2009 November | Security Debrief - a blog of homeland security news and analysis

Archive for November, 2009

IBM Addresses Cyber Security at the State and Local Level

Monday, November 30th, 2009

IBM hosted a Cyber Security Leadership Summit in Boston on November 18. The speakers included the firm’s chief Privacy Officer, a director of cyber security policy and one of DHS’s cyber leaders. They were followed by a panel that included a representative of a large Boston Bank, a Massachusetts State Police Cyber Crime expert, Harvard University’s head of IT and a senior Emergency manager for the City of Boston.

It was interesting for someone like me (who is constantly immersed in the Washington discussions on cyber issues) to hear cyber security discussed as a local issue. For these folks, it is not an intellectual or philosophical discussion; it is not even the grand strategic problem we normally hear about in DC. It is a tactical and completely real issue that has implications for people whose faces these men know.

They spoke of the danger to their carefully built post-9/11 first responder capabilities. They have greatly enhanced communications systems and can move faster and with more precision than ever before. They rightly acknowledge that all that wonderful new stuff rides on the Internet, and if an incident occurs coupled with a cyber assault on those systems, there is a problem. Washington might consider a Distributed Denial-of-Service (DDoS) attack a nuisance event, but on the municipal level, if the timing is tied to a kinetic event or natural disaster, it will quickly become a major catastrophe.

These local, city and state leaders know well what they will bring to the table in such an event, but there is still clearly a knowledge gap as to what the federal government will bring. We need to do a better job of educating these key players who will frankly be the leaders on the ground in any incident. The Feds will work for the locals, and it is in the federal government’s interests to have them as prepared as possible. Additionally, in the cyber area, the Feds do not themselves know how they might respond.

This experience left me with two main feelings. One was that IBM is right to reach out to this level of our nation’s leadership. The private sector can and must partner with them and help build the right structures. The other feeling was that I had just met with the front line troops in our nation’s domestic defense. They are ready, already doing a huge amount of work and are looking for assistance. We should help them protect our families.

Posted in Critical Infrastructure, Cyber Security, Homeland State & Local, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments

In India, as Anywhere Else, Information Technology is not a Panacea

Monday, November 30th, 2009

The Hindustan Times recently published an article arguing that if India had only invested in IT systems with a common information pool, the Mumbai attacks could have been prevented because information had been received elsewhere that Mumbai was a target.

It’s interesting to see IT portrayed as the panacea solution to countering the threat of terrorism. As with countering any human-based threat, a capability must be created. A capability integrates doctrine, personnel, training, equipment, equipment support, political activities, media relations and other considerations, including IT (equipment and systems).

Buying the IT isn’t enough – because IT on its own simply provides a warehouse of information. The assertion that if there were a common pool of information Mumbai police would have been alerted is misleading. A PHONE CALL would have achieved the same result.

I don’t disagree that information systems supporting the CT effort provide force multipliers, but IT can only support the organizational cultures, not replace them. For instance, most Mumbai police remain unarmed, but the armed police have graduated from .303s to modern assault rifles. Unfortunately, the training to accompany that equipment is minimal, potentially actually increasing the threat to civilians while posing no additional deterrence to well-trained terrorists, who will go through badly trained police like a hot knife through butter.

Counter-terrorism, like countering smuggling, organized crime, narcotics and others, requires collection of information, converting information into intelligence and directed intelligence operations, which trigger operations. These proactive activities must take place simultaneously with a risk management approach to ensure that if unforeseen incidents occur, there are suitable measures in place and responses to manage the incident quickly.

IT is an important part of the information gathering process and can assist in converting information into intelligence; however, anyone who believes that simply dropping all the equipment noted in the article will suddenly cure the terrorist threat in India is setting themselves, and India, up to fail in the face of the next terrorist attack.

For those who seek to challenge this assertion, saying “well, IT worked in America – there haven’t been any other attacks since 9/11,” I suggest you look at the non-technical changes to methodology and investment in human activities that has accompanied the IT investment. In the U.S., there are still “turf wars;” it appears the lack of a phone call between organizations takes us back to where we started – that culture and a capability development approach, not IT, has to be the foundation when organizing a counter-terrorist effort.

Posted in Critical Infrastructure, International, Law Enforcement, Science & Technology, counterterrorism | Comments

Anniversaries and Remembrances: Yesterday, Today and Tomorrow

Wednesday, November 25th, 2009

Yesterday, with the news of former TSA Administrator David Stone’s untimely death, two events compressed in my mind.

Seven years ago today, President Bush signed the Homeland Security Act of 2002 (Public Law 107-296) after initially resisting Congressional efforts to create a new, Cabinet-level agency to consolidate homeland security efforts into a single entity. Among the various agencies relocated to DHS was the nascent Transportation Security Administration (TSA), which had been created in the immediate aftermath of the 9-11 attacks as a component of the Department of Transportation.

One year ago tomorrow, terrorists stormed the city of Mumbai, India, and through a series of ten coordinated shooting and bombing attacks, struck at the heart of India’s corporate community. The attacks lasted three days, leaving over 170 people dead and over 300 wounded.

I had been with Admiral Stone in Mumbai less than two weeks ago. He was as cheerful and engaging as he had always been, talking about his new position with Cisco Systems and his travels throughout India, China and South Asia where he was building new relationships and getting a better sense of what global security really meant. Bangalore may have been his new home, but he still maintained close touch with friends and family back in the U.S., even coming back for the TSA Awards banquet just last week.

Even if you disagreed with him, David Stone was always willing to listen to your position. He helped set TSA on the path toward creating better relationships with private sector stakeholders and getting TSA to prioritize its spending based on risk analysis rather than vulnerability assessment. He understood all too well that the threats were real; the enemies were adaptive; the bureaucracy was maddening; and, the accolades were few and far between. Yet, he had the heart of a public servant, and it showed wherever he went.

It is that same willingness to “listen and learn” that I saw in the reactions of Mumbai officials we met with during the course of our stay. Almost all were quite candid in assessing their own performance following the November 26 attacks, pointing out the changes they had made following the attacks, their lack of adequate funding for training and the seeming inability to prevent another such incident without shutting down the economy of India’s financial cornerstone. They also talked freely about risk analysis and resiliency, not just vulnerabilities. Mumbai officials understand, just as David Stone understood, that getting private sector stakeholders involved before another incident occurs is the key to mitigating the effects of a very bad day (or series of days.)

While the hotels, cafes and train station where the Mumbai attacks occurred exhibited great resilience, recovering quickly by re-opening for business in a matter of days, there are still visible reminders everywhere in Mumbai that attest to its vulnerability to another attack. And Mumbai is not alone.

