2010 January | Security Debrief - a blog of homeland security news and analysis

Archive for January, 2010

Musical Chairs at House Homeland

Thursday, January 28th, 2010

Change is in the air at the House Homeland Security Committee. While its Chairman, Rep. Bennie Thompson (D-MS), is firmly in place, the people running his Subcommittees are going through a round of musical chairs.

Rep. Loretta Sanchez (D-CA) has given up her Chairmanship of the Border, Maritime and Counterterrorism Subcommittee in favor of taking a Subcommittee Chairmanship on the House’s Armed Services Committee. While she is not leaving the Committee’s membership and is retaining her seniority, her departure presents an opening for a very important seat.

Moving into that seat will be Rep. Henry Cuellar (D-TX), who currently chairs the Emergency Communications, Preparedness and Response Subcommittee. Cuellar has proven to be one of the most knowledgeable and cooperative Members of the Committee, and those are traits that he’ll need as he will need to shepherd the SAFE Ports Act for reauthorization.

His departure from his Subcommittee post opens his seat, and stepping into it is a newcomer to the Committee’s leadership structure, Rep. Laura Richardson (D-CA).

As for the Committee’s other Subcommittee leaders, Rep. Jane Harman (D-CA), Rep. Sheila Jackson-Lee (D-TX), Rep. Yvette Clarke (D-NY) and Rep. Chris Carney (D-PA) are all staying put in their posts. For now, the musical chairs have stopped, but like most things in Washington, you never know when the next round of music is about to start or who will be sitting where when it stops.

Posted in Congress, Politics & PR, Management & Administration | Comments

DHS Cyber and Rodney Dangerfield: Looking for Respect

Wednesday, January 27th, 2010

The late, legendary comedian Rodney Dangerfield long complained about getting “no respect.” After attending Wednesday morning’s Government Executive Leadership Series breakfast, “Cyber Security: Who Leads,” DHS may feel like using Rodney’s most memorable line to describe its placement in the federal cyber world. In what was a first-class discussion of the challenges and issues compounding the federal and international cyber-security environment, nary a word was mentioned about DHS and the role they play in leading the country’s cyber security efforts.

Instead, the assembled expert speakers spent the majority of their time discussing the pre-Holidays appointment of Howard Schmidt to be the White House’s long-awaited Cyber Security Coordinator as well as the roles and responsibilities of the NSA and the forthcoming Cyber Command by the Pentagon.

For someone who has followed the politics and policies of the cyber-security issue for several years but can accurately be described as ‘technically impaired,’ (I’m lucky I know where my computer’s ON button is located), I found today’s lack of mention of DHS to be quite notable.

Money has long been the center of gravity for any program and issue, and DHS certainly is getting its share of it. In fact, of all the critical infrastructure that DHS works with the private and public sectors to protect, cyber is by far the one area that is getting the most attention and the most resources.

Shortly after taking over DHS last year, Secretary Napolitano consolidated several of the Department’s cyber components and put them all into the National Protection and Programs Directorate to improve their overall operations and coordination. She’s even issued a national call to hire several thousand new employees to work these issues. It can certainly be said that DHS has not been shy in cyber-space, but in terms of being at the forefront of people’s minds, it was obvious that they have a long way to go, particularly with the experienced hands that spoke at the National Press Club.

For some in Washington, the lack of any mention or public acknowledgement of your role is seen as a blessing. It means that you can do your job without tremendous media or public glare; the pressure is not as great, and you can essentially do the job you were hired to do without tremendous micro-management or arm-chair quarterbacking from the peanut gallery.

The converse of that non-mention is that the rest of the world doesn’t think you have a role to play in the issue; they don’t appreciate your current or emerging role in the matter and as Rodney would say, you “get no respect.”

Over the past year, DHS has been more than public about their role in cyber security, but as one of the newer kids in the federal government, it is still fighting that battle for acknowledgement, acceptance and ultimately, respect. With time, and of course accomplishment, that may come, but for this Washington-based homeland observer, there are times when what is not said or not mentioned that stands out the most.

At Wednesday’s breakfast, that’s what stood out to me.

Posted in Cyber Security, Intelligence, International, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments

Yet again we hear it. Is Congress listening?

Tuesday, January 26th, 2010

Among the many important findings in the Report Card issued by the co-chairs of the Weapons of Mass Destruction (WMD) Commission, Congress’s failure to consolidate oversight of homeland security received a big fat “F.” The co-chairs, former senators Graham and Talent do not make this finding lightly given their years of elected service on the Hill. It is a bipartisan finding that should get attention, but it appears to keep falling on deaf ears inside the Capitol.

What an embarrassment it should be to Congressional leadership – yet six years after the 9-11 Commission report, the situation regarding the “inevitably dysfunctional oversight” (Senator Graham’s words) has not changed.

Speaker Pelosi, Majority Leader Reid – are you listening? Are you willing to do anything about it? Or are you proud that a highly respected bipartisan commission – one funded by Congress – has called your leadership an outright “failure?” Can Congress heal itself?

I, for one, continue to be distressed that this issue has not been addressed. How much longer need we wait?

Posted in Critical Infrastructure, Law Enforcement, Management & Administration, WMD, Chemical & Biological, counterterrorism | Comments

Out of Adversity Comes Opportunity: Global Public-Private Security Efforts

Monday, January 25th, 2010

During his formative years, Founding Father Ben Franklin is reputed to have said, “out of adversity comes opportunity.” From a homeland security standpoint, we saw this parable in operation over the past week.

Adversity.

DHS and the Administration lost an opportunity to have completed the appointment of permanent leadership for TSA; the post has now been vacant for one year. Next, Congress took the homeland security and intelligence community to task for failing in their mission of information sharing and analysis with respect to the attempted bombing of Northwest Flight 253 on Christmas day.

Opportunity.

Later in the week, DHS Secretary Napolitano traveled to Europe to meet with colleagues in Spain and to engage with the International Air Transport Association, IATA and their membership. What came of the meetings in Spain and later with IATA in Geneva may well prove to be the most proactive opportunity for aviation security since 9/11. It appears that IATA, in conjunction with the CEOs of 20 international airlines, has agreed to enter into global public-private collaboration to strengthen security. This is an epoch event and a solid-gold opportunity to seize an initiative long over due.

Bringing together industry experts on operations and security with the USG is the Holy Grail of homeland security. To not fall back into the abyss of adversity, it is imperative to establish a non-political public-private partnership that manages this information sharing and analysis operation. I recommend forming an independent body reporting to the Office of the Secretary, DHS, comprised of experienced experts from industry and government, as well as from our international colleagues. This council will become the nexus for data sharing and a single point of contact between government and the aviation industry.

I applaud the Secretary for taking this opportunity to move forward. We cannot relive the past, but we can learn from it. The global terrorist network has clearly demonstrated that they have every intention of continuing to attack the aviation industry. We now have an opportunity to leverage a collaborative effort to fight back. It takes networks to fight a network.

