Experts React: Assessing the Israeli Intelligence and Potential Policy Failure
Audio Brief
A short, spoken-word summary from CSIS’s Daniel Byman on his commentary with Jessica Davis, Tricia Bacon, and Emily Harding, “Experts React: Assessing the Israeli Intelligence and Potential Policy Failure.”
The devastating Hamas attack surprised Israel and represented a massive failure for its intelligence services. A collection of CSIS experts examine different aspects of this failure. Jessica Davis explores the failure to detect the attack’s financing, decades after 9/11 made terrorist financing a priority. Tricia Bacon argues that the failure likely occurred because Israel failed to properly understand Hamas’s intent. Emily Harding contends that Israel may have relied too much on technology in its monitoring of Gaza. Finally, Daniel Byman assesses the overlap between intelligence and policy failures, both driving factors for the future of the conflict.
Missing The Financing of Hamas
Jessica Davis
Senior Associate (Non-resident), Transnational Threats Project
Since September 11, the international community has made financial intelligence, and counterterrorist financing, a key pillar of counterterrorism. Shortly after 9/11, President Bush announced that the United States “will continue to work with our allies to disrupt the financing of terrorism” and that it will “identify and block the sources of funding for terrorism, freeze the assets of terrorists and those who support them, deny terrorists access to the international financial system, protect legitimate charities from being abused by terrorists, and prevent the movement of terrorists’ assets through alternative financial networks.” So where was the financial intelligence warning about this attack, and how was Hamas allowed to finance this operation?
It is incredible that Hamas planned, procured, and financed the attacks of October 7, likely over the course of at least two years, without being detected by Israeli intelligence. The fact that it appears to have done so without U.S. detection is nothing short of astonishing.
The attack was complex and expensive. It is too soon to say what it might have cost—that will require a careful analysis of the various components of the attack, ranging from pre-attack training to weapons procurement (and much more). But what is known is that one of the most expensive attacks in history was September 11, 2001. Adjusted for inflation, that attack cost $850,000. These attacks involved a combination of thousands of rockets and thousands of armed Hamas fighters breaching a border fence and attacking on motorboats and paragliders. The October 7 attacks will undoubtedly cross the million-dollar mark, probably by a wide margin.
The fact that Israeli intelligence, as well as the international intelligence community (specifically the Five Eyes intelligence-sharing network), missed millions of dollars’ worth of procurement, planning, and preparation activities by a known terrorist entity is extremely troubling. And some of this financing over the years was happening in plain sight—with cryptocurrencies. While cryptocurrencies are often thought to be anonymous, in practice, the transactions are largely visible to anyone who cares to look. And while attributing those transactions to terrorist entities can be a challenge, the swift reaction by U.S. and Israeli officials in the aftermath of the attack suggests that good intelligence on who exactly was benefiting from these transactions existed.
The truth is that Hamas has not been a counterterrorism focus for many years. Some of the most recent estimates on Hamas financing are years old; many countries, including those with known Hamas finance and facilitation networks operating in their borders, such as Turkey, Algeria, and even the United Kingdom, have been silent on the issue for years. Members of the G7-founded Financial Action Task Force, the global standard-setting body for efforts to counter the financing of terrorism, are going to have to answer some hard questions about efforts (or the lack thereof) to counter Hamas’s financing. If Israel and the United States, and indeed members of Five Eyes, can miss what might be the most expensive terrorist plot in history, it will certainly raise questions about the collection, use, and utility of financial intelligence in detecting and disrupting terrorist attacks.
Missing Hamas’s Intent
Tricia Bacon
Senior Associate (Non-resident), Transnational Threats Project
Assessing the threat from militant groups requires understanding both their capability and intent. Capability refers to an organization’s ability to engage in attacks and violence, while intent is its calculus about when, how, and against whom to use that capability.
For years, the U.S. intelligence community has focused on the threat from al Qaeda and the Islamic State: two groups that have the intent to strike the United States but have limited capability to do so. To counter that threat, the United States has proven adept at collecting and assessing intelligence to devise measures to degrade the capability of both groups, such as disrupting their safe havens, conducting targeted strikes, and executing special operations. The hostile intent was, correctly, taken as a given.
For intelligence officials, identifying changes in a group’s intent is particularly challenging, especially when dealing with highly capable organizations like Hamas. Accurately assessing intent requires regular access to the leaders’ deliberations. And highly capable organizations are hard to infiltrate—they are savvy in their communications to avoid interception, and they employ denial and deception tactics.