There remain serious vulnerabilities in this country, in the U.K., Spain and other parts of the world where terrorists have done their evil deeds (general U.S. public apathy about these threats notwithstanding). Perhaps better than most, Admiral Stone understood this and was continually striving to address these threats in a responsible manner, based on rigorous factual analysis and thorough planning.

As these and future anniversaries arise, it is my hope that we remember the “right” lessons from these tragic events; that we honor the public servants and private sector folks who work so diligently to make us safer and more secure, and that we are ever vigilant against those who would do us harm.

The example Admiral David Stone set throughout his life is a reminder to us all. We have much to be thankful for, yet we have much more preparation to do.

Posted in Aviation and airport security, Border Security, Critical Infrastructure, International, Management & Administration, Military & Homeland Defense, counterterrorism | Comments

A Different Slant on Cyber Security

Monday, November 23rd, 2009

A recent article in Congressional Quarterly’s Homeland Security edition looked into a very different aspect of our government’s cyber security efforts. More than anything else, the story shows how pervasive cyber issues have become. CQ visited the Cyber Crimes Center belonging to Immigration and Customs Enforcement (ICE). ICE is one of the many misunderstood and under-appreciated law enforcement organizations within the Department of Homeland Security (DHS). They labor long and hard to protect us from all sorts of crimes that make life difficult near our borders, and at times, a living hell just on the other side.

The article relayed that even DHS officials are surprised when they visit the center and discover that a cyber security organization in DHS is not involved with infrastructure protection, hackers and related issues. What does the center do? They provide operational and intelligence support to a multitude of ICE investigations concerning crimes that may be “old fashioned” but now rely on the internet to accomplish their criminal goals.

These crimes include money laundering, outright theft, fraud, production and sale of false IDs, illegal munitions, counterfeit pharmaceuticals, gang activity, and child exploitation (porn, prostitution and sexual tourism). All these endeavors are big money and are growing everyday. The same interconnectivity that aids our economy and makes are lives so much more efficient helps criminals as well. It is the job of the ICE Cyber Crimes Center and related organizations to turn the tables on the criminals. This is a tough job, as the criminals not only get smarter at hiding their activities and more sophisticated technologically, but also, their numbers are growing at an astronomical rate.

It would be a grave mistake to push this effort aside as a “lesser” part of cyber security. It is not glamorous, and it seldom makes headlines; however, every child abuser they help catch, every drug smuggling ring they break, every violent gang they cripple makes us safer. The effort has enough traction that is has a large international cooperation component that continues to grow. Their job is difficult due to the complexity of the international laws involved and the inadequacy of our laws overall to properly deal with the cyber aspects of crime.

A key lesson from all this is that criminals understand that cyber is the key to success, and even in legacy crimes, they have added cyber components to make themselves more profitable. If the criminals get it, and most of the cops do, what is taking the rest of us (lawmakers, policy leaders and the general public) so darned long? Kudos to ICE for all their efforts and successes. Stay at it guys, and keep thinking out of the box. Cyber security may be the broadest field we have to face. It has a multitude of facets and will require many solutions. Regardless, I am glad DHS and its subordinate parts are still hard at the task of securing the Nation.

Posted in Cyber Security, Intelligence, Law Enforcement, Science & Technology | Comments

Senate Judiciary Addresses Cyber Security Status

Saturday, November 21st, 2009

On November 17, the Senate Judiciary Committee took up the subject of cyber security. An FBI witness said his organization considers “the cyber threat to our nation to be one of the greatest concerns of the twenty-first century.” He later said that cyber-based attacks and high tech crime were the FBI’s highest criminal priority.

Numerous witnesses from the present and previous Administration testified to the dangers, the steps that needed to be taken and the plans to fix the problems. Almost all admitted that there was much that needed to be done, and that they were just getting started. They also made a call for new and updated laws as well as authorities to help them fight the threats we face today.

Terrorism obviously came up. While most felt that the leading terrorist groups do not have a robust cyber capability today, they want it and are actively seeking to obtain it. It was also noted that this was probably easier for them to accomplish than their desire for WMD. In either case, everyone believed that unlike some nation states that have the cyber capability to attack us now but are deterred by our interconnected systems and economies, terrorists will use this capability as soon as they get it and have the opportunity.

Several witnesses discussed the ongoing debates in the Administration over issues such as privacy, civil liberties and how to provide cyber security without adversely affecting them. Few new points were raised in the discussion. Even the calls for a new public/private-sector partnership have all been heard before. They are the right points; we just need to act on them.

One hopes the Obama Administration will finally begin to leverage all the efforts, ideas and energy that continue to build in this space. Industry wants to help, law enforcement needs to act and the Defense/Intel communities are concerned with our present abilities. Give these groups the leadership they need Mr. President. Release them, with a valid vision to serve the Nation, and we will all be amazed at what they might provide.

Posted in Critical Infrastructure, Cyber Security, Homeland Security Industry & Private Sector, Intelligence, Law Enforcement, Management & Administration, Private and Physical Security, Science & Technology, counterterrorism | Comments

Congress Heal Thyself (Con’t – ad nauseum)

Friday, November 20th, 2009

Once again it is time to revisit the issue of Congressional meddling into the operations of DHS.

As has been well established by many commentators, myself included, the only item from the 9-11 Commission’s Report that has yet to be implemented is the consolidation of congressional oversight of the Department of Homeland Security.

Yesterday another former DHS official joined the one-sided debate. Greg Garcia, former assistant secretary of cybersecurity and telecommunications at DHS, said that Congress had treated DHS like a “whipping boy” in its “hyper oversight” activities – hindering the Department from fulfilling its mission. As reported by NextGov this morning, Garcia participated in a roundtable event where he “called out” Congress to practice what it preached to DHS officials. Apparently Garcia does not grasp the concept Congress has rarely taken its own advice – freely dispensed to others but rarely taken to heart in its own operations.

Sadly, it is no longer news that Congressional oversight is based upon a “do as I say, not as I do” attitude. Hypocrisy does not find a monopoly on Capitol Hill, but it surely seems to be comfortable there. That is a very difficult reality for idealists.

Still, Garcia is right in pointing it out and I ,for one, am happy to have him join the debate. Now if only someone in Congress would respond in a manner other than scheduling another hearing or calling for another private briefing with DHS officials.

Posted in Ideology & Public Diplomacy, Management & Administration, counterterrorism | Comments

Foreign Repair Stations: The Security Trojan Horse

Friday, November 20th, 2009

Recently, the House Homeland Security Committee held a hearing on the issue of aircraft foreign repair station security. The Transportation Security Administration (TSA), the Federal Aviation Administration (FAA), the Department of Transportation Inspector General (DOT IG), the unions, the airlines and the repairs stations were all present.