Posted in Aviation and airport security, Border Security, Homeland Security Industry & Private Sector, International, Law Enforcement, Management & Administration | Comments

Immigration Protests Show Crowd Management Failures and Lessons

Monday, January 25th, 2010

An immigration protest against Sheriff Joe Arpaio was a timely reminder of an issue that while quiet at the moment, threatens to return. The protest also demonstrates the effect a few agitators can have in provoking police/crowd tension and violence. An effective crowd management and public order system would have prevented much of the confrontation.

There is no rocket science to the fundamentals of policing a protest – police proactively work towards order, rather than reactively policing disorder. They target individual offenders with evidence gathering, arrest and successful prosecution while protecting First Amendment rights. This is achievable, and yet, the widespread preference among U.S. law enforcement is to rely less on lethal weapons and confrontation, and simply pay out on the law suits afterwards. The sheer fiduciary neglect – for it can be regarded as nothing else – with which law enforcement treat crowd management continues to astound.

Significant points to note from this protest:

• Sheriff’s Deputies played music (Linda Rodstadt) in the jail to drown out the protest.
• A 2-year-old was pepper sprayed.
• A horse was “assaulted.”
• An apparent lack of video evidence to secure convictions.

Under a properly designed crowd management regime, none of these would have happened; playing music was inflammatory, although the intention behind playing it remains unclear; the horse and rider were exposed to agitators (if that is indeed what they were); pepper spray was used despite the possibility for it to affect people other than the intended target.

The lessons for the future are not only those above; there are people in the United States who are willing to become more confrontational with police, evidenced by protestors wearing goggles and wrapping bandanas around their mouths to defeat pepper spray. Police will be hard pressed to deal with those individuals under much of the common tactics. Rather, they will react to and arrest many in the crowd, creating conditions for ongoing lawsuits.

There is little to admire in the incident in Maricopa last Sunday, but there is a lot to learn. One can only hope that the fiduciary risks will cause an institutional rethink because little else has been successful thus far.

Posted in Border Security, Civil liberties & Privacy, Homeland State & Local, Immigration & Visa Policy, Law Enforcement | Comments

TSA After Southers: Now What?

Friday, January 22nd, 2010

With the nomination of Erroll Southers to be the next Administrator of the Transportation Security Administration (TSA) now in tatters, the question has to be raised, “Now what?”

If we do the forensics on why Southers will remain in Southern California instead of TSA Headquarters in Arlington, VA, I think it is safe to say that for all of his testimony faults and the petty politics that caused his nomination to collapse, its more than apparent that it was the White House that doomed the nomination from the start.

Why?

Rather than allowing a nominee to stand on their own qualifications and be judged by the Senate as worthy or not-worthy for their nominated post and fight for them, the White House essentially led Southers out to the center of the Roman Coliseum to be torn apart by politically positioned gladiators and wild beasts without any type of defense or weapon to strike back.

One of the weapons he needed in his nomination fight was the answer to the question that many in the Senate ultimately wanted answered – should TSA should have collective bargaining?

According to Sen. Jim DeMint (R-SC) and his allies, the answer Southers offered during the confirmation process was no answer at all and as such he placed a procedural hold on him from going forward. Southers was put in the untenable position of answering a question that ultimately was not his to answer. As TSA Administrator, he could and would offer his recommendation on the issue after looking at all of the information, but the call on whether or not TSA should have collective bargaining rights does not reside with him – it resides with the Secretary and ultimately the White House. As such, Southers was defenseless from the withering attacks of DeMint and his allies when no one was willing to come to his aid.

If we’ve seen anything of their first year in office, this is not an Administration with much ability to make unpopular or tough positions, let alone a willingness to fight to put people into positions that serve the nation’s interests. Rather than actually leading and staking positions beyond rhetorical campaign platitudes or using the powers and authorities they have, the Obama Administration is apparently unable or unwilling to answer tough questions or lacks the ability to fight for people who are willing to serve. Probably even more disturbing is the very public appearance of lacking the courage to do any of this.

For as strong, bold and visionary as its election campaign was, the Obama Administration is proving to be as gutless as Oz’s Cowardly Lion.

Until they have the chutzpah to answer the TSA unionization question, it is pointless to nominate another good person to take the Administrator’s job. Further silence and innocuous weasel words by the Obama Administration will only find another person becoming a victim to another procedural hold by Sen. DeMint or others, thereby allowing them to become a human piñata for the media, pundits and activists.

Let’s be even more blunt – there is no sane person on the planet that would (or should) step into the TSA Administrator’s position without a White House decision on the unionization issue.

For all of their bellowing about conducting a new search for a new TSA leader, the Administration’s options are not extensive. They had already been turned down by several candidates prior to the Southers selection, and the last time I checked, there aren’t a lot of people who regularly volunteer to be targets for firing squads. That’s especially true after all of the “support” this Administration gave to Southers on this issue as well as his nomination process.

The White House needs to either give the position to Gale Rossides who has been ably doing the job for more than a year, or tap one of the Federal Security Directors TSA has around the country and who are already performing (and are familiar with) the critical support functions for the TSA mission. Bringing in a complete outsider with no exposure to the Agency, its mission or the viper pit that is Washington, especially after the post-12/25 security enhancements are being implemented, is literally asking someone in a next-to-impossible job to do even more impossible things.

In trying to find a super-human person to take this on, the Administration would do well to lighten the burden on this individual by summoning the courage it has yet to display on tough decisions and the nomination process. Until that happens, another nominee’s name will be sullied, a critical Agency will continue to go leaderless, petty politics will compromise our security and the Administration will continue search for what it apparently has been lacking for some time – its balls.

Posted in Aviation and airport security, Border Security, Law Enforcement, Management & Administration, counterterrorism | Comments

A Primer on Cyber Crime

Thursday, January 21st, 2010

Today, we tend to conflate cyber crime with cyber espionage and cyber warfare. We call all of them attacks, and this confuses an issue that is already complicated and hard to understand. Cyber crime is basically a commercial endeavor, designed to make money. The others are intended to gain advantage or cause mischief. What are some examples of cyber crime?

Probably the category most widely understood is the theft of personal information. This could be credit card data or individual bank account information. These are harvested by several means. It could be that someone simply writes down your card information in a restaurant, or they could actually trick you into giving it to them with a fake e-mail from your bank. It could be low tech or highly sophisticated. One ring had a technique called “memory scrapers” that captures your bank info during the micro seconds it was decrypted inside the bank system’s computer. Regardless of how they get it, the bad guys take your information and either exploit it themselves by taking your money, or they sell the information to others who exploit it.

In the world of online commerce, there are numerous ways for criminals to take advantage of people and vendors. They can “follow” you to vendors, and when you buy something legitimate, they convince the company that they referred you, thus gaining an unearned commission. They can use your personal info to buy things you never wanted, sending purchases to themselves.

