Falling Through the Cracks#
I was sitting in a briefing room once—can’t say where—at one of those interagency meetings that happen after something bad has nearly happened and everybody’s trying to figure out why. Four different federal agencies had representatives at the table, each with their own binders, their own acronyms, their own chain of command.
The question was straightforward: who had been responsible for tracking a particular threat that almost slipped through? And I watched, in real time, as each agency rep explained—politely, professionally, with flawless bureaucratic logic—why it wasn’t their job.
Agency A said the threat fell outside their jurisdictional mandate. Agency B said they’d flagged it but passed it along because it crossed into Agency C’s territory. Agency C said they never got the referral. Agency D said they would have acted if anyone had asked, but nobody did.
Four agencies. Four perfectly reasonable explanations. Zero accountability. And a threat that had come within inches of making the front page.
That’s not a failure of people. That’s a failure of architecture. And it’s happening across the federal government every single day.
Here’s something most people don’t grasp about federal law enforcement and national security: the problem isn’t that we have too few agencies. We have too many. The United States has over eighty federal bodies with some form of law-enforcement authority. Eighty. Each with its own leadership, its own budget, its own priorities, its own culture, and its own definition of what counts as a “core mission.”
Threats don’t read organizational charts. A terrorist doesn’t plan an attack thinking, “I’d better make sure this lands neatly in the FBI’s jurisdiction so they can handle it cleanly.” A cybercriminal doesn’t check whether his target is regulated by the SEC, the FTC, or CISA before launching. Threats are fluid. They cross boundaries. They exploit seams. By nature, they’re interdisciplinary.
Our defense against them, meanwhile, is fragmented into eighty separate silos, each tuned to its own narrow slice, each graded by its own scorecard, each fighting for its own funding.
Picture an immune system where white blood cells only handle infections in specific organs and ignore everything else. Lung cells tackle lung infections. Liver cells tackle liver infections. But a bloodborne pathogen traveling between organs? Nobody’s responsibility. It moves freely—not because it’s brilliant, but because the defense architecture has gaps wide enough to drive a truck through.
The first thing to understand about fragmentation is what I call the “priority black hole.”
Every agency runs on core metrics—the numbers that get measured, reported, and rewarded. For the FBI, it’s major-case resolutions. For the DEA, drug seizures. For the ATF, firearms violations. Those metrics drive behavior because they drive budgets and promotions. If you’re an FBI agent, you work the cases that advance your career, which are the cases your agency values, which are the cases that fit its mandate.
So what happens when a threat doesn’t fit neatly into anyone’s mandate?
It drops into the priority black hole.
Everyone sees it. Everyone agrees it’s real. But nobody owns it, because owning it means pulling resources away from the things you’re actually measured on. In bureaucratic language, it’s an “unfunded mandate”—a problem that exists without an institutional champion.
I’ve watched it happen with cyber threats, with domestic extremism, with transnational crime networks that span half a dozen agencies’ jurisdictions. The threat is real. The intelligence is there. But because it doesn’t map cleanly onto any single agency’s scoreboard, it bounces from meeting to meeting, memo to memo, until someone gets hurt or the threat resolves on its own.
The priority black hole doesn’t discriminate. It swallows everything that falls between organizational lines—and increasingly, that’s exactly where the most dangerous threats live.
The second dynamic is what economists might call the “coordination tax.”
Fragmentation isn’t free. Every time two agencies need to collaborate, they pay a toll in time, process, and friction. Meetings to schedule. Memoranda of understanding to draft. Liaison officers to assign. Information-sharing protocols to hammer out. Classification levels to reconcile. Legal authorities to parse.
Each step is individually reasonable. Together, they form a massive tax on effective action.
I’ve been in situations where the coordination overhead consumed more energy than the actual operational work. Three weeks negotiating which agency leads the task force. Two weeks arguing about data-sharing rules. Another week resolving jurisdictional turf. By the time everyone signs off on a plan, the window for action has closed.
When the tax gets high enough, rational people make a rational choice: they stop coordinating. They retreat into their silos, focus on their own numbers, and act as if the cross-cutting problems don’t exist. Not because they’re lazy or incompetent, but because the system has made collaboration more expensive than isolation.
