Counterterrorism “tsar” Richard Clarke sends National Security Adviser Rice an e-mail message “outlining a number of steps agreed on” at the Counterterrorism Security Group meeting the day before (see July 5, 2001), “including efforts to examine the threat of weapons of mass destruction and possible attacks in Latin America. One senior administration official [says] Mr. Clarke [writes] that several agencies, including the FBI, the CIA, and the Pentagon, [have] been directed to develop what the official [says are] ‘detailed response plans in the event of three to five simultaneous attacks.’” However, no response or follow-up action has been pointed out. [New York Times, 4/4/2004]
September 4-11, 2001: ISI Director Visits Washington for Mysterious Meetings
ISI Director Lt. Gen. Mahmood Ahmed visits Washington for the second time. On September 10, a Pakistani newspaper reports on his trip so far. It says his visit has “triggered speculation about the agenda of his mysterious meetings at the Pentagon and National Security Council” as well as meetings with CIA Director Tenet (see September 9, 2001), unspecified officials at the White House and the Pentagon, and his “most important meeting” with Marc Grossman, US Under Secretary of State for Political Affairs. The article suggests, “[O]f course, Osama bin Laden” could be the focus of some discussions. Prophetically, the article adds, “What added interest to his visit is the history of such visits. Last time [his] predecessor was [in Washington], the domestic [Pakistani] politics turned topsy-turvy within days.” [News (Islamabad), 9/10/2001] This is a reference to the Musharraf coup just after an ISI Director’s visit on October 12, 1999 (see October 12, 1999).
September 10, 2001: Defense Secretary Rumsfeld Announces Defense Department Cannot Track $2.3 Trillion in Transactions
In a public speech to the Department of Defense, Defense Secretary Donald Rumsfeld announces that the Department of Defense “cannot track $2.3 trillion in transactions.” CBS later calculates that 25 percent of the yearly defense budget is unaccounted for, and quotes a long-time defense budget analyst: “[Their] numbers are pie in the sky. The books are cooked routinely year after year.” Coverage of this rather shocking story is nearly nonexistent given the events of the next day. [US Department of Defense, 9/10/2001; CBS News, 1/29/2002] In April 2002 it will be revealed that $1.1 trillion of the missing money comes from the 2000 fiscal year. Auditors won’t even quantify how much money is missing from fiscal year 2001, causing “some [to] fear it’s worse” than 2000. The Department of the Army will state that it won’t publish a stand-alone financial statement for 2001 because of “the loss of financial-management personnel sustained during the Sept. 11 terrorist attack.” [Insight, 4/29/2002] This $1.1 trillion plus unknown additional amounts continues to remain unaccounted for, and auditors say it may take eight years of reorganization before a proper accounting can be done. [Insight, 8/21/2003]
September 10, 2001: Military ‘Infocon’ Alert Level Reduced because of Perceived Lower Threat of Computer Attacks
The US military reduces the Information Operations Condition (Infocon) to Normal—the lowest possible threat level—less than 12 hours before the 9/11 attacks commence, reportedly due to reduced fears of attacks on computer networks.
Level Reduced Due to ‘Decreased Threat’ – The Infocon level is lowered to Normal, meaning there is no special threat, at 9:09 p.m. this evening. The reason for this, according to historical records for the 1st Fighter Wing at Langley Air Force Base, Virginia, is “a decreased threat from hacker and virus attacks on the computer networks across the US.” [Colorado Springs Gazette, 5/3/2001; 1st Fighter Wing History Office, 12/2001] Since October 1999, the commander of the US Space Command has been in charge of Defense Department computer network defense, and has had the authority to declare Infocon levels. [IAnewsletter, 12/2000 
] General Ralph Eberhart, the current commander of both the US Space Command and NORAD, is thus responsible for evaluating the threat to US military computers and issuing information conditions—“Infocons”—to the US military. He is presumably therefore responsible for lowering the Infocon level this evening.