They can send ads to users who would otherwise not get them. These “companies” sell cheap ads to legitimate merchants, and pay them regardless of how their advertisements got on the target’s computer screen. They only care that the target has “clicked” on the ad. This is taken further when the adware company creates fraudulent clicks and charges the merchant. They can also cause bots to click on competitors’ advertisements. Since they pay by the click, you can eat up a competitor’s budget, and they get nothing for it.

They can break into a computer or network, encrypt data, and hold it for ransom. The owner has no choice but to pay or lose access to his data. This is a lower-end variation of the SCADA attacks in Latin America where hackers took control of utilities’ control systems and demanded payment to not close them down. A good hacker can take over a modem in a computer and cause it to dial premium 1-900 numbers. This can cause embarrassment and possibly cost you lots of money.

If a bad guy has control of many computers, he can make lots of money. The bigger your botnet, the more clicks you can generate, the more spam you can send, the more ads you can distribute. Big bots are also harder to pinpoint and shut down.

All of this becomes more attractive to criminals because it has numerous advantages. It is relatively cheap to execute. It is physically safe (security guards don’t shoot cyber criminals). It is difficult to detect and harder to attribute to individuals. And lastly, it is hardly ever prosecuted. Clearly some cyber criminals are caught and sent to jail, but compared to the number of people who play at cyber crime, it is a drop in the bucket.

The American public is blissfully unconcerned by cyber crime. For the most part, companies cover our losses, and unless we have been personally hit by identity theft, we all assume it will not happen to us. That is either naive or arrogant. It is likely that you (and I) will become a victim of cyber crime this year, even if we are careful. We can lessen the risk, but without awareness, we will do little that helps.

We desperately need education, information and action to help combat cyber crime.

Posted in Critical Infrastructure, Cyber Security, Homeland Security & the Internet; Gov't 2.0, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments

Pride for U.S. Coast Guard Actions in Haiti

Thursday, January 21st, 2010

The recent earthquake in Haiti has been tragic, with the numbers of those dead and missing constantly rising. Many countries have answered the call for aid, the U.S. second to none. As a former U.S. Coast Guard officer, this e-mail from Admiral Thad Allen, Coast Guard commandant, is a fine example of why I am so proud of the USCG.

Subject: ALL HANDS – Coast Guard Activity in Haiti

To the Men and Women of the United States Coast Guard:

Exactly one week ago today, a little before 1700 EST, a violent earthquake devastated Port Au Prince, Haiti. Without waiting for tasking, Coast Guard men and women from all over the country made immediate preparations to assist the beleaguered Haitian people. The next morning, Haitians witnessed President Obama’s pledge – “You will not be forsaken and you will not be forgotten” – become reality when the cutter FORWARD arrived with the rising sun as the first American asset on-scene. Amidst the devastation, FORWARD delivered damage assessments, critical command and control capabilities, and most importantly – hope.

I am incredibly proud of the performance of all our personnel during this challenging period and like you, my heart goes out to the Haitian people who have suffered so greatly. Coast Guard units were the first on-scene in Port Au Prince and have been working around the clock with our interagency partners to provide humanitarian assistance, evacuate U.S. citizens, and help the most seriously wounded.

On-scene, the cutters TAHOMA and MOHAWK quickly established a makeshift trauma unit with the Haitian Coast Guard and triaged hundreds of injured people. TAHOMA’s crew even delivered a baby boy from an injured Haitian woman on their flight deck and a second baby at their shoreside clinic. C-130 aircraft performed damage assessment flights and the cutter VALIANT conducted a port assessment of Cap Haitian to create another entryway for supplies that were backing up at the airport. The cutter OAK continues to survey Port Au Prince harbor and repair the primary pier to allow much needed supplies to flow directly into the city. Aircrews from Mobile, AL; Elizabeth City, NC; Sacramento, CA; Barbers Point, HI; Detroit, MI; and Jacksonville and Miami, FL are also assisting with overflights and evacuations. Follow these links to view our Guardians in action.

Supporting our forward operations have been thousands of Guardians working inside and outside of the Coast Guard. The Seventh District Commander has been leading the Homeland Security Task Force South East which is a key coordination point for the federal government’s collective response and evacuation efforts. A joint FEMA-Coast Guard team has been deployed to Port Au Prince to support United States response operations being directed by the U.S. Agency for International Development (USAID). We are also supporting U.S. Southern Command Joint Task Force Haiti with individual augmentees. Our Area Commanders have worked seamlessly to flow forces rapidly including moving the cutter HAMILTON through the Panama Canal from the West Coast. The Chief of Staff, exercising his mission support responsibilities, has skillfully integrated and deployed logistics elements demonstrating the maturation of our new support model. Here in Washington, our staffs have integrated with key partners including DOD, FEMA and USAID. I have worked with FEMA Director, Craig Fugate, in support of Secretary Napolitano and Deputy Secretary Lute at a number of White House meetings.

We continue to surge people and assets because we will have to sustain our response efforts in Haiti. HAMILTON and LEGARE will soon be on-scene pushing our total number of Guardians in theater to over 700.

We are also recalling Coast Guard reservists to augment our humanitarian efforts and ensure maritime safety and security for relief supplies arriving in theater. Our immediate and sustained response illustrates the value of the Coast Guard’s flexible command structure, ability to operate across the interagency and international spectrums, and the initiative of our people to take action. This is why the Coast Guard is so valuable to the American public and the global maritime community.

Our efforts have not gone unnoticed. Secretary of State Clinton commented “our Coast Guard has been unbelievable.” At a press conference last week, Chairman of the Joint Chiefs of Staff, ADM Mike Mullen stated “the Coast Guard was magnificent from day one. First, they were medevacing people literally within the first 24 hours. And I want to give them a great deal of credit for their response capability as well.”

Those comments are directed at all of you who executing or supporting our operations.

Many have questioned how the Coast Guard can do so much so quickly, and I simply reply: “This is what we do”. Our Guardians are committed to protecting, defending, and saving without having to be told to do so.

Along with all Americans, I am truly inspired by the Coast Guard men and women operating in theater, backfilling for deployed units, or providing the necessary support to make it all possible. As always, our Guardians are here to protect and ready to rescue at a moment’s notice. That is who we are and why we serve.

I cannot describe it any better than a young petty officer assigned to TAHOMA in this email to his family:

“There is an eerie feeling in the air amongst our crew tonight. Those who remained shielded on the cutter today see in the eyes of those who went ashore what a major disaster can do to a nation. I have never seen so many grown men and women with tears in their eyes. Those who did go ashore experienced first-hand the severity of the situation.

I’ve been shielded today only talking over the radio to those who have seen it. Never once was there a question of professionalism in their voice. I remember in boot camp being told that the U.S. Coast Guard on the right side of our chest takes priority over our name. Today the men and women who went ashore wore coveralls without their names on them.

All that was visible were the letters USCG.

