2010 February | Security Debrief - a blog of homeland security news and analysis

Archive for February, 2010

Lessons from the Napolitano Budget Hearings

Friday, February 26th, 2010

Someone needs to buy Janet Napolitano a beer. Or at least give her a double of whatever she wants. After two consecutive days on Capitol Hill testifying in front of four different Congressional Committees, she’s earned it. In defending the Administration’s proposed 2011 budget, she took on a whole set of bipartisan punches and barbs from an array of political players who weren’t exactly happy with what she was trying to sell them.

While affording her the professional respect that she and her office deserves, expressing their thanks for her appearance before the respective Committees, and for her service to the nation, Congressional Members gave her a range of wagging fingers, raised voices, sneers, wide-eyed stairs, sighs and other behaviors that moms and grade school teachers would be annoyed at. This is of course the expected norm for any budget hearing, or for that matter, any other Congressional hearing for a government official. Congress is supposed to ask tough questions. The Members of the 111th Congress lived up to that charge, but their questions and often-rambling soliloquies leading up to the actual questions revealed a lot. Here’s what we learned:

From a bipartisan perspective:

Proposed personnel cuts to the U.S. Coast Guard and Border Patrol (since amended by the Administration) were met with universal disdain;
The elimination and consolidation of a number of existing grant programs was an absolute non-starter for almost all of them; and,
The Administration’s proposal for $200M in the DHS budget to pay for terror trials in the United States is a “no way in hell” option.

From a Majority perspective:

There was incredible frustration expressed by the Majority Democrats that the Administration was not taking the legislated 100 percent Cargo Screening Mandate more seriously. In fact, you might even go as far to say that they felt Sec. Napolitano was blowing it off in favor of her own prescribed remedies.
Almost equally as frustrated were senior Democrats (Rep. Nita Lowey [D-NY] and Rep. Bennie Thompson [D-MS] who the Administration had not moved forward on implementing collective bargaining for screeners at TSA. I thought the admonition by House Homeland Chairman Thompson to Sec. Napolitano that “you know we voted on this? Don’t you?!” was very telling. Probably more telling was the lack of a definitive answer by the Secretary in responding to him on whether the Administration would allow collective bargaining to actually go forward. [I bet the unions are going nuts on that one.]
They also weren’t particularly thrilled to see that contractors outnumbered civil servants at DHS either. [Why this fact is considered shocking is beyond me. It’s been that way for years.]

From a Minority perspective:

The Republicans stressed their objections about real (or perceived) cuts to border patrol and U.S. Coast Guard operations or any other measure they felt could leave their own Districts (or the nation) vulnerable to attack or disaster.
They also weren’t too happy to see the proposed numbers for personnel number increases to DHS’ headquarters operations either. While the Obama Administration is seeking to improve the number of people working in its management operations to improve its procurement and other operations, the GOP members saw an easy target to blast at the expense of proposed cuts to the Department’s operational elements.

Final Observation

While the subject of redundant, excessive and rampant Congressional oversight of DHS has been long raised in individual speeches by some members of Congress, Sec. Napolitano (her predecessors), 9/11 Commissioners, reporters, bloggers and others, these four hearings started to show the bubbling frustration that this issue is presenting.

While Rep. Hal Rogers (R-KY), Ranking Member of the House Appropriations Committee, upbraided Sec. Napolitano for the poor turnaround that DHS had given to reports that Congress wanted, she admirably defended her Department by sharing the eye-popping numbers they were asking for.

Later in the same afternoon, another Republican, Rep. Mike Rogers (R-AL), asked her to give the issue of consolidating homeland security oversight by Congress a “political lift” and encouraged her to speak to House Speaker Pelosi and Majority Leader Reid about the subject. The Secretary responded that the Administration had raised the issue before and would continue to do so. Rep. Rogers then pressed if she had spoken to the President about the subject. She shared that she had but went no further than acknowledging the conversation.

This is the first I can recall that the Secretary has mentioned this subject and the President’s name in the same sentence. We can only hope that at some point, he will back up Sec. Napolitano and deliver on completing all of the 9/11 Commission recommendations.

Until then, I hope someone buys her a beer. She earned it this week.

Posted in Aviation and airport security, Border Security, Congress, Politics & PR, Critical Infrastructure, Emergency Preparedness & Response, Management & Administration, Science & Technology, Supply Chain Security, counterterrorism | Comments

Rockefeller / Snowe Hearing: “Cyber Security – Next Steps to Protect Our Critical Infrastructure”

Thursday, February 25th, 2010

The Senate Commerce, Science and Transportation Committee, led by Chairman John Rockefeller and Ranking member Olympia Snowe, held a long awaited hearing on Cyber Security. The Chairman began with the thought that a major cyber attack could shut down our nation’s most critical infrastructure. He called for legislation to “modernize the relationship between the government and the private sector on cyber security.” This is the committee’s fourth version of their legislation (S. 773, the “Cyber Security Act of 2009”), but they have yet to set a date for a formal mark up in the committee. Snowe commented that “We’d like to get something done this year, [but it] remains to be seen.”

Snowe implied that Congress may include incentives such as liability protections and tax incentives for firms that meet performance measures and best practices. He wants the White House cyber coordinator, currently a member of the National Security Council, to be a Senate-confirmed official who could be compelled to testify to Congress.

A stellar group of witnesses appeared. These include Vice Admiral Michael McConnell (USN, Ret.), former DNI, and now with Booz Allen Hamilton. He made the biggest news when he said that if the United States were in a cyber war today, we would lose because “we are simply the most dependent and the most vulnerable to attacks.” He called for passing the Rockefeller/Snowe bill to protect critical infrastructure and preempt adversaries. McConnell pessimistically said that “we will talk about [passing a bill],” but it may take a catastrophic event before we act.

Dr. James A. Lewis, Director and Senior Fellow at the Center for Strategic and International Studies also voiced support for the bill. Lewis said the Internet was like the Wild West and real security of global infrastructure may not be achievable without domestic and international regulations. He pointed to historical examples of lagging regulation in other industries. The industrial leaders always objected, but eventually rules are needed. In his written testimony, Lewis said that “Every time a new technology has reshaped business, warfare and society, there has been a lag in developing the rules . . . needed to safeguard society.”

Mr. Scott Borg, the Director and Chief Economist, U.S. Cyber Consequences Unit stated that presently, the biggest cyber losses to the U.S. economy are due to “massive thefts of business information.” He also cautioned the committee that some aspects of cyber security cannot be legislated; it is just too slow. Technology and cyber attack techniques change so rapidly that “if the government tries to mandate standards, they will be out of date – and an actual impediment to better security – before they can be applied.”

Other witnesses were Rear Admiral James Arden Barnett Jr. (USN, Ret.), Chief, Public Safety and Homeland Security Bureau, Federal Communications Commission (FCC), who emphasized the need to include a mix of regulation and public-private partnerships. Another was Ms. Mary Ann Davidson, Chief Security Officer, Oracle Corporation. She made two recommendations to the committee: (1) Reform university-level educational curricula for computer science so students learn to incorporate security into software from the beginning; and (2) work to lessen the nation’s exposure to systemic risk.

All these witnesses added to the growing discussion on cyber security. We do, however, also need some action.

Posted in Critical Infrastructure, Cyber Security, Homeland Security Industry & Private Sector, Management & Administration, Science & Technology, counterterrorism | Comments

An “Astounding” Problem – DHS Civil Service and Contractors

Wednesday, February 24th, 2010

Amidst the news today are reports that DHS employs more contractors than career civil servants. Lawmakers, notably Sen. Joseph Lieberman (ID-CT) and Sen. Susan Collins (R-ME), have described this situation as “unacceptable, untenable and unsustainable.” The other notable word that they have used to describe this situation is “astounding.”

