2010 May | Security Debrief - a blog of homeland security news and analysis

Archive for May, 2010

The Air Cargo Screening Mandate for Inbound Cargo

Wednesday, May 26th, 2010

Beginning this August, 100 percent of cargo bound for passenger planes must be screened before it is loaded. While this looming security deadline is reasonably well known to domestic air cargo companies (and somewhat less well known by thousands of shippers who may be affected), it is hardly known at all outside the United States. That is a problem, because the air cargo screening mandate applies not only to passenger flights within and from the United States, but also to foreign-originating flights to the United States.

Regarding the inbound flights, the Department of Homeland Security (DHS) has stated that it may take years to ensure that systems are in place to screen all cargo in foreign locations before loading onto US-bound passenger flights. Until that time, unscreened cargo will not be barred from entering the country. But the Department has repeatedly stated that it will fulfill the screening mandate for inbound flights, even if it takes several years past the deadline, and DHS has taken initial steps toward enforcing the mandate for inbound cargo: at the beginning of May, the Department began to insist that a portion of inbound passenger flight cargo must be screened.

DHS has begun working with a few foreign governments, airports, and airlines to establish or confirm the existence of satisfactory government screening systems for inbound passenger flight cargo. And DHS intends to formalize resultant arrangements in government-to-government agreements. These agreements may remove the need for airline-specific screening requirements that are embedded in each airline’s security program.

The Department is also considering whether and how an air cargo risk rating system – in which risk is assessed from data about the shipper, the contents, the recipient and other factors – might help satisfy the screening mandate. Such a risk rating system might obviate the need for more intrusive screening.

Options for foreign aircraft operators, airports and governments include:

Developing cargo screening procedures to satisfy TSA’s airline-specific requirements;
Working with DHS to facilitate government-to-government arrangements that remove the need for airline-specific requirements; and
Working with DHS to develop a cargo risk rating system that may obviate the need for more intrusive screening.

Sooner (better than later), foreign parties should consider which of these approaches to take.

Posted in Aviation and airport security, Critical Infrastructure, Homeland Security Industry & Private Sector, International, Management & Administration, Supply Chain Security, counterterrorism | Comments

Watch the Live Broadcast – Roundtable on 100 Percent Air Cargo Screening

Tuesday, May 25th, 2010

Readers may recall my past blogs about air cargo screening and an upcoming mandate that will have significant ramifications for supply chain efficiency.

When Congress passed the 9/11 Act of 2007, they made law a mandate for all air cargo flown on passenger-carrying planes to be scanned for explosives. The law gave the private sector three years to comply; it will be three years in August.

So where is the private sector vis-à-vis 100 percent air cargo screening readiness? In May, the Transportation Security Administration (TSA) ratcheted up the necessary amount of screened cargo to 75 percent. While this deadline appears to have been met, by most accounts, the private sector is still largely behind the curve and not fully prepared for August.

To be sure, the Transportation Security Administration (TSA) has been working closely with the private sector in preparation for the mandate, in part through the Certified Cargo Screening Program (CCSP). CCSP has been well-received in some industries; certainly, we are closer now to reaching 100 percent screening than before. But there is still much to be done.

To that end, American Airlines Cargo is joining forces with TSA and others for a roundtable on the law and CCSP, which will broadcast live online at 2:00 PM on Wednesday, May 26.

The roundtable will broadcast from the Knight Studio at the Newseum in downtown Washington, DC (the same studio where ABC News’s political news show, “This Week,” is shot).

The forum will bring together public and private sector experts who will discuss how to achieve the 100 percent screening mandate, primarily by leveraging CCSP. Roundtable panelists (some of whom contribute to Security Debrief) include:

Dave Brooks, President, American Airlines Cargo Division
Doug Brittin, General Manager, Air Cargo, TSA
Brandon Fried, Executive Director, Airforwarders Association
Ken Konigsmark, Senior Manager, Supply Chain & Aviation Security Compliance

Jeff Sural (former legislative counsel at TSA and crruently homeland security counsel at Alston and Bird’s Legislative & Public Policy Group) will serve as moderator.

If you’re unfamiliar with the law requiring 100 percent screening, or if you would like to see — and participate in — a forum on how it applies to your business, be sure to watch AA Cargo’s air cargo screening roundtable at 2:00 PM EDT on Wednesday, May 26. Panel participants will take questions from viewers live online during the program.

Editor’s note: American Airlines Cargo is an Adfero client.

Posted in Aviation and airport security, Congress, Politics & PR, Critical Infrastructure, Homeland Security Industry & Private Sector, Homeland State & Local, Law Enforcement, Management & Administration, counterterrorism | Comments

Unprecedented Service – Thad Allen’s Almost Retirement

Tuesday, May 25th, 2010

On Tuesday, a man much of America recognizes for his leadership following the occurrence of a “bad day” will relinquish his command of one of our country’s oldest branches of federal service, the U.S. Coast Guard. Having served the past four years as Commandant, Thad Allen has become one of those unique, iconic American figures that when you see him or mention his name, you almost immediately think of words, “trust,” “competent” and “leader.”

He is, for lack of a better description, a Walter Cronkite type – one of the most trusted people in America – a man that citizens could turn to and hear straight facts, be they good or bad, with no BS or political showmanship. It gave you comfort to see and hear him because you knew that he was on the job to make the situation right.

In a country gripped by bi-partisan, anti-incumbency fever, where career seniority is seen as a liability and not an asset, his departure as Commandant couldn’t happen at a more challenging moment. For those who are privileged to know him and have worked for him (as I did in 2005 during Hurricanes Katrina and Rita), his retirement is certainly the culmination of a distinguished 30-year career. He has truly earned whatever break he and his family want to have from constant moves, late night briefings, long deployments, Congressional hearings and rubber chicken dinners. As difficult as all of those things may have been for him and his family, Allen’s career has been about two things: leadership and service to others.