Today was the first day I think I’ve truly been more thankful to be an American. Not because of our infrastructure or the freedoms given to us, but because as a country we will be there when a country of less fortune is in need. Haiti rarely exports anything to our country. They have no oil or major cash crop we use. But as a county we will stand together and put aside our different opinions of healthcare, war, or economy and help out those in need.

Right now we are taking it hour by hour, aftershock by aftershock, every little bit helps. I’m going to try and get some sleep, as I’ve already put in a solid 16 hours. Tomorrow will be longer.”

Well said.

Thank you and Semper Paratus!

Admiral Thad Allen
Commandant, U.S. Coast Guard

Posted in Critical Infrastructure, Emergency Preparedness & Response | Comments

Erroll Southers ill treated — TSA nominee collateral damage in the fight over unions

Wednesday, January 20th, 2010

Right off the bat, let me give full disclosure: I am working with Erroll Southers in his media and communications responses related to his decision to withdraw his nomination as TSA Administrator. However, the opinions I express in this blog post are entirely my own; Erroll Southers has not even seen this post at the time of publication.

That said, I was glad for the opportunity to work with Erroll because I think he’s gotten a bum deal, and I think it’s a disaster for the country to have the TSA continue on – for more than a year now – without Senate-confirmed permanent leadership at a time when the agency needs such leadership more urgently than ever.

Yes, there is a professional and dedicated crew at TSA working hard to execute the agency’s day-to-day functions. In my government experience, however, it is impossible for such an agency to take bold action and consider significant reforms without a long-term political appointee in place. Nobody wants to be the one to get out on a limb, only to discover that you are at odds with the new boss. Better to manage things as best you can and not rock the boat.

But there is probably some boat-rocking that needs to be done. This isn’t a dig at TSA. It’s simply a realization that, after the systemic failures we witnessed during the Christmas terror incident, multiple government agencies need to engage in top-to-bottom reviews and consider potential reforms, including TSA.

In the midst of this urgency, is now the time to play politics with the nominee when so much is on the table?

And, seriously, this is about politics. Now, it’s legitimate politics. Well, legitimate policy anyway. It’s unfortunate politics, but I happen to agree with those who argue that we should not unionize a federal homeland security agency that is on the front lines in the fight against terror. We need to be highly flexible and adaptive and not get bogged down in negotiating everything from uniforms to the placement of coffee stands when our national security is at stake.

But why go after Erroll Southers? Southers isn’t the guy who will make that decision, and Senator DeMint knows it.

The fight over unions is one between Congress and the White House, and it is the White House that will set policy on something as high profile as unionization, not Southers. He may offer his opinion, but, in the end, the only opinion that matters is the one coming from the White House.

Southers became a political scapegoat for DeMint to send a message to the White House. It’s unfortunate. Southers has more than thirty years of experience in the law enforcement and homeland security environment. Unfortunately – and ironically – he may be too apolitical to know how to expertly maneuver through Washington’s often perilous political landscape. He’s a law enforcement professional, not a politician. Nor is he the first to become collateral damage in the bloodsports of Washington.

As for the hullabaloo over an incident in which Southers improperly used his position as an FBI agent for personal reasons – and, yes, it was improper – that is political spin and eye-candy, cover for the real agenda regarding unions.

Reports that Southers “mislead” Congress is an overstatement. Southers was fully transparent about this incident in his written statement submitted during his first congressional hearing (before the Commerce, Science and Transportation Committee). Senator DeMint voted against Southers even at that early point, before anybody had raised any questions about the FBI incident. Even after Senator Collins quizzed him on it during the Homeland hearing, the Committee voted on a bipartisan and unanimous basis to approve Southers.

Should Southers have gotten a copy of the FBI citation letter and provided it to the Committee? Yes. And even more important, should he have gotten a copy for himself and refreshed his memory before speaking off the cuff? Absolutely. Again, being unschooled in the politics of Washington, maybe he didn’t think it was that important, considering it was something that happened twenty years ago and was a minor disciplinary action – the FBI’s equivalent of a slap on the wrist. He was wrong. That was a mistake; however, Southers immediately called Senator Collins with the information once he obtained a copy of the letter. But sensing blood, DeMint went in for the kill.

This isn’t about anything other than the contentious policy issue of unions and their role in government agencies dealing with national security.

It’s an issue that needs to be addressed. Congress has every right to debate this.

Making Erroll Southers the fall guy, though, is cheap politics.

Posted in Aviation and airport security, Congress, Politics & PR, Featured Feed, Management & Administration, Transportation Security | Comments

Getting Smart about the Smart Grid

Monday, January 18th, 2010

By Justin Hienz
Adfero Group

Perhaps America’s most critical infrastructure is its national electrical grid. It has served us well to this point, supporting all our grandiose and astounding technological innovations. But the grid is getting old, and it doesn’t keep up with our innovations (and electronic appetites) as well as it should. So, we’re upgrading – to a Smart Grid.

Smart Grid, you say? Smart indeed, and we need it. While the national power system ages, we continue to charge into the technological future – and this requires power – lots of it. Our increasing power needs must be delivered when and where we want it with the flip of a switch. Moreover, we need our power intake to be consistent, resilient and less vulnerable to interruptions, be they natural or human-caused.

Here’s why. When the power goes out, we lose billions with a B – specifically, even with the power system 99.97 percent reliable, power outages cost $150 billion a year. What’s worse, if the power is out, we’re less able to protect our infrastructure and population, particularly as we become more reliant on computer systems and surveillance technologies. And if even one person has to miss the Real Housewives of Orange County, by God that’s an infringement on our liberty! Whatever we want, whenever we want it. That’s capitalism to a T.

The Smart Grid will help make this possible. It decentralizes power generation, increases transmission and allows the grid to interact with “smart” appliances based on consumer desires – smart, because advanced computer systems will better distribute power based on pre-determined and perceived needs. This makes it cheaper, more efficient and less likely to go on the fritz.

The grid also incorporates alternative fuel sources, such as wind and solar energy. Ah, green. Mother Nature will be pleased. Terrorists will not be, as decentralized production and distribution makes it much harder for attacks to create any significant or lasting impact.

And so the other shoe drops: What does the Smart Grid have to do with homeland security?

Everything.

I don’t claim to be an expert on the Smart Grid, but after reading much of what information is openly available, it is clear that the Grid touches on every aspect of homeland security. That’s intuitive because technology has become a central aspect of our national security. Yet, despite this, there is not the kind of widespread discussion on how to improve Smart Grid security – the kind we need if we’re going to keep the Grid safe.

We must be constantly aware that the United States without power is like a battleship without fuel. The guns might work, but for the most part, we’re dead in the water. Aviation and maritime security are important but impossible without constant, secure power – no screening technologies, no lights, no alarms. Supply chain security is essential to our continued prosperity – but once again, no power, no chain. Cyber security and electronic surveillance technology is a no-brainer, but what about waste management, clean water, heating and air conditioning, and food refrigeration? Homeland security isn’t only about a war on terror. There are many elements to our critical infrastructure that rely on a constant supply of power, and if the Smart Grid isn’t tough enough to withstand all threats, we’re in for a world of hurt.