Higher Infocon Level Requires More Precautions – It is unclear what difference the reduced Infocon level makes. But an e-mail sent earlier in the year from Peterson Air Force Base in Colorado, where NORAD and the US Space Command are headquartered, revealed the steps to be taken when the Infocon level is raised one level from Normal, to Alpha. These steps include “changing passwords, updating keys used to create classified communication lines, minimizing cell phone use, backing up important documents on hard drive, updating virus protection on home computers, reporting suspicious activity, and reviewing checklists.” [Colorado Springs Gazette, 5/3/2001]
Level Increased Earlier in Year – It is also unclear what the Infocon level was prior to being reduced this evening and why it had been at that raised level. Pentagon networks were raised to Infocon Alpha for the first time at the end of April this year, as a precaution against attacks on US systems, after Chinese hackers warned of such attacks in Internet chat room postings. [United Press International, 4/30/2001; Colorado Springs Gazette, 5/3/2001; United Press International, 7/24/2001] The Infocon level was raised to Alpha a second time in late July, due to the threat posed by the Code Red computer virus. [United Press International, 7/24/2001; US Department of Defense, 7/24/2001] It will be raised again, from Normal to Alpha, during the morning of September 11, immediately after the second attack on the World Trade Center takes place (see 9:04 a.m. September 11, 2001). [1st Fighter Wing History Office, 12/2001]
System Intended to Protect Defense Department Computers – The Joint Chiefs of Staff established the Infocon system in March 1999 in response to the growing and sophisticated threat to Defense Department information networks. The system is intended as a structured, coordinated approach to defend against and react to attacks on Defense Department systems and networks. Reportedly, it “provides a structured, operational approach to uniformly heighten or reduce defensive posture, defend against unauthorized activity, and mitigate sustained damage to the defense information infrastructure.” It is analogous to other Defense Department alert systems, such as Defense Condition (Defcon) and Threat Condition (Threatcon). The Infocon system comprises five levels of threat, each with its own procedures for protecting systems and networks. These levels go from Normal, through Alpha, Bravo, and Charlie, up to Delta, which, according to Rear Admiral Craig Quigley, the deputy assistant secretary of defense for public affairs, is when “You’re currently under an absolutely massive hack attack, from a variety of means, from a variety of sources. You’re talking a very concerted, focused attack effort to get into [Defense Department] systems.” [IAnewsletter, 12/2000 ; General Accounting Office, 3/29/2001 ; US Department of Defense, 7/24/2001]
Just Before September 11, 2001: Key Counterterrorism Position Still Unfilled
The position of Deputy Secretary for Special Operations and Low-Intensity Conflict, the Defense Department post traditionally dealing the most with counterterrorism, still has not been filled since being vacated in January 2001 when Bush became president. Aides to Defense Secretary Rumsfeld later tell the 9/11 Commission that “the new [Defense Department] team was focused on other issues” and not counterterrorism. [Newsweek, 3/24/2004]
8:30 a.m. September 11, 2001: US Military Holding ‘Practice Armageddon’ Nationwide Training Exercise
As the 9/11 attacks are taking place, a large military training exercise called Global Guardian is said to be “in full swing.” It has been going on since the previous week. [Omaha World-Herald, 2/27/2002; Omaha World-Herald, 9/10/2002] Global Guardian is an annual exercise sponsored by US Strategic Command (Stratcom) in cooperation with US Space Command and NORAD. One military author defines Stratcom as “the single US military command responsible for the day-to-day readiness of America’s nuclear forces.” [Arkin, 2005, pp. 59]
Exercise Tests Military’s Ability to Fight a Nuclear War – Global Guardian is a global readiness exercise involving all Stratcom forces and aims to test Stratcom’s ability to fight a nuclear war. It is one of many “practice Armageddons” that the US military routinely stages. [Bulletin of the Atomic Scientists, 11/1/1997; Associated Press, 2/21/2002; Omaha World-Herald, 2/27/2002; Omaha World-Herald, 9/10/2002] It links with a number of other military exercises, including Crown Vigilance (an Air Combat Command exercise), Apollo Guardian (a US Space Command exercise), and the NORAD exercises Vigilant Guardian and Amalgam Warrior. [US Department of Defense, 5/1997; GlobalSecurity (.org), 4/27/2005] Global Guardian is both a command post and a field training exercise, and is based around a fictitious scenario designed to test the ability of Stratcom and its component forces to deter a military attack against the US. Hundreds of military personnel are involved. [US Congress, n.d.; Collins Center Update, 12/1999 ; Times-Picayune, 9/8/2002] The exercise involves “a lot of the elements of what ultimately would be the nuclear command and control system in support of a national emergency,” according to Admiral Richard Mies, the commander in chief of Stratcom. It includes an “exercise secretary of defense” and “an exercise president.” Mies will say that because of the exercise, “A lot of [Stratcom’s] command and control systems that, in peacetime, are normally not on alert were at a much, much higher state of alert [on September 11] and we had a number of aircraft, manned control aircraft that were airborne that were simulating their wartime roles.” [NET News, 12/27/2011]
Exercise Normally Held in October or November – According to a 1998 Internet article by the British American Security Information Council—an independent research organization—Global Guardian is held in October or November each year. [Kristensen, 10/1998] In his book Code Names, NBC News military analyst William Arkin dates this exercise for October 22-31, 2001. [Arkin, 2005, pp. 379] And a military newspaper reported in March 2001 that Global Guardian was scheduled for October 2001. [Space Observer, 3/23/2001, pp. 2 ] If this is correct, then some time after March, the exercise must have been rescheduled for early September.