And while the Committee’s oversight on this issue is commendable, the hearing lacked one important item: an updated risk assessment. This omission, along with the testimony of three union representatives, suggests that security at foreign repair stations continues to be a Trojan horse for some.

Politicizing security for a non-security related objective is nothing new here in Washington. But when job protectionism cloaked as a security fix hinders the progress of mitigating real security vulnerabilities the underlying agenda needs to be unveiled and addressed seriously. TSA’s vigilance is deflated when protectionists mandate background checks and drug testing as the security silver bullet for overseas repair stations.

These actors know full well that these two measures may be impossible to implement universally, thus inhibiting airline outsourcing overseas. First, the sovereignty arguments are well stated and only a stronger effort through the International Civil Aviation Organization (ICAO) could address this issue. Second, many countries do not possess the ability to thoroughly document their citizens like we do in the United States rendering background checks ineffective. Third, the privacy laws and cultural values of many nations inhibit the authenticity of these checks.

Let TSA perform a thorough risk assessment and audit to uncover the security vulnerabilities at these repair stations. Then allow the agency to work with its foreign counterparts, airlines and workers to implement effective security measures to mitigate those vulnerabilities directly. Alternative, but commensurate and within-the-spirit-of-the-law (PL 108-176), security mechanisms should be acceptable when background and drug checks are not effective.

Regardless of how hard these groups try to make this a security issue, the protectionist agenda remains glaringly obvious. These special interest groups need to stop playing dress up. For too long security efforts have languished, in part, because the issue is seen as merely a masquerade.

Posted in Aviation and airport security, Border Security, Critical Infrastructure, Intelligence, International, Management & Administration, Military & Homeland Defense, counterterrorism | Comments

ID Management and Online Transactions at the U.S. Chamber

Thursday, November 19th, 2009

The U.S. Chamber held another meeting in the very helpful series of exchanges between Business and Government. The event focused on the nascent strategy for securing online transactions and was sponsored by two of the Chamber’s internal organizations: the National Security Task Force and the Telecommunication and E-Commerce Committee. It was a useful and interesting event.

The government participants were Tom Donahue and Ely Kahn, the Directors for Cyber Policy on the National Security Staff. On the Business side, besides a good presence form the Chamber itself, there were representatives from Telecoms big and small: Software giants; small Tech firms; large Federal Integrators; boutique Tech Consultants; Industry Trade Associations; and Washington Law Firms. It was a wide array of participants.

The discussion began with a short brief from Donahue and Kahn. They emphasized that they were trying to eat the elephant one bite at a time (my metaphor, not theirs). They were not trying to solve all of the identity management issues now facing the government. They readily admitted that others (perhaps DoJ / DHS) were looking at the larger law enforcement-related aspects of this thorny problem. They wanted to begin with a way of establishing a valid online identity upon which commerce could be conducted with reasonable assurance of validity. It sounds a lot easier than it is. It is not establishing that Steven Bucci is Steven Bucci for legal purposes but only so online vendor “X” is comfortable doing business with me. As limited as this sounds, we really cannot yet do it sufficiently well.

There were lots of caveats about avoiding the “third rail” of a national ID card and not making anything “mandatory.” They also like to speak of “eco-systems,” by which they mean holistic solutions not solely technical in nature. Both the NSS folks walked very lightly and are clearly cognizant of not causing more problems than a solution will solve. Donahue used his self-described “bumper sticker” slogan as a method for establishing an ID for online activity, which must be “universal, usable, useful, secure, losable, privacy enhancing, voluntary, affordable, and irresistible.” All of this is compelling, but darned-near impossible to achieve. Again, attempting to bound their efforts, Kahn and Donahue re-emphasized that they only wanted to enhance the present system, not fix it completely.

Their main reason for wanting to speak with businesses was to find out how industry did this sort of thing (authentication) for our internal interactions. They seemed surprised at the multiple steps (anywhere from two to six) that most firms used to ensure their internal nets were protected. They next asked if we were “happy” with such a process. Most answered that it was a small inconvenience because we used it all the time and were, for the most part, pretty good at it. We all admitted that more needed to be done. No one had a real solution yet.

There were several aspects of the conversation that stuck out in my mind. The first was the NSS staffers’ insistence that they were not and would not produce a “road map” to achieve this goal. They were going to act as evangelists for the need and depend on industry to develop solutions. They would let the “market forces” determine the best way forward. I for one was quite surprised. We reminded them that it might be helpful if they could give us hints as to research areas that would be non-starters so we could focus on other directions. They were reluctant even to go that far.

The other area that stood out was that once a system that meets Donahue’s bumper sticker is developed, they do not want the effort to be controlled at the Federal level. They think States are probably the best place but that it could go to more local levels. I have a feeling that States may not like the extra expense and administration unless it comes to them funded.

At the end, it was agreed that Donahue and Kahn needed several subsequent meetings. We all admired their desire to be non-directive and their wish not to “offend” anyone. My feeling is that they will have a devil of a time getting anywhere unless they firm up their requirements.

There is an old saying: “If you don’t know where you are going, you’ll never get there.” They should plan out a road map but be ready to adjust or deviate from it if an innovation pops up. The generalities were far too loose for industry to help much. It seems that the Administration’s cyber efforts (even the limited ones) are still mired and producing little actionable leadership.

Posted in Cyber Security, Homeland Security Industry & Private Sector, Intelligence, Management & Administration, Science & Technology | Comments

DHS Together Again: People I’m Thankful For

Wednesday, November 18th, 2009

On Tuesday night, I had a drink with more than a hundred friends and what I call my extended family. Many of them I knew; others I didn’t but they were still family. We gathered in a bar in Georgetown to celebrate a unique bond we all share – securing our homeland.

We were joined by the notable Janet Napolitano, DHS’ current Secretary; also present was her predecessor, Michael Chertoff and many others whose names and careers have decorated news stories and congressional hearings since 9/11. We were also joined by many whose names and faces would not be known to the general public or the Beltway crowd.

We were Republicans, Democrats and Independents. We were creatures of the inner Beltway and from every other corner of the United States. We were black, white, brown, yellow and more. We were physicians, businessmen, intelligence officers, Secret Service agents, military personnel, former Capitol Hill and state and local government officials, public affairs types and more. We were men and women with expertise in emergency management, border security, immigration, intelligence, law enforcement, infrastructure protection, legislative affairs and more.

We were about as motley a business-dressed crowd as you could assemble in one room. We were DHS Alumni (former and current employees) and if I might be so bold to say, “We’re a great bunch of people.”