The time to improve Smart Grid security is now, while we are developing it. The information is readily available (some would say too available, as al Qaeda and other American enemies use open-source information to do us harm). So before the doors of information close, and only those with clearance can keep up with the rapid developments, let’s focus our collective efforts on digesting the wealth of information available. Let’s make Smart Grid debates and improvements as key an element of our homeland security analysis as any other (e.g., aviation security). To be sure, there are expert voices sounding off, but in my opinion, given the importance of the Smart Grid, there are not nearly enough.

This isn’t some future plan getting dusty in the back room. It’s happening right now. Parts of the grid have already been built and are operating in California. President Obama pushed the development full-steam ahead with $4.5 billion from the 2009 economic stimulus money dedicated specifically to fast track Smart Grid technology development. Piece by piece, the Smart Grid is coming together. It deserves more expert attention. Otherwise, lights out.

Justin Hienz is a Senior Account Executive at Adfero Group, working with the firm’s Homeland Security practice. He is also assistant editor of Security Debrief.

Posted in Critical Infrastructure, Homeland Security Industry & Private Sector, Management & Administration, Maritime & Seaport Security, Private and Physical Security, Science & Technology, Supply Chain Security | Comments

Fear-mongering at its Worst – A Threat to Water?

Friday, January 15th, 2010

The January 12, 2010 headline of The Washington Examiner was irresponsible, reckless, and salacious. Splashed across the front page read: “Terror threat to city water.” As a water security guy, I was sucked in. After reading the informative (if not boring) article about DC water’s switch in disinfection processes, a change that was publicly announced three years ago, I realized I had been Rickrolled by a dying paper’s feeble attempt to increase its dwindling circulation.

Two weeks after the would-be “underwear bomber’s” attack on December 25, public concerns over terrorism remain elevated. That’s why I was left scratching my head, wondering why the Examiner would choose to frame the city’s change from gaseous chlorine to sodium hypochlorite within the context of an imminent terrorist threat. While the city surely considered security as one of the weighing factors (among others such cost benefit, risk assessment, and safety factors) during their decision-making process, the move to sodium hypochlorite was not made in response to a terrorist threat.

Yet, reading the Examiner’s headline, it seems the move comes as a reaction to a specific threat – that’s like yelling “fire” in a crowded theater because someone brought a lighter. Talk about the opposite of responsible journalism!

At a time when newspaper readership is down, this feeble approach to move copies comes across as desperate. If this is the direction the Examiner is headed, it’s time to end the misery and pull the plug.

Posted in Critical Infrastructure, Management & Administration, Science & Technology, counterterrorism | Comments

Do We Have Your Attention Now? – Google’s Roar to Exit China

Thursday, January 14th, 2010

It’s been no secret that our various cyber networks have been susceptible to attack. Whether by basement-dwelling hackers, international spies, criminal enterprises, vengeful employees or nation-states, the growth rate of cyber attacks has been exploding exponentially for years. As a result, we’ve all heard the FBI, DHS, the Pentagon and even the White House chime in on how serious this problem is. All of those efforts have basically been greeted by the conventional up and down head-bob followed by the expedited and innocuous statement, “Yes, this is serious.”

While there is nothing wrong with those reactions and the attention is surely warranted, something has dramatically changed, and it’s screaming on headlines across the country.

Take a good look at the front pages of the Washington Post, Wall Street Journal and New York Times. Besides offering coverage of the devastation in Haiti, each is offering front page coverage of Google’s threat to leave the Chinese market rather than submit to censorship of its Chinese-language Web site and continue to endure coordinated cyber attacks from a yet unidentified source in China.

This is the first time I can recall that anything on cyber security has received this type of across-the-board, front-page media coverage. Even President Obama’s announcement in May 2009 of his 60-day Cyber Review didn’t garner attention like this.

This is a moment that bears acknowledgment.

For all the tireless and often under-acknowledged work our government and private sector has done in this area, all it took was one of the world’s largest and most innovative companies to roar, “We’re outta here if you keep this up!” to wake the world up to the seriousness of this problem.

To be fair, Google’s message to the media has consistently focused on the issue of censorship. Yet, the company also said that cyber attacks on certain e-mail accounts were part of the problem.

CNN quoted David Drummond, Google’s senior vice president of corporate development and chief legal officer, stating:

“These attacks and the surveillance they have uncovered — combined with the attempts over the past year to further limit free speech on the Web — have led us to conclude that we should review the feasibility of our business operations in China.”

Chinese human rights activists’ Google e-mail accounts were compromised, Google said. But where did the threat originate? This has not been definitively proven, although all signs point to the Chinese government. An absence of proof could account for Google’s focus on Chinese censorship rather than cyber threats. What is more, it would be bad business to openly state that Google’s e-mail services are unsecured. Thus, despite Google’s crafted statements, it seems cyber security is really the crux of the matter.

But what’s unique here is that the private sector giant – not the government, mind you – was able to bring the issue of cyber security to the front page.

As the most popular and most used Internet search engine with offerings in e-mail, mapping and more – when they speak, people listen. (It should be noted that Google holds only a third of Chinese searches, while the Chinese-run company Baidu holds the majority)

It’s a tremendously bold move Google made, and we should all be applauding them for it. It took a lot of guts to confront one of the world’s biggest bullies and literally threaten to take their ball and go home – but they’ve done it. The question now is, “will they follow through?”

The Chinese are not taking this sitting quietly (and aren’t necessarily willing to change their behavior), but the world is paying attention to this issue like no other time before.

I’m anxious to see what happens next.

Posted in Civil liberties & Privacy, Cyber Security, Homeland Security Industry & Private Sector, International, Science & Technology | Comments

Dropping the Ball: Federalizing a National Moment

Wednesday, January 13th, 2010

As the country’s various homeland and intelligence agencies begin to implement the post-Delta Flight 253 changes ordered by the President, it is becoming painfully obvious that we are falling into the same post-9/11 reaction – we are federalizing a national moment.

While the information sharing and dot-connecting changes are absolutely essential for all of our homeland and intelligence parties to complete, there are also essential roles to be played by individuals and the private sector.

The passengers of Flight 253 certainly (and appropriately) took matters into their own hands by subduing Umar Farouk AbdulMutallab before he could successfully detonate the explosives he had on him. As a result, they not only saved their own lives but probably hundreds more on the ground by the plane being able to safely land. Unfortunately, there has been nary a word from anyone in the Administration about the conduct of the passengers other than the initial commendation for their quick actions after the flight landed.

The same unfortunate silence and lack of engagement can be said when it comes to involving the private sector in providing for the post-Flight 253 response as well.

Although the private sector develops and provides technologies and systems that can detect prospective terrorist means of attack (e.g. screening technologies, etc.), improve information sharing and enhance the common operating picture, the Administration, Congress and national media have been largely silent on the private sector’s role in the post-Flight 253 environment.

