DHS Office of Intelligence and Analysis: Role and Functions

The DHS Office of Intelligence and Analysis (I&A) serves as the Department of Homeland Security's primary intelligence component, responsible for collecting, analyzing, and disseminating threat information to federal, state, local, tribal, and territorial partners. Established under the Homeland Security Act of 2002 (6 U.S.C. § 121), I&A occupies a dual role: it functions as a member of the broader U.S. Intelligence Community while simultaneously serving as a bridge between national intelligence and frontline homeland security operators. This page covers I&A's statutory foundation, organizational structure, intelligence cycle mechanics, jurisdictional boundaries, and the persistent tensions inherent in its mission.

• Definition and Scope
• Core Mechanics or Structure
• Causal Relationships or Drivers
• Classification Boundaries
• Tradeoffs and Tensions
• Common Misconceptions
• Checklist or Steps
• Reference Table or Matrix

Definition and Scope

The Office of Intelligence and Analysis was created by Section 201 of the Homeland Security Act of 2002, codified at 6 U.S.C. §§ 121–124. Its statutory mandate requires the office to access, receive, and analyze law enforcement and intelligence information from federal agencies, state and local governments, and private sector entities to understand threats to the homeland.

I&A's scope spans five primary threat domains:

• Terrorism and counterterrorism — both international and domestic violent extremism
• Cybersecurity threats — in coordination with the Cybersecurity and Infrastructure Security Agency (CISA)
• Border and transnational crime — in support of CBP and ICE operations
• Weapons of mass destruction — biological, chemical, radiological, and nuclear threat streams
• Critical infrastructure threats — covering all 16 sectors designated under Presidential Policy Directive 21

The Under Secretary for Intelligence and Analysis leads the office and holds a statutory designation as the DHS Chief Intelligence Officer. I&A is one of 18 components of the U.S. Intelligence Community, as defined by the National Security Act of 1947, placing it alongside agencies such as the CIA, NSA, and the Defense Intelligence Agency.

The full scope of DHS intelligence and analysis functions extends to supporting the DHS Annual Threat Assessment, which the department publishes to inform Congress and the public about homeland security risk priorities.

Core Mechanics or Structure

I&A operates through four primary functional divisions:

1. Intelligence Enterprise Management
Oversees resource allocation, personnel security, and coordination with the Office of the Director of National Intelligence (ODNI). This division ensures I&A's analytic production aligns with the Intelligence Community's National Intelligence Priorities Framework.

2. Analysis
Produces finished intelligence assessments for DHS leadership, the White House, and Congress. Analysts hold clearances at the Top Secret/Sensitive Compartmented Information (TS/SCI) level and draw on classified reporting from across the Intelligence Community as well as open-source intelligence (OSINT).

3. Intelligence Partnerships
Manages I&A's relationship with the national network of fusion centers — 79 state and major urban area centers as of the most recent ODNI count (ODNI National Network of Fusion Centers) — which serve as the primary mechanism for sharing classified and sensitive-but-unclassified threat information with non-federal entities. I&A deploys intelligence officers directly to fusion centers to facilitate real-time information exchange.

4. Collection and Requirements
Manages the formal intelligence requirements process, translating operational needs from DHS components and state/local partners into collection priorities submitted to national intelligence collection platforms.

I&A does not operate its own human intelligence (HUMINT) collection capability domestically. Domestic HUMINT collection remains the statutory domain of the FBI under Executive Order 12333. I&A's collection authority centers on open-source collection, reporting from DHS operational components, and receipt of intelligence from Intelligence Community partners.

Causal Relationships or Drivers

The creation of I&A was a direct institutional response to the 9/11 Commission's finding that the September 11 attacks resulted in part from a failure to share and synthesize intelligence across agency boundaries (9/11 Commission Report, Chapter 11). The commission identified 14 specific points of failure related to information sharing and analytical integration.

Three structural drivers shape I&A's ongoing operational posture:

Fragmentation of homeland threat data — Threat-relevant information resides across federal law enforcement databases (FBI, DEA, ATF), DHS operational components, state and local law enforcement agencies, and private sector owners of critical infrastructure. No single system aggregates these streams automatically, making I&A's synthesis function structurally necessary.

The domestic/foreign intelligence divide — U.S. law maintains a legal distinction between foreign intelligence collection (primarily governed by FISA, 50 U.S.C. § 1801 et seq.) and domestic law enforcement activity. I&A operates in the space where these streams intersect — for example, when a foreign-origin threat has domestic operational components.

State and local capacity gaps — Most of the approximately 18,000 law enforcement agencies in the United States lack independent intelligence analysis capabilities. I&A fills this gap by producing products tailored for non-federal consumers who lack access to classified national intelligence.