While we all may have had personal as well as professional disagreements in the course of our service at the Department, or even hold diametrically opposing viewpoints to what is going on at DHS now, we were some of America’s best gathered in one room, united by one mission – securing our homeland. And damn it felt good.

As someone who joined DHS shortly after it opened its doors in 2003, I consider myself one of the honored few to have been part of America’s biggest start-up enterprise. I got to be a part of a mission bigger than anything we’ve done before, and I can honestly say I have worked with some of the best.

While I absolutely loved my career pre-DHS, working with NASA and the aerospace and high-tech communities, I have long felt that it was the people at DHS – the career, political and military personnel as well as their counterparts around the country – that were the most impressive group of people with whom I could have ever been associated. Even at the height of greatest tension, confusion, disaster and even dysfunction, I got to see some of the best in leadership, innovation, courage and national character on display.

While I have a deep love and abiding respect for America’s space program (having been a part of it for so many years), I can’t help but feel that if the people I worked with were running today’s space program, we’d be having brunch on the Moon on a regular basis rather than still talking about it. We may have had the organization chart from hell, but truth be told, these people were, and in many places still are, the “MacGyver’s” of America.

The people in that bar in Georgetown, and more importantly, the ones who weren’t there or who were doing their homeland jobs – along the border, in the airports, or working in SCIFs, emergency operations centers, at Disaster Recovery Centers and so forth – make Apollo moon landings occur every day. Unlike the banner headlines and tickertape parades of 40 years ago that heralded the greatest of human achievements, the “Apollo-like” daily achievements of the people in that room and beyond don’t receive the recognition they deserve.

That was true of many of the things that occurred in the Ridge and Chertoff eras, and it will be true of the current Napolitano era and those who follow her. That’s just the way it is, but for the crowd on Tuesday night, that didn’t matter.

We had the fellowship and friendship of “old war stories” and career scar-tissue along with the laughter and catch-up conversations of people with whom we served in the homeland trenches. In the midst of those exchanges, we had the opportunity to meet with many of the new DHS team who followed us in our service to the nation. And damn it felt good.

I will forever be thankful for each and every one of them.

Posted in Critical Infrastructure, Law Enforcement, Management & Administration, counterterrorism | Comments

Cyber Personal Hygiene is Not Sexy, but It Works!

Wednesday, November 18th, 2009

Cyber security continues to be a hot topic. October was Cyber Security Month, and it was filled with conferences, academic discussions, and bold pronouncements by industry groups and individual firms. In my mind, we are forgetting a key element, and the one attempt to address it was lost in the noise.

This major disappointment occurred late in the month. A consumer security software company named AVG released a white paper that focused not on their products, but rather, on personal responsibility. Perhaps the public was tired of cyber security by then, perhaps it was just not “cool” enough; I just know it was completely overlooked.

We had a paper that called for a good education program, a wide ranging training regime, and leadership on all levels. The purpose of the entire program was to improve the cyber personal hygiene of the American Public. It was largely ignored.

This is unfortunate. We can clean up a majority of our cyber vulnerabilities if we could fix the incorrect behaviors of our public. Everyone uses cyber devices today (at least computers and cell phones), from small children to senior citizens. Their personal hygiene habits while using these devices create up to 70 percent of the cyber “openings” exploited by bad guys. These incidents occur on home computers, home wireless networks, smart phones and extend to work computers and mobile devices as well. The same bad procedures, lack of attention to detail and slowness to protect with simple software fixes (most never get to it) plague us across the digital world.

That a company that sells software would call for education and good habits is laudable. There was little focus on software at all, and what was there was brand agnostic. They honestly seemed to want to improve behavior.

Bottom line is that we need a multilevel effort. It begins with awareness; the threat must be made real to the American people but without claiming that the sky is falling. Next, we need detailed education available (mandatory would be better) on all levels, from the earliest through post graduate. This also needs to continue and spread to our active work force. It has to go beyond a yearly training video and be regularized, tested competency that is a business imperative. There should be a wide use of good quality basic defensive software (my emphasis, not AVG’s). People need to understand the need for this and help in using it properly.

Operating system manufacturers need to get better at propagating their patches. They are better now than ever before, but more often than not, they are too late to prevent intrusion. Businesses need help fostering this. Banks should require defensive software (perhaps give it away!) as a prerequisite for online banking. Other organizations (online travel, online retailers) should do it as well. Businesses must step up to help. Lastly, the government should show leadership – national education campaigns as a virtuous use of federal power and reach. Let’s see them use it.

We need exactly the sort of campaign called for in AVG’s paper. The 29 May Presidential Report called for it, experts all agree we should do it; where is it? The longer we wait to begin this process, more vulnerabilities will be created and more bad habits will develop. Industry should step up and lead this effort, as the government seems to be unable to shake off the cobwebs and get it done. America needs it and needs it now.

Posted in Critical Infrastructure, Cyber Security, Homeland Security Industry & Private Sector, Management & Administration, Science & Technology, counterterrorism | Comments

Global Cyber Company AVG Stresses Importance of Safe Online Shopping

Monday, November 16th, 2009

Here at Adfero Group, I’ve been working with AVG and Shop.org, who are teaming in a series of social media strategies aimed at spreading the word about how to shop safely online while finding the best bargains of the holiday season. Over the past few months, AVG, a global cyber company, initiated a dialogue here in Washington, D.C., to stress the importance of individual responsibility in cyber security.

Shop.org, part of the National Retail Federation, operates Cybermonday.com, which aggregates the best deals from 600 retail members. Their members are all reputable online outlets, which is key to shopping safe.

Online retail is a bright spot this holiday season – online sales are expected to increase by about eight percent, and 42 percent of Americans say they will buy at least one gift online. So, just as you might be more vigilant about safety at the busy shopping mall this time of year, that vigilance should carry over to your online activities as well.

Shop.org and AVG offer these five tips for online shoppers this holiday season.

1. Look for the “S” for security. Make sure the sites you are shopping from are secure and have “https” in the URL. The “s” ensures security. When you are on a secure site, you will also see an icon for a locked padlock on your browser either on the address bar or on the bottom right corner. Additionally, use the Internet to research retailers not familiar to you. There are many sites such as Shopzilla.com, Pricegrabber.com and others that provide ratings of retailers.

2. Stay current on security software. This means making sure you have the latest virus protection software updates from your provider. It’s important because the bad guys move around frequently. Security software companies are working to stay one step ahead of them. If you are updated, you are staying one step ahead, too.

3. Think before you link. Employ a URL scanning tool to ensure you’re not clicking on links that lead to infected Web sites. The time to find out whether a page is bad is BEFORE you click. AVG LinkScanner does this. It’s free, and it works with all other security and anti-virus offerings.