That’s how fragmentation reinforces itself. The harder it is to coordinate, the less people try. The less they try, the wider the gaps. The wider the gaps, the more threats slip through. And the more threats slip through, the more agencies double down on their own narrow mandates—because at least those are problems they can solve inside their own walls.
Which brings me to the third piece—the most dangerous one: what I call the “gap-hunting effect.”
Sophisticated adversaries—terrorist networks, organized crime syndicates, systemic corruption rings—don’t throw themselves at the strongest point in our defenses. They’re not that dumb. They hit the weakest point. And in a fragmented system, the weakest points are always the seams between agencies.
Think about it from the adversary’s side. If you’re planning something that straddles federal and state jurisdiction, you know the handoff between those systems is where confusion lives. If your operation touches three different federal agencies’ turf, you know the coordination tax will slow any response. If your activity doesn’t fit neatly into anyone’s “core mission,” you know it’ll fall into the priority black hole.
You don’t need insider information to exploit fragmentation. You just need to be complex enough that no single agency can handle you alone. The system’s vulnerability is structural and visible to anyone who bothers to look.
That’s why the most devastating security failures in American history have almost always involved fragmentation. The intelligence existed. The puzzle pieces were there. But they were scattered across different agencies, different databases, different classification systems, different cultures. Nobody had the full picture because nobody was built to have it.
We responded to those failures by standing up new organizations—the Department of Homeland Security, the Director of National Intelligence—meant to solve the coordination problem. In practice, they layered more structure onto an already fragmented system. Now we had the original agencies plus a coordinating body, and coordinating the coordinator became its own bureaucratic challenge.
I’m not proposing we fold all eighty agencies into one mega-department. That would bring its own disasters—concentration of power, loss of specialization, bureaucratic bloat. The answer to fragmentation isn’t consolidation. It’s architecture.
What we need is a system that keeps specialization while killing the priority black hole. That takes three fundamental shifts.
First: shared threat ownership. When a threat crosses jurisdictional lines, a clear, pre-established protocol should assign ownership—not after weeks of negotiation, but automatically, based on the threat’s nature. Cyber? There’s a lead. Transnational? There’s a lead. Domestic? There’s a lead. And “lead” doesn’t mean “coordinator.” It means the agency that owns the outcome, with the authority and resources to demand cooperation from everyone else.
Second: unified metrics. Right now every agency is graded on its own scorecard, which incentivizes silo behavior. We need cross-cutting metrics that measure system-level outcomes—threats detected, threats neutralized, response times on cross-jurisdictional incidents. When an agency’s budget depends partly on how well it works with others, the coordination tax drops fast. Incentives shape behavior. Change the incentives, change the behavior.
Third: gap auditing. Somebody—I don’t care who—needs to be permanently assigned to finding the cracks. Not after something falls through them. Before. A dedicated function whose whole job is to map the seams between agencies and test whether threats can exploit them. Red teams for organizational architecture. War games for bureaucratic structure. If we stress-test bridges and buildings, we can stress-test the gaps between the agencies that are supposed to keep us safe.
Look, I get how we ended up here. Every new agency was created for a good reason. Every jurisdictional boundary was drawn with logic. Every specialization serves a purpose. The fragmentation wasn’t malicious—it was incremental. One agency at a time, one mandate at a time, one budget line at a time, until we woke up with eighty separate entities trying to defend a country that adversaries treat as a single target.
But understanding how we got here doesn’t justify staying here. The immune system’s strength was never about the individual cells. It was always about the coordination between them. A trillion white blood cells that can’t talk to each other are just a trillion organisms floating in the same body, each fighting its own private war, while the infection moves freely between them.
That’s where we are. And until we fix the architecture—not the people, not the budgets, not the mission statements, but the architecture—threats will keep falling through the cracks. Not because we lack the capability to stop them, but because we’ve organized that capability in a way that guarantees failure at the seams.
The fight isn’t about working harder. It’s about working together. And right now, the system is built to make that as hard as possible.