Classification Boundaries

I&A produces intelligence products at three primary classification levels:

The CUI framework, governed by 32 C.F.R. Part 2002, replaced legacy designations like "Law Enforcement Sensitive" and "For Official Use Only" to standardize handling across federal agencies. I&A's unclassified products — including the publicly released annual threat assessments — provide baseline threat framing without disclosing sources, methods, or operational detail.

The DHS threat advisory system draws directly on I&A analytic judgments to set the National Terrorism Advisory System (NTAS) alert level, the successor to the color-coded Homeland Security Advisory System retired in 2011.

Tradeoffs and Tensions

Integration vs. civil liberties
The broader scope of I&A's information-sharing mandate creates inherent tension with DHS privacy and civil liberties protections. The DHS Privacy Office and Office for Civil Rights and Civil Liberties (CRCL) conduct oversight of I&A activities, particularly following documented instances where I&A produced products that touched on constitutionally protected activities. A 2012 Senate Permanent Subcommittee on Investigations report found that DHS fusion center reporting had produced 188 reports over a two-year period that were "rarely actionable" and raised civil liberties concerns (Senate PSI Report, October 2012).

Intelligence Community access vs. law enforcement utility
Products calibrated for the Intelligence Community often rely on classified sources and methods that cannot be shared with state or local law enforcement. Products stripped of classified detail to reach non-federal partners risk becoming operationally thin. I&A navigates this tension through a "tear line" production model, where a single analytic product contains a classified upper portion and an unclassified or CUI lower portion.

Domestic surveillance concerns
I&A's use of social media monitoring and open-source collection for domestic threat assessment has faced congressional scrutiny. The DHS oversight and accountability framework requires I&A to document legal authorities for each collection and analysis activity through a formal civil liberties impact assessment process.

Speed vs. accuracy
Fusion centers and operational components frequently need rapid threat information during emerging incidents. I&A's analytic tradecraft standards — rooted in Intelligence Community Directive 203 (Analytic Standards) — require sourcing, confidence calibration, and alternative hypothesis consideration that take time. This creates an operational tension between rapid warnings and analytically rigorous finished products.

Common Misconceptions

Misconception: I&A conducts domestic surveillance operations
I&A is an analytic and information-sharing organization, not a surveillance or law enforcement agency. It holds no arrest authority and does not operate surveillance platforms. Domestic collection activities are constrained by the Privacy Act of 1974 (5 U.S.C. § 552a), Executive Order 12333, and internal Attorney General guidelines.

Misconception: I&A and CISA perform the same function
CISA focuses on physical and cyber infrastructure protection and incident response. I&A focuses on threat intelligence analysis and information sharing. The two organizations coordinate extensively — particularly on critical infrastructure threats — but hold distinct statutory mandates under separate sections of the Homeland Security Act.

Misconception: Fusion centers are I&A field offices
Fusion centers are owned and operated by state and local governments, not by DHS. I&A's role is to provide personnel, training, and intelligence access to these independently governed entities. As the DHS fusion centers reference documents, the 79-center network represents a state-federal partnership, not a DHS-directed field structure.

Misconception: I&A produces all DHS intelligence
Each major DHS component — including CBP, ICE, the Coast Guard, and the Secret Service — maintains its own intelligence function. I&A serves as the department-level integrator and the official DHS representative in the Intelligence Community, but component intelligence offices operate under their respective component leadership chains.

Checklist or Steps

How an I&A intelligence product moves from requirement to dissemination

1. Requirement identification — A DHS component, fusion center, or federal partner submits an intelligence requirement through the formal requirements management system
2. Prioritization — The I&A Requirements and Validation Branch evaluates the requirement against the National Intelligence Priorities Framework and DHS Secretary priorities
3. Collection tasking — If existing reporting is insufficient, I&A submits collection requirements to appropriate national collection platforms or open-source collection teams
4. Analysis and drafting — Analysts produce a draft product following ICD 203 analytic standards, including confidence level designation and alternative analysis
5. Peer review — A senior analyst or team lead conducts structured review for sourcing, logic, and analytic soundness
6. Civil liberties review — Products touching on First Amendment-protected activities or U.S. persons undergo CRCL and Privacy Office review before release
7. Classification marking — The product receives classification markings per 32 C.F.R. Part 2001 (Classified National Security Information)
8. Dissemination — The product is distributed through appropriate channels: the Homeland Security Information Network (HSIN) for state/local partners, classified systems for federal IC partners, or public release for unclassified assessments
9. Feedback collection — Receiving agencies provide consumer feedback to inform future product calibration

Reference Table or Matrix

I&A vs. Other DHS Intelligence-Adjacent Functions

The DHS organizational structure page maps the full relationship between I&A and the department's 22 component agencies. The DHS counterterrorism role page addresses how I&A's analytic products integrate with operational counterterrorism activities carried out by DHS components and interagency partners.

The DHS homepage provides entry-point orientation for readers approaching the department's intelligence, security, and preparedness missions from a foundational level.