Exercise Includes a ‘Computer Network Attack’ – Furthermore, a 1998 Defense Department newsletter reported that for several years Stratcom had been incorporating a computer network attack (CNA) into Global Guardian. The attack involved Stratcom “red team” members and other organizations acting as enemy agents, and included attempts to penetrate the command using the Internet and a “bad” insider who had access to a key command and control system. The attackers “war dialed” the phones to tie them up and sent faxes to numerous fax machines throughout the Command. They also claimed they were able to shut down Stratcom’s systems. Reportedly, Stratcom planned to increase the level of computer network attack in future Global Guardian exercises. [IAnewsletter, 6/1998 ] It is unclear if a computer network attack is incorporated into Global Guardian in 2001.
Before 8:46 a.m. September 11, 2001: Defense Secretary Rumsfeld Reportedly Predicts Terror Attacks
Defense Secretary Donald Rumsfeld, Deputy Defense Secretary Paul Wolfowitz, Representatives Christopher Cox (R-CA) and John Mica (R-FL), and numerous others are meeting in Rumsfeld’s private Pentagon dining room, discussing missile defense (see (8:00 a.m.-8:50 a.m.) September 11, 2001). Rumsfeld later recalls, “I had said at an eight o’clock breakfast that sometime in the next two, four, six, eight, ten, twelve months there would be an event that would occur in the world that would be sufficiently shocking that it would remind people again how important it is to have a strong healthy Defense Department that contributes to—that underpins peace and stability in our world.” [US Department of Defense, 12/5/2001] Wolfowitz recalls, “And we commented to them that based on what Rumsfeld and I had both seen and worked on the Ballistic Missile Threat Commission, that we were probably in for some nasty surprises over the next ten years.” [Vanity Fair, 5/9/2003] According to Mica, “the subject of the conversation Donald Rumsfeld was interested in was, the military had been downsized during the ‘90s since the fall of the Berlin Wall. And what we were going to do about [the] situation if we had another—the word [Rumsfeld] used was ‘incident.‘… And he was trying to make certain that we were prepared for something that we might not expect.” [US Congress. House. Oversight and Government Reform Committee, 8/1/2007] There are confused accounts that Rumsfeld says, “I’ve been around the block a few times. There will be another event,” just before the Pentagon is hit by Flight 77 (see (Before 9:37 a.m.) September 11, 2001), but such comments may have been made around this time instead. Shortly afterwards, someone walks in with a note informing Rumsfeld that a plane has just hit the WTC (see Shortly After 8:46 a.m. September 11, 2001). [US Department of Defense, 12/5/2001; 9/11 Commission, 3/23/2004] Mica later comments, “[L]ittle did we know that within a few minutes of the end of our conversation and actually at the end of our breakfast, that our world would change and that incident that we talked about would be happening.” [US Department of Defense, 9/10/2004]
8:50 a.m. September 11, 2001: FAA Establishes Phone Bridges, Including with the Military, Earlier than Claimed by 9/11 Commission
According to a statement by two high-level FAA officials, “Within minutes after the first aircraft hit the World Trade Center, the FAA immediately established several phone bridges [i.e., telephone conference calls] that included FAA field facilities, the FAA command center, FAA headquarters, [Defense Department], the Secret Service, and other government agencies.” The FAA shares “real-time information on the phone bridges about the unfolding events, including information about loss of communication with aircraft, loss of transponder signals, unauthorized changes in course, and other actions being taken by all the flights of interest, including Flight 77. Other parties on the phone bridges in turn shared information about actions they were taken.” The statement says, “The US Air Force liaison to the FAA immediately joined the FAA headquarters phone bridge and established contact with NORAD on a separate line.” [9/11 Commission, 5/23/2003] Another account says the phone bridges are “quickly established” by the Air Traffic Services Cell (ATSC). This is a small office at the FAA’s Herndon Command Center, which is staffed by three military officers at the time of the attacks (see (Between 9:04 a.m. and 9:25 a.m.) September 11, 2001). It serves as the center’s liaison with the military. According to Aviation Week and Space Technology, the phone bridges link “key players, such as NORAD’s command center, area defense sectors, key FAA personnel, airline operations, and the NMCC.” [Aviation Week and Space Technology, 6/10/2002; 9/11 Commission, 6/17/2004] According to an FAA transcript of employee conversations on 9/11, one of the phone bridges, between the FAA Command Center, the operations center at FAA headquarters, and air traffic control centers in Boston and New York, begins before Flight 11 hits the World Trade Center at 8:46 (see 8:46 a.m. September 11, 2001). [Federal Aviation Administration, 10/14/2003, pp. 3-10 ] If these accounts are correct, it means someone at NORAD should learn about Flight 77 when it deviates from its course (see (8:54 a.m.) September 11, 2001). However, the 9/11 Commission will later claim that the FAA teleconference is established about 30 minutes later (see (9:20 a.m.) September 11, 2001). The Air Force liaison to the FAA will claim she only joins it after the Pentagon is hit (see (Shortly After 9:37 a.m.) September 11, 2001).