What I find “astounding” is that this situation is actually making news.

This is not news. In fact this is a situation that has been known about for some time. For years, DHS leaders have reported to Congress their employee and contractor employee numbers. In sharing those details, these leaders have made earnest pledges to try to rectify the numbers in favor of having more civil servants. As valiant as their efforts have been, they have been fruitless, and the employment numbers have continued to trend towards a contract workforce over government employees.

Why?

The answer is as simple as it is complex.

You can’t have any conversation about DHS’ employees or contract workforce numbers without mentioning the ultimate crux of the problem – the Department’s Human Resources/Personnel System.

The only person who could possibly proclaim they are proud of the existing HR system is Satan himself because it is sheer hell.

From applying for an open position (and hoping to get some type of response); trying to get your current or previous security clearance processed/accepted; going through myriad interviews that ultimately stop, go nowhere or have to start all over again because of a leadership change somewhere in the organization; seeing the job announcement pulled for some unknown reason – the existing system is nothing short of a disaster.

It takes months, if not more than a year, for DHS to hire someone for many of the positions they need filled. Often times, good candidates who have applied for posted positions just get fed up and pull out of the interview process altogether out of disgust and frustration. As a result, some hiring efforts have to start all over.

From Day 1 of the Department, its executive leadership has tried to remedy this situation with various proposals to provide flexibility and speed to the hiring process while compensating its workforce accordingly. All of those efforts have failed. Because of successful legal challenges by unions (e.g., NTEU’s numerous battles with DHS), the Department’s legacy components having their own hiring systems, constant leadership turnovers and more, DHS possesses what is arguably the worst HR system in the Federal Government. Its future does not look much brighter either.

With guaranteed legal challenges by unions such as NTEU and AFGE to any new proposal that they don’t like, Congressional oversight and meddling (e.g., procedural holds by members of prospective changes), an antiquated pay scale that does not adequately compensate its personnel for their skills and talents, and no leadership on the immediate horizon to aggressively tackle the issue (especially given the hold placed on the nomination of Rafael Boras to be the new Under Secretary for Management), we can expect more of the same.

There is nothing “astounding” about this situation. It’s revolting, and it has been allowed to perpetuate itself year after year.

But why the disparity in civil service and contractor numbers? DHS uses contractors to get its work done because frankly it’s easier and it works. They have jobs they need done. As a result, they issue the specs/RFP for the work to be done, they make a selection of who they want doing the work, and the contractor gets busy doing it. Period.

Additionally, contractors can hire and fire their personnel with greater ease and can better compensate their people than anything DHS can offer in the civil service.

When you compare the hiring mechanisms of DHS with those it has contracted with to support its mission assignments, it’s not even a comparison. It’s like having a race around the world with a row boat (DHS’ HR system) and a rocket (its contractors).

It’s also a complete misstatement to infer that the contract workforce is not as good or as dedicated to the homeland mission as those in the civil service. The contractors DHS employs serve the same mission. Their ID badge color may be different, but their efforts are dedicated to the same cause. That argument seems to have been lost amidst all the headshaking reaction to the Department’s personnel numbers.

If we really want to be “astounded” and have a system that is “acceptable, tenable and sustainable,” we can start by fixing the problem that created the civil service and contractor imbalance.

Until then, we’re stuck with the status quo, and there is nothing “astounding” about it.

Posted in Critical Infrastructure, Homeland Security Industry & Private Sector, Management & Administration, counterterrorism | Comments

Calling Obama’s Cards – TSA and Collective Bargaining Rights

Tuesday, February 23rd, 2010

Yesterday’s actions by the American Federation of Government Employees (AFGE) to represent TSA’s 40,000 screeners has upped the ante in the high stakes poker game the Obama Administration seems to have avoided playing. On one side of the table is John Gage of AFGE who made the bold move of filing for election to be the union of choice representing these often beleaguered employees and their interests.

In the other chair at the poker table is Colleen Kelley and the National Treasury Employees Union (NTEU), who is not about to be undone by Gage’s actions in trying to be the union of choice for TSA’s workers.

And as if these two players did not already make a formidable card playing pair, you have Sen. Jim DeMint (R-SC) who has essentially declared that hell will freeze over before there is a union at TSA. DeMint has already demonstrated his adeptness to block, stifle, derail and sack anyone the Obama Administration puts forward to lead TSA who even has an inkling of allowing collective bargaining rights.

Even if you’ve “taken no position” on the subject – as former TSA Administrator-nominee Erroll Southers professed – and wanted to look at the information to make an informed decision on the subject, the answer of “Hell no” are the only words Sen. DeMint wants to hear from a prospective TSA Administrator nominee if they stand a chance of surviving his gauntlet and getting into office.

In the final two poker seats at the table sit DHS Secretary Janet Napolitano and her boss President Obama. Napolitano has really not offered much about her thoughts on the subject, other than some fairly innocuous words that make each side think she’s with them. Regardless of what her own thoughts are and what cards she holds on the subject, it’s the White House and President Obama that have to make the call on what to do next. For all of her recent communications lapses, Napolitano remains a shrewd political leader, and she’s not about to make a play unless the White House directs her.

And this is where the White House has to finally make a decision. It’s gut check time.

Will there or will there not be a union at TSA?

If we are to ever move forward, the White House’s deafening silence has to end. Whatever decision it makes will have tremendous consequences and will leave some players at the poker table inflamed and outraged.

Citing the Administration’s frustrating inaction on the subject, AFGE has made its bold move and NTEU will soon match their action. As the White House figures out how to balance the interests of two powerful stakeholders who helped put them in charge of the Executive branch, they have to keep an eye on DeMint who seems to relish the opportunity to blow away another Administration nominee.

Continued silence and inaction by the Administration ruins the chances of whatever well-intentioned individual is selected to be the next TSA Administrator.

Continued silence does not address the campaign promises or real leadership needs that TSA needs to have fulfilled. There’s also no blaming this on George W. Bush (the default for almost everything), or stating the need for more time to study this situation.

This is the White House’s call, and it’s been that way all along. It is time to call the Administration’s hand. More to the point, there is a time to campaign, and there is a time to govern. It is now time to govern. So, what’s the call Mr. President?

Posted in Aviation and airport security, Congress, Politics & PR, Critical Infrastructure, Law Enforcement, Management & Administration, counterterrorism | Comments

The Airport Security Process: Learning the Hard Way

Monday, February 22nd, 2010

Last week, Transportation Security Administration (TSA) workers at the Philadelphia airport grossly mistreated Ryan Thomas, a 4-year-old boy who has intellectual and physical disabilities, and his parents. Headed for an Orlando-bound flight to celebrate Ryan’s birthday at Disney World, TSA security screeners forced Ryan’s parents to strip off his leg braces to clear security. Refusing to allow Ryan to be carried through the metal detector, he was literally dropped from his father’s arms on one side of the machine into his mother’s arms on the opposite side. Turns out he was unarmed – who could have known?!

As a physically disabled frequent flyer, I am stunned by what happened to Ryan and am fully supportive of him and his family. As a homeland security expert, however, I view this sad experience through a broader lens. What happened to Ryan is a symptom of what’s wrong with the airport security process, and it should be leveraged to enhance safety while improving the airport experience for all flyers. In order for that to happen, the following needs to take place:

The at-fault screeners need to be fired. After making Ryan’s parents remove his leg braces, the screening supervisor tried justifying his actions by saying, “You know why we’re doing this.” The implication here is that because of the underwear bomber, TSA should treat every passenger (no matter how vulnerable) like a terror suspect. This attitude cannot be allowed to permeate the Agency. Rules and protocols were violated, and the screeners need to be held accountable.