4. Keep your private information private. When shopping online, create a separate e-mail account that is just for shopping. Use a unique password, different from any other accounts you have. Your dedicated shopping e-mail account should be in no way affiliated with your personal, everyday e-mail account. Also, keep records of your online shopping – print confirmation pages and e-mail confirmations.

5. Mix up your passwords. Each shopping account, bank account, credit card account and e-mail account should have a unique password. Write them down and keep the information in a secure location. Unique passwords for each account make it tougher for a thief to steal your information.

Posted in Cyber Security, Homeland State & Local, Private and Physical Security, Science & Technology | Comments

A Lack of Imagination Led to a Lack of Preparation – A Report From Mumbai

Monday, November 16th, 2009

As the anniversary of another terrorist attack approaches, the questions remain: Are we safer than we were before the attacks, and are we doing the right things to prevent another attack? Those were the questions on the minds of participants this past week in Mumbai, India, at the second Security and Resiliency Summit co-sponsored by London First and Bombay First – held on the cusp of the first anniversary of the Mumbai attacks of November 26, 2008.

Mumbai is an amazingly resilient city. When I visited here in January, some six weeks after the terrorists had done their evil deeds, the hotels where the attacks occurred had completely refurbished the areas that had been raked with gunfire and soaked in blood. Then security was very visible, although by most Western standards vulnerabilities were still apparent. The business community was in shock, but not in a state of denial, because the “26-11” (as it is called) atrocities were an attack on “new” India – the vital businesses that were a symbol of modernization and 21st century cultural acceptance. These were not like the previous attacks in slum villages or poor-people’s crowded trains. This attack was different, and that difference was evident in their words at the time. Business and government leaders were eager to know what they could learn from U.S. and London officials about the right and wrong way to respond.

Now, almost one year after those attacks, the tension in the city of Mumbai has relaxed. Security is still visible, new law-enforcement equipment has been acquired and government officials are being remarkably candid about what they need to improve in order to prevent another attack – and everyone acknowledges they have a long way to go. The visible symbols of the attack have been erased, but the conditions that allowed it to occur have not – and that was on the mind of Summit attendees.

This sentiment was best summed up by Police Commissioner D. Sivanandan when he said that, “Like the 9-11 Commission in the U.S. said in its report, in Mumbai our ‘lack of imagination’ led us to have a lack of preparation.”

Those words still ring in my ears. When I repeated them back to him during a private conference, Commissioner Sivanandan was even more forthcoming. “Our highest priority need is training.” Without proper training, all the technology in the world will not help public officials prevent, adequately respond and quickly recover from a terrorist event. “We were not prepared; we were not trained; we must do a better job of responding when the next event occurs – and we all know that it will occur, just not when or where and it may not be the same type of attack that we have experienced,” he said.

Director General of Maharashtra Police, Mr. A.N. Roy, was also remarkably candid in his conference remarks – more so than almost any police official I’ve ever heard in the U.S. Mr. Roy talked about the need for global assistance and how incidents that happen in Mumbai are influenced and affected by events across the world. He talked about the need to share intelligence information and how cooperative U.S. and U.K. officials had been in coming to Mumbai’s aid. He also said that the lessons they have learned from 26-11 were painful but necessary for law enforcement officials to do a better job for the citizens they are sworn to protect.

Former DHS Secretary Michael Chertoff was a key note speaker and his unique perspective on the U.S. response to the 9-11 attacks, including the creation of DHS and an explanation of its mission, brought context to the Summit that few others could have provided. Remarks by his colleague, Chad Sweet, highlighted the multiple opportunities India had to get greater public participation in individual preparation, including the potential use of “Bollywood” and sports figures to deliver preparedness messages. The use of “soft power” is often misunderstood but is critical to building a cultural climate that is antithetical to terrorist’s radical messages.

Another panel leader, Emily Walker, a former Member of the 9-11 Commission and the DHS Homeland Security Advisory Council, led a discussion on private sector preparedness in the financial community which emphasized the need for standards of preparedness that can be exercised and audited. Her panel was especially well received by the Mumbai business community. The panel where I was privileged to speak dealt with the corporate response to terrorism, and I spoke on the impact of the increasing use of “social media” outlets to communicate around the traditional media outlets.

Secretary Chertoff and Sir David Veness, former UN Undersecretary General for Safety and Security (and head of London First), together with conference organizer and Bombay First Chairman, Narinder Nayar, summed up the conference by providing a list of action items that need to be completed, including establishing a public private partnership that takes advantage of the awareness skills of private security guards – something that has been very successful in London under the rubric of “Project Griffin.”

Mumbai is a most resilient city. It is a city of contrasts in almost every respect that word can be applied to a sliver of land jutting in to the Arabain Sea which contains over 15 million people. Riches and poverty abide within feet of each other. Outdoor laundries sit next to train stations, both in the shadows of modern high-rise buildings. It is a City of Dreams, as the Security and Resilience conference program affirmed. How to secure that city – indeed, every city in every country across the globe – is a question that will challenge the greatest minds and continually test the political will of elected and appointed officials. Yet it must be done. After several days in Mumbai, with new friends who are affected by old, serious problems, my commitment to help has been renewed.

Posted in Critical Infrastructure, Emergency Preparedness & Response, International, Law Enforcement, Management & Administration, counterterrorism | Comments

To Address Border Security Issues, Administration Must Fill Vacancies at Top Agencies

Friday, November 13th, 2009

Earlier this week I had the opportunity to discuss with USA Today the need for the Obama Administration to fill critical vacancies in top federal law enforcement and homeland security agencies.

With the spike in border violence, much of it associated with Mexican drug cartels battle with the Mexican government, we have a greater need than ever to fill the positions of the agencies responsible for protecting our borders — from the DEA and ATF to Customs and Border Protection.

Below is an excerpt of the interview:

Some key Obama administration jobs still unfilled – USATODAY.com

Concerned about illegal immigration? No one’s been confirmed to lead U.S. Customs and Border Protection. And as drugs and guns are flowing in from Mexico, the Drug Enforcement Administration and Bureau of Alcohol, Tobacco, Firearms and Explosives still need bosses.

Nearly 200 top jobs in the administration remain vacant a year after Obama began planning his ascension to power, the result of stalled nominations, new ethics rules, lengthy background checks and delays in Senate confirmations. More than half the vacancies are at five departments: Justice, State, Treasury, Defense and Homeland Security.

“Those are pretty significant policy jobs, and ones that the public ought to be concerned about,” says New York University professor Paul Light, an expert on the federal bureaucracy. “Obama is well on pace right now to set a new record in terms of lateness.”

Empty chairs at key law enforcement agencies weaken their ability to work with international and national partners and get maximum production from employees, says Asa Hutchinson, who led the Drug Enforcement Administration and was undersecretary for Border and Transportation Security at the Department of Homeland Security.

