The Capitol building intelligence failure

Embed from Getty Images

Myriad reasons enabled Trump supporters to congregate on Capitol Hill and storm the Capitol Building on January 6th. Public introspection in light of such a monumental failure is only natural, with the focus being on poor planning and a dysfunctional defense of the innermost sanctum of American democracy by the Capitol Police Force. This failure is even more jarring considering that the Capitol Police Force is one of the world’s largest forces meant to police such a small area.

The operational, bureaucratic and logistical failures and poor planning that led to the breach of the Capitol are only one side of the coin. Much has already been written about intelligence failures leading up to the breach which comprises the second and arguably more important part of the equation. While the exact organizational nature of the riots is still not entirely clear (and indeed it seems that the average participant wasn’t privy to any comprehensive plan), it is clear that at the least certain actors and small cells of extremists planned their activity in advance (at least partially in the open), and accordingly came prepared. 

Key intelligence about the riots in both broad, strategic strokes and tactical intelligence regarding known extremists and violent threats was missed and not disseminated appropriately. This failure occurred probably as the result of two main factors: a neglect of open-source intelligence gathering capabilities and methodologies (and conversely a reliance on other collection disciplines such as Human Intelligence), and a probable breakdown of the intelligence cycle and politicization of government agencies.

Embed from Getty Images

Firstly, the value of open-source intelligence gathering was apparent. Extremist online meeting places such as Parler,, 4chan’s infamous /pol/ imageboard, 8kun’s Q research board and /pnd/ board, public Telegram channels and other “alternative” media sources played a key role. These sites generally speaking hosted more specific and violent content than mainstream social media sites such as Facebook and Twitter due to both their niche nature as well as moderation mechanisms in place on most mainstream social media platforms. Developing the tools and professional tradecraft to effectively monitor and investigate these sources is key to staying abreast of developing threats (in particular large public events). Unfortunately, America’s intelligence agencies often overly rely on other, more traditional sources of intelligence such as Human Intelligence. This is not to say that these agencies do not utilize open-source intelligence, but rather don’t necessarily prioritize it appropriately. This was shown succinctly in the recent FBI announcement regarding an alleged 50 planned protests at State Capitols throughout the United States ascertained via human sources in the Boogaloo movement. The FBI appears to have well-positioned sources in a number of extremist organizations, but is using social media and open-source intelligence to play catch-up in identifying and arresting extremists who breached the Capitol. 

Secondly and perhaps more probable in terms of the immediate cause of the failure was a breakdown of the intelligence cycle. It is probable that the FBI and DHS, alongside local and regional LEAs monitored social media, forums and messaging applications and other sources and were aware to some extent (if not very aware) of the incoming threat. US intelligence agencies and LEAs, however, have historically had issues sharing intelligence and may have suffered from over compartmentalization or a lack of inter-agency coordination. A lack of coordination and proper channels of communication can lead to a failure to disseminate key intelligence and plan accordingly. Another potential and arguably probable issue under the current administration is political interference in intelligence which may have prevented the dissemination of finalized intelligence products from reaching decisionmakers who could have prepared appropriately.

While things are unclear now, the causes for the failure are probably a combination of the above two factors. Another, more troubling factor may underlie the two above as well: U.S. intelligence and LEAs simply monitored the wrong social networks and/or didn’t have the right set of technological tools to monitor the social networks that far-right activists use for these activities, suffering from “horse blinders” and focusing on known, mainstream platforms only.

In the past years and more specifically over the past year or so, extremist elements of the American and Global Far-Right have migrated from mainstream social media networks (such as Twitter and Facebook) to “niche social media platforms”. This is as the result of numerous factors, including the moderation elements of Facebook and Twitter, for example. In the past year or so this migration has included wider swathes of the American right-wing, primarily to Parler and Gab due to fear of being “censored” by mainstream networks. 

Extremist elements need social media platforms for a variety of purposes. These include spreading their ideology, recruiting new members and coordinating both on and off-line activity. As such, these extremists require platforms that will not deplatform their presence and enable them to act and organize freely. This is the main reason why those networks such as Parler, Gab or VK (a Facebook-like Russian language platform), are gaining popularity that is only increasing, certainly in the era of “post-truth” or “Pike  News”. The troublesome role of Parler has become even more apparent in past days, being effectively shut down by Amazon and other vendors which provided Parler’s infrastructure following harsh criticism of the platform after the breach of the Capitol.

Relevant intelligence bodies struggle to monitor mainstream networks, let alone niche ones, and often fail to find the “needle in a hashtag”. Developing monitoring capabilities is becoming ever more complex considering the characteristics of these networks. Furthermore, there is also a growing trend by these extreme elements to use instant messaging applications (thanks to their security protocols) to make life even more difficult for security agencies to track their activity.

The bottom line is that the Capitol Hill insurrection needs to be a “wake-up call”  to the relevant intelligence bodies engaged in monitoring illegal or seditious activity on open sources. Specifically, there is a need to invest in developing the right technology that will enable better monitoring of “niche” social media networks,  since it seems that these networks will continue to serve as fertile ground for these extremist elements.

About the Author
Danny (Dennis) Citrinowicz is a nonresident fellow with the Atlantic Council’s Middle East Programs and a senior WEBINT instructor at Cyberpro. Previously, he was senior fellow at the Institute of Policy and Strategy (IPS) and the Abba Eban institute at Reichman University. Danny served 25 years in a variety of command positions units in Israel Defense Intelligence (IDI) including as the head of the Iran branch in the Research and Analysis Division (RAD) in the Israeli defense intelligence and as the division’s representative in the United States.
Related Topics
Related Posts