President Obama needs a TSA Administrator. This incident represents a significant breakdown between the Agency’s leadership office and its boots on the ground. How else could such a thing occur? TSA has been diligent about working with the disabled community to develop training programs, guidelines and operating procedures specifically designed to address screening individuals with special needs. The longer the White House takes to check this box, the worse the breakdown will become.

Congress needs to hold hearings. It’s time to take a fresh look at how and why we screen people. Because of Richard Reid, we all have to remove our Nikes to board a flight; a plot to down transatlantic flights by mixing commonly found liquids to create explosives resulted in a ban on all liquids in excess of 3.4 ounces; and because of Umar Farouk Abdulmutallab, the so-called “underwear bomber,” people like Ryan and I are at greater risk of being treated like terrorists by overzealous screeners. Knee-jerk reactions do not equate to effective security practices. Congress needs to revisit how TSA is tasked with securing the “friendly skies” by revisiting the debate over total screening verses risk-based screening. How much time and energy do you suppose was wasted bothering this boy when efforts could have been more focused on those who more likely pose a serious risk?

As sorry as I am for Ryan and his parents, I’ll feel even worse for the nation as a whole if we don’t learn from this and improve our security practices.

Umar Farouk Abdulmutallab

Posted in Aviation and airport security, Civil liberties & Privacy, Law Enforcement, Management & Administration, Private and Physical Security, counterterrorism | Comments

Wild Week in the World of Cyber

Monday, February 22nd, 2010

Well, the week of 15 – 19 Feb 2010 was a fascinating one if you follow cybersecurity events. The bellwether stories are numerous, and reaction to them has been varied. Even if you don’t join in the debates of the blogosphere, it sure is fun to “watch.” On the serious side, these issues are all critical ones, and the number of experts (real ones, not the self-proclaimed variety) who hold widely varying positions shows the challenge of this field.

The biggest headlines probably went to the 16 Feb exercise held by the Bipartisan Policy Center. This exercise used former high level administration players (from the Clinton and G.W. Bush teams) to play the key roles. These included:

Ambassador John Negroponte, as the exercise Secretary of State
Secretary Michael Chertoff, as the National Security Adviser
Fran Townsend, as the Secretary of DHS
John McLaughlin, as the Director of National Intelligence
Stewart Baker, as the Cyber Coordinator
Joe Lockhart, as the counselor to the President

The scenario started with a widely downloaded and infected smart phone app, and quickly cascaded to a major Internet malware infestation. Add a terrorist attack on some physical infrastructure and a few natural disasters, and pretty soon you have a huge national security challenge. The whole thing was filmed by CNN for broadcast later.

The reviews were mixed. Some decried the scenario, noting that technologically, it was a little over the top. Those unfamiliar with the normal exercise methodology where you almost always have apocalyptic situations wondered why they tried to stress the system that much. A good number of observers applauded the highlighting of a number of issues with which our system is not yet ready to deal. Lack of authority to act heavy handedly domestically, even in a crisis, was one key finding (take over the telecoms?), difficulty of attribution for the malware intrusion was another, and defining an act of war in cyber was a third. Policy wise, the lessons learned are similar to those noted in past exercises, but this one was totally public.

Bottom line? To paraphrase Chertoff, we are still at a September 10 level of readiness in the cyber realm.

Next was the public outing of the Kneber Bot. It was publicized that a Botnet, with over 74,000 “members” (zombie computers), has penetrated more than 2400 organizations in a wide variety of sectors using ZeuS malware. Some said, “Yes, this is old news, this bot has been around for a while.” Others said that this is a newer variety of ZeuS, one that is much harder to detect and stop. It engendered a lively debate as to the responsiveness of protective software companies to existing known threats. Still others were shocked at the extent of the problem.

Bottom line? The American people are still woefully unaware of the level of threat they face everyday. This includes lots of corporate leaders who should not be so uninformed.

Two major information technology schools in China were identified as a possible source of the now well-known attacks on Google that precipitated that company’s decision to pull out of the lucrative Chinese market. The schools deny it, as does the Chinese government. Many experts point to the fact that China is the most hacked country (in numbers) in the world, and the schools could have been set up to look like the culprits. These two institutions produce a great many outstanding computer practitioners. Some end up working in the private sector, some for the Chinese government.

Bottom line? Clear attribution is still tough to achieve; without it, it is impossible to take truly legitimate retaliatory action.

Privacy issues are at the center of the last two big stories. Google’s roll out of their new Buzz social networking tool got everybody steamed. Google preselected match up for all their Gmail customers to jump start the new network. Suddenly you were linked/following people Google chose for you. Google is working it out, and it may end up as a tempest in a teapot, but clearly privacy is still a valued commodity.

Similarly, a school in Pennsylvania issued laptops to all its students so they could use the schools electronic resources. Unfortunately the package (tracking software, Web cams) allowed the teachers to “know” what the students were doing at home, even in their rooms. One student was reprimanded for inappropriate behavior based on what the teacher “saw.” Huge privacy flags went up! Law suits started, computers recalled and lots of explaining began.

Bottom Line? Privacy remains a third rail, and cyber capabilities can run all over it if not thought out completely.

So, pick your issue: national readiness, ongoing vulnerabilities, international norms and personal privacy. Cyber continues to be a key and critical issue. It will not go away or lessen in importance. I know the Administration is working hard on any number of issues in this area, but we NEVER see it.

Mr. President, please tell your folks to lets us know how you are addressing these (and other) cyber challenges. Better yet, ask us in the private sector to help. We need the confidence that can only come with knowledge, and you need the expertise that is resident on the other side of the public/private equation.

Posted in Critical Infrastructure, Cyber Security, Emergency Preparedness & Response, Homeland Security Industry & Private Sector, Intelligence, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments

Could Goldman Sachs be the Next “Major Threat to Homeland Security?”

Thursday, February 18th, 2010

Have Goldman Sachs focused on their operational risks to the exclusion of all else, to the extent that their destruction is now politically convenient in the current US climate, and what tools could be used to achieve that end?

I began, two weeks ago, by writing a blog entitled “Has Goldman Sachs caught the Blackwater Disease?” However, the more I explored the issue, the more I believe that the implications stretch wider. While I am not a fan of the concept of the “Perfect Storm,” I do believe Goldman Sachs has ignored non-financial risks at their peril. This blog is not a reflection on whether Goldman Sachs are good, bad or indifferent; it is a reflection upon how disregarding all risks can create the conditions to destroy a company, just when that company appears to be at the top of its game. This blog explains those conditions affecting Goldman Sachs, makes comparisons with what happened to Blackwater, and explains how the downfall of Goldman Sachs as they are today might be affected.

Unlike the health care bill, immigration or the wider economic woes of the country, the conduct of the investment banks and how they brought the U.S. to the edge of financial collapse is an issue that can be made personal. Thus far, Capitol Hill has cried foul about “investment bankers” and criticized the banking industry, but they have not targeted any one institution particularly.

Simultaneously, the TEA Party is rising. The TEA Party recently held their first convention, which has been likened to a first date – the various groups have been communicating for a while, and now they want to see if they can work together. The TEA Party is increasingly being seen as a voice for the silent majority that whilst long silent, now want their country back. They demand a return to responsiveness to the electorate by politicians and the cleaning up of Washington, DC; the finance industry is the significant designated bad guy.