“You can’t sit at the table with the same level of influence until you have the power of the president behind you,” he says. “Obviously, he’s got other issues on the plate. But these law enforcement positions are critically important.”

Asa Hutchinson is the former head of the U.S. Drug Enforcement Administration and Undersecretary for Border and Transportation Security at the U.S. Department of Homeland Security. He is CEO of the Hutchinson Group, a homeland security consulting firm.

Posted in Border Security, Congress, Politics & PR, Law Enforcement, Management & Administration, Narcotics | Comments

The Coast Guard Adapts — but will CNN?

Thursday, November 12th, 2009

Reading a Coast Guard policy review issued by Vice Admiral R.J. Papp after the Great Bang Bang Non-Incident Incident on the Potomac, one is reassured by the pragmatic approach the Coast Guard brings to its operations. This is an agency unafraid to admit mistakes – even if it’s in the form of a non-denial denial (“we did nothing wrong, but …”) – and take corrective action.

The Great Bang Bang incident was the media dust-up that occurred when the Coast Guard was engaged in some training exercises on the Potomac and CNN producers overheard on a non-secured radio the words, “Bang! Bang!” and declared, on national television, that Washington was under attack.

These were the words heard ‘round cable television.

Bang. Bang.

It is still difficult for me to fathom how a guy barking into a radio can be mistaken for the percussive explosions of gunfire. Then again, I guess I’ve never been in the heat of mock battle – at least not since I was a kid. Maybe none of the folks at CNN have either.

CNN’s breathless coverage – complete with former Homeland Security Adviser Fran Townsend providing a play-by-play that was evidently unfolding in her head – propelled a terror-rattled nation to high alert. Planes were grounded. Secret Service eyes got more squinty. The blogosphere got more hysterical. And the rest of us started scrambling for duct tape.

Examining the Coast Guard’s in-depth review, one can’t help but conclude that this incident was largely a media invention. That’s not to say there isn’t plenty of blame to go around.

For one thing, the Coast Guard External Affairs shop didn’t help itself by failing to immediately tell CNN that the activity on the Potomac was a training exercise. Instead, CNN was simply told that there was “no information regarding any incidents on the Potomac.”

Clearly, something was going on, and CNN was right to investigate.

As one reads through the Coast Guard review, however, it becomes increasingly clear that the Coast Guard Headquarters, where External Affairs is situated, simply didn’t know what was going on and was scrambling to get information. Each time they received a call from CNN – a series of exchanges took place between approximately 9:30 and 10:00 a.m. – the Coast Guard press team ran it up the command and, evidently, got no clear answer as to what was going down on the Potomac. This aspect of the Coast Guard review is vague and leaves unstated why the External Affairs team was left to, repeatedly, inform CNN only that “there were no incidents.” When you get that many calls from a national news organization, even if the media outlet is misinformed, it’s probably wise to address the misinformation as quickly as possible. Had they been able to inform CNN that the “incident” they were calling about was simply a training exercise, then that would have likely ended the matter.

Another thing that should have happened – which Admiral Papp acknowledges – was that the training exercise should have been halted as the confusion escalated. After being approached by various other law enforcement and questioned about what was going on, along with the repeated calls from news outlets, the Coast Guard had grounds to stand down.

That said, CNN had no credible evidence to go live with reports that some kind of confrontation was taking place on the Potomac – implying terrorist activity in the vicinity of the Pentagon, where the President just happened to be speaking. Their cameras were picking up evidence of Coast Guard activity, clearly, and they were hearing some weird things on the radio, but there was a time when national media organizations confirmed their facts before running with a story, particularly one with such potential for causing panic and alarm. For heaven’s sakes, when did CNN hire Orson Welles?

One suspects that – in this age of dropping market share and fierce competition from the Internet – the days of confirming facts before running with a story are over. Which makes all the more ironic the righteous whining you hear from traditional reporters about how they are the only ones who provide good, fact-based journalism and that without them, by god, the blogosphere will ruin the news industry, and democracy as we know it will limp forward in ignorance and partisanship. Uh-huh. No more Dick Nixons to kick around and all that.

There is one unintentionally funny line in the Coast Guard review, in which the Admiral asserts that “at no point during the training were the boat crews seeking media attention.” Clearly the Press Secretary didn’t write this memo. Boats with big guns in the perimeter of the White House, Pentagon and Congress don’t have to go looking for media coverage, and the Coast Guard should be more prepared to expect such attention in the future.

And, to their credit, they are.

The policy reforms suggested by Admiral Papp, now being reviewed by the chain of command, include a number of steps to prevent a similar incident from occurring in the future. Among those recommendations are some operational reforms, such as using training disclaimers that the general public (and eavesdropping reporters) can understand. He suggests: “This is a drill, this is a drill.” (Here’s one I might recommend: “Bang bang is a verbal approximation of actual gunfire, but it’s not real. It’s just me, some guy, shouting bang bang. My voice is not a gun; I repeat, my voice is not a gun.)

Another good recommendation offered in the memo is to provide a schedule of training exercises to other law enforcement with local jurisdiction.

However, as this was largely a media mess, the recommendations to strengthen the public affairs environment are of particular merit. These recommendations include developing an “active and aggressive” outreach plan to better inform the public and media about such training incidents; informing the media that Headquarters is a better source for policy questions, while the local commands in the field should be contacted for questions about tactical operations; educating reporters on how to contact those local field units; and training Coast Guard field units to more pro-actively reach out to media unless questions turn to policy issues.

Along with instituting a better chain of communication between Headquarters External Affairs and local field units – for those media calls that will inevitably come to Headquarters no matter how hard the Coast Guard tries to direct reporters to the field – these reforms will go a long way toward preventing another all-too-real crisis resulting from a mere training procedure. It will also go quite a ways toward improving the communications environment during legitimate crisis situations.

The Coast Guard deserves kudos for adapting to the new pressures of this new and evolving media environment.

Don’t count on CNN to be as adaptive or to initiate any reforms. The only responsibility its producers have taken for what occurred is to point fingers at the Coast Guard.

Chris Battle is the former Chief of Staff for U.S. Immigration and Customs Enforcement and Director of Congressional and Public Affairs for the DEA. He is the Managing Partner of Adfero Group’s Homeland Security Strategic Communications Practice.

Posted in Congress, Politics & PR, Emergency Preparedness & Response, Law Enforcement, Management & Administration, Maritime & Seaport Security | Comments

Security vs. Process: The Chemical and Water Security Act

Wednesday, November 11th, 2009

As chemical security legislation (H.R. 2868) moves from the House to the Senate, it’s my hope that legislators will stay focused on the issue of security, rather than getting lost on the issue of process. Included in the second and third titles of the chemical bill are provisions that apply specifically to drinking water and wastewater systems. While significantly different from chemical plants, the controversy of Inherently Safer Technologies (ISTs) still applies.

