Allan Friedman on the NSA and Contingency Planning

My Brookings colleague Allan Friedman, an expert on cybersecurity, has this essay on the Atlantic's web site:

In the coming weeks, Congress and the civilian defense leadership will have to ask a lot of questions about the National Security Agency's surveillance programs, and how to reconcile them with privacy concerns. But they will also have to ask a more basic set of questions: Why on earth wasn't the NSA prepared for this? Why didn't the intelligence agency's leadership have a plan to deal with the global outcry that would follow the leak of classified Internet surveillance programs? Contingency planning is a critical part of every military operation, and is even more important for secret or covert activities. The Central Intelligence Agency and Special Forces Command examined every possible thing that could go wrong on the raid to kill Osama bin Laden, for example, and had clear plans to deal with any ensuing fallout. Although it has an intelligence mandate, the NSA is a Defense Department organization, and the director of NSA is a 4-star general. As such, it is troubling that the NSA appears to have no plan in place for how to respond once its spying program was made public and plastered on the front pages around the world. Instead, the best defense General Alexander could offer a room full of security professionals at the Black Hat convention, almost two months after the leak, was an explanation of FISA courts and the successful prosecution of a San Diego cab driver who sent money to a Somali militia. The NSA leadership had ample warning signs that leaks were possible, and that public reaction in the U.S. and around the world would be overwhelmingly negative. In 2003, Congress shut down Admiral Poindexter's 'Total Information Awareness' program after concerns that building massive databases of electronic transactions generated too many privacy concerns to justify the anti-terror benefits. After Bradley Manning turned over classified State Department and Defense Department data to Wikileaks, the entire security establishment should have been on notice that sensitive programs could be disclosed. The warning signs about fallout from the NSA Internet surveillance were even clearer: Senators Ron Wyden and Mark Udall publicly raised concerns about the program as far back as 2011, and directly communicated their worries to General Alexander in 2012. Yet leaders in the signals intelligence community appear to have paid little attention to how disclosure of these programs might impact anything other than U.S. intelligence efforts.

Friedman here makes an interesting point. It's hardly as though the intelligence community has had no experience with top-secret programs becoming public---and having to deal with the negative fallout. It's hardly as though there have not been public revelations about these very programs in the past that generated public outrage and required public response. Indeed, it's kind of amazing that anyone thought, after the experience of the last 10 years, that these programs would remain secret. Whatever one thinks of them, it's worth asking why the NSA, the intelligence community more broadly, and the Obama administration itself, were so completely unprepared to defend them in public.