It is not a great leap to understand that the TEA Party, representative of the silent majority, must be a very attractive demographic for a President and Congress that have alienated many over the healthcare bill, are looking down the barrel of mid-term elections and need to begin to repair that damage. They need a scapegoat, and at the moment, there is truly no scapegoat bigger than Goldman Sachs.

There have been a range of allegations in newspapers recently, not least in the New York Times. The role of Goldman Sachs in the downfall of AIG and their profiteering from it, their financial engineering of the Greek debt, and then shorting as a result of their knowledge and other allegations, all contribute to the image of Goldman Sachs as an organization committed only to their bottom line with no thought for their country, Main Street or the welfare of anyone but themselves.

Goldman Sachs stand by every action they take as being both legal and in the interest of their employees and shareholders. An investment bank with their influence everywhere, their profit margins and bonuses are driven both by advising and market participation. The reports about the AIG relationship are that their active reluctance to seek a third party valuation and setting low valuations on arrangements with AIG hastened AIG’s demise. Not only did these acts hasten AIG’s demise, but a percentage of those funds went to GS to settle obligations – obligations that have since significantly increased in value, making GS more money on the backs of the taxpayer.

Just as Eric Prince was perceived to have influence at court through his relationship to the Republican Party and the White House, so Goldman Sachs is perceived to have influence through the penetration of its alumni into government – the joke “Government Sachs” isn’t so much a joke as a loose description. Hank Paulson ran Goldman Sachs, Tim Geithner came from there, as did Neal Kashkari, who ran the original TARP fund. It does not take a conspiracy nut to argue just how much GS profited from the decisions of the organizations, “off the taxpayer’s back.”

Thus far, there have really only been allusions as to these relationships and their effect on government policy. However, desperate times call for desperate measures, and one can effectively argue that the Democrats are getting desperate. Since gaining control of the Presidency, the House and the Senate, it’s easy to perceive that they have done nothing with them, and the loss of Senator Kennedy’s seat to the Republicans must have sent shock waves through the party.

“When a president realizes he can achieve nothing domestically, he turns to foreign policy” (with grateful acknowledgement to Arthur Hodgeson); when a Democratic president is under pressure, he finds a fall guy. For Clinton, it was Microsoft and the anti-trust showdown. For President Obama, it may well be Goldman Sachs.

Goldman Sachs is a strong, well-financed institution that is positioned to fight such demonization and investigations hard, but, ironically, that makes them all the more worthwhile a target. A strong fight played out in the media where the Democrats can lay the corpse of Goldman Sachs, painted as the root of all evil that brought about the downfall of the modern financial system, would play well with certain demographics.

The movement would start with more formal investigations. Do not forget, the media component has already begun in the New York Times and other media profiles and investigations, just as it did with Blackwater. At some point, when instinct or numbers suggest it is time, a Congressional Committee or two will begin to become officially interested, and a Special Investigator will be appointed. At that point, it will be clear the game is afoot and sides will be drawn. The Special Investigator may find evidence of activities that are contrary to the interest of the United States and its citizens, and here, it becomes interesting.

Just as RICO has been put to some very interesting uses over the years, the Patriot Act is drawn broadly; in the wrong hands with a passionate agenda and sufficient evidence that the interests of the US were compromised, it could be that Goldman Sachs are open to a form of asymmetry that, until now, they never contemplated. It’s clear nothing would give many in the country greater pleasure than television pictures of Goldman Sachs executives in handcuffs, arrested under the Patriot Act for the wrong done to the citizens of the United States.

What is the comparison to be drawn, it will be argued, between attempting to kill a couple of hundred people on a plane and driving millions into joblessness and across the poverty line? Questions of the role of the government and its responsibilities will come into play, and provide a wider pulpit for the Democrats to argue just how seriously the Republicans forsook the nation over the past decade. I understand that many will dismiss this scenario as a fiction that “could never happen here.” To those people, I suggest they return to Tom Clancy and remind themselves of how someone flying a plane into a building can only be fiction.

Goldman Sachs would fight, and most outside Wall Street may underestimate just how much fight an organization that regards itself as elite has and is prepared to use to protect its position. When confronted with death, an organization will do whatever it takes, and Goldman Sachs certainly has the influence and muscle to go all the way – personally, actions such as trying to get the President impeached and flooding the electorates with anti-incumbent advertisements (thanks to the Supreme Court) would be the tip of the iceberg.

How were the conditions for this demonization created? Goldman Sachs, in pursuing their operational goals of financial success for the firm and their shareholders, lost sight of the bigger picture. Perhaps they have such confidence in their power and financial base that they believe the Government and elected officials would never vilify them, and under normal circumstances this would be true.

However, these are not normal circumstances and normal perceptions simply do not apply. I again emphasize that this is not a recommended course of action nor a judgment of Goldman Sachs, but simply an explanation of the worst case scenario for them –one that seems to be slowly growing in likelihood each day.

How did this come about? It appears that Goldman Sachs, true to their culture, focused on the financial risks to themselves and their clients. They aggressively control downside risk, and equally aggressively grasp opportunities, or the upside risk. However, financial and operational risks are not the only risks that affect a business, and the other risks are changing in just as volatile a manner. Understanding this is critical to businesses, and an important argument for non-core components of businesses in demonstrating their relevance.

That Goldman Sachs have caught the Blackwater disease of being the personification of an industry at the wrong time is certain; the question is what will happen as a result. The real question is whether one regards this scenario as likely, and commits the ultimate heresy of shorting Goldman Sachs.

Posted in Congress, Politics & PR, Critical Infrastructure, Homeland Security Industry & Private Sector, Ideology & Public Diplomacy, Management & Administration | Comments

1M Fewer Illegal Immigrants: DHS Secure Border Initiative Ended Catch and Release

Thursday, February 18th, 2010

CBS News recently reported the number of illegal immigrants in the U.S. is down by about one million from 2008 to 2009. The DHS report CBS cited also shows a striking difference in the number of illegal immigrants entering the U.S. in two different periods. From 2000 through 2004, 28 percent of the current population of illegal immigrants entered the United States, and only 8 percent entered from 2005 through 2008.

Having worked with these DHS statistics for a number of years, I am keenly aware of their limitations. I suspect the economy has played a role in this decrease, but I also think we need to give some credit to improved border enforcement and particularly to a little heralded but successful effort to end “catch and release.”

I was fortunate enough to help lead a team to develop the initial concepts of the Secure Border Initiative (SBI) and to re-engineer the removal process. The project’s success was a result of improved efficiencies and the considerable deterrent effect of migrants no longer being routinely released into society.

Recall the situation in the summer of 2005: The effectiveness of U.S. border control was under fire. A million illegal immigrants per year were streaming across the southern border, and tens of thousands were making their way across the northern border. The U.S. Border Patrol was interdicting only a fraction of the flow, most of whom were Mexican and were simply returned across the border where they could once again attempt the crossing. In addition, several hundred thousand “other than Mexicans” (OTMs) were also interdicted. These OTM could not be returned to Mexico; they were processed in the immigration court system, released and told to return for a hearing several weeks or months later.

This process was known as “catch and release.” Beyond the problems with “catch and release,” there were tens (if not hundreds) of thousands of “overstays.” These were people who entered the U.S. legally but overstayed their visas. Criticism was also mounting about illegal immigrants taking jobs and displacing American workers. Stories about deplorable conditions in detention facilities, and the administration’s lack of understanding of how much money they were spending and where they were spending it, fueled more public frustrations and led to the common perception of a broken border control system.