If we are to be a resilient and resourceful nation, the private sector must play a key role in the strategic response and corrective actions following an event such as that on Flight 253. By having private sector input, the President’s directives could be enhanced by advising on available or emerging security technologies; enhancing information sharing; and encouraging data accuracy while providing for personal privacy protections.

While it is appropriate to applaud the Administration’s candor about its failures and earnestly deploying efforts to correct them, strengthening the U.S. intelligence apparatus and the country’s overall homeland security will require more than actions to federal instruments. It should be a national response that involves all of us – not just some of us.

In watching the actions of the past week and a half, it has become painfully obvious to me that we are falling into the same post-9/11 behavior where the federal branch of government is stepping forward to state, in effect, that “it can and will solve this problem.” The cold hard truth is that it can’t and it never will.

Responding effectively to actions such as an intended suicide bomber or the aftermath of Mother Nature’s fury means one-sided and one-dimensional solutions must be abandoned.

If given the opportunity, citizens and the private sector can surely contribute to the solutions that can make for a safer nation.

Flight 93 demonstrated that on 9/11. Flight 253 showed us that again on 12/25. There are truly countless examples and numerous wasted opportunities that highlight the enormous chasm of learning and engagement we still have when it comes to learning how to respond to events in this country

If the Obama Administration really wants to get its response to Flight 253 right, it can start by treating its game-changing talent a whole-lot better than leaving them on the sidelines. No one succeeds when that happens.

Posted in Aviation and airport security, Critical Infrastructure, Homeland Security Industry & Private Sector, Management & Administration, counterterrorism | Comments

Moore’s Law and Whole Body Imaging: Moving Technology to the Next Level

Tuesday, January 12th, 2010

The news cycles, talking heads and many elected officials seem to be in a bit of a tizzy over the images created Whole Body Imaging (WBI) systems. Current technology produces a de-identified raw data image of the human form with items of concern as they appear. The technology will only be of value, however, if it is deployed and used to its maximum capability. A large part of this capability is the deterrence factor. When screening can reveal everything a potential terrorist has concealed on-body or in-baggage, would-be attackers will move on to some different venue. Deterrence requires technologies (and technology operators) that work flawlessly and in real time, and for this reason, we need to deploy WBI today for a greater benefit tomorrow.

There are currently two operable systems: Backscatter Passenger Imaging, which uses low intensity X-ray technology to show items in pockets or concealed on the person; and Millimeter Wave Technology, which projects radio frequency energy over the passenger’s body creating a 3-D image and revealing the smallest concealed item.

Technology adapts rapidly and can prevent potentially embarrassing situations with undressed human forms. Solutions to enhance security through the use of WBI will become more effective when the data is synthesized to produce a depiction of the entire situation on a generic form, enabling real-time interpretation without the distraction of raw data. These diagrams will have icons generated by algorithms detecting suspect items; however, until WBI is deployed on a large scale, there will not be the necessary critical mass to address the social issues and derive the economy of scale. From this, technological solutions to public concerns will be established and the machines will be produced at more affordable prices.

If we take a moment to consider the efficacy of WBI and the invested public and private funds, we are likely to witness a clear example of Moore’s law, which precisely describes a driving force of technological and social change in the late 20th and early 21st centuries. The capabilities of digital electronic devices processing speed, sensors, and even the number and size of pixels in digital cameras are all improving at (roughly) exponential rates. This has dramatically increased the usefulness of digital electronics in nearly every segment of the world economy.

All one needs to do is look at the History Channel for WWII stories on the secret new system – RADAR. Compare the raw data display of the radar oscilloscope with today’s synthesized weather depiction on the evening news; you would be hard-pressed to recognize it as the same basic system. The WBI screeners are now working with truly rudimentary raw data, compared to what they will be working with in a short time. When WBI is deployed for use in real-time by a wide array of screeners, it will need the finest synthetic depiction engineers can develop to keep the system functioning and the lines moving.

This is the twenty-first century, and technology is constantly accelerating. Look back just a few years at the then new system of Google Earth and compare it with the infinite number of applications available on that depiction using icons to enable the human brain to absorb information in real-time. A pilot operating an F-16, F-18, F-22 does not look at the raw data of analog instruments with dials and gauges, nor do they use an oscilloscope to interpret their multi-sensor and targeting suite. Rather, they use a synthetic depiction with clearly defined icons. They have the latest in visualization tools to enable real-time human interpretation. This is the same technology advancement that will become the standard for WBI. The human form will be some type of avatar or line diagram with icons depicting the analysis of the system on various objects encountered.

I have worked on building common operating pictures with massive amounts of data incorporated and depicted. Data, technology and intelligence analysis does not become a solution until such time as the information can be conveyed to the human decision maker in near real-time and visualization greatly expedites the process and comprehension. Moore’s law will kick in here shortly, and WBI will become yet another ubiquitous aspect of air travel. Our adversaries will learn of our screening technology, and they will have to devise new avenues to pursue. This will give us time to detect them and offer greater incentives to discontinue their behavior.

Posted in Aviation and airport security, Border Security, Homeland Security Industry & Private Sector, Science & Technology, counterterrorism | Comments

The 300 Spartans of Cyber Security

Tuesday, January 12th, 2010

Recently, an official of the National Security Agency stated that the shortage of highly talented information security professionals had not yet hurt our security, but that it sure made the job more of a challenge. The operative word here is “yet.” Thank God for those professionals manning the terminals across all of our diverse infrastructure sectors. They are holding off the growing tide of cyber threats, and they need help.

Much like the valiant 300 Spartans, who fought at Thermopolis to stop Persian army, they know that eventually the will be overwhelmed if they do not get help. They are fighting by rules the enemy does not follow. They respect privacy and jurisdictions. They are waiting for the rest of us to join the fight.

The American public will not join what they don’t understand. The young people, who have the skills and worldview to qualify for this fight, really don’t know there is a war going on. To them, their skills and comfort with technology are just normal. We have to tap this resource. We must make Americans aware of the threats they face.

A stated goal of the Education and Awareness campaign (as yet, not started), called for by the Presidential Report of 29 May 2009, is to recruit more students to professions enabling them to play a role in defending America’s infrastructures. What are we waiting for? The campaign will not yield results in weeks or months, but in years. How long will we leave our “300” alone?

We desperately need more Info Sec professionals of the highest quality. Other nations are training tens of thousands of cyber fighters; we measure our output in dozens per year.

Please, Mr. President, I know you are busy, but tell your folks to start the campaign. It will allow the citizens to protect themselves more effectively and will begin the process of attracting new cyber fighters to the ranks. We cannot wait forever. The Greeks were roused by the bravery of the original 300, but they all died. We need to join them before they are overwhelmed. Afterwards, it may be too late.