Shortly After 9:03 a.m. September 11, 2001: Despite Attacks in New York, Pentagon Defense Chief Does Not Raise Alert Level
Despite two attacks having occurred in New York, the threat level at the Pentagon is not raised. John Jester, the chief of the Defense Protective Service (DPS)—the law enforcement agency that guards the Pentagon—is in his office at the Pentagon. He had been unaware of the first WTC crash and only learned of it when his press officer, Glenn Flood, phoned about it at around 9:00 a.m. and asked him if he would be reacting. Jester switched on the TV in his office just in time to see the second tower hit, at 9:03 a.m. Even though he realizes that it is “obvious this was a terrible attack,” Jester later recalls that at this time, he is “thinking about what else we needed to do based on the attacks in New York, not having in my mind that it would happen here too.” [Murphy, 2002, pp. 243-244] Lieutenant Michael Nesbitt, who runs day-to-day operation in the DPS Communications Center on the first floor of the Pentagon, telephones Jester and asks if he knows about the crashes in New York. Jester instructs Nesbitt to send a message to the building’s Real Estate and Facilities Directorate, reassuring everyone that the Pentagon remains secure. Jester tells him that its Terrorist Force Protection Condition is staying at “Normal,” which means there is no present threat of terrorist activity. (The Terrorist Force Protection Condition—previously known as the Terrorist Threat Condition—ranges from Normal through four higher levels, from Alpha to Delta.) According to the Defense Department’s own book about the Pentagon attack, “No one in DPS received warning of a hijacked aircraft on its way to the Washington area.” Jester apparently will not order the threat level to be raised until shortly before 9:37, when the Pentagon is hit (see (Shortly Before 9:37 a.m.) September 11, 2001); at the time of the attack, the alert level will still be at Normal. [Goldberg et al., 2007, pp. 151-152]
9:20 a.m. September 11, 2001: FAA Sets Up Ineffectual Hijacking Teleconference
The FAA sets up a hijacking teleconference with several agencies, including the Defense Department. This is almost one hour after the FAA’s Boston flight control began notifying the chain of command (see 8:25 a.m. September 11, 2001) and notified other flight control centers about the first hijacking at 8:25 a.m. (see 8:25 a.m. September 11, 2001). According to the Acting FAA Deputy Administrator Monte Belger, this teleconference (called the “hijack net”) is “the fundamental primary source of information between the FAA, [Defense Department], FBI, Secret Service, and… other agencies.” Yet even after the delay in setting it up, FAA and Defense Department participants later claim it plays no role in coordinating the response to the hijackings. The 9/11 Commission says, “The NMCC [National Military Command Center inside the Pentagon] officer who participated told us that the call was monitored only periodically because the information was sporadic, it was of little value, and there were other important tasks. The FAA manager of the teleconference also remembered that the military participated only briefly before the Pentagon was hit.” [9/11 Commission, 6/17/2004; 9/11 Commission, 7/24/2004, pp. 36] According to a statement provided by the FAA to the 9/11 Commission in 2003, this teleconference began significantly earlier—“[w]ithin minutes after the first aircraft hit the World Trade Center” (see (8:50 a.m.) September 11, 2001). [9/11 Commission, 5/23/2003]