It was against this backdrop that then-DHS Secretary Michael Chertoff vowed to fix the problem. Effective border control became the sine qua non of comprehensive immigration reform. The strategy to control the border became known as the Secure Border Initiative (SBI). Although SBI was originally envisioned to include measures to attack the problem on a number of fronts, including at ports of entry, along open border spaces between ports of entry, and in the country’s interior. Secretary Chertoff quickly realized that the call for enforcement measures, specifically more Border Patrol Agents, was futile if more agents apprehended a greater number of illegal immigrants only to return them across the border or release them into the community.

Immigration and Customs Enforcement, who managed the detention and removal process, estimated that to stop “catch and release” they would need to increase the number of detention beds from about 20,000 to well over 120,000. This increase in bed space would have cost about $3.6 billion.

The thoughtful, technocratic process of re-engineering the removal system did what one would expect – improve efficiency, reduce cost, and simplify the process. As a result of the removal re-engineering process, Secretary Chertoff was able to end “catch and release” within 10 months and with an increase of less than 10,000 beds.

There are any number of “systems” in the homeland security arena that would benefit from this type of rigorous analysis followed by clear decisions and determined implementation. I hope we see a few of these efforts this year.

Posted in Border Security, Immigration & Visa Policy, Law Enforcement, Management & Administration | Comments

Lessons in Blizzard Resilience – Part II

Tuesday, February 16th, 2010

If you talk to any parent in the National Capital Region, odds are they are at their wits end with having their children stuck at home for nearly a week and a half. After two large snowstorms and a pathetically minor dusting, most of the region’s school children ventured back into the classroom today. It could not have happened soon enough. As frustrating as the continued school cancellations may have been, the region’s educators had little choice in the matter. With impassable roads, unreachable sidewalks, glacial formations blocking entrances, and teachers and school staff hard pressed to get out of their own neighborhoods, cancellations were the only choice school leaders had.

Government and business leaders were faced with similar “no win” choices. When the roads are a wreck, a public transportation system is inoperable above ground for subway cars, and buses have very limited service, there is little they can do to keep their doors in the position they want – “open for business.”

As FEMA Administrator Craig Fugate has so aptly put in numerous ways, “It’s time we treated the citizen as an asset and as a member of the response team, rather than as a liability.”

While it is easy (and in numerous cases appropriate) to mock the National Capital Region for its traditional panic and hysteria when bad weather is forecast, let alone when it arrives, the 2010 Mother Nature Winter rampage has put forward some great issues that public and private sector leaders, as well as citizens, should be acting on. For instance:

In an area that is as widely connected to the Internet, why can’t government, business or school go on in some type of limited capacity? Today’s Washington Post Editorial Section made just that pitch for government telecommuting. I know from speaking with friends during the storm, many of them were still working their day jobs from home taking conference calls, looking after clients, etc. Why can’t our schools do something similar? Our regular lives may have been interrupted by snow, but learning can still go on. I know that a computer screen is no substitute for a professional teacher, an engaged classroom and regimented curriculum, but there are still things that can be worked on when the school doors are closed. Our educators need to be thinking about telecommuting with their students as well. What happened to all of those pandemic flu plans for education, and why weren’t they used to deal with this circumstance?

Brigades of parents, students and other volunteers brought their shovels and backs to clear streets, sidewalks and entrances to schools to get them reopened. Efforts such as these are sound examples of an engaged and active citizenry. Thanks to PTA lists as well as other school directories, it was easy to reach out to a vested and interested constituency and ask them to help out. The call went out, and it was answered.

As great as their volunteer shoveling may have been, it would be just as great to mobilize citizens to shovel out fire hydrants and street drains. God forbid there is a fire in a neighborhood and responding fire units have to spend part of their response time digging out a hydrant for a water hook up.

The same for storm drains. While the thaw is slowly underway, all of this snow has to go somewhere. Unless residents have dreams of creating their very own neighborhood Venice, removing snow from storm drains so it can go some place other than your basement is a good start. Mobilizing regional CERT Team members to go door to door to ask for help in doing these things is a great way to get neighborhoods involved in their own resilience.

There are so many lessons to be recorded and acted on that no posting by me or any other blogger could capture them all.

The point is simply this: If we allow the circumstances of the past two weeks to go by as a frustrating, angst-filled memory rather than a teachable moment, this region will deserve to be the butt of more finger-pointing jokes about its weather wimpiness.

While I have my own doubts about the region’s ability to become a capital of resilience (namely because we have way too many lawyers to find a reason why not to do something), we can become a better community by reaching out to civic groups, neighborhood associations and average citizens and make them part of the overall snow/emergency response plan.

Over the past two weeks, this region showed flickers of hope inline with Fugate’s vision of citizen participation. With any luck and continued persistence by citizens about the lessons learned, we just might be able to make that vision an everyday reality in years to come.

Posted in Emergency Preparedness & Response, Homeland Security Industry & Private Sector, Homeland State & Local, Science & Technology | Comments

Bipartisan Policy Center Leads Major Cyber Exercise on Tuesday

Monday, February 15th, 2010

The Bipartisan Policy Center, which has ported over the 9/11 Commission co-chairs, Lee Hamilton and Tom Keane, is coordinating the major cyber exercise this week. The U.S. Government has conducted closed versions of cyber war games several times before, and the results are held very closely. At other times, cyber attacks have been injected into broader exercise scenarios but almost always are abandoned because it “ruins” the wider training value. That means cyber brings the entire show to a halt because we really do not know how to deal with it.

The BPC should be commended for its openness. This exercise will be completely transparent and open to the press. CNN has agreed to record the event for broadcast later in the week. Wow. It should be quite a show

The actual participants don’t know the scenario ahead of time; it will all be real time for them. It is said to be a dynamic test where runners with cards enter the “Sit Room” with continually unfolding new information. Insiders say it is not an obvious set of incidents, and it will not be easy to mitigate.

The war game is not sponsored by the government. The Department of Homeland Security would normally be the “host,” but this one is being conducted independently and will include former senior office holders from several administrations. The goal is for it to be as realistic as possible, featuring senior intelligence and national security officials, including former directors of intelligence agencies and combatant commands and homeland security advisers. A production company has been hired to re-create a White House Sit Room in the Mandarin Oriental Hotel, and professional scriptwriters have been working with experts to create a real-life scenario. It will end with participants stepping out of their roles for an honest, on-the-spot review, which is open to the press.

Players will include Ambassador John Negroponte, the first DNI and former Deputy Secretary of State, as the exercise Secretary of State. Ex-DHS Secretary Michael Chertoff will be the National Security Adviser. Fran Townsend, the former White House Homeland Security Adviser, will be the Secretary of DHS. Former CIA deputy director John McLaughlin will be the Director of National Intelligence. Other former government players are Stewart Baker and Joe Lockhart.

Bottom line is that this is a landmark event that will show us where we stand in the face of such a (likely) event.

Posted in Critical Infrastructure, Cyber Security, Homeland Security Industry & Private Sector, Management & Administration, Science & Technology, counterterrorism | Comments

Superb Center for a New American Security Paper Nails Cyber Issues

Friday, February 12th, 2010

The Center for a New American Security (CNAS) has published a superb document – Contested Commons: The Future of American Power in a Multipolar World (January 2010). It covers comprehensively all the various domains and is a weighty tome. My interest in it is the fifth chapter, “American Security in the Cyber Commons” (pg. 137-176). If it stood alone, it would be one of the best documents on the issues in the cyber realm I have seen. Being put in the back end of an excellent larger publication, I am afraid it could be easily overlooked.

It traces the issue, discusses the nature of the Cyber commons, all great background. It discusses the concept of power in Cyber, and how it differs from power in the temporal world. There is an excellent comparison of Cyber to the other domains, which is a great help in understanding the difficulties in addressing cyber challenges. It covers a “who does what to whom” look at governmental responsibilities and gives a comprehensive look at threats and vulnerabilities in cyber space. Lastly in the “set up” potion of the chapter, it discusses governance, both domestically and internationally.

It then branches off into the most interesting section: New Perspectives on the Cyber Commons. They take an idea raised at a CNAS breakfast and do a complete treatment of the concept. This looks at the entire cyber issue using a Public Health Model. Their comparison of the response to Conficker with the response to Swine Flu was fascinating. They make a very compelling argument. I admit that I am an adherent of this view and have written about it in this blog space as well as for my employer, IBM. But CNAS gives great intellectual weight to the concepts, and I believe they drive it home.

There is ample evidence that a new way of addressing the Cyber world is needed. The CNAS paper is another proof of how effective alternative views can be in providing explanatory power and understanding. The idea that cyber public health and safety and cyber personal hygiene are keys must be promulgated. It is the right way to go, and the need is great. I strongly recommend the CNAS paper. It is all good, but is worth obtaining just for Chapter 5. CNAS should consider publishing a standalone version.

Posted in Cyber Security, Intelligence, Science & Technology, counterterrorism | Comments

Lessons in Blizzard Resilience – Part 1

Thursday, February 11th, 2010

Like most people of the Mid-Atlantic region, I’ve spent almost a week hunkered down at home with my family watching the piles and piles of global warming stack outside my home. For as unprecedented as this weather pattern has been for the region, with its wide-scale closures and cancellations of schools, businesses and government operations, it has been a remarkable test of the region’s resilience. While the jury is still out on a final evaluation (since the last snow flake has yet to fall), here are some things we have learned:

Contracting mechanisms utilized by Virginia, Maryland and the District of Columbia to bring in additional support (e.g., plows/salt-spreaders, dump-trucks, etc.) have seemed to work. So far, there has been no word of any of these jurisdictions not being able to put people to work in snow removal. The bigger challenge has probably been finding enough people and equipment to keep up with the on-going snowfall, let alone finding any place to actually put it after it’s been plowed. All of the snow plow drivers have done a helluva job. I know there are many who never saw a plow on their street, but when you consider the expanse of the area served and the magnitude of what needed to be done, they still deserve a big hand and a tall cold one after all their shifts are done.

The local news media has done a great job of keeping residents informed about what’s happening in the area while reinforcing the message of staying off the roads and encouraging neighbors to look out for the senior citizens that live nearby. Additional stories – what to do in a car emergency; how to handle generators and home heaters; and what to put in a home “ready kit” – have also been spot on. While some of the coverage has been a tad excessive, some news anchors and reporters provided some humor and levity to what has been a real mess.

Our first-responders once again proved that they are the people who will always be there. Living not far from a police and fire station in Fairfax County, it is common for me to hear sirens going as they answer a call, regardless of the hour or conditions. Through it all, they were there. They certainly were delayed from some response calls given road and weather conditions, but they honored their oaths of public service in countless ways.

Some politicians are always out to make themselves look good in spite of conditions that say otherwise. Case in point – DC’s Mayor Adrian Fenty. Showing his typical media bravado, Fenty declared last Sunday that DC schools and government would be open on Monday morning after a two-hour delay. Maybe the streets were clear and sidewalks snow-free in “Fenty-land,” but to the rest of his constituents, the increasingly arrogant mayor showed how truly out of touch he is from reality. After an outcry by residents, questions from media (“Ahhh Mr. Mayor, have you actually driven through the city and seen that no school bus other than a tank can get through it?”) and a reality check by his own Emergency Services and School personnel, he backed off and schools and the city government were closed. They’ve been that way ever since. If people could remove their craniums from rectal inversion, they might actually see what’s happening rather than what they think is going on.

For the most part, grocery and hardware stores did a great job tending to the needs of a very demanding constituency. I didn’t really see any price gouging going on, but I’m sure what you paid for a snow-shovel and a bag of salt this week was a helluva lot more than what you paid for it at the beginning of December. What was really amazing to watch though were the people running into Home Depots, Lowes and other hardware stores demanding generators, shovels, snow-blowers and so forth and looking in disbelief that they were all sold out. The same could be said for the people in line at the grocery store trying to buy crates of toilet paper, eggs, milk, bread, batteries, beer and chips and moaning to store staff when the shelves were bare. While not all of those items have a long shelf or storage life, there is no excuse other than stupidity and laziness for not having many of those things on hand for yourself or your family.

While it is more than easy to kick Metro around given its rash of problems (e.g. operational safety, worker safety, service outages, etc.), the winter storms of the past week have again highlighted the transportation system’s operational weaknesses to the weather. Let’s just face facts – if we have more than eight inches of snow, the trains won’t be running above ground. When that happens, Washington, DC, the federal government, and for that matter, the region’s economy, grinds to a halt. For all the jokes that non-native Washingtonians make about the wimpy-ness of this area when the threat of snow and other weather systems is forecast or occurs, the fact we don’t have a public transportation system in the nation’s capital that can operate in more than eight inches of snow is pathetic. London, Moscow and other capitals have public transportation systems that do, but given the incredible amount of micro-management and penny-pinching to which the system is subject, I guess we should be lucky for what we’ve got. I don’t want to feel lucky. I want what other National Capital Region residents want – a system that is safe, efficient and operational come rain, shine or snow. We don’t have that and until the area’s leadership sucks it up and states the obvious (“This is going to cost money!”) and makes the necessary capital investments in the WHOLE Metro system (people, infrastructure, etc.), we will continue to pathetically hobble along. I don’t think that is a proud metric of success, but we will be stuck with it until we act otherwise. Metro has every potential to be the real national leader in public transportation, and if the Obama Administration is really committed to infrastructure investments and public transportation, it needs look no farther than outside its immediate windows to see a worthy place to put federal dollars to work.

The word “resilient” certainly cannot be used to describe the federal government operations this past week. Breaking all previous records for consecutive weather closures, one thing not mentioned in any of the announcements about the closing of the Federal Government was the word, “telework.” I am more than confident that thousands of National Capital Region federal employees and contractors fired up their laptops and home computers and got a lot of things done that were waiting in their respective in-boxes. Their self-initiative and dedication to service is commendable but would have been more commendable if the Office of Personnel Management when stating the federal government was closed had stated that employees and contractors were encouraged to telework. This past week has been an extraordinary opportunity for every federal agency (as well as private sector entity) to test its telework operations, as well as their continuity of government operations. Instead, we followed the practices of old when the innovative tools of today and opportunities of tomorrow were ignored. As we’ve learned time and again, the old way of doing business is fine for maintaining the status quo but the status quo never made anyone resilient.

Posted in Critical Infrastructure, Emergency Preparedness & Response, Management & Administration | Comments

New IBM Cybersecurity White Paper

Wednesday, February 10th, 2010

New IBM Cybersecurity White Paper

IBM has a new cybersecurity white paper. The paper’s executive summary, which I co-authored and is posted below, is titled Meeting the Cybersecurity Challenge: Empowering Stakeholders and Ensuring Coordination.

Full transparency – IBM is my employer; however, the issues, challenges and possible paths to greater national cybersecurity named in the summary are important concepts. Through a comprehensive, wide-spread cybersecurity effort, all individuals, businesses, organizations, agencies and corporations can play a part in achieving greater national security. The information below contributes to this important mission.

Meeting the Cybersecurity Challenge

Our economy, government and society increasingly rely on digital infrastructures to function. That reliance creates critical vulnerabilities to cyber threats posed by everything from hackers to organized crime, terrorists, espionage and warfare. As the nation strives to address these threats, it is important to realize that cyberspace is a complex system of systems. No one entity can solve the problem of cybersecurity. Cybersecurity poses a systemic challenge to society. Meeting the challenge requires shared responsibility, clear definition of roles and responsibilities, and good-faith cooperation and collaboration. IBM understands the broad range of cyber threats and the critical importance of cybersecurity.

IBM’s approach to cybersecurity and risk mitigation explicitly addresses the multiple layers of IT— from system users to hardware, software, applications, network access, and data access. At the same time, IBM recognizes that cybersecurity is about much more than simply IT. Effective cybersecurity requires fostering a culture and governance model that reinforces shared ownership and accountability

Addressing A National Security Issue

Cyberspace is defined by its ubiquitous connectivity. While “anywhere, anytime” connectivity brings untold benefits to society, it also presents serious risks. As networks increase in size, reach, and function, their growth equally empowers law-abiding citizens and hostile actors. The United States government faces four major challenges as it seeks to strengthen national cybersecurity:

• Challenge 1 – Organization and Culture The organization and culture of the Federal Government today does not adequately address cybersecuirty as a national security concern.

• Challenge 2 – Policy Authorities and Laws Policy authorities and laws have not kept pace with the rapid evolution of IT.

• Challenge 3 – Criticality of Networked Operations Networked information technology is critical to the military, government and the global economy. Cybersecurity must be made an unequivocal priority.

• Challenge 4 – Strengthening Security as well as Commerce and Privacy Security, commerce, and privacy cannot be mutually exclusive. They must be treated as simultaneous goals and reinforce one another.

A Public Health and Safety Model for Cybersecurity

Most often, cyber threats are addressed in the context of security or using military metaphors. Unfortunately, an over-reliance on security metaphors can lead to a misallocation of resources and create policies, procedures, and authorities that are too narrow.

A public health and safety model for cybersecurity offers a fresh perspective. Rather than viewing threats primarily as attacks or warfare, it views most of the day-to-day challenges in the cyber realm as disease vectors that can evolve into epidemics and pandemics. In a public health and safety model for cybersecurity, responses are based on continuous research, open information exchange, and collaboration among a wide range of actors. A public health and safety model provides a highly effective framework for confronting many cyber threats, particularly those that are widely distributed or implicate the public at large.

Implementing The New Model

The recommendations contained in this paper align with the Near-Term Action Plan presented in the Administration’s 2009 Cyberspace Policy Review. Notably, our recommendations can be implemented in relatively short order because they leverage existing organizations and structures. The recommendations do not require completely new federal structures, only better coordination and focus in a way that leverages what already exists.

• Recommendation 1. Create a national Cyber equivalent to the Centers for Disease Control (Cyber-CDC) to monitor, report, coordinate, and collaborate on cyber threats and trends nationally and internationally.

• Recommendation 2. Create a national Cyber Federal Emergency Management Agency (Cyber-FEMA) to manage the response to cyber events of national significance.

• Recommendation 3. Create a Cyber National Response Framework (Cyber-NRF) to clearly define lead and support roles for responding to the full range of cyber threats. The Cyber-NRF offers three tangible benefits: Clear Roles and Responsibilities, Assigned Threat Thresholds, and Graduated Response.

The authors believe that the perspectives and recommendations contained in this paper can help the Administration confront the cybersecurity challenges that the nation faces. Steps must be taken to improve our ability to monitor, analyze, and take action against cyber threats. This is not an issue for the future, but one that must be confronted now.

Meeting the Cybersecurity Challenge

Addressing A National Security Issue

Challenge 1. Organization and Culture The organization and culture of the Federal Government today does not adequately address cybersecuirty as a national security concern.

Challenge 2. Policy Authorities and Laws Policy authorities and laws have not kept pace with the rapid evolution of IT.

Challenge 3. Criticality of Networked Operations Networked information technology is critical to the military, government and the global economy. Cybersecurity must be made an unequivocal priority.

Challenge 4. Strengthening Security as well as Commerce and Privacy Security, commerce, and privacy cannot be mutually exclusive. They must be treated as simultaneous goals and reinforce one another.

A Public Health and Safety Model for Cybersecurity

Implementing The New Model

Recommendation 1. Create a national Cyber equivalent to the Centers for Disease Control (Cyber-CDC) to monitor, report, coordinate, and collaborate on cyber threats and trends nationally and internationally.

Recommendation 2. Create a national Cyber Federal Emergency Management Agency (Cyber-FEMA) to manage the response to cyber events of national significance.

Recommendation 3. Create a Cyber National Response Framework (Cyber-NRF) to clearly define lead and support roles for responding to the full range of cyber threats. The Cyber-NRF offers three tangible benefits: Clear Roles and Responsibilities, Assigned Threat Thresholds, and Graduated Response.

Posted in Critical Infrastructure, Cyber Security, Management & Administration, Science & Technology, counterterrorism | Comments

Workplace Violence Highlights Wider Relevance of Corporate Security Departments

Monday, February 8th, 2010

Workplace violence is an important threat; it also demonstrates how much security departments can add value to the company, rather than simply be a cost. While corporate security departments are often seen as a necessary evil cost center with little to contribute but managing the gate guards – manned by knuckle-dragging former law enforcement and military personnel without a clue about “real business” – they actually can be an important part of the company’s self perception and management and a critical source of time-sensitive information and analysis.

Workplace violence, like information operations, is an area where corporate security departments can materially affect the prospects of the business. Security departments see the world through a different lens, bringing not only a unique perspective but potentially the tools to affect the success of the business. However, because many security departments don’t speak the same language as the rest of the company – like the IT people down the corridor – their contributions and potential to add value are underestimated, including by themselves.

Workplace violence has taken a back seat in corporate concerns for many over the past 12 months, yet it poses a very real threat to company personnel, operations, reputation and profitability. Recent active shooter events have returned workplace violence to the forefront of corporate security concerns and media attention, albeit with some very worrying thought processes coming to the fore.

My favorite insight into corporate and consultant culture is the advocacy of preventing belittling people and bullying because they may contribute to workplace violence. Companies managing belittling and bullying because they wish to manage the risk of workplace violence are fundamentally flawed; belittling and bullying undermine corporate cohesion and morale, doing far more damage in terms of actual productivity lost than the expected loss (cost of damage multiplied by likelihood) than an incident of workplace violence – they also demonstrate a critical failure of duty of care and leadership.

Information operations are a critical part of the security department’s role. Depending on the size of the business, the department monitors the news 24/7, tracks employees around the world, ensures that business continuity plans are in place and that they are sufficiently informed to understand how those plans may be affected by current events. They are the department that takes a serious interest in active shooter incidents because one incident inevitably will lead to more (for a good explanation why, see Malcolm Gladwell’s Tipping Point), and who seek to understand the physical threats to the company because it is their responsibility to manage those threats.

All that information they gather and the analysis they see and do has value, much of it not only to them but to the rest of the company. Somewhere else in the company is someone who really is interested in the daily security analysis on Indian politics because they’re thinking of outsourcing a critical component there, while a snap announcement of an OPEC price change is critical to one of the business units because they’re finalizing pricing new products and this will affect that process.

Security departments will be as relevant as they want to be; often the critical event is understanding their real value to the company, and ensuring that the rest of the company also understands. While security departments are unlikely to be revenue centers, they should be adding significant intangible value that increases the return on investment, a return that is far beyond the cost of managing guards and gates.

Posted in Homeland Security Industry & Private Sector, Intelligence, Management & Administration, Private and Physical Security | Comments

House Science Committee hearing on passenger screening technology begins bizarrely

Wednesday, February 3rd, 2010

Well, it was just weird.

The House Science subcommittee on Technology and Innovation held a hearing today on next generation passenger screening technologies, or at least, I thought that was its purpose from the title of the hearing.

From the questions that were asked, it turned out that three of the four committee members who showed up for the hearing apparently had the same sense as I did. But for Subcommittee Chairman Rep. David Wu (D-OR), the purpose seemed to be something else.

First, he was quite irritated that a couple of National Research Council reports from 1996 and 2007 had been “ignored.” Second, he was upset – to the point of repeatedly interrupting witness’ answers – that no one could tell him whether public opinion polling had been done on public acceptability of screening technology.

Yes, that’s right. Chairman Wu was upset that DHS had not taken an opinion poll on security technology – because politicians know this can be done quite easily to learn whether public acceptance of screening is “real” or “imagined.”

ARE YOU KIDDIN’ ME?

None of the witnesses would answer the Chairman’s threshold question, because they wanted to say something substantively. But I’ll speculate an answer: How about the high probability that Congress would publicly skewer DHS for doing so?

Can you imagine the demagogues who would march to the House floor to decry their outrage at scientific research being guided by political polling? Oh MY!

I suspect C-SPAN prays for such events because it would drive audience viewership to new heights. Close-up pictures of Representatives sputtering their exasperation would make all the talk shows and late night comedy shows, to the extent those are different these days. What a circus it would be!

What is bizarre is that Chairman Wu was quite serious in asking his questions about polling about public acceptance of screening technology. Of course, he didn’t say the first word about whether he would support a budget line item that would allow DHS to pay for such a poll (they aren’t free!). Like most members of Congress, paying for ideas is not something that worries them.

As the rest of the subcommittee members tried to get the hearing back on track by asking semi-relevant questions, Chairman Wu made the hearing one that witnesses and spectators won’t soon forget!

Unfortunately, it won’t be for the right reasons. Today’s hearing did not do much, if anything, to advance the cause of safety, security and satisfaction of those subjected to screening technologies.

What a shame. What a real shame.

Posted in Aviation and airport security, Congress, Politics & PR, Featured Feed, Management & Administration, Science & Technology, counterterrorism | Comments

Reid Roars But Will He Act?

Tuesday, February 2nd, 2010

On Tuesday morning, Senate Majority Leader, Harry Reid (D-NV) lashed out at Senate Republicans for their on-going procedural holds on a number of the Obama Administration’s nominees for critical positions at the Pentagon, DHS and elsewhere.

While the Senate has been back for two weeks, this seems to be the first real public utterance by the senior Senator from Nevada on this issue. Prior to his verbal salvo, all we’ve had to date have been his press release pledges to take action on nominees since the Christmas Day bombing attempt. While I’m sure he has a lot on his plate, I can’t but help but feel the Senate leadership is as inept at getting nominees confirmed as the White House is at fighting for them.

A number of good people have put their personal and professional lives in the balance to take these often thankless positions. Unfortunately, before nominees can actually do their appointed tasks, they must first serve several rounds as pieces for political chess games. That means they are left at the mercy of withering assaults of whispered rumors or full-fledged attacks on their character or reputations while deals are cut and poll numbers are considered. As a result, good names and professional records become sullied, critical positions remain unfulfilled, and major decisions at national components are not being implemented.

At DHS alone, the following top positions remain open and waiting for the Senate to take action on their respective nominees:
• Under Secretary for Intelligence and Analysis
• Under Secretary for Management
• Commissioner, Customs and Border Protection
• Assistant Administrator for Grant Programs (FEMA)

Each of the respective nominees for these posts finds themselves victim to these unfortunate political games.

While there is little doubt of the ineffective, ridiculous and often obtuse amount of Congressional oversight over DHS, with over eighty Congressional Committees keeping watch, the fact that you could have this many hands in motion and still not produce any type of meaningful work is emblematic of the problems we are encountering with our homeland security.

There is a proper and necessary role for Congressional oversight, and legitimate and tough questions should be asked of all the Administration’s nominees; however, Senator Reid’s finger-pointing rings exceptionally hollow when you consider he’s the guy who has had the majority of votes in his corner for some time and could have taken care of business months ago.

Senator Reid can name call the Republicans all he wants, but none of it will produce any results. The only measure that counts in the homeland arena is doing the job, and it’s long past time for the Senate to do its job when it comes to voting on a number of critical nominees. Here’s hoping (and praying) he finds the will and mechanisms to make these votes actually happen. We need someone to take these positions seriously for a change.

Posted in Congress, Politics & PR, Critical Infrastructure, Management & Administration, counterterrorism | Comments

Public-Private Sector Cyber Cooperation: Can It Be Achieved?

Tuesday, February 2nd, 2010

Much recent talk and writing has focused on the continued need for “real” public-private sector cooperation in the cyber realm. Everyone quotes the famous statistics that 70 percent (or 80 percent, even 90 percent) of our critical infrastructure is owned or controlled by the private sector, and all of that is highly dependent on cyber means to do business. How can the government protect this private infrastructure it if it does not own it?

Well, the government does not have a real chance of protecting it if the private sector “owners” and the “protectors” don’t share information in an open and efficient manner. This is an old song folks, but it remains true nonetheless. Both sides are at fault and need to make changes.

On the government side, they remain reluctant to share intelligence about threats and previous attacks. The old worries about sources and methods still handcuff the intelligence community, and they constantly point out that private companies don’t have a “need to know.” That is interesting, but no longer terribly relevant.

Certainly, we need to be cautious about how we present this information to the public, but we remain way too insulated. The reports don’t need to be printed in the papers, but they should be shared with CISO’s and other key players. That would allow the private sector to better protect itself and would spur innovation to get ahead of the bad guys.

On the other hand, the private sector companies who have been hit are abysmal at sharing data when they have been penetrated or attacked. They worry bout losing face or business credibility, or that giving data to the government will make their proprietary information subject to FOIA requests by their competitors. The government will never be able to formulate successful defensive methodologies if they don’t get access to ALL the types of nefarious activities that are going after our infrastructure.

The government must find acceptable ways to get the intelligence out to the private sector and to protect private sector information they receive. The private sector, however, has to man up to reality when they are hit and share that information, even if it hurts a bit. To do otherwise hurts us all. There needs to be a way to protect the private sector information in the same way we now protect sources and methods of the IC.

Both sides of the equation need to give ground or the country is the loser. The only ones who win are the bad guys. Let’s grow up and start sharing – NOW.

Posted in Cyber Security, Homeland Security & the Internet; Gov't 2.0, Homeland Security Industry & Private Sector, Science & Technology, counterterrorism | Comments

Bad News From the Air Marshals

Monday, February 1st, 2010

If the last several weeks haven’t been bad enough for the Obama Administration, they are about to get even worse. On Monday night’s CBS Evening News, Chief Investigative Correspondent Armen Keteyian will profile a number of serious problems at the Federal Air Marshal Service (FAMS).

With plummeting employee morale, poor work environments, and serious accusations of discrimination, mismanagement and more, this is yet another operational component problem for DHS and the Obama Administration to add to their already overflowing “in-box.”

With no one in sight to take over the top TSA job, it will be interesting to follow how this problem is handled. It’s an absolute guarantee that Congressional Hearings of some type will be held in the immediate future to provide further insight of this situation, as will additional news coverage of the explosive charges.

Posted in Aviation and airport security, Congress, Politics & PR, Law Enforcement, Management & Administration | Comments