Before October 7, it was well established that Hamas was more capable than its recent operations demonstrated, but its seemingly pragmatic intent restrained the scope of its actions. It still conducted periodic attacks against Israel, but those attacks were not as frequent or lethal Hamas’s capability could have produced. Under these circumstances, the Israelis did engage in some kinetic responses against Hamas, but the two sides exercised some restraint and appeared to have developed parameters to manage the conflict and avoid escalation. Kinetic means used to diminish capability—like those the United States has used against al Qaeda and the Islamic State—can risk inadvertently provoking a greater threat by changing a group’s intent. But, as was clear on October 7, that calculus fails when a highly capable group manages to conceal a change of intent. Ultimately, though Israel will have to investigate how Hamas managed to successfully penetrate its defenses and conceal planning for the attack, the core intelligence failure was not detecting the change in Hamas’s intent.
An Overreliance on Technology
Emily Harding
Deputy Director and Senior Fellow, International Security Program
In the Jack London short story “To Build a Fire,” the main character ignores warnings and walks into an icy wilderness on the coldest day of the year. London describes him as “quick and alert in the things of life, but only in the things, and not in the significances.” He knew it was cold and the journey was far, but he failed to grasp the threat of the cold and died as a result.
Much like the man in the story, intelligence services can collect facts, but they need more than data points to understand the significances. Israeli intelligence services are among the best in the world—clearly focused on mission, creative, and technologically advanced. Their tech has handed them some impressive intelligence wins in the past, but in October 2023 an overreliance on technology likely contributed to an intelligence failure.
In the days before the October 7 attacks, the Israeli services would have felt confident in robust technical capability. A high-tech border fence surrounding Gaza provided tactical warning, serving as both a physical and electronic barrier. A series of cell towers communicated information from motion sensors and cameras back to command posts. Those cell towers also communicated with remote control guns along the border fence meant to push back anyone approaching. The result was an illusion of control with a hidden single point of failure. Hamas capitalized, using their own tech—drones—to attack the cell towers, simultaneously blinding the cameras and neutering the guns.
The Israeli services also would have been confident in their signals intelligence (SIGINT) collection. An attack this large took months of planning and coordination. Israel, leaning on its technological prowess, would have assumed a large attack would show up somewhere in technical surveillance: chatter over cell phones, emails over vulnerable lines, or someone who forgot to leave a cell phone outside a room when planning was discussed. But it seems a combination of strong Hamas defensive tradecraft and missed signs in collection meant a failure to warn.
Technical surveillance can give you information on the things in life, but rarely their significances. That’s where human intelligence (HUMINT) shines. A well-placed human source can provide facts, like who was in what room on what day, but can also interpret the significance. A human source flagging an “unusual” level of activity, or the appearance of a stranger speaking Farsi, or a delivery of a crate of Iranian drones could have been the difference between a tragedy and day without headlines.
An eventual Israeli intelligence review will reveal the collection posture for human sources. Gaza is a difficult operating environment—recruiting sources is hard and keeping them harder. In the final accounting, Israel will need to carefully evaluate whether an overreliance on tech and an under-reliance on humans was a central cause of the tragedy.
How Policy Failures Overlap with Intelligence Failures
Daniel Byman
Senior Fellow, Transnational Threats Project
Intelligence agencies are convenient scapegoats: they are meant to be apolitical, and intelligence at its best is far from perfect. But their failures should not excuse the policy decisions that shaped intelligence priorities and capabilities and the very nature of the threat.
Intelligence and policy are interwoven: policymakers determine what a state’s priorities are and the resources given to intelligence agencies, among many other roles. Intelligence agencies, however, often struggle to convince policymakers of a threat. Richard Betts, a senior scholar of intelligence, warns that many supposed intelligence failures stem from policymaker disbelief. Other intelligence failures are borne from inappropriate prioritization by policymakers. Before 9/11, for example, the policy community did not sufficiently resource counterterrorism intelligence, lacked in homeland security, and had a Middle East policy that did not prioritize counterterrorism.
Reports of what Israeli military intelligence and Shin Bet, Israel’s domestic intelligence agency, which has responsibility for Gaza, told Prime Minister Benjamin Netanyahu and his senior advisors about Hamas’s intentions and capabilities, are still unfolding—yet these agencies are already taking responsibility for a massive failure. However, Israeli policymakers probably also bear considerable responsibility. They prioritized Iran and the growing violence in the West Bank, as well as the turmoil in Israel itself. Some of the Israeli policy response might have stemmed from a careful consideration of intelligence analysis, but it also could be due to Israeli leaders’ own sense of Israel’s interests, their belief that the Hamas challenge was effectively managed, and their political priorities, such as appeasing the settler community that is expanding its presence on the West Bank.
Perhaps most important, political leaders also have a hand in shaping the threat itself. Israel’s policies toward the Palestinians, and toward Gaza in general, affect both Hamas’s intent and capability as well the attitudes of ordinary Palestinians. Determining why Hamas acted when it did requires assessing how the Netanyahu government’s policies shaped the terrorist group—an assessment of one’s own government that is politically fraught for any intelligence agency.