This week, Congressional Quarterly ran a chemical security-related article that highlighted how the Canadian company K2 Pure Solutions uses a process known as on-site generation to produce sodium hypochlorite (liquid bleach) that can be used to disinfect water. This eliminates the need for rail cars full of gaseous chlorine, the chemical most widely used to purify water. I applaud the work K2 Pure solutions is doing and would encourage all chemical and water systems to explore the use and feasibility of such IST processes. The article, however, as well as K2 Pure Solutions management, paint a one-sided picture that makes it seem as though every water utility or chemical facility can use on-site generation. This assertion is patently false.

While some utilities in the water sector have incorporated on-site generation as part of their disinfection process, the reality is that most simply cannot. Overall, water utilities lack the space needed to build in the capacity, the millions upon millions of dollars needed to cover the design and building costs, and the inability to store the excessive quantities of sodium required to maintain any reasonable level of “backup” capability. Even when such factors can be overcome, the fact is liquid bleach may not be feasible for a utility due to water quality concerns.

You’ll never hear me advocate for the use of one treatment technology over another in the context of security. My advice to the water systems I advise is to assess and determine which of the many available disinfection technologies out there is most appropriate for their given utility and then to secure and safeguard whatever they use.

At the end of the day, local experts familiar with the specifics of a given system are in the best position to decide their process – not Congress and certainly not a company that makes money from the use of one particular technology.

Posted in Critical Infrastructure, Emergency Preparedness & Response, Management & Administration, Science & Technology | Comments

TSA Nominee Moves Closer to Confirmation

Wednesday, November 11th, 2009

TSA Nominee Heads into Second Confirmation Hearing This Week: CQ Homeland Security

A few days before Erroll Southers, President Obama’s pick to head the Transportation Security Administration, took the stand for his Oct. 15 confirmation hearing, homeland security consultant Rich Cooper predicted that industry would be watching the nominee’s testimony closely.

“We’re going to see a lot about what TSA wants” in terms of future procurement priorities, said Cooper, chairman of the National Defense Industry Association’s Homeland Security Division.

As Southers heads into a second confirmation hearing this week, before the Senate Homeland Security and Governmental Affairs Committee, Cooper said Southers’ initial performance should have put the business community at ease.

“I think his background and his experience make him a slam-dunk candidate,” said Cooper, “When you look at what he brings to the table, not only has he been involved with law enforcement, operational issues, information networks and working with personnel, he’s also been a researcher and an academic, and he’s worked not only across the country but across the globe on these issues.”

Southers is currently the assistant chief for homeland security and intelligence at Los Angeles World Airports’ police department, the largest airport police department in the United States. He also serves as associate director at the University of Southern California’s Center for Risk and Economic Analysis of Terrorism Events.

Posted in Aviation and airport security, Congress, Politics & PR | Comments

Border Patrol Foundation Inaugural Event

Tuesday, November 10th, 2009

Last Friday, I had the opportunity to attend an intimate event that marked the launch of a long-overdue organization supporting federal law enforcement. The Border Patrol Foundation held its first annual recognition dinner in downtown D.C. to tout the creation of an organization whose mission is to “provide timely financial grants to the families of fallen” Border Patrol agents. The guest of honor was Rosalie Rosas, the wife of Border Patrol agent Robert Rosas who was killed in the line of duty on July 23.

Ms. Rosas spoke about the value of the Border Patrol as a family and the sense of mission her husband found while working alongside his fellow agents to protect our nation from criminals and terrorists in what must be one of the most challenging law enforcement jobs in America. Border Patrol agents often operate alone, in remote areas of our nation, many minutes and miles from backup or support. They regularly encounter unidentified bands of individuals in the desert who they pursue without knowing how large the group is or whether their targets are harmless illegal immigrants, well-armed drug smugglers or potentially murderous terrorists.

Since 1919, 108 Border Patrol agents have died in the line of duty. While these deaths often occur in remote places like Roseau, NM, Campo, CA, or Los Indios, TX, we should be thankful for the sacrifices of these dedicated agents and their families. Ms. Rosa’s remarks, as well as those of Chief of the Border Patrol David Aguilar and Deputy Chief Ronald Colburn, helped personalize these sacrifices, as well as others suffered by Border Patrol families during their loved one’s tours of duty.

I look forward to watching the work of the Border Patrol Foundation in supporting the men and women in uniform to whom many of us are grateful. Although the Border Patrol Foundation was launched just this year by committed friends and advocates of the U.S. Border Patrol, it appears to be off to a solid start, particularly given the impressive support shown by the Washington community at its inaugural event on Friday night.

Posted in Border Security, Law Enforcement, Military & Homeland Defense, Narcotics, Smuggling, counterterrorism | Comments

Defining Terrorism

Monday, November 9th, 2009

With the probable execution of John Allen Muhammad in Virginia this week and the tragic rampage at Fort Hood by U.S. Army Maj. Nidal Malik Hasan, still fresh in the American public’s memory, the term “terrorism” is being used quite a bit by the news media.

While there are those who would seek to link the two very different incidents to one another, given that they were murderous rampages committed by two military-trained Muslim men, political, military, religious, law enforcement and other leaders have gone to great lengths to explain that these acts are indeed distinct and are not some larger plot by Muslims against those with other religious beliefs. Those are facts, but is it proper to use the word “terrorism” to accurately describe what these men did?

If you’re Sen. Joseph Lieberman (I/D-CT), the Chairman of the U.S. Senate’s Governmental Affairs and Homeland Security Committee, you’ve already made up your mind on the Ft. Hood shootings. In an appearance on Fox News Sunday, the independent and security-minded Senator stated that, “We don’t know enough to say now, but there are very, very strong warning signs here that Dr. Hasan had become an Islamist extremist and, therefore, that this was a terrorist act.”

The Senator further stated that if news reports were true, that Mr. Hasan had turned to Islamic extremism, “the murder of these 13 people was a terrorist act and, in fact, it was the most-destructive terrorist act to be committed on American soil since 9/11.”

In the case of John Allen Muhammad, the leader of the D.C. Sniper team that murdered 10 and wounded several others in the National Capital Region in October 2002, he was one of the first people convicted under the Commonwealth of Virginia’s anti-terrorism laws enacted shortly after 9/11. As a result of those convictions and baring clemency by VA Governor Tim Kaine or some last-minute action by the U.S. Supreme Court, Muhammad will pay the ultimate price with a lethal injection at the Greensville Correctional Center in Jarret, VA on the evening of November 10th.

As repugnant and horrific as the murderous actions of Hasan and Muhammad were, do they constitute “terrorism?”

If you were to stop someone on the street and ask them what is terrorism, chances are they would describe the 9/11 attacks or some sort of suicide attack. Furthermore, if you were to explain what an act of terrorism is, you might describe improvised explosive device (IED) explosions or a suicide car bombing like those that have killed thousands over the past two decades. If you’ve studied terrorism, you might even reference some of the more notable events and groups like the Achille Lauro cruise-ship hijacking by Abu Nidal or some of the other infamous attacks undertaken by the Irish Republican Army, Hezbollah and others.

Lone wolf actions and singular shooting sprees by deranged snipers and enraged misfits always seemed to be classified as something other than a formal act of terror – but that seems to have changed.

Nowadays, the term “terrorism” is used so often to describe horrific actions that the term’s meaning has expanded from what it was just a few short years ago. If history is any precursor, we’re about to see some further expansion of that definition beyond what it is today.

While “terror” is a more than appropriate word for describing what Muhammad and Hasan did to their victims, I can’t help but wonder in looking at these two different men and two different events why the term “terrorism” is used to describe their actions and it is not used to describe another recent tragic event.

When a mentally-deranged student, Seung-Hi Cho, killed 32 people at Virginia Tech in April 2007, the day’s carnage was as unprecedented as it was horrific, but I don’t recall it being described as “terrorism.”

Why?

Was it because Cho was mentally ill?

Was it because he didn’t spout off some hateful ideology?

Was it because he successfully took his own life and could not be prosecuted for his actions?

Was it because he wasn’t Muslim?

I don’t know the answer to these questions, but I do know that if investigators had gone into his dorm room and discovered a poster of Osama Bin Laden on the wall, militant Islamist Web sites all over his computer and had found he had shouted “Allahu Akbar” as he was shooting his victims, we would be looking at the tragedy at Virginia Tech much differently than we do today.

That brings us to our use of the word “terrorism.” There are strict legal definitions of what does and does not constitute terrorism. Those definitions have come into play in the completed and forthcoming prosecutions of Muhammad and Hasan, but in terms of the word’s public use, we run a risk of de-sensitizing the real meaning of the word when we use it so easily to label unspeakable acts.

By offering that thought, I am not saying that what Muhammad, Hasan, Tim McVeigh and others have done is not terrorism. Legally, as well as in the eyes of society, they have all committed murder via acts of terrorism. But this word has a sense of power that should reserve it for the worst of actions and means. The legal system and society have judged Muhammad and McVeigh as terrorists, and it may eventually add Hasan to those ranks, but for whatever reason, Cho has avoided the label.

I don’t know the reason why, but I know that the debate on the word’s meaning is going to be a long discussion, and I hope to learn a lot more along the way.

Posted in Law Enforcement, Military & Homeland Defense, Radicalization, Terror Strategic Analysis, counterterrorism | Comments

Homeland Security: America in Action

Monday, November 9th, 2009

Two miles from home, on what had been a typical evening, I sat on a Metrobus last week and saw a bright orange flash cut through the dark night – 50 feet in front of us, a car erupted in flames. To my horror, someone was inside.

Without hesitation, the driver stopped the bus, opened the door and four men ran out. Amid the screams of fear and shock, the cries for help, and the roar of growing flames, four random commuters put their lives on the line to save a stranger.

Sitting in my wheelchair, I did all I could do – I dialed 911 and said a silent prayer. I watched as these four individuals worked as a team to save a life. Using a fire extinguisher from the bus, one man doused back flames from the driver side of the vehicle long enough to enable another individual to open the car door. The other two heroes then worked in tandem to pull a woman away from certain death. Seconds after carrying her from the car, flames reignited and transformed the vehicle into a fireball.

When action was needed, these brave men ran to answer their unexpected call to duty. At its very essence, this is Homeland Security – it’s America in action. It’s a bus full of strangers praying together one moment and celebrating like family the next.

I believe in homeland security because I see its true definition to be the greatness and goodness that lies within each of us and the courage needed to act on behalf of one another despite the circumstances or situation.

Does it work? It did that night.

Posted in Emergency Preparedness & Response, Private and Physical Security | Comments

Is DHS being left behind in the public affairs space?

Thursday, November 5th, 2009

I just returned from a fantastic briefing by Price Floyd, the principal deputy assistant secretary for public affairs at the Department of Defense. Under his guidance, DoD has recently launched a new website — Defense.gov — that integrates all of the latest social media tools into DoD’s website and overall communications strategies. More on that insightful presentation soon, but I wanted to comment on something that really stood out — just how far behind the Department of Homeland Security is falling in the public affairs arena by resisting the inevitable need to engage the social media landscape.

DHS actually blocks access to social networking sites. It has the standard social media links on its main site, but in blocking social media access for everybody throughout the department it sends a clear message to its employees: Stay away from social media.

The DHS decision-making process on social media seems disproportionately influenced by the various IT offices, which have little concern about public communications– only technology and security. It shows, and it is unfortunate. Talk to the public affairs officers in the various components, and they will tell you how frustrated they are that they are being held back from using social media tools. Their voices should be given more weight.

The IT folks usually fall back on security concerns. It’s tough to argue with that argument at a department concerned with law enforcement, national security and terrorism. But it’s a false argument. DoD is perhaps the most traditional and operational-security-conscious department in the federal government; nonetheless, it is moving aggressively to join the online debate already taking place. If DoD can find a way, one would hope that DHS could follow.

The contrast between DHS and DoD (as well as other federal agencies) became painful during the question and answer session. Floyd was talking about how critical the social media space was and how DoD recognized it had to get involved or be left behind. Asked how he got around IT objections, Floyd seemed non-plussed and said simply that they didn’t have a say in the matter.

At which point a woman with the Department of Homeland Security said that DHS blocks their access, that they couldn’t engage if they wanted to.

Floyd just kind of looked at her, a little baffled and a little amused. It was an unstated shrug. It was an unstated message: Well, you guys are going to be left behind.

What he ended up saying was: “I don’t know who they are” — referring to the comment that “they block our access” — but asked what was to stop that person from going home tonight and creating a Twitter account or a Facebook page and saying whatever she wanted. And then he advised that the public affairs shops just get louder and more forceful in pointing out to their senior leadership that the conversation is going on — whether they like it or not — and it will go on with or without them.

You can choose to engage that conversation or not. Either way, it won’t stop others from talking about you and influencing public perceptions about your organization.

Posted in Congress, Politics & PR, Featured Feed, Management & Administration | Comments