Posted in Cyber Security, Homeland Security Industry & Private Sector, Management & Administration, Science & Technology, counterterrorism | Comments

88, Count ‘Em: A Continuing Embarrassment on the Hill

Monday, January 11th, 2010

Last Friday, the editorial board of the New York Times added its considerable weight to the growing list of thought leaders advocating the completion of the 9-11 Commission recommendations – namely, the consolidation of congressional oversight of the Department of Homeland Security. Entitled “88, Count ‘Em,” the Times editors called the 88 committees and subcommittees who claim a piece of DHS oversight “little more than a competitive rush for headlines.”

As Congress begins its effort to find someone to blame for the Christmas Day near miss by the so-called “underwear bomber,” DHS officials will be pulled in many directions on the Hill (probably less than 88 but much more than necessary). It is ridiculous that House Speaker Nancy Pelosi and Senate Majority Leader Harry Reid can’t – or won’t – get their respective caucuses to adopt the remaining 9-11 Commission recommendation. It is an embarrassment that these so-called leaders refrain from showing leadership in this vital area.

As the NY Times concluded, “The nation needs far more reliable vigilance in the defense against terrorism.” I could not agree more.

Posted in Congress, Politics & PR, Critical Infrastructure, Management & Administration, counterterrorism | Comments

Napolitano was Right: The System Worked (Almost)

Monday, January 11th, 2010

By Edward Alden, senior fellow at the Council on Foreign Relations

The failed Christmas bombing plot has been called, by everyone up to President Obama, a massive failure of the intelligence and targeting systems that are supposed to identify would-be terrorists before they come so close to succeeding. But the more we have learned about what the government knew before the attacks, the more it looks like this was instead a very near miss by agencies that were doing most of the right things.

Consider the alternative. What if Umar Farouk Abdulmutallab had been wholly unknown to the U.S. government? We would be faced with a dangerous new type of threat – an individual from a country that was not seen as a likely source of terrorist threats who had managed to escape notice by U.S. or allied intelligence. That would have been a truly damning condemnation of the intelligence community and other agencies with a counterterrorism mission, and it would have left the Obama administration floundering for a response.

But look at what the intelligence community knew about Abdulmutallab. Here was an individual from a country that had been far down the list of U.S. terrorism concerns and who had spent much of his life in London, first at a boarding school and later as an engineering student at the prestigious University College London. He had been vetted for a U.S. tourist visa in 2008, and nothing of concern had been noted.

Yet last year, U.S. intelligence began to pick up several hints that pointed in his direction. The National Security Agency intercepted communications that Al Qaeda in Yemen was plotting an attack on the United States and that it planned to use a Nigerian to carry out a strike. According to Newsweek, the NSA also intercepted a phone conversation between Abdulmutallab and Anwar al-Awlaki, the radical cleric in Yemen linked to the Fort Hood shooter Nidal Hasan. And then came the warning that Abdulmutallab’s father gave to the U.S. embassy in Nigeria, which resulted in a so-called Visas Viper cable back to Washington suggesting that the son warranted further scrutiny for terrorist links.

Finally, U.S. Customs and Border Protection officials were set to pull Abdulmutallab aside when his plane landed in Detroit. His name was on the list of passengers that all airlines since 9/11 must now provide to CBP on all flights headed for the U.S., and CBP had run its checks and discovered the State Department cable that linked him to Yemeni extremists. Had Adbulmutallab landed in Detroit, he would almost certainly have been sent back to Nigeria, and the case would have marked one more success for CBP’s targeting system, like that of Raed-al-Banna, the Jordanian who was turned back at Chicago’s O’Hare in 2003 and later died in a suicide car bomb attack in Iraq.

Clearly there were many failures in this case. His name should, as the President said, have been moved quickly to the “no fly” list, or at least to the “selectee” list, given the conjunction of different information that suggested his role in a plot. Even before that, his visa should have been revoked based on the information known to the U.S. government. There is no excusing those mistakes.

But it is critical to understand that this was a near-miss rather than an abject failure. Had the government known nothing at all of Abdulmutallab, there would be little choice but to continue to do heavy-handed pre-flight screening on everyone flying to the United States, giving foreign tourists, students, business executives and others one more reason not to come to this country.

Instead, the right response is to improve information-sharing and targeting systems to make sure that warnings are analyzed more quickly, the pieces are pulled together, and the names of those who might be a threat are put promptly into the hands of front-line transportation and border security officials. The real lesson of the Christmas bombing is this: the U.S. government has actually learned a lot since 9/11 about how to keep terrorists out of the United States. It wasn’t quite enough in this case, but it was awfully close.

Edward Alden is the author of The Closing of the American Border: Terrorism, Immigration and Security Since 9/11, which tells the story of the development and impact of U.S. visa and border security measures since the 9/11 attacks.

Posted in Aviation and airport security, Border Security, Immigration & Visa Policy, Law Enforcement, Management & Administration, Radicalization, counterterrorism | Comments

Cloud Computing Faces a New Security Challenge

Monday, January 11th, 2010

Many commentators (including me) have called Cloud Computing the way of the future. Indeed, I still believe that is true; however, a new wrinkle has come up with regard to the cloud’s security.

The general security issues involved with cloud computing have been widely discussed. The cloud makes enormously lucrative targets for hackers, thieves and enemies. Cyber malefactors can easily see the potential in getting access to large centralized concentrations of data, often from multiple entities all in “one place.” Getting inside such a target has phenomenal incentives, and when they have sufficient incentives, the bad guys seem able to do almost anything.

Despite that, the huge benefits of cloud computing outweigh the dangers. It saves money; it simplifies each company or agency IT structure and personnel; heck, it’s even Green. It does this by taking large individual data centers out of population areas and puts them in places where energy is cheap and water for cooling is plentiful, which reduces the need for multiple centers. Then look at how the cloud can improve efficiency – keeping security upgrades current, giving access to the best apps, and making sure every customer has the computing power they need when they need it and not only when it is unused.

In these last few benefits are where the problem comes up. It seems hackers are using the computing power of the cloud to do bad things. Instead of laboriously working through passwords trying to crack them, hackers have used cloud providers’ linked virtual networks to apply enormous computing power to break the codes. The have also used cloud providers to form botnets for Distributed Denial of Service (DDoS) attacks and spam distribution.

The problem with freedom is that everyone gets to use the good stuff, both the good guys and the bad. There are some who have called for shutting down clouds (such as Google’s) until we sort this out. That is absurd, and it will never happen. The key lies in securing the cloud.

I have said before that cloud provider companies are the main center of gravity. If they are strong, capable and vigilant, cloud computing will greatly enhance the cyber world. If they are weak, incompetent and lazy, the results will be disastrous. Some of my previous postings have called for cloud customers to be extra careful and ensure they check their provider’s capabilities, strengths and weaknesses. Today, I am calling for a preemptive effort by big provider companies to set standards so their clouds are not misused by bad guys. It will be a tough job policing customers, and it might even cost money. If they don’t do it independently, however, we’ll have legislation that will undoubtedly by more onerous and less effective.

