FAA’s Office of Intelligence, has incorporated many pre-September 11, 2001 analytic procedures into its current operations, while improving and expanding communication of potential threat information to the field and transportation community stakeholders for all modes of transportation. As a result of the immediate steps taken to improve our operations in the aftermath of the September 11, 2001 attacks, TSIS now enjoys increased access to intelligence and law enforcement information, which has undoubtedly had a positive impact on the security of U.S. transportation assets both in the Homeland and abroad. TSIS has also increased interaction with other agencies within the Intelligence and Law Enforcement Communities. I would like to take this opportunity to provide additional granularity on some of the beneficial developments in the Intelligence and Law Enforcement Communities, as well as discuss the areas where we are continuing to try to improve.

1. Intelligence from the FBI: Prior to September 11, 2001, FAA did not receive a daily flow of raw reports and finished intelligence from the FBI. Due to what I believe they thought were statutory restrictions, the Bureau did not consider itself an intelligence production agency, perhaps because of the statutory restrictions on the dissemination of information it collected in its investigative role. The FBI did provide, on a regular basis, finished, summary intelligence on terrorist groups in the U.S. and an assessment of the threat these groups posed to domestic airports and air carriers. In addition, FAA occasionally received FBI cable messages regarding potential threats to aviation. Like other federal agencies, FAA did receive the FBI’s classified Terrorist Threat Warning Notices, intelligence bulletins, BOLO (“Be on the Lookout”) alerts, National Law Enforcement Telecommunication System messages, the National Infrastructure Protection Center daily report, and the FBI’s annual summary report of terrorism in the United States.

   Since September 11, 2001, however, the flow of raw background reporting from the FBI has increased significantly. The USA Patriot Act of 2001 authorized the sharing of criminal investigative information with other federal agencies in matters of foreign intelligence and counterintelligence, amending previous laws that had been interpreted to prevent the FBI from sharing Grand Jury and Foreign Intelligence Surveillance Act information. In addition, the FBI has begun formally disseminating threat information via record cable traffic, which has significantly improved situational awareness of possible threats and suspicious incidents. The creation of the National Joint Terrorism Task Force (NJTTF) has also proven beneficial in expanding the flow of information from the FBI. TSIS assigned a full-time liaison officer to the NJTTF in recognition of the value of tapping into the information reported up from the local Joint Terrorism Task Force offices. TSIS’s presence on the NJTTF has also enabled TSA to provide information that supports FBI operations and investigations. TSIS also has a representative working in the International Terrorism Operations Section at FBI Headquarters. TSA is also receiving threat reporting from Federal Security Directors in the field who have developed close working relationships with the FBI and JTTF offices in their areas.

2. Information Sharing and Coordination among Agencies: TSIS receives a copy of the daily matrix that highlights current critical threats to U.S. interests. In addition, a twice daily secure video teleconference provides a forum for key federal agencies to discuss current threat information. Aside from sharing intelligence information, agencies are more frequently engaged in coordinating finished intelligence products. CIA, TTIC, and the FBI more routinely solicit input and comment from TSA on senior executives’ briefs and threat assessments. To build on the new spirit of sharing and coordination, in the last year, TSIS has assigned liaison officers to TTIC and NSA. TSIS liaison officers have developed beneficial relationships with the analysts of other agencies and have been able to educate them as to our intelligence needs, which have improved the flow of information. The consolidation of TSA, Customs, and Immigration within the Department of Homeland Security (DHS) has also led to enhanced information sharing and coordination of, not only intelligence, but operations as well. More information is being shared among more agencies than ever before, thus improving decision makers’ and industry stakeholders’ situational awareness of potential threats to U.S. transportation assets in the U.S. and abroad.

3. Terrorist Screening Center: TSIS has contributed to standing up the Terrorist Screening Center (TSC) as well as supporting its mission to provide information on known or suspected terrorists from the various U.S. Government databases to federal screening operations, border patrol, and state and local law enforcement. Two TSIS intelligence analysts provide direct support to the TSC Leadership on all matters regarding the TSA Watch List Program. Their responsibilities include the creation, coordination, maintenance and dissemination of the TSA’s Watch Lists. They are also responsible for adjudicating nominations to the lists as well as assisting in resolving conflicts surrounding persons identified in the watch listing process. The TSIS representatives at the TSC perform their functions in close coordination with the Department of Homeland Security, and detailed personnel from the other federal agencies of the Intelligence and Law Enforcement Communities.

The TSA goal of domain awareness across all modes of transportation is served by the enhanced information sharing with the increased access to both tactically actionable products and background information on groups and individuals. The Intelligence and Law Enforcement Communities have always provided TSA with reporting regarding specific threats, and since 2001, there has been a sizeable increase in the volume of intelligence reports being disseminated to TSA. TSIS is working with our partners, in the Federal, State, and local governments, to ensure greater and more routine access to information on the presence and activities of foreign terrorist groups in the United States, particularly those in communities around major airports and other transportation hubs. In addition, we always seek additional information on foreign terrorist organizations and sponsors abroad than we currently receive. More information about terrorist infrastructures, both in the United States and abroad, would assist TSIS intelligence analysts in forecasting potential threats in areas where U.S. transportation assets are located or provide service; such information would also allow TSIS to provide situational awareness to TSA executives, field operators, and industry stakeholders.

Despite remaining obstacles, the Intelligence and Law Enforcement Communities have made great strides in information sharing and coordination since the tragic events of September 11, 2001. TSA’s TSIS will continue to review our analytic skill sets and dissemination mechanisms—improving them where possible—and we will remain focused on providing to TSA and DHS executives, operators, and industry stakeholders with an accurate assessment of current and future threats to the U.S. transportation infrastructure.

Chairman Kean, Vice Chairman Hamilton and members of the Commission, I recognize the importance of your task on behalf of the American people and appreciate the opportunity to participate in these proceedings. I would be happy to address any of the Commission’s questions at this time.

Mr. Manno began his government career in 1978 as a Special Agent with the Air Force Office of Special Investigations (AFOSI). He served in a variety of domestic and overseas assignments managing criminal and counterintelligence investigations and anti-terrorism operations. He joined the Federal Aviation Administration (FAA) in 1987 to help set up the newly created Intelligence Division at HQ FAA. In 1990 he was posted to the United States Embassy in Rome Italy where he served as the manager of the FAA Civil Aviation Security International Office. Upon completion of that assignment he returned to HQ FAA as the Manager, Intelligence Operations Division. In 1997 he became the Deputy Director of the FAA Office of Intelligence and in 2001 was appointed as the Director. In 2002 he was appointed as the TSA Deputy Assistant Administrator for Intelligence and was named to his current TSA position in 2003.

A Native of Turin, Italy, Mr. Manno holds a B.A. in Psychology from Duquesne University, Pittsburgh, PA., as well as an M.A. in Economic Crime/Security Management from the George Washington University, Washington, D.C. and an M.P.A. from Troy State University – European Division. He is the recipient of various military and civilian awards. He’s a member of the AFOSI Special Agent’s Association, the Fraternal Order of Police, the Reserve Officer’s Association, the Senior Executives Association and the National Italian American Foundation.