Because of recent events, we know just a few of the public metrics of those two attributes, most notably his service as lead for the Federal response following Hurricane Katrina. With hundreds dead, thousands displaced, an American city in ruin, and a flop of a Federal response dropped in his lap, if there was ever a no-win situation for a person to step into, it was Katrina. There truly was no place to go but up, but it took leadership to point the correct direction and take the first step. It was Allen who began the trek out of the muck.

As someone who was there in Louisiana at the time, I can say without hesitation that when he took over, there was a literal sea change in how the response unfolded. In respecting the various jurisdictions of all of the federal, state, local and private sector players, Allen empowered his people to take action to make change happen and happen quickly. It was for those reasons that then-President Bush and DHS Secretary Chertoff tapped him to respond to one of our nation’s darkest days. It is for those exact same reasons that President Obama and DHS Secretary Napolitano have asked him to serve as the National Incident Commander in dealing with the on-going oil spill in the Gulf – an unprecedented service that he will continue to fulfill even after his tenure as Commandant ends on Tuesday.

Allen’s career in the Coast Guard is almost unparalleled given the increased public recognition that it brought for him personally and to his service branch. Most Americans can recognize the country’s senior military leadership from news photos and television coverage, but for generations of Americans, the U.S. Coast Guard was a service not in prominent public view. To many Americans, the Coast Guard was synonymous with the guys who patrolled the rivers and lakes and made sure everyone behaved themselves with their boats. As unfortunate as the circumstances were, the Coast Guard’s unrecognized leadership and service to others caught the full attention of the country as the responses to Hurricanes Katrina and Rita unfolded.

Helicopter airlifts, boat patrols and other rescues were the bright spots in bleak days. Fate happened to put Thad Allen in the center of it all. From that point forward, Allen’s unsought celebrity brought recognition to him and to the men and women with whom he served; something that was long overdue for a service that has been in operation from this country’s beginning. The unique “gift” of public recognition also provided Allen the political capital to say things that needed to be said (especially during budget hearings) and to put in place things that needed to be there to deal with twenty-first century threats (e.g. Deployable Operations Group, etc.).

Allen is not without his critics, but few can deny his elevation as Commandant and recognition of his service branch are due to a unique military culture that insists that public, private and military sectors work together to achieve mission success. While DHS is made of many distinguished and accomplished parts, few of them have anything like the culture of the Coast Guard that trains its personnel from Day One to adapt and respond to events and processes, rather then be subject to processes and bureaucratic programming.

Such are the hallmarks of a career founded in leadership and service to others. They just don’t end when a final salute is given and a command change is complete. Instead, they show up on Wednesday to deal with on-going bad days and to make miserable situations right. Thad Allen’s career could not end any other way.

Posted in Critical Infrastructure, Emergency Preparedness & Response, Homeland State & Local, Management & Administration, Maritime & Seaport Security, counterterrorism | Comments

Cooper on Federal News Countdown

Monday, May 24th, 2010

Last week, I had an opportunity to speak with Federal News Radio’s Francis Rose about a variety of topics. We covered John Pistole’s nomination for TSA administrator, the Taliban’s plans for attacking our nation’s capital and of course, the ongoing discussion on immigration. You can listen to the broadcast by visiting the Federal News Countdown for May 21.

Posted in Aviation and airport security, Border Security, Immigration & Visa Policy, Intelligence, International, Law Enforcement, Management & Administration, counterterrorism | Comments

Napolitano Eliminates Paper Arrival-Departure form

Friday, May 21st, 2010

Last week I pointed out both that the Visa Waiver Program (VWP) does not contribute to illegal immigration and that DHS has a functioning biographic air exit system.

This week Secretary Napolitano announced the elimination of the paper I-94W form (the green arrival/departure form long used by VWP travelers.) In doing so, she rightly commented that “The Visa Waiver Program facilitates secure and hassle-free travel for citizens of participating countries—making international travel safer and easier.” She could have just as easily pointed out that eliminating the paper form will improve the Department’s ability to match entry/exit records and calculate overstay rates.

Posted in Aviation and airport security, Border Security, Immigration & Visa Policy, Intelligence, International, Law Enforcement, counterterrorism | Comments

International Passenger Name Record Agreements Critical to Stopping Terrorists

Thursday, May 20th, 2010

On May 5, 2010, the newly empowered European Parliament issued its guidelines for beginning new negotiations on Passenger Name Record (PNR) agreements with the United States, Australia and Canada. This resolution received minimal coverage in the U.S. media, though its consequences for international travel security are potentially significant.

Criminals and terrorists know no borders, as recent arrests and uncovered plots prove. We have no choice but to cooperate with international partners and to deepen that cooperation wherever possible. The collection and analysis of PNR data – along with its counterpart Advance Passenger Information (API) – is a critical tool to identify and disrupt the travel of terrorists and other international criminals.

API and PNR are used to find watchlist matches; to provide leads on terrorist activity by providing links between known and unknown terrorist travel routes and patterns; to identify previously unknown associates of known or suspected terrorists and other criminals; and to discover fraudulent travel documents.

The PNR agreement between the United States and the European Union (EU) – the most recent version has been in effect since 2007 – provides a safe harbor for European-based airlines to provide PNR to DHS without conflicting with EU law. However, since its inception, the agreement has been plagued by the ongoing dispute over privacy between the United States and the EU.

The privacy issue has also affected the Treasury Department’s collection of bank transfer data on the Terrorist Finance Tracking Program, a program also known as “SWIFT, the name of the Belgian banking consortium that provided the data.)

The United States has endured much unfounded criticism in Europe on the subject of privacy and data protection. Specifically, EU critics charge American privacy laws with failing to provide appropriate redress to European citizens and that American privacy authorities lack the authority and independence necessary to protect personal information.

Unfortunately, the European Parliament’s direction to its negotiators continues to pick this fight, stating “the use of PNR data for law enforcement and security purposes must be in line with European data protection standards, in particular regarding purpose limitation, proportionality, legal redress, limitation of the amount of data to be collected and of the length of storage periods.”

For various legal, historical and cultural reasons, the U.S. privacy system has a different structure than its European counterpart, but the principles and goals remain the same. There are practices in the United States that might not conform to EU privacy rules, just as some EU practices would not be legal in the Untied States. These facts are not likely to change. More to the point, European governments have been cooperating on law enforcement and security issues with the United States for decades without compromising personal information or running afoul of national laws.

To date there has not been a noticeable privacy breech during our daily law enforcement and security cooperation at the operational level. The PNR agreement is no different. For the safety and security of the traveling public, it is in our mutual interest to move beyond tired debates about privacy standards. Instead, we should embrace the extensive amount of common ground between our systems and continue to share PNR and other critical information.

Posted in Aviation and airport security, Border Security, Critical Infrastructure, International, Law Enforcement, Management & Administration, Private and Physical Security, counterterrorism | Comments

Stratfor’s Bad Day Forecast

Wednesday, May 19th, 2010

You know it’s going to be rough day when you go to get in your car and discover a flat tire. You know your day has the potential to get even worse when you’re listening to the morning news, and they tell you that the Nation’s Capital or New York City are going to be attacked by terrorists in the next five to six months. So say the forecasters of Stratfor.

Great. All I really wanted to hear were the scores of the NHL playoff games and the traffic and weather report. Now this.

Stratfor’s forecast is one of those instances where an organization really puts itself out there. As a result of making that bold prediction, WTOP and other media outlets are giving them lots of attention today. As anyone who makes predictions knows, whenever you make a very public call – be it in sports, the weather, or in this case, acts of terrorism – you have every chance of looking like Nostradamus or a complete fool who doesn’t have a clue.

As bold as their prediction might be, it is in concert with what a lot of what people in the security and intelligence communities have been warning about for some time, both publicly and privately. As attention grabbing and media attractive as Stratfor’s warning may be, it also serves as a wake up call to citizens, businesses, public safety officials and others to prepare themselves for what could truly be a “bad day.”

That means following through on the “See Something, Say Something” adage that saved hundreds of lives from the failed efforts of Faisal Shahzad in Times Square. It means having an emergency communications plan for you and your family should something occur and you can’t leave downtown as fast as you like.

It also means taking a good look at places to shelter and other business continuity practices to make sure everyone knows their role should something horrible occur. There are lots of things that a forecast like Stratfor’s should spur us to do. Even if nothing occurs, the fact that people act on information to prepare themselves is a step every one of us should be taking today.

There are critics that will see Stratfor’s comments, and those of government and private sector experts, on a prospective terror strike to DC and NYC as fear-mongering.

The accepted challenge in saying something about these conditions is that it is fair warning to one and all of what might occur. In this type of environment, you are truly damned if you do and damned if you don’t but the truth is hard and cold for NYC and DC. They are the number one and two targets in the United States and everything else in this country is also fair game for international and domestic terrorists.

Such is the reality and risk of living and working in DC or the Big Apple. If you live in either place, you accept that risk if you want to go about living your life in those areas. If you don’t, you either decide to move away or live a life that many people would not find as outgoing or enjoyable.

But let’s face facts, the “bad day” forecasts have been around for a while now, and I don’t expect anything is going to happen to radically change those conditions.

We all need to do our part to make ourselves ready and resilient to endure whatever event occurs, whenever it happens – even on those mornings when your day begins with a flat tire.

Posted in Critical Infrastructure, Emergency Preparedness & Response, Homeland State & Local, International, Law Enforcement, Management & Administration, Private and Physical Security, counterterrorism | Comments

TSA Take 3: The Pistole Nomination

Tuesday, May 18th, 2010

There’s lots you can say about the nomination of John Pistole to be the next TSA Administrator. The first thing is “vetted.” You don’t get to be the number two guy in charge of the FBI without being vetted from top to bottom. Aside from the deeply personnel background check that comes with a Presidential nomination for a post as senior as this, when you have a senior career law enforcement like Pistole put forward for Senate consideration, it makes you wonder why he wasn’t considered sooner.

It’s not as if Pistole was an outsider and an unfamiliar entity. His career is a literal dossier of high profile assignments that have put him in front of media cameras, prosecutors, commissioners and members of Congress. In each instance, he has appeared to have succeeded. In fact, the shine off of his glowing resume makes you want to grab a pair of sunglasses – it is that bright. For all of that positive glare and accomplishment that he has acquired throughout his professional career, he is about to enter an arena that is as oily and filthy as today’s Gulf of Mexico.

While he inherits a much more mature organization than his predecessors, TSA remains an organization looking for renewed strength, credibility and respect from the nation’s intelligence and law enforcement organizations. Pistole’s resume and reputation is an all-access pass to many of those organizations, but building a long-term institutional capacity that goes beyond his tenure as Administrator will be just one of the metrics upon which he is judged.

Additionally, he will have to deal with the Obama Administration’s long unresolved question of whether TSA screeners can unionize. Instead of helping clear the in-box of problematic and lingering matters to allow Pistole to get onboard with some semblance of ease, the Obama Administration has continually punted on deciding this issue time and time again. As a result, all sides of this issue are enormously frustrated and antagonized to the point where they are willing to take it out on whoever is in closest reach.

As an FBI agent, Pistole never had the fortune/misfortune of having to negotiate with a union for anything. That is as much a plus as it is minus, depending on how you feel about this issue. Unless the Obama Administration finally summons the guts to make a call on this issue and state what they want to do, another distinguished career risks being muddied by forces that care more about their own political fortunes than they do about real security.

Finally, Pistole will face a Congress that will give him no honeymoon or adjustment period whatsoever. Caryn Wagner, DHS’ Under Secretary for Intelligence and Analysis, can attest to that. Not into her job even three months, House Homeland Security Chairman Rep. Bennie Thompson tore into Wagner last week in a hearing because she had not provided him with the strategic plan he had been demanding for weeks.

Gee Mr. Chairman, maybe she was meeting the people on her staff, understanding who does what to whom and connecting with the other intelligence agencies so as to appreciate how she might tune the organization before checking the box and sending you another paperweight report that will never be read.

If Wagner got three months, Pistole might be lucky to get three minutes, with Congress ready to go after him and TSA on numerous points and issues. That by itself is unfortunate because Pistole can do an awful lot for TSA if he is given the chance and leeway to do so.

I do not want to sound like a defeatist, especially with a nominee as impressive as Pistole, but my disappointment at the slippery foundation that the Obama Administration and Congress have left for him gives me concern. All sides could have cleared the decks on multiple things to make life a tad easier for a distinguished public servant who is voluntarily stepping forward to take on one of the planet’s ultimate thankless jobs.

Instead, they continued their business-as-usual approach. I guess some things never change no matter who spouts the rhetoric. Knowing those conditions, and surveying the wreckage of the previous two nominees, John Pistole still said “yes” to taking on this assignment. That either makes him a nut or a self-less patriot. Either way, we owe him our thanks. Nuts and patriots are always capable of amazing history.

Here’s hoping we can get him into the Administrator’s office to see for ourselves what he’s really made of. My money is on the patriot.

Posted in Aviation and airport security, Congress, Politics & PR, Intelligence, Law Enforcement, Management & Administration, counterterrorism | Comments

Thailand Shows the Incredible Cost of Inadequate Crowd Management Tactics

Monday, May 17th, 2010

The endgame appears to have begun for the protests in Bangkok, as security forces take an increasingly hard line and casualties are mounting. There is no doubt that the government had to take action, as the impact of the protests has started to cause real damage to the Thai economy. With some estimates forecasting a drop of up to 3 percent in the GDP this year and up to $6 million a day lost by the businesses in the city center alone, the government feels their actions are necessary to protect the economy. But the tactics being used may cause even more lasting damage.

Tourism makes up 6 percent of the Thai GDP, and scenes of serious disorder and soldiers firing live rounds in central Bangkok are currently being seen in the homes of potential tourists all over the world. This may deter people from travelling to Thailand for years to come. The unfortunate fact is that the Thai Police and Army have had the equipment and manpower required to end the commercial district occupation since it was occupied on April 3 without the loss of life we are now seeing. The only thing they have been missing is the appropriate tactics and training to conduct the mission.

Following the failed attempt to clear Phan Fah Bridge on April 10 and the resulting casualties, the Army in particular appears to have abandoned the U.S. police-style tactics they had been using to that point. They resorted to the tactics they were widely criticized for using in April 2009. The numbers now being killed and injured are a direct result of this incident. That failure resulted from U.S.-style tactics not being appropriate for the level of violence they faced and in particular the mix of peaceful protesters, violent rioters and those prepared to use lethal force, such as firearms and hand grenades.

There are few organizations that have faced this type of mixed lethal and nonlethal threat, but in Western democracies, those that have faced it have been capable of designing tactics and procedures that enabled them to deal with this form of rioting without resorting to an indiscriminate use of lethal force. The appropriate use of vehicles, faster, more dynamic tactics and better use of their water cannon could have prevented most of the injuries and deaths we have seen and many of those that are still to occur.

The lessons here are that the training and tactics for dealing with disorder must be designed to suit the type of threat you face in your country or city – the organizational culture, political environment, equipment and other factors. Using tactics simply copied from elsewhere will create more problems than it solves and place not only the police officers at risk but also protesters and bystanders. All police departments must be able to manage the escalation and de-escalation of the crowd, and keep their own actions from causing or escalating violence. Thailand’s failure to learn that lesson after last year’s protests is proving costly in terms of lives, and it is likely to be equally costly economically in the future.

Posted in Emergency Preparedness & Response, Homeland State & Local, International, Law Enforcement | Comments

Sharing Technology, Limiting Liability

Thursday, May 13th, 2010

In a recent speech, Homeland Security Secretary Janet Napolitano extolled the virtues of sharing security technology with U.S. government partners. The Christmas Day bomber, who boarded a plane in Amsterdam and tried to blow it up over Detroit, demonstrated once again that homeland security often begins abroad. And Napolitano accordingly has emphasized that security technology must be shared among the U.S. government, foreign governments and private industry. She said that the U.S. government must “deploy intelligence-based targeting, state-of-the art technologies and proactive screening measures to deter and disrupt terrorism.”

This is strategically sound, but at the operational level, there is work to be done.

One important element of this work concerns legal liability. Congress and the Department of Homeland Security (DHS) have recognized that fear of legal liability is often an impediment to the development and use of anti-terrorism technology. Suppose someone creates a good security product but, in a terrorist attack, the security product does not prevent all injuries. An injured person may sue alleging that the security product should have worked better.

Fear of such suits may prevent the creation of the product in the first place. So, to limit liability and facilitate technology development, Congress passed and the Department administers the SAFETY Act (that is, the “Support Anti-terrorism by Fostering Effective Technologies Act of 2002″). Under this Act, the Department’s approval of a technology – and a “technology” can include not only hardware, software or other devices but also services like guards, monitoring systems, or even analytical work – can protect the technology developer or user from liability.

To enhance technology sharing with foreign governments, the liability protections should follow the sharing and use of approved technologies overseas. The Department has said that liability protections for developers and users of approved technologies can apply in the event of a terrorist attack even if the attack occurs outside the United States, as long as U.S. persons or businesses are affected.

But in the event of an overseas attack, the affected persons may sue in foreign courts to circumvent SAFETY Act protections. So, the Department should seek agreements with foreign governments to extend liability protections to foreign legal systems, which would facilitate sales of security products and services to foreign governments. Private industry should assist the Department’s efforts on this score.

That would be one operational step along the smart path outlined by Secretary Napolitano.

Posted in Congress, Politics & PR, Emergency Preparedness & Response, Homeland Security Industry & Private Sector, International, Management & Administration, Science & Technology, counterterrorism | Comments

Security – Noticeably Absent from the Future of Aviation

Thursday, May 13th, 2010

Noticeably absent from the U.S. Department of Transportation’s Future of Aviation Advisory Committee’s roster is an aviation security representative. The Advisory Committee, named yesterday, has been charged by the Secretary “to provide information, advice, and recommendations to the Secretary on ensuring the competitiveness of the U.S. aviation industry and its capability to address the evolving transportation needs, challenges and opportunities of the U.S. and global economy.”

An omission of a security expert fails to heed the lessons learned after 9/11, the most catastrophic human and economic event in aviation history. The industry suffered billions of dollars in asset losses and capital. On top of that, no one wanted to fly. The airlines’ economic recovery struggled under the perception that air travel wasn’t secure. In the world of risk management, perception is often reality, as irrational as that perception may be.

The industry has barely recovered since 9/11. The aviation industry must embrace that its economic vitality is tied to the security of its product. Every attempted airliner attack since 9/11 is a reminder of the vulnerability that passengers face. The effects of these reminders only perpetuate those harmful perceptions.

It will be the Advisory Committee’s task to identify and recommend solutions to the ills plaguing the industry. Security will certainly be discussed. Without a security expert on the Advisory Committee, however, reasonable, necessary security solutions are likely to be overlooked.
Years ago, the industry embraced safety as one of those variables affecting its bottom line and public perception. It integrated safety into key design, construction and operational decisions. The industry must do the same with security or its future may be the victim of its past.

Posted in Aviation and airport security, Law Enforcement, Management & Administration, Transportation Security, counterterrorism | Comments

Revising the Stafford Act: Cries for Common Sense

Thursday, May 13th, 2010

Legendary singer-song writer Jim Croce had a classic song, “You Don’t Mess Around With Jim.”

The refrain goes:

You don’t tug on superman’s cape
You don’t spit into the wind
You don’t pull the mask off that old lone ranger
And you don’t mess around with Jim.

The same could be said for Stafford Act – you don’t want to mess with it. Such was much of the message from many witnesses at the Senate’s Ad Hoc Subcommittee on Disaster Recovery hearing, “Stafford Act Reform: Sharper Tools for a Smarter Recovery.”

For those unfamiliar, the Stafford Act it is the Magna Carta of America’s emergency management community. It literally governs how our country responds to disasters in all of its shapes, sizes and locations.

When you have a piece of legislation so sacred that it governs the framework of how you respond to a particular situation, any effort to amend it should be greeted with great concern, if not outright caution. That was what hearing witnesses wanted to make sure the attending Senators heard loud and clear.

While each of the witnesses conveyed their unwavering support for the Stafford Act and its structures, they cautioned Congress from messing with it.

As NEMA president, David Maxwell (who is also the state of Arkansas’ Emergency Management Director) stated, there was no need for a “widescale rewrite” of the legislation. It was his view that the problems that state and local governments encountered with the Stafford Act came from “unnecessary and rigid interpretations” of the act.

That was certainly the case in the anecdotal examples that Charleston Mayor, Joseph Riley shared with the Stafford Act following Hurricane Hugo’s direct strike to his city in 1989. Only God would have the capacity to chronicle all of the overly rigid and asinine interpretations that communities around the United States have experienced. I know firsthand some of those “rigid interpretations” that Mr. Maxwell described from my deployment during Hurricanes Katrina and Rita in Louisiana in 2005 when I was at DHS. Such actions literally brought progress to a stop, and when you are responding and recovering from a disaster, the last thing you want stopped is progress.

That was part of the underlying but left unsaid message of the hearing. Interpreting and applying the Stafford Act requires the application of common sense, and unfortunately during disasters, and even non-disasters, common sense is not that common.

That is something no legislation will ever be able to enact.

Posted in Congress, Politics & PR, Critical Infrastructure, Emergency Preparedness & Response, Management & Administration | Comments

National Level Exercises Crucial for Government Leaders’ Preparedness

Thursday, May 13th, 2010

Several weeks ago, a number of my colleagues posted about DHS/Administration plans to discontinue National Level Exercises (NLEs) to cut costs. Although I am a big proponent of exercises as a proactive means of ensuring readiness, I kept my two cents to myself, since my colleagues had already expressed concern.

However, I recall then-Arizona Governor (now DHS Secretary) Janet Napolitano expressing concern to Secretary Chertoff that the NLEs were all prescripted and a waste of time to professionals in the response and law enforcement business.

That said, I need not remind anyone in DC that government leadership is constantly changing. There are few top positions held by individuals who have made a career (up through the ranks) in the agency they head. So at least every four to eight years there is at least one entire leadership change-out. I am not saying that is a bad thing because it does bring new ideas to an agency, but rather I am simply stating the fact that there is turnover at the top of the government.

Back to my soapbox, I am sure some of you will remember NLEs were originally called TOPOFF exercises. Maybe that was not the sexiest title but it was probably more appropriate. TOPOFF was the government’s slang for Top Officials exercises, and they were mandated by Congress to ensure that our highest leadership knows what to do (and who does it) when things do go bump in the night in our country. They were designed to show each top leader across the government how the government works as a whole and what each agency is responsible for during an emergency or event that impacts the lives of Americans.

During the exercises (and depending on the event), they were able to see how agencies would respond regardless of how large or small their roles may be. NLEs prompted interactions between agencies, finding how each agency plays a role in helping the nation, regardless of who is in charge of an event. It also gave each leader a brief knowledge of the terms now standardized for responding to any emergency, disaster or event. A standard language was key to the success of the response.

Our nation faces new enemies, and in the fast-paced world in which we live, this is no time for a learning curve for our leadership. They need to be ready to hit the ground running. There is no time for do-overs.

Posted in Congress, Politics & PR, Critical Infrastructure, Emergency Preparedness & Response, Management & Administration, counterterrorism | Comments

Another Mexico Victim: Mission Trips

Wednesday, May 12th, 2010

With summer quickly approaching, many church groups are making plans for the various mission trips that they sponsor for adults and youth. For the people who participate in these annual trips, they are more than a chance to get away. They present opportunities to engage communities in the United States and around the world and work on various service projects that help their fellow human beings. In the United States, places like post-Katrina New Orleans, Appalachia and other areas with economic challenges and post-disaster problems have benefited for years from the fellowship of many hands repairing old structures, building new ones and bringing faith into action.

Mexico has also been a place where many mission trips have taken place. For years, churches of all types have traveled south of the border to aid impoverished communities with irrigation systems for farming, building construction and repairs, and other projects. These Mission trips are often times in addition to the trips sponsored by churches and other charities that bring healthcare services to people who can not afford it or do not have access to it. All of these actions are emblematic of the human charity and decency that every religion preaches and that we are all capable of achieving. Unfortunately, such grace and generosity has now become another victim of the on-going violence in Mexico’s increasingly bloody drug cartel wars.

Like those at my own church, Heritage Presbyterian in Alexandria, VA, mission trips planned for this summer are being canceled on account of the unrest south of the border. While there have been no publicized or direct threats made to specific missionaries or charitable groups, the uncontrollable violence makes each visiting mission trip a prime target by the warring drug cartels for kidnapping, assault and murder. In short, anyone and everyone is a target in Mexico.

Not a day goes by when gruesome headlines about the ongoing Mexican violence are not available for us to see. Furthermore, when U.S. consulate officials and Mexican public officials, police officers, military personnel and regular citizens are daily targets, there is no chance that well-intentioned Mission groups will not find themselves in the crosshairs of violence.

In hearing my church make its announcement about canceling this summer’s mission trip to Mexico, there was genuine heartbreak and disappointment at being forced to make this difficult decision. For the past several years, Heritage members have traveled to repair homes and improve infrastructure in Mexican villages while also assisting with healthcare and educational services, which are few and far between. Their efforts, like those of other congregations around America, have been an incredible lifeline to people who desperately need help.

While the needs of many of these people remain ever-present in Mexico, the ongoing violence makes it next to impossible to support any type of humanitarian service operation in that country. To go there puts the well-intended in harm’s way and risks bringing further pain and hardship to those who already have it hard enough.

Needless to say, it is politically sensitive for anyone in the U.S. government, particularly the U.S. State Department, to advise against visiting Mexico. As one of our country’s leading trading partners and a destination for thousands of American tourists, it would cause a firestorm of controversy if the Secretary of State where to step in front of a bank of microphones and say, “Stay away from Mexico.”

While the Secretaries of State, Homeland Security, Defense, etc. have all made numerous public comments about the unrest raging in our southern neighbor, political diplomacy necessitates carefully worded statements of support and warning about what is happening there. Furthermore, a declarative statement of the kind mentioned above would communicate a complete lack of confidence in Mexican President Calderon’s ability to secure his country. No one from the Obama Administration would understandably want to do that, but when communities of faith cannot go into a community to perform public service projects that serve those in dire need because they are not safe, you know how fragile the situation has become.

History records that people of faith have long risked their lives to promote their respective religion’s views, but few if any churches are willing to risk the lives of their members in today’s Mexico. When comparing that decision to those early missionaries who indeed risked it all for their faith, some might call such actions cowardice. It’s not. Rather, it is a painful act of courage in recognizing that there are those times when stepping forward to do good may cause more harm.

Heritage’s decision and that of other congregations is an uncomfortable realization that by going to Mexico, they risk giving the drug cartels an even more lucrative target – do-gooder Americans who can be kidnapped, ransomed and even murdered. If that were to occur, an already uncontrollable situation would become even more so. Staying away is the safest and most sensible option any mission organization can make under the current circumstances.

It is also a difficult decision because people who need a hand will not be getting it. They remain trapped in a culture of violence that spares no one. Their victimization is only further multiplied while hands across the border, ready to serve, remain out of reach.

Until this situation is ultimately resolved, there is only one thing the hands on both sides of the border can do. Pray for it to end.

Posted in Border Security, Emergency Preparedness & Response, Ideology & Public Diplomacy, International, Law Enforcement, Management & Administration, Narcotics | Comments

Was the Stock Market Crash a Cyber Attack?

Wednesday, May 12th, 2010

Last week we experienced a major “event” in the financial world. In a matter of minutes, the New York Stock Exchange lost nearly 1000 points or about $1 trillion. It caused panic and kicked off numerous investigations as to the catalyst of the dramatic and expensive incident.

There are five possible reasons for the black day.

1. It was a “simple” computer glitch. The systems used to manage the incredibly fast and complicated buying and selling has a hiccup, and when the human traders saw the mistaken results, they piled on.

2. A trader typed “b” instead of “m,” turning a sale of several million into one of several billion and precipitating the rush to sell.

3. The ongoing financial crisis in Greece was the cause. The market had already lost over 900 points that week due to the shakiness of the European economies and the possibility of it spreading from Greece to Spain, Portugal and beyond. (In any case, Greece’s financial troubles probably contributed to whichever reason turns out to be the primary catalyst).

4. It was deliberately caused by crooked and unscrupulous traders seeking to cash in.

5. It was a deliberate attack trying to destroy confidence in the American (and Western) economic system.

As stated, investigations to determine the cause are underway. At the AFCEA Joint Warfare Conference in Virginia Beach, former DHS Secretary Mike Chertoff and retired Adm. Tim Keating, former Commander of both U.S. Northern Command and U.S. Pacific Command, were asked if it was possible that the market fall was the work of terrorists. Both felt that it was not. John Brennan, the President’s advisor for Homeland Security and Counter Terrorism has stated without hesitation that this was not cyber terrorism. Despite lots of hand wringing and conspiracy theorizing, pretty much all the experts agreed that it was not a terrorist incident.

Does this mean that all the earlier prophecies of doom about cyber terrorism were Chicken Little? Unfortunately, no they are not. Cyber terrorists going after our financial sector or other critical infrastructures are a real danger.

Not every “bad” thing that happens will be caused by cyber terrorism, but that does not then mean that cyber terrorism is not a threat. In fact, I am concerned that our enemies will look at last week’s events and see how easy it may be to cause us great harm and concern. The bad guys do analysis too. They are watching how we respond to natural disasters, how we respond to nearly everything, and they learn.

We need to be as least as good at learning as they are. We need to anticipate how they may perceive events and how they may adapt based on their analysis. And we must be prepared to deal with the results.

Posted in Critical Infrastructure, Cyber Security, Emergency Preparedness & Response, Homeland Security Industry & Private Sector, Intelligence, International, Law Enforcement, Management & Administration, counterterrorism | Comments

Visa Waiver Program Not a Primary Contributor to Illegal Immigrant Population

Wednesday, May 12th, 2010

Reporting from ground zero in the immigration debate, the Arizona Republic recently wrote that, “not every illegal immigrant in the United States snuck across the border. A very large number, perhaps as many as 5.5 million, entered legally with visas and then never left.”

As the article goes on to state, the 5.5 million figure (which would be nearly half of the nation’s estimated illegal immigrant population) is at best an educated guess. The U.S. Government hasn’t published nonimmigrant overstay rates since 1992. However, DHS’s picture of overstay rates has come into greater focus over the past several years as the systems and processes used to capture automated records of nonimmigrant arrivals and departures have improved significantly. As a result, we can say with much more certainty that the vast majority of these “overstayers” did not enter the United States under the Visa Waiver Program (VWP).

Current data shows a cumulative overstay rate from VWP countries of less than 1 percent. What’s more, this rate is likely overstated. For example, it includes travelers for whom DHS has no record of departure. While some of them may have overstayed, others likely departed without filling out the departure forms or using documents that can be easily matched to their incoming records. Also, all matching errors within the system are treated as overstays, which artificially increases the overstay rate.

While there are still data gaps – most notably, there is minimal collection of departure records at land ports and resource and logistical issues make it highly unlikely that DHS will have the additional capability to collect these records in the near future – the VWP data strongly suggest that the program has not been a substantial contributor to illegal immigration to the United States.

Posted in Border Security, Homeland State & Local, Immigration & Visa Policy, International, Law Enforcement | Comments

SCADA Systems: Are they our soft underbelly?

Monday, May 10th, 2010

If you want to scare a cyber-lay person, have them watch Bruce Willis chase virtual terrorists in “Live Free or Die Hard” and tell them it is all possible. In the film, the entire digital infrastructure of our country is brought to a stand still by a small group of very talented hackers. OK, professional analysts have told me it could not happen today. It could, however, happen in the not too distant future, particularly if present trends continue. The keys to that scenario are SCADA systems.

SCADA stands for System Control and Data Acquisition. These are really one type of Industrial Control System; however, SCADA has become the most common way to refer to them all. The simplest definition for SCADA is a computer system that monitors and controls a process, be it industrial, infrastructure or facility. Originally, they were all autonomous and monolithic; every one stood alone and was pretty much unique. The present second generations are distributed, and the third generations are networked. These systems make nearly everything we depend on run correctly; without them our lives would be quite different.

Many people think these systems are protected because most are not connected to the Internet. This is a mistake. A noted scientist from one of our national laboratories recently said that despite the fact that only 10 percent of SCADA systems are attached to the Internet, they are under constant attack. As an example, attacks on our water systems have gone up 300 percent and on the electric grids, 30 percent. The situation is similar with most of our critical infrastructure sectors.

The Department of Homeland Security (DHS) recognizes the importance of these assets. They have put together a special Industrial Control System CERT that not only deals with attacks, but does fly away responses and special training/red teams. This development is a welcome improvement, and DHS should be commended for it.

Unfortunately, two trends are making things worse. As noted, the newest systems are networked. Additionally, they are becoming more standardized. This is understandable, because they make the systems they serve more efficient and cost effective. Unfortunately, they also make them more vulnerable to cyber attack.

We need to continue the efforts to defend our SCADA systems. If they are under assault when only 10 percent are Internet connected, what will happen when they are all online? DHS has made a great start, and industry is finally “getting it.” One only hopes the positive trends can catch up with the economic ones, which are driving the vulnerabilities. The bad guys know SCADA’s importance. We need to give it even more effort.

Posted in Critical Infrastructure, Cyber Security, Homeland Security & the Internet; Gov't 2.0, International, Science & Technology, counterterrorism | Comments

Heat and Feedback on “The System Worked”

Friday, May 7th, 2010

Since posting my blog, “The System Worked,” on Security Debrief and several other social media sites commending the work of law enforcement, intelligence and others in the capture of the failed Times Square bomber, I’ve received lots of feedback. And I couldn’t be happier.

It’s been everything from, “Are you kidding? The system didn’t work! He was able to get on a plane!” to “The system got lucky because this guy was inept.”

To everyone who wrote in response to the post, I offer my sincere thanks. Everyone offered a number of good points that brought thought and debate to this still unfolding situation. While I can’t respond to all of the points raised, I wanted to tackle a few of the arguments that people posed to my blog.

Argument 1: Faisal Shahzad should have never been able to drive the bomb into Times Square.

There are lots of locations around NYC where Port Authority police officers are stationed, usually outside of the tunnels, where vehicles can be pulled aside for inspection. Times Square is not one of those locations. It literally is an active crossroads and confluence of people and traffic. If you’ve ever been there or driven through it, you know that, and that is one of the reasons it is a prime target.

This area has seen bombings occur there before, usually focused on the U.S. military recruiting station, but vehicle traffic has always been a part of this national landmark. Right now, there is no technology system, short of a VACIS machine (which screens cargo containers) that can see through a vehicle to know what’s in it. There are lots of technologies under development that alert a pending vehicle threat, but unless you stop each vehicle, empty it and go through all of it, you will never know its contents. Hence the reason the NYPD has deployed cameras throughout the area to monitor what is happening 24 hours a day.

Unless NYC decides to shut the entire area off to vehicle traffic, like Pennsylvania Avenue in front of the White House, and make it a pedestrian plaza, there is no real way of stopping any vehicle from going into the area with a concealed explosive and parking it as Faisal Shahzad did last Saturday. A Times Square without vehicle traffic, particularly all the yellow cabs, is not Times Square.

Argument 2 – Faisal Shahzad should have never been allowed to become a U.S. citizen.

This argument bothered me for many reasons. While there is little doubt given his media-reported confession that Shahzad took up arms against his country, it is not OK to make a sweeping argumentative generalization that because he was visiting Pakistan was reason enough to disqualify him from citizenship. Investigators are still working to piece together when he decided to start his terror training and make his move. Prior to last week, Mr. Shahzhad was a complete nobody and was on no one’s radar screen and for good reason. Based on interviews and media reports, he appears to have been a completely anonymous individual, and if someone is not doing anything to draw attention to himself, how do you know to keep watch on them?

Additionally, we do not interrogate or investigate every person who comes into our country after traveling to a foreign destination. Everyday, people cross borders to visit family, go on vacation or do business in another country. We also don’t send teams of intelligence and law enforcement agents to investigate whether the answers they give to Customs officials upon their return to America are true. If we did, we would no longer be the United States of America – we’d be one of the pariahs of past and current history where discrimination and abuse of civil liberties are the norm.

As evil and repugnant as Shahzhad’s attempted actions may have been, knee-jerk reactions to start stripping people of citizenship and denying people citizenship because they come from one particular country or visit a country that has “ lots of issues” seem to be the first step towards a very dark and unrecognizable America.

Argument 3 – The system didn’t work because he got on the plane and almost got away.

When I wrote my blog post, it was before news about the problems with the no-fly list were revealed. While it’s obvious that the system in place to deal with the no-fly list did not work (because Shahzhad was able to get on a plane), I stand behind my assertion that the system worked.

We were indeed very lucky that Shahzhad was apprehended when he was. Kudos for that go to CBP for getting him when they did, but I’m also a big believer that an “ugly win” is still a win. The fact is Shahzhad never left the ground. While there will be those who will accurately state that the system failed in allowing him to get on the plane by buying a one-way ticket with cash, if he passes TSA screening to board the aircraft and he’s not listed in the system as a threat, there was no reason why he couldn’t get on it.

Everyone seems to forget that on Monday evening, Shahzhad was an absolute nobody that anybody saw as a threat to anyone. By Tuesday morning, he was a somebody that everybody knew about.

There are certainly lots of things that could have gone better in this case and there is a lot more to learn from, but the fact is we have the perpetrator in our custody. There are plenty of reasons to acknowledge the success of this week, as there are reasons for suspicion of the other anonymous Shahzad’s in our midst who are thinking of when they may act against our nation. As we look to learn from this week, we also need to remember who we are as a nation and not lose sight of those fundamentals in how we respond. That’s the greatest lesson that I take away from this week, and I hope others do too.

Posted in Aviation and airport security, Emergency Preparedness & Response, Featured Feed, Homeland State & Local, Immigration & Visa Policy, Intelligence, International, Law Enforcement, Management & Administration, counterterrorism | Comments

Stopping Shahzad at the Gate: DHS’ Operational Air Exit System

Friday, May 7th, 2010

Overlooked in all the coverage of Faisal Shahzad’s dramatic arrest as his flight was about to depart Kennedy International Airport for Dubai is that his identification and capture was made possible because, contrary to popular perception, DHS has an operational air exit system.

DHS currently receives biographic exit data from all commercial and private aircraft operators. In recent years, the reliability of biographic air departure manifests and DHS’s ability to match biographic entry and exit records has greatly improved. Travelers are required to present identification documents when departing from the United States, and air carriers must transmit traveler information through the Advanced Passenger Information System (APIS). Compliance with both inbound and outbound APIS manifest submission requirements is nearly 100 percent. It was this manifest submission that triggered the hit on Shahzad’s name and led to his arrest.

While DHS has had significant success with biographic exit, there are a variety of laws that require the department to build a new system that uses biometrics—whether fingerprints, facial images or other methods—to verify the identity and record the air departure of foreign travelers.

DHS has successfully implemented a biometric entry process, which does provide real security benefits. However, it doesn’t make sense to invest billions of dollars in a new biometric exit solution that offers minimal, if any, security improvement over the biographic data provided today. Instead, DHS should focus its efforts on supplementing the current system with biometric elements, building on technology and processes the department is already planning to deploy.

Posted in Aviation and airport security, Border Security, International, Law Enforcement, counterterrorism | Comments

Is Cloud Computing Losing Some of its Allure?

Thursday, May 6th, 2010

At a Cloud Computing Summit this week, the questions began as, well, just questions. They were simple and basic: “Exactly what do we consider Cloud Computing;” answer, (my paraphrase), “Lots of things to lots of people.”

Later, the question grew almost hostile: “What are we gaining by this;” “What is the real benefit;” and “Is this really just clever marketing?”

I remain an advocate for Cloud Computing. I am convinced that its economic, ecological and efficiency pluses will out weigh its potential downsides in the end. Talking about the cloud for the government, perhaps Air Force Maj. Gen. Dale Meyerrose, the former CIO of the Intelligence Community, said it best: “We need to stop trying to fight the inevitable.” The mostly government crowd was not so sure. They were asking tough questions and were more than a little skeptical.

Frankly, I am OK with that. Cloud Computing is a reach right now for most Government clients. Given the importance of the data with which they routinely work, I want them to ask the hard questions. Every potential cloud consumer should do the same. Often, you see clients moving toward the Cloud simply because they think “they should.” Fashion is a bad reason to go to the Cloud.

It was pounded home by the speakers that any organization considering a cloud model should follow a few key steps. Analyze what you have now (level of security, ability to retrieve data, compliance, cost of infrastructure, etc), decide where you want to go, and then make any erstwhile cloud provider PROVE to you they can deliver on their promises. All the speakers said to go slow. Run trials and then pick non-critical data or apps and try it out. An incremental way forward is the only wise course.

In this case, the naturally conservative and cautious tendencies of government agencies display the right way to approach this new way to do business. We will go to the Cloud, but let’s do it right.

Posted in Critical Infrastructure, Cyber Security, Homeland Security & the Internet; Gov't 2.0, Homeland Security Industry & Private Sector, Management & Administration, Science & Technology, counterterrorism | Comments