Cloud customers, you still need to watch to whose cloud you entrust your data and application, but providers, you need to be sure of who you allow to join your cloud community. This is not a time to be greedy or competitive; early on, we must be cognizant of the cost we will pay if we allow the benefits of cloud computing to be hijacked by the bad guys.

Posted in Critical Infrastructure, Cyber Security, Homeland Security Industry & Private Sector, Science & Technology, counterterrorism | Comments

Failed Bomber and the Use of Whole Body Imaging

Thursday, January 7th, 2010

Now that the Administration has fully engaged in evaluating the systems failures, which allowed Umar Farouk Abdulmutallab, a Nigerian Islamic terrorist, to board a US airliner with a bomb concealed in his underwear, I feel compelled to contribute my insight.

Based on 33 years flying large transport aircraft worldwide for both the US Air Force and a major US airline and concurrently being an aviation security and operations expert, I see the return of many old issues. Following 9/11, the nation came together supporting the concept that intelligence data had not been proactively shared to allow government agencies to meet the threat arrayed against us.

As an established AvSec specialist from well before 9/11, I articulated widely that not only had the intelligence not been shared between government agencies but also with the private sector operators. Had I and my professional colleagues been consulted by the FBI on the data they had acquired, an understanding of airliner flying lessons without the proper background and focused on only flying not landing could only point to one conclusion.

Now an even more prominent indicator and warning has been ignored. In the hilarious 1980 movie Airplane, outlandish aspects and innuendos of airline industry were the satirized. In one vignette responding to the Arabic hijackers of the late 1970s, a young Arabic man is handed his boarding pass as the agent recites his travel data: “one-way ticket, cash, no luggage – here is your ticket Mr.….” In 1980, that was funny; 30 years later it is a sad commentary that both the public and private sector still cannot learn from historic facts.

Next, the universal hew and cry for better technology to find bad things carried by passengers. Items carried by law-abiding people do not automatically make them homicidal. In fact, the 9/11 terrorists did not carry any prohibited items onto the airplanes other then their intent to commit atrocities. Things and items do not kill people, in this case – people kill people.

The focus of our 21st century technology efforts will be better aligned when targeted on detecting questionable people first then ascertaining if bad things are also involved. This does not include profiling racial, religious or ethnic appearances; rather the detection of behavioral traits, and/or analysis of data, which indicates a need for closer surveillance, examination and investigation of individuals. The basic premise is that people who are about to commit a crime will behave differently than someone going for an airplane ride; especially in the case of suicide bombers as they have not previously practiced their crime.

This leaves us with applying technology, behavioral science and intelligence analysis to vet the traveling public. Many travelers today are military members, government employees or federally elected officials who carry US government security clearances well exceeding that of the screeners at the airport.

Most of these folks already have biometric credentials and given proper equipment to read them will positively establish their identity. These known travelers could be directed into a screening-lite line for a much quicker and efficient process. A second group would likely be comprised of the great majority of travelers of whom considerable information is already contained in the reservations computer even if they only travel occasionally. This group gets the current standard screening procedure to include secondary screening should questions be raised. Finally, there will be a small group of whom little is known, points of origin or destination, payment methods, behavioral triggers tripped, or newly integrated watchlist flags. These people need to be thoroughly evaluated, and this is where the best technology comes into play.

Whole Body Imaging (WBI) currently in use and development uses either of two different technologies. Backscatter Passenger Imaging uses low intensity X-ray technology to show items in pockets or concealed on the person. Millimeter Wave Technology involves projecting radio frequency energy over the passenger’s body creating a 3-D image and revealing the smallest concealed item. The images from both systems are rendered unrecognizable, and we certainly have the ability to prevent misuse of the equipment. Indeed both systems have security blocks built in that prevent the recording or storage of an image.

I agree with the President’s remarks of yesterday: “we have to do better, we will do better, and we have to do it quickly. American lives are on the line.”

There are aviation security professionals like myself with many years of operational experience. When this expertise is synergized with government intelligence analysts and airline operators, we will find that the sum of the parts truly exceeds that of the individual parts taken separately.

“Private sector preparedness is not a luxury; it is a cost of doing business in the post-9/11 world. It is ignored at a tremendous potential cost in lives, money, and in national security.” - 9/11 Commission Final Report

Posted in Aviation and airport security, Intelligence, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments

Security Debrief Experts in CQ Homeland Security (Part II)

Thursday, January 7th, 2010

Congressional Quarterly surveyed homeland security experts, a number of whom are contributors to Security Debrief, on the state and future of homeland security. In this second installment, experts consider the Obama administration’s largest error in 2009. Some of the responses are provided below.

Homeland Security Experts Weigh in: Obama’s Worst Move in 2009?

In part one of CQ Homeland Security’s series kicking off 2010, we asked experts to define the Obama administration’s best homeland security move in 2009. Today, we’re taking the opposite tack, asking them to name the administration’s biggest misstep.

• Asa Hutchinson, former under secretary of homeland security and a founding partner of the business-consulting firm the Hutchinson Group: “The worst move has been in the failure to move quickly on key security positions and agency heads. I was confirmed and at work in August of 2001 as head of the [Drug Enforcement Administration] during the first Bush administration. This is December and many agencies, including TSA and DEA, do not have its leadership team in place. This administration has moved slowly and the result is that critical security agencies are without leadership or have been dangerously delayed in having its new leadership.”

• James Jay Carafano, senior research fellow and director of the institutes of International Studies and Foreign Policy at the Heritage Foundation: “Pretending to overturn Bush programs with measures that are merely symbolic or politically motivated.”

• Christopher Battle, a partner at the Adfero Group: “Worst: giving no power to the cyber czar to effect policy. Second worst: the decision to neuter the 287(g) program [which authorizes local police to enforce federal immigration laws]. It is unlikely that the administration is serious about tackling internal immigration enforcement without partnering with local law enforcement. The five [thousand] or six thousand agents at ICE, which also have a remarkably broad jurisdiction of other criminal investigations, cannot possibly locate and deport the ten-plus million illegal immigrations currently living in the United States.”

• Randy Beardsworth, a principal at Catalyst Partners: “Taking their eye off the existential threats of nuclear and biological attacks. It’s not that the administration has not addressed the issues — it’s that they haven’t done enough given the nature of the threat and the consequences of such an attack. Yes, the White House National Security Staff now has a WMD Terrorism Directorate, and yes, there is acknowledgment of the biological threat. But there isn’t the sense of urgency to shore up our defenses against the low probability, extremely high consequence event of a nuclear detonation. Without national-level strategic guidance, our move toward implementing a global nuclear detection architecture has been adrift this year. Similarly, the national strategic guidance on biological attack has not been sufficiently reinforced (and beefed up) by the current administration.”

Posted in Cyber Security, Emergency Preparedness & Response, Homeland Security Industry & Private Sector, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments