|     |     |  About Us   |   Archives   |   Contact Us |

Sign up for Security Debrief Newsletters



Archive for the ‘Law Enforcement’ Category

« Older Entries

Questions to Secretary Napolitano About Using Predator UAVs for Border Enforcement

Tuesday, August 31st, 2010

The announcement Monday afternoon by DHS Secretary Janet Napolitano that Predator B unmanned aerial vehicles will begin patrolling the skies over American’s Southwest border,  funded in part by the latest $600 million infusion of cash from Congress, ought to raise some very serious questions about the manner in which increasingly limited homeland security funds are being spent.

Unfortunately for the American taxpayers, and the Border Patrol agents who are the alleged beneficiaries of this largess, it does not appear that those questions were asked before the earmark occurred or even before the current deployment was announced. And in my opinion, DHS continues to waste money on a UAV program that is overly expensive and grossly inefficient when compared to alternative approaches.

In its proper place, the Predator UAV can play a significant role in helping American warfighters. I feel certain that its manufacturer, General Atomics, can make a strong case for its use in armed conflict zones, and there are certainly several of those along the US-Mexican border, if current press reports are to be believed. I submit, however, that there are better alternatives that would achieve better results.

But for the single-mindedness of the head of CBP Air and Marine Operations, who reportedly has rejected any suggestions that DHS consider the capability of other, less expensive and more flexible unmanned aerial platforms (much less the additional capability of more manned airplanes or helicopters), I have serious doubts that a reasonable person would deploy Predators for border surveillance purposes.

Yet Congressional myopia combined with DHS and CBP stubbornness has created a situation where alternative approaches seem to be ignored – a strange position to take for current DHS leadership in light of their other public announcements about reliance on alternative analyses of the proper “mix” of technologies and personnel for border enforcement and a rhetorical “efficiency review.”

OK, so hypocrisy is not illegal in Washington DC, or anywhere else for that matter. Still, it would be nice if DHS would not engage in charades. If DHS wants to deploy Predator B UAVs, then at least admit that Predators are far more expensive than almost every other alternative – or make the case why this is a better choice. Thus far, the explanations are lacking, and this should not be allowed to continue.

When Congress returns, or whenever GAO gets around to it, Secretary Napolitano should be required publicly to address these questions, at a minimum:

  • What is the operational cost (including personnel) of flying one Predator B UAV for a 24 hour shift and how does that compare with the cost of operating other aircraft in the CBP Air and Marine Operations existing fleet?
  • How many people does it take to operate the Predator UAV for a single mission?
  • How many people does it take to operate a Cessna manned aircraft for a single mission?
  • What additional capabilities does the Predator B UAV give to the Border Patrol that a manned Cessna aircraft does not provide?
  • What additional capabilities do other CBP aircraft give to the Border Patrol that the Predator B does not?
  • What is the cost of acquisition and a full year’s operation of one Predator B UAV, and what other UAV platforms could DHS acquire and operate to achieve the same or greater level of detection as a Predator B?
  • For the cost of acquisition and a full year’s operation of one Predator B UAV, how many manned aircraft could DHS acquire and operate to achieve the same or greater level of detection as a Predator B?
  • For the cost of acquisition and a full year’s operation of one Predator B UAV, how many Mobile Surveillance radar units could be acquired and operated by Border Patrol agents?
  • What are the reasons that CBP has rejected the use of smaller UAVs for border detection and enforcement purposes?
  • What are the approximate costs of UAVs that could be launched and operated by a single Border Patrol agent in the field?
  • What is the annual cost savings, if any, to CBP by operating Predator B UAVs instead of other aircraft types?

I am sure there many other questions that could be asked – and I hope they are. These are the ones that immediately came to my mind.

The choice to deploy the Predator B UAV for border enforcement purposes is a mystery that needs to be addressed – unless effectiveness, efficiency and cost are not important these days to the Department of Homeland Security.

Posted in Aviation and airport security, Border Security, Congress, Politics & PR, Homeland State & Local, Immigration & Visa Policy, Law Enforcement, Management & Administration, Science & Technology | Comments

Breaking: US investigates potential terrorist test run

Tuesday, August 31st, 2010

The news of two men arrested in Amsterdam on suspicion of terrorism is making its way across the news wire. Here’s the latest from AP.

US investigates potential terrorist test run – Associated Press

Two men arrested in Amsterdam may have been conducting a dry run for a potential terrorist attack, U.S. officials said Tuesday after a cell phone taped to a Pepto-Bismol bottle and a knife and box cutters were found in one of the men’s luggage.

U.S. investigators are pursuing leads in Detroit, Birmingham, Ala.; and Memphis, Tenn., according to officials speaking on condition of anonymity to discuss the ongoing investigation.

The arrests come at a time of heightened alert just days before the ninth anniversary of the Sept. 11, 2001 terror attacks.

On Sunday, authorities found the suspicious items — a cell phone taped to a Pepto-Bismol bottle, multiple cell phones and watches taped together, and a knife and box cutter — in one of the men’s checked luggage in Virginia. The man and his luggage were headed to separate international destinations, which also raised concerns.

Posted in Aviation and airport security, Border Security, Intelligence, International, Law Enforcement, Management & Administration, Transportation Security, counterterrorism | Comments

Cyberspy Hunting al Qaeda Speaks to Security Debrief

Thursday, August 26th, 2010

Over the last decade, America and her allies have done a solid job of beating al Qaeda to a bloody pulp. We’ve hit them with everything we’ve got: troops on the ground; Predator drones in the sky; missiles from the sea; and we’re taking them apart piece by piece on the Web.

But it’s not just the government that’s running down al Qaeda. Even U.S. citizens are using some good-ol’-fashioned American initiative; citizens like Shannen Rossmiller, a citizen cyber spy.

A what?

Rossmiller’s no government agent. She’s just your average citizen with an extraordinary conviction to bring al Qaeda to its knees. Online she sounds like a terrorist, looks like a terrorist and walks like a terrorist, but in reality, she is anything but. Since 9/11, Rossmiller has been on the cutting edge of cyber counterterrorism, hunting and tracking terrorists online and sharing her findings with federal authorities.

Given that we are hunting al Qaeda relentlessly, one might think terrorists would take extra steps to hide their identity on the Internet. Rossmiller said no.

“People still believe they have anonymity online,” she said. “They don’t realize you can trace them and figure out who they are, using IP addresses and other means.”

And because of that belief, they’re willing to talk openly, she said. That’s how she gets them.

So what is cyber counterterrorism? It isn’t yet a defined practice area, though Rossmiller is making strides in that direction. She told us all about it when she spoke to a small gathering of industry specialists, a discussion hosted by Security Debrief and homeland security consulting firm Catalyst Partners.

Take the case of Ryan Anderson, an American National Guardsman who on the verge of deployment to Iraq was also online, using a different name and talking about jihad. Rossmiller identified him as a threat, and posing as an Algerian sympathizer, lured Anderson, over the course of numerous e-mails, into revealing details of his plans.

Rossmiller provided this evidence to the FBI, and with Rossmiller serving as a key witness for the prosecution, Anderson was convicted of attempting to aid and provide information to al Qaeda. He is spending the rest of his life in prison.

Rossmiller is many people in cyberspace, all of them supposedly eager to wage violent jihad. But they’re constructs, built through research and trial and error. She engages radicalized and potentially violent individuals in online forums and websites, slowly but surely writing in Arabic (not her native tongue). The lingo she uses smacks of al Qaeda-speak (whatever that sounds like), and clearly her efforts are effective as she’s pulling would-be terrorists into the open, teeing them up for our federal forces to finish the job.

Ready to sign up? Vigilantes beware. Rossmiller is particularly effective because she understands the law. As the youngest female judge in U.S. history, she has a keen awareness of what constitutes entrapment and what is needed for a conviction. Other well-intentioned but less legal-minded individuals may not be as effective in finding evidence that leads to convictions.

The discussion was moderated by Dr. David McWhorter, principal at Catalyst Partners and a former analyst with the Institute for Defense Analyses. Also helping lead the discussion was Security Debrief’s Steve Bucci, Cyber Security Lead, Global Leadership Initiative at IBM Global Services.

Posted in Cyber Security, Homeland Security Industry & Private Sector, Intelligence, International, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments

What is a Law Enforcement Fusion Center?

Monday, August 23rd, 2010

Fusion Centers are a fairly new concept in law enforcement, and many people don’t know the purpose they serve or how their local law enforcement agency should be engaging these centers. If you ask 20 people for a definition of “fusion center,” you’ll get 20 different answers. Some might even think these centers are making frozen coffee concoctions or protein drinks.

Fusion centers are an attempt to deal with the fact that clues related to criminal activity often remain undiscovered in disconnected law enforcement databases. These centers address that challenge by bringing the data into one place or making it accessible from one place, typically on one software platform where analysts can connect the dots.

Much of the rationale for developing these centers comes from the post-9/11 realization that we knew a lot about the terrorists, but the data points were scattered and didn’t raise any red flags in isolation. Many agencies had a piece of the jigsaw puzzle but not enough to form a picture of a credible threat.

So in recent years, as a national grassroots initiative developed, in part, from a joint project with the federal intelligence community, including DHS and DOJ, about 50 of these fusion centers have been created across the United States. Each is staffed with personnel from multiple agencies that help facilitate local, state, county and federal data sharing.

While almost every fusion center has a slightly different mission, most people agree the goal is to bring a lot of data together to form a complete picture of criminal activity.

Based on what I’ve seen working in over a dozen of these centers, some are simply amassing numerous data stores in one location for quick and efficient query used to support tactical investigative activity. This approach allows instant access to various data sources, but minimal analysis occurs. In contrast, some fusion centers focus on strategic analysis, with officers and analysts collecting and analyzing the data, and then making assessments of the threats posed and the potential for criminal activity.

Contrary to popular “blogosphere” opinion, these fusion centers are not “big brother.” The rules for private and protected personal data have really not changed. State and local police still need court authorization to access an individual’s telecommunications records, credit card transactions, Internet activity and similar confidential information.

Fusion centers that are doing strategic analysis are best positioned to prevent criminal acts. Trained intelligence analysts in these centers look at a local tip or Suspicious Activity Report (SAR) and then use advanced search tools across many databases simultaneously for indications that the tip could be part of a much bigger “iceberg” hiding below the surface. These analysts are trained to develop a hypothesis and test it through search, data analysis and proper vetting.

Often, an analyst determines there is no cause for concern, but occasionally, the outcome is a finding that there is a clear and present threat, in which case the analyst publishes a “product,” which is a finished intelligence report for review by law enforcement command. While analysis of this kind has been done for years, new technologies for unstructured data search, automated workflows, and better data sharing drive more efficiency and deeper results.

If you are working in law enforcement, it’s wise to know who to contact at your regional fusion center and designate a contact point within your agency. Also, by linking your local databases to these centers, it’s possible that a traffic stop in your area could possibly help crack a bigger case.

Posted in Homeland Security & the Internet; Gov't 2.0, Homeland State & Local, Intelligence, Law Enforcement, Science & Technology, Terror Strategic Analysis, counterterrorism | Comments

Immigration Report Shows Continued DHS Enforcement Successes

Friday, August 20th, 2010

This week’s release of the DHS Office of Immigration Statistics report “Immigration Enforcement Actions: 2009” is a must read for those interested in immigration enforcement. The report sheds an interesting light on the federal government’s argument against portions of Arizona law, S.B. 1070, and also contains some positive long-term metrics that demonstrate the sustained work of law enforcement in this area.

Consider Table 4 of the FY 2009 report, which details ICE’s progress in removing criminal aliens. The report shows that ICE removed 128,345 criminal aliens in FY 2009. This is a substantial improvement over FY 2008, consistent with the agency’s commitment to the Secure Communities program and its 287(g) partnerships.

The report gives a breakdown of the types of convictions these criminal aliens had, including convictions for dangerous drugs, immigration-related offenses, assault, larceny, fraud, burglary, sexual assault and family offenses. Of note for FY 2009, the second most common criminal conviction was “traffic offenses,” accounting for over 20,000 (15.9%) of ICE’s criminal alien removals. This is new. Traffic offenses did not comprise a separate category in the FY 2006, 2007 or 2008 Immigration Enforcement Reports, but were merely listed in the catch-all “other” category, which primarily includes less serious crimes, as well as crime categories that represent less than 2% of the total removals.

With traffic offenses taken out of the “other crimes” category for FY 2009, one would expect the “other crimes” percentage to be significantly down. It is not – removals attributed to the “other” crimes category are nearly the same for this year and previous years. This suggests that in FY 2009, ICE had a significant spike in removals for traffic convictions or “other” minor offenses when compared to previous years, rather than a spike based on removals for more serious criminal categories.

Arizonans take note. Given the Administration’s position on the Arizona law, it is remarkable that broken tail lights, speeding and other minor crimes appear to be such a significant part of the Administration’s criminal alien initiative. How can the federal government criticize Arizona for wanting to process criminal aliens who have been arrested for “minor” traffic offenses when its own statistics for criminal alien removals demonstrate that the Administration has ramped up removals for the same offenses?

In the litigation on S.B. 1070, the district court’s opinion relied heavily on the federal government’s declarations and assurances regarding federal priorities and targeting of significant criminal offenders. Unfortunately, those assurances appear to be inconsistent with actual statistics, at least for FY 2009.

Even with these inconsistencies, however, DHS has much to highlight in the FY 2009 report. The report reveals some significant positive metrics, including an odd couple of successes: fewer CBP apprehensions and more ICE apprehensions and removals. Moreover, the long-term data is worth analyzing. When you compare the removals in fiscal year 2001 to the removals in fiscal year 2009, for example, it is apparent that the government is making a concerted, longer-term effort to address the problem of illegal immigration.

The American public’s view that the government does not have a long-term commitment to enforcement has been one of the biggest stumbling blocks to immigration reform. As the FY 2009 report demonstrates, however, the federal government has removed more individuals for seven consecutive years. That’s more than a blip – these results demonstrate some progress and a bipartisan commitment to starting to secure our borders after the neglect of the late 1990s.

These results have not been enough for the citizens of Arizona and many other states, but they do show progress. DHS should use the FY 2009 report to help convey all that has been done.

Posted in Border Security, Civil liberties & Privacy, Congress, Politics & PR, Homeland State & Local, Immigration & Visa Policy, International, Law Enforcement, Management & Administration | Comments

Let’s Not Talk Nonsense About Cyber

Friday, August 20th, 2010

A recent blog post on Wire.com by Kevin Poulsen, “Cyberwar Against Wikileaks? Good Luck With That” was brought to my attention by a good friend. She nominally just wanted my thoughts on the provocative article, but in effect, challenged me to blog on the subject. So here goes.

The genesis of the “controversy” was not the release of the mountain of leaked documents by the WikiLeaks folks, but rather, some of the response it had provoked, and that created a connection to cyber. A pundit had opined in the Washington Post that the U.S. Government had the cyber capability to “prevent WikiLeaks from disseminating those materials.” He was referring to the slightly smaller mountain of documents that have been so far held back (on the advice of newspaper leadership types). These specific articles are apparently potentially more injurious to innocent folks than those already released.

OK, so the pundit was suggesting that President Obama authorize government entities to turn WikiLeaks computers into silicon bricks? Come on folks, educated people should not talk nonsense. Could we “attack” the website’s servers, computers, and other digital infrastructure? Yes, we probably could. That defined a target is well within the capabilities of several different parts of the government, but why in the name of all that is anchored in reality would any President ever do it?!?

Even if you skip right over that pesky free speech and freedom of the press stuff, just from a policy standpoint, it would be entirely self defeating. Using cyber capabilities to silence those with whom we disagree is exactly what privacy and civil liberties advocates fear most about the development of our cyber defenses. If anyone in the administration convinced the President to do this, it would forever torpedo the efforts to husband these capabilities for use in protecting the nation from our external enemies.

Was the release of the Afghanistan documents harmful? Yes, but not hugely so. The documents are for the most part low-level tactical reports at the SECRET level – not exactly the Pentagon Papers of this generation.

What the young soldier who released the documents did was illegal. He had a security clearance and had signed numerous non-disclosure agreements that go with official access to classified material. He knowingly broke federal law and the Uniformed Code of Military Justice. He should and will be prosecuted. But the military failed in its screening of this individual and in its supervision of him. As a result, he took actions that he may regret in the future.

WikiLeaks, however, made no such non-disclosure agreements. I am not defending what they did, and I wish they had not done it. Their actions have hurt the reputation of this country, our efforts to free the Afghan People from an oppressive ideology (however imperfect those efforts may be), and may in the long run get innocent people killed. If the online outlet’s ambitions to publish the documents in full had not been tempered by more mature and experienced news people, it would have been worse.

Basically, the U.S. Military must suck this one up and do a better job of securing its classified documents (they are far easier to steal and transfer than ever before). Clearly, if we have legal recourse to keep other documents from being leaked, we should take them, but nothing more. We must also work even harder at screening our personnel and then monitoring them for signs (public Web postings for example) that they might be considering illegal actions. If anyone is considering taking extra-legal actions involving our cyber capabilities, PLEASE put that option aside. Nothing good would come of it, and lots of damage would be done.

Posted in Civil liberties & Privacy, Cyber Security, Homeland Security & the Internet; Gov't 2.0, Ideology & Public Diplomacy, Intelligence, Law Enforcement, Science & Technology, counterterrorism | Comments

Arizona Worksite Statistics an indicator of ICE Audits

Thursday, August 19th, 2010

By Dawn M. Lurie and Kevin Lashus

Interestingly, Immigration and Customs Enforcement’s (ICE) Office of Investigations (OI) in Arizona released a snap-shot of its weekly operations. No other ICE office has provided such statistics. It is clear that politics played a significant role in prompting the release of this snap-shot, considering the amount of scrutiny Arizona’s SB1070 has undergone in the past couple of weeks and with mid-term elections two months away. Regardless of ICE’s motives, the report provides evidence of the increasing worksite enforcement activity affecting employers. This should not come as a surprise to anyone who has been following our postings and alerts.

OI has twenty-six Special Agents in Charge (SACs) at its principal field offices throughout the United States. These offices are responsible for the administration and management of all investigative and enforcement activities within the office’s geographic boundaries. The Arizona snap-shot of the enforcement activity in one Area of Responsibility (AOR) provides insight into the kind of activity being experienced in other AORs throughout the country.

The Arizona report definitely supports the proposition that ICE is aggressively executing its mission. Administrative and criminal investigations have resulted in significant numbers of successful criminal prosecutions, civil monetary penalties, administrative arrests, and civil forfeitures.

But what employers should be focused on are the details of the report that relate to OI’s worksite enforcement and how those statistics may be interpreted alongside the 25 additional offices in the country to provide a clearer picture of audit activity and stepped-up administrative efforts. The report states that:

ICE audited 59 Arizona businesses, resulting in the inspection of 21,587 Forms I-9. Of the 21,587 Forms I-9 inspected, agents determined that 2,177 employees presented “Suspect Documents.” 25 businesses were served a Warning Notice and 23 were served a Notice of Compliance based upon the results of the Form I-9 audits. ICE is currently preparing several Notices of Intent to Fine for other business[es] audited in FY10. In FY09, ICE fined six Arizona companies with fine notices totaling more than $270,000.

Some may be questioning whether the snap-shot is representative of national trends: we are of the opinion that it is. At the recent ICE training, the enforcement division reported fine assessments greater than $4M against 164 employers throughout the country and noted that 147 employers have been criminally convicted or cited with worksite violations during the calendar year. With increases to the forensic auditor core and a new centralized Auditing Center opening up to assist with administrative reviews, ICE is poised to increase administrative investigations in an effort to continue to remind employers that the culture of compliance is something to take very seriously.

The number of criminal investigations is also surely to rise. The recent statistics are certainly impressive, but we are still willing to wager that the agency will issue another round of Notices of Inspection (NOI) to employers in the next month or so. The SACs with larger resources will certainly be held responsible for more of these anticipated audits; we guesstimate another 500 to 750 audits will be announced. The number of NOIs may exceed 2300 by the end of 2010. Companies located in the larger SAC jurisdictions including Atlanta, New York, Washington DC, Chicago, Dallas, Houston, Los Angeles, Phoenix and San Francisco are among the favored for the clusters in numbers.

While the metrics for audit selection are not disclosed, ICE appears not to be discriminatory, and clearly each SAC has a generous amount of latitude, both in selecting companies for audits as well as for settlements. Generally, investigations are based on leads, targets and other factors. The required number of audits for each SAC will vary with the size of the AOR, the number of auditors assigned to the SAC and those internal guidelines that ICE utilizes. No quotas, of course, but reports are publicized within the agency and “stats” are reviewed, need we say more? While we also have plenty of ideas on those metrics, nothing is concrete.

Folks, to be clear, this was not discussed during the IMAGE conference last week. But alas, we are not true psychics – fair warning was given to companies by Senior Special Agent Todd Johnson and other ICE Representatives: take action, review your I-9-related compliance and institute a compliance plan NOW. Taking such corrective action after ICE serves an NOI just doesn’t count as much.

What was not discussed during last week’s meetings with ICE, but what is identified in the snap-shot, is the number of “Suspect Documents” identified during the inspections – 2,177 out of the 21,587 Forms I-9 inspected. “Suspect Documents” is a phrase that relates to the number of employees who have presented documents to employers that cannot be verified by the government without further review; often, fraudulent documents are in play.

Upon receipt of a Notice of Suspect Documents, employers are required to request alternative documents, and if the issue cannot be resolved, they are referred to ICE. While a number of Suspect Documents issues can be resolved, the vast majority of workers receiving such notices are eventually terminated due to their inability to provide valid work authorization. Based on rough math, SAC Arizona has inspected employers with workforces that are comprised of almost 10 percent unauthorized individuals.

Now, some may argue that the number is already high and reflects the composition of a workforce in a border state. That may be the case. But, even if the average is closer to 5 percent, even the most compliance-driven employers will have some exposure to “knowingly hire” and “continuing to employ” allegations.

What should employers do? Be proactive. At a minimum, review and correct your I-9s before ICE does. Go further, take the Arizona statistics seriously – implement standard operating procedures and trainings designed to improve immigration compliance, employ comprehensive identity and work eligibility verification mechanisms, and consider rolling-out verification compliance software as well, to establish a “good faith defense.”

Now is the time to consider implementing best practices. Enforcement activity will continue to increase prior to the adoption of minor, let alone true, comprehensive reform.

Posted in Border Security, Congress, Politics & PR, Featured Feed, Homeland Security Industry & Private Sector, Homeland State & Local, Immigration & Visa Policy, International, Law Enforcement | Comments

Hertiage’s Homeland Security Panels – Bucci Speaking on Cyber and Maritime

Wednesday, August 18th, 2010

Next week, the Heritage Foundation will host “Homeland Security 2010: The Future of Defending the Homeland.” This will be a week-long series of panels aimed at providing a good background for Congressional Staffers new to Homeland Security issues. Heritage did this last year, and it was an excellent event. It should be informative and helpful for the folks who provide the leg work for our Legislative Branch.

This program is diverse. The event begins on Monday, August 23, focusing on maritime security. Two panels will look at this huge area from the civilian and military standpoints.

I will sit on one of the panels and will look at the immense task of achieving maritime security and what has been done so far in pursuit of it. My time as the Deputy Assistant SecDef for Homeland Defense included a great deal of focus on this crucial defense domain.

On Tuesday, the attention will shift to Science and Technology, with two panels looking at the role of fundamental science in security, specifically bioterrorism. Day Three’s panel reaches out to the private sector on its pivotal roll in Homeland Security. It will cover Critical Infrastructure Protection (most of which is privately owned), and the expanding role of the private sector in response since 9/11, Katrina, and the Gulf Oil Spill.

Thursday turns to my favorite – cybersecurity. The actual titles of these panels are intriguing: “Big Brother and the Civilian Network” and “Cyber Nukes: War and Terrorism in the Cyber Domain.” I will be presenting on the latter panel and will look at one of my pet subjects, the growing potential for cyber terrorism once terrorists are enabled by cyber criminal networks.

The five-day program is rounded out with panels looking at the role of state and local government in our response to terrorism and the overall preparedness, response and recovery system.

This outreach to the Staffers is a laudable and worthy task. These (mostly) young citizens are highly educated and very motivated to serve their members in the task of creating an effective legal underpinning for our Homeland Security efforts. By gathering together a diverse group of academics, practitioners, industry types and pundits, Heritage provides an excellent menu of topics from which the staff personnel can choose to augment their knowledge, and with whom they can debate and discuss the issues.

I am very happy to have been asked to participate, and I will be prepared for a great deal of learning and free flowing discourse.  The panels are open to the public and all are welcome. I highly recommend it.

You can RSVP for the panels and find out more by visiting The Heritage Foundation’s website.

Posted in Critical Infrastructure, Cyber Security, Homeland Security & the Internet; Gov't 2.0, Homeland Security Industry & Private Sector, Homeland State & Local, Law Enforcement, Management & Administration, Maritime & Seaport Security, Military & Homeland Defense, Science & Technology, counterterrorism | Comments

Potential Change in the Nature of TSA Enforcement?

Monday, August 9th, 2010

Since its inception in 2001, the Transportation Security Administration’s (TSA) approach to enforcing its rules generally has been a cooperative one. Recognizing the burdens on industry from new security regulations and a difficult economic environment, and understanding that harsh enforcement actions can be counterproductive, TSA generally has sought to educate and train rather than punish. Monetary fines have been uncommon, and serious punishment – steep fines or greater severity – have been rare. While this approach has worked reasonably well, there is reason to believe it will not last forever.

  • A common catalyst to a “harder” enforcement approach (e.g., more frequent and larger fines) is public focus on instances of noncompliance.

A recent example of such a catalyst is the oil spill in the Gulf of Mexico, which has transformed the Interior Department’s Minerals Management Service into the new “Bureau of Ocean Energy Management, Regulation, and Enforcement” – enforcement is now part of the name.

  • The likelihood of public focus on noncompliance is related to at least two factors: the passage of time and the industry’s ability to affect a broad cross-section of the public.

Both factors weigh in favor of an eventual turn toward harder enforcement. First, TSA is still a new agency but, as time passes, the likelihood of a significant rule violation by the regulated industry increases. Second, TSA interacts constantly with a broad cross-section of the public, which is one of the reasons that TSA problems quickly draw broad public attention.

  • Another possible catalyst to a harder enforcement approach is the growth or diversification of the regulated industry.

When the regulated industry grows and/or diversifies, regulators may be more inclined to take a harder approach to enforcement as a way of signaling seriousness to industry participants.

Hard enforcement actions are often an efficient way for regulators to deliver a message to a large or diverse set of industry participants. When the participants are few in number or homogenous, education and training by the regulators may be sufficient, but a “severe fine” warning message is more likely to be carried quickly (by the trade press, lawyers and others) to a large or diverse set of industry participants.

The industry regulated by TSA has been growing and diversifying quickly. Among the recent additions are businesses newly regulated under the Certified Cargo Screening Program (CCSP). These businesses, now approaching 1,000 in number, have to be regulated by TSA without a proportional increase in TSA resources, making an eventual resort to a harder enforcement approach more likely.

For all of these reasons, TSA-regulated companies would be wise to focus on compliance efforts as though TSA were going to take a harder approach to enforcement.

Posted in Aviation and airport security, Congress, Politics & PR, Critical Infrastructure, Homeland Security Industry & Private Sector, International, Law Enforcement, Management & Administration, counterterrorism | Comments

Can Police Agencies Perform Meaningful Predictive Analysis?

Monday, August 2nd, 2010

It amazes me how “good theoretical concepts” in law enforcement and the “programs derived from them” consistently get diluted as they are put in place at the operational level. They usually look nothing like what was on the drawing board.

Why is this? One continually hears police executives talk about strategy and then spend their days and most of their time focusing on tactical activity and decisions. Usually the “strategy” goes out the window.

Police executives agree that strategic work like data mining and using advanced tools to predict crime are great things. But very few agencies are actually doing this operationally.  I know improvement is possible. Law enforcement agencies can create more actionable intelligence from the stores of information they currently hold by applying advanced analytical techniques to that information.

Understanding that information transforms into intelligence is the key. The vetting process that takes place during this transformation usually means that action can and should be taken.

Understanding what action should be taken is also important. Is it opening a full-blown investigation, conducting surveillance, or interviewing a witness or suspect? Something can and should be done, but what is it, and who is going to do it?

There are a lot of moving parts here. A typical intelligence cycle model shows a lot of information coming from myriad sources. Some part of a given agency does something to that information, and hopefully an intelligence product goes out.

But out to where? Ideally, processes are in place to send intelligence to command for strategic decision-making – and out to operations for tactical decision-making. And to case support as well for enhanced situational awareness in the operational environment.

Getting intelligence to command is relatively easy with few moving parts. Whether command does anything with it, however, is another story. Getting intelligence to operations is tricky with a lot of moving parts. How does it get to operations in a meaningful time-frame and in a usable format?

As you strive to get timely, meaningful intelligence to your operators, the question to ask is, “Do I have the appropriate technology and processes I need, in the hands of the right people in the organization to get the job done?”

Posted in Homeland State & Local, Intelligence, Law Enforcement, Science & Technology, counterterrorism | Comments

Data Mining Tools for Law Enforcement?

Thursday, July 22nd, 2010

Recently, there’s been a trend toward some agencies purchasing new data mining tools for their needs at fusion centers.  It is great to see this investment in technology, but watch out – many of these solutions don’t have any inherent method for capturing Suspicious Activity Reports (SARs) and Request for Service (RFS) data, which fusion centers use to track case management activities.

Also, these new data mining tools typically don’t communicate bi-directionally with Regional Information Sharing Systems (RISS), nor can they communicate with National Data Exchange system (NDEX), the FBI’s information-sharing platform.

In fact, many of these software vendors don’t understand these systems need to comply with 28CFR23, the federal guideline that governs intelligence sharing.

Let’s review the four types of data that law enforcement officers encounter in their work:

1. Open-Source Data – Anything from the Internet, newspapers, other public sources [No prohibitions to sharing]

2. SARs – Information reported by citizens or police; no identifiable crime being committed but something’s suspicious [Can be shared between agencies under National SAR Initiative]

3. Investigative related – Evidence or information collected from a crime that has been committed with a goal to prosecute or prevent crimes [data sharing polices vary widely]

4. Intelligence –  Important data in assessing threats to the community; proactive, strategic analysis conducted and patterns of activities are identified; resources focus on problem at hand, be it street gangs or organized crime [28CFR23 governs this type of data – If information rises to level of reasonable suspicion, then it can be entered into an intelligence system and shared with other agencies.]

All four types of data streams have separate and distinct laws governing what law enforcement can and cannot do with them.

Agencies want to ensure that they are holding data consistent with all the rules and regulations. But if the data mining technology companies have not considered any of the aforementioned issues, their tools are putting fusion centers at risk of violating statutes, laws and regulations.

One fusion center I use as an example vetted vendors with this criteria, and instead of settling for a one-size fits all intelligence analysis system, it selected one vendor for information/intelligence management and another for analyzing the information managed by the other system.

This is what should be happening more often – using the right tool for the right job.

Bottom line: Look for technology companies that know the compliance landscape.

Posted in Homeland Security & the Internet; Gov't 2.0, Homeland State & Local, Intelligence, Law Enforcement, counterterrorism | Comments

Building a 21st-Century Strategy to Counter Piracy and al Shabaab

Thursday, July 22nd, 2010

The piracy question and how to deal with it is huge and is about to become a much larger question in the global supply-chain management continuum. I, like other folks, would like nothing more then to send in the Marines and clean out the nest of pirates. But alas, the days of gunboat diplomacy are of a bygone era.

We now engage our adversaries with not only guns and bullets, but also batteries to run our high-tech systems. Increasingly more important is the new adage, “bring lawyers, guns and money.” Nation building will take a great deal of finesse and understanding, as well as forceful measures.

One of these first opening salvos has been fired by the White House, though it seems to have been ignored by the business community with an interest in these matters. The Presidential Executive Order (EO), issued in April 2010, prevents U.S. citizens/entities from making payments to certain named individuals. It also has the potential to prevent any payments to individuals or groups involved in or supporting piracy in Somalia.

The regulatory guidelines for implementing this EO are yet to be promulgated, but given the recent Shabaab attack in Kampala, Uganda, in which at least one U.S. citizen was killed (a crime being investigated by the FBI), one can reasonably expect the enforcement issue of the EO to be forthcoming.

Shabaab is known to have sworn allegiance to bin Laden and Qaeda, and this Shabaab attack will clearly articulate the connections between piracy ransoms, Shabaab and the broader global war on terror. The probable outcome, in my opinion, will be the Lloyds, Joint Hull & Joint War Committees declaring that they will no longer underwrite insurance for kidnap and ransom in this arena. And now the lawyers and money come to the forefront.

In order to operate the critical sea lanes in the Gulf of Aden and the Somali environs, government resources from concerned nations will need to be deployed. The United States may not be the principal user of these lanes, but we are likely one of the principal end-users of the output from the associated supply chain. For this reason, it is important that we gain understanding and proactively look for how we engage the piracy issue. At least 85 percent of our critical infrastructure is privately held, and therein lays the bulk of the responsibility for defending those nodes. Building coalitions across industry and national borders, sharing information and supporting combined military action when needed will be a key effort to meeting the threat.

In one of his first acts of president, Thomas Jefferson met the challenge of pirates. Now, 200 years later, we face a similar situation, which will indeed need lawyers, guns and money. It will also take intelligence, technology and collaboration.

Posted in International, Law Enforcement, Management & Administration, Maritime & Seaport Security, Supply Chain Security, counterterrorism | Comments

The New Face of Aviation Security?

Wednesday, July 21st, 2010

The hunt for someone to lead the Transportation Security Administration (TSA) began in 2009, but it wasn’t until June this year that the Senate confirmed John Pistole as administrator. Pistole was the third nominee for the job, after two earlier hopefuls pulled out (see Southers and Harding). Security Debrief followed the confirmation process every step of the way and found the latest development in this week’s Air Cargo Week.

If you visit TSA’s website, you’ll find Pistole’s photo, which looks like this:

John Pistole

In Air Cargo Week’s Arrivals & Departures section, there is a note on Pistole’s confirmation (first bullet, right column). But the photo referenced is clearly not John Pistole.

Arrivals&Departures, Air Cargo Week, 7/19

Who is this man? Nominee #4? A hero cargo pilot? The publisher’s cousin?

It’s Chris Battle, Security Debrief’s founder and editor.

That’s some good PR.

Posted in Aviation and airport security, Congress, Politics & PR, Critical Infrastructure, Featured Feed, Homeland Security & the Internet; Gov't 2.0, Homeland Security Industry & Private Sector, International, Law Enforcement, Management & Administration, Maritime & Seaport Security, Military & Homeland Defense, Narcotics, counterterrorism | Comments

The Disturbing Value of the Washington Post’s Work

Wednesday, July 21st, 2010

There is always something in the media that captures the conversation of people in Washington, whether it is some unfortunate gaffe that a political figure makes, some new gossip about a government official’s missteps, or the latest poll numbers identifying the rising and falling fortunes of one political power over another. This week seems to be different though.

In a series of front-page exposes entitled, “Top Secret America,” the Washington Post has essentially blown the cover off a number of classified programs and their geographic locations around the country. Using public sources and their own talents as investigative journalists, Post reporters Dana Priest and William Arkin have put together a very impressive piece of work that raises a number of important questions about the explosive growth of the intelligence community since 9/11.

These questions (most notably, “What are we spending billions of tax dollars on?” and “What difference are these investments making?”) echo questions that have been raised by both sides of the political aisles over the past few years. The ability to spend money without thinking or an overarching strategy is a skill that Washington has long perfected to the detriment of American taxpayers. Priest and Arkin’s work highlights some of the waste of tax dollars, particularly those instances where multiple intelligence players are conducting the same intelligence analysis work as their peers.

Shining a light on those actions and raising the questions of why we are doing the same thing multiple times over is certainly of value. But Priest and Arkin and their employer, the Washington Post, have also done something of disturbing value that benefits no one but those persons foreign or domestic that wish to do us harm.

By identifying the geographic locations of some of our country’s top secret facilities (government and private sector) and surmising who does what and where at those spots, the Post reporters created an operative target list that is literally synthesized and ready for use by people whose allegiances are not in American’s best interest. While they used publicly available sources and had the cooperation of the public affairs offices of many of the federal intelligence pieces highlighted in the article, the authors seem to have taken the extra mile to share things that frankly need not be shared.

In the Editor’s note about the series, the Post does share that the newspaper removed from their map graphic the geographic locations of several sensitive facilities. As commendable as that may be, that which the Post details has potentially grave consequences for the men and women who work at those facilities. The fact is that every one of those facilities had a bull’s eye on their front door last week. After this series and its wide online dissemination, that bull’s eye just got a whole lot bigger.

There are very good reasons you are not allowed to photograph inside security screening areas (e.g. airport screening areas).

There are very good reasons that the President and other dignitaries’ motorcade routes are not published in the newspaper.

There are very good reasons that when you go to Google Earth or other digital map services some areas are not available for downloading and printing (e.g. Camp David, MD; Area 51; etc.).

There are also some very good reasons that organizations like the National Security Agency, the National Geospatial Information Agency, and others in the public and private sector do not actively place neon marquee signs outside their locations and say “WE DO INTELLIGENCE WORK HERE!”

Is there signage outside many of these facilities to denote who they are?

For many of these structures there is, but that does not mean any of them want to be featured on a local Chamber of Commerce tourism map. Each of those facilities is spread out around the country for reasons of politics, duplicity, expertise and assignments. None of them has made it a policy of publicly waving a flag to say, “Hey look at me” to draw attention to themselves or the people who work there.

Maybe the Post forgot about the 1993 shootings outside of the CIA’s Langley Headquarters, when Mir Amal Khasi got out of his car with an assault rifle and fired away at CIA employees killing two and injuring three more.

Maybe they’ve forgotten about the numerous shootings that have occurred at the Pentagon over the years by those individuals, whatever their grievance, who decided to open fire or display some type of weapon.

While CIA HQ and the Pentagon are much more publicly known (and accessible structures) than many of those identified by the Post series, the fact remains that the people who work at these lesser known facilities are much more vulnerable for potential harm than they were before.  Lesser-known targets are easier to strike than the higher value and publicly recognizable ones.  Those structures often have their own security forces to safeguard the perimeter. Some of these others facilities may not. As this series continues to be shared by friend and foe alike, the security posture at those locations is certain to change as terrorists, lunatics and the disenfranchised have been given a hefty menu of targets of opportunity.

According to the Editor’s note, as well as the reporters’ public comments, the Post is not interested in causing any personal harm. Unfortunately, their actions speak louder than their words.

Posted in Critical Infrastructure, Homeland Security Industry & Private Sector, Intelligence, International, Law Enforcement, Management & Administration, Military & Homeland Defense, Private and Physical Security, counterterrorism | Comments

E-passports Key to Border and Travel Security

Monday, July 19th, 2010

A top-rated lacrosse team representing the Iroquois Confederacy apparently won’t be competing in the world championship of the sport their ancestors helped invent. The United Kingdom—which is hosting the tournament—has indicated it will deny entry to the team because its members are not traveling on U.S. passports. The players are understandably upset that despite years of training and commitment, they won’t be able to compete for a championship. In addition, the team members and their supporters have made this an issue of Iroquois identity. However, the British authorities are correct that the decision is a matter of border and travel security rather than Iroquois sovereignty.  Iroquois passports, which contain hand-written elements, simply aren’t as secure as the latest generation of U.S. passports.

To terrorists and other criminals, travel documents are as valuable as weapons. Altered passports and visas, or genuine documents obtained fraudulently, allow bad actors to cross borders in the course of planning or carrying out operations. Recognizing this, many countries in recent years have implemented higher security standards for these travel documents so they are considerably more difficult to counterfeit or for an impostor to use should it be lost or stolen. These upgrades significantly enhance the security of international travel. This is one reason, for example, that all citizens from newly designated Visa Waiver Program (VWP) countries are required to travel on electronic passports.

Electronic passports, or e-passports, contain a biometric identifier, either a digitized photo of the bearer or fingerprints or both. Digitized photographs and other biometrics are important because they are harder to substitute or alter than glued or laminated photos, for example.

In addition, e-passports contain a microchip that holds the digitized photograph, fingerprints (if used) and other information visible on the passport data page.  The data written to the chip is protected from alteration by the use of a Public Key Infrastructure (PKI) digital signature. When an e-passport is scanned upon entry, the face of the traveler, the data on the data page, and the data on the chip will all match if the traveler is the person to whom the passport was issued. As a result, border officials are better able to intercept suspect travelers and speed entry of legitimate ones.

E-passports also incorporate several other, more technical security measures (such as watermarks and the like) to guard against fraud or other tampering. Just as important as the security of the document itself is compliance with international standards for reporting lost and stolen passports. The INTERPOL Stolen and Lost Travel Document (SLTD) database – which is the preferred repository for these reports – is used at primary passport inspection by countries around the world to detect those who travel on fraudulent documents.

The United States should continue its efforts to encourage countries to not only produce and issue secure travel documents, such as e-passports, but also, to establish a daily, automatic means of reporting lost and stolen passports to INTERPOL. Both of these measures are requirements of the U.S. VWP because they close gaps exploited by terrorists and other mala fide travelers. Indeed, the Iroquois themselves recognize the benefits of more secure documents, having nearly completed a transition to a new generation of passports.

Posted in Aviation and airport security, Border Security, Immigration & Visa Policy, Intelligence, International, Law Enforcement, Science & Technology, counterterrorism | Comments

Immigration Enforcement – What the Conventional Wisdom is Missing

Monday, July 12th, 2010

Enforcing criminal laws is always a matter of relative success and failure. Small increases or decreases in violent crime, drug trafficking, or white collar offenses are often seen, rightfully, as major accomplishments or setbacks. For some reason, however, immigration enforcement rarely gets treated the same way.

We often hear politicians say the United States “needs to enforce the law” or “secure the borders.” The fact of the matter is that our country has embarked on an unprecedented effort to enforce immigration laws and to secure the borders over the past five years. This effort crosses administrations and came when Congress was controlled by both parties.

To try to provide some context to the immense improvements in our immigration enforcement efforts, I issued a paper on June 28 outlining some of the most important enforcement enhancements. I released this paper under the auspices of the Center for American Progress (CAP), a left-leaning think tank that supports comprehensive immigration enforcement.

Obviously more needs to be done, including a mandatory employment enforcement system that requires federal legislation. However, the coverage of Southern border issues over the past several months might lead casual observers to believe that nothing has been accomplished since immigration was hotly debated in Congress during 2005, 2006 and 2007. The facts say otherwise.

The report was issued as part of a broader panel discussion at CAP.

Posted in Border Security, Immigration & Visa Policy, Law Enforcement, Management & Administration | Comments

Is the NSA’s “Perfect Citizen” Really Big Brother?

Monday, July 12th, 2010

OK, let me get this straight: a private sector company INVITES the National Security Agency (NSA) to place sensors on its privately owned network to help the company protect itself from unauthorized and unwanted cyber intrusions. Perfect Citizen, as it is called, is a program to detect cyber assaults on critical infrastructure, be they publically or privately held. The NSA will deploy sensors in critical infrastructure computer networks to detect a cyber attack.

With the U.S.’s eavesdropping agency working in private sector networks, some have worried that Perfect Citizen (a hideous name by the way) constitutes too much government monitoring in the private sector, conjuring comparisons to George Orwell’s 1984.

But how in the world does Perfect Citizen constitute “Big Brother”?!?

It still amazes me that the only entity that some American citizens seem to be afraid of in the cyber realm is own government. Yet, the same people demand that the government protect them from cyber attacks.

Come on folks, you are asking the impossible. When anyone says “security,” these individuals (and organizations) scream “Privacy!”  What they really mean is privacy from the government. They do not seem to give a hoot about marketers, criminals or intelligence organizations from other countries reading anything and everything they have in digital format.

However, I do get the feeling that if these individuals’ identities were stolen, a bank account emptied, or their computer used in a BotNet to support a crime or terrorist incident, they will scream just as loudly that “the government should have done something!”

I am sorry that the NSA’s activities scare people. Much of the agency’s “scary” reputation is due to overblown Hollywood depictions of the organization (thank you “Enemy of the State” and other like films). I have worked with the NSA as an Intel Collector and while in the Pentagon’s Front Office. There are few organizations in the Federal Structure as obsessive about following the rules as the people at the Fort. These people are true patriots who do what they do to protect the Constitution and the American people, not to threaten them. The NSA is an American treasure, and we should be giving them raises, not attacking their integrity.

Perfect Citizen is NOT Big Brother. It is a program that is done only at the request of the people who own the infrastructure on which it resides. I predict that as this program goes forward, more firms will opt to join in. In fact, I also predict that once it starts to work for the Defense Industrial Base companies (which already have the best public/private info sharing arrangements in industry), others will clamor to join. Cyber Industrial Espionage is killing American businesses and will continue to do so until we can put effective monitoring capabilities in place.  Perfect Citizen is good first step.

Posted in Civil liberties & Privacy, Critical Infrastructure, Cyber Security, Homeland Security Industry & Private Sector, Law Enforcement, Management & Administration, Science & Technology, counterterrorism | Comments

The Value of Aspen

Friday, July 9th, 2010

As we continue to swelter in the ongoing summer heat wave, it is easy for me to reminisce about my recent visit to Aspen, Colo. Tucked amongst the Rockies with its clean air, fervent green and majestic views, a town known primarily for its skiing with the rich and famous was home to what was, simply put, the best conference program I have ever attended.

The first annual Aspen Security Forum put forward a program that I can only describe as pleasant, informational waterboarding. By the time each of the presenters and panelists were done, my hand was dead from writing so much and my head hurt from being given the firehouse treatment of a candor and content  overload.

With a venerable “who’s who” of notable names in the national security arena attending the two and a half day program, attendees had the opportunity to hear first-hand from the men and women who have served or continue to serve in some of the most demanding positions in the world. It was literally very hard to turn around and not see a face that you did not recognize from some recent event or news program, sharing insights on our country’s national and homeland security challenges.

While the presented content was outstanding, the best part about the entire program was that the overwhelming majority of notable speakers and presenters made themselves available to engage with the attendees. All too often, speakers rush in, deliver their canned pitch, say thanks to the crowd and are whisked away by their aides to get back to the office, leaving actual human contact an afterthought. To have the many distinguished speakers stick around and engage in that lost art-form of “CONVERSATION” was an absolute pleasure.

Hosted by Clark Ervin and the Aspen Institute, this was the first time they had put on a program with this particular focus. You can call it beginner’s luck if you want, but they put together a top notch effort that literally became a “must attend” for anyone who is interested in national and homeland security issues. Fortunately, for those who weren’t able to attend the program, it was taped for later broadcast by C-Span, hopefully sometime this summer. I have to tell you, there is a significant portion of C-Span’s programming that can cure insomnia, but when they broadcast the presenters and panels from the Aspen Security Forum, it will be as NBC used to call it, “Must See TV!”

To understand why I write that, here’s a rundown of some sessions (with video hyperlinks):

Adm. Mike Mullen, Chairman of the Joint Chiefs of Staff

When your opening speaker travels all the way from Kabul to Tel Aviv to Aspen to take part in the program, it’s a pretty good indicator that the organizers are up to something big. That was especially true with Adm. Mullen. Coming off a week where Gen. McChrystal was taken out by a large Rolling Stone and replaced by Gen. Petraeus, and then traveling to Afghanistan and Israel to assuage any fears and concerns they may have about the big changes, Mullen made news by essentially not making news. While his comments about the state of the nation’s counter insurgency policy dovetailed those of the White House’s, the plainspoken manner in which they were delivered conveyed the gravity of the situation our military forces are faced with in Afghanistan. His comments about Iran’s nuclear ambitions – “They’ve given us no reason to trust them” – also spoke volumes about what few measures the Administration has left at its disposal in dealing with them.

Aviation Security Panel

There is probably no other facet of the post-9/11 world that Americans gripe about more than dealing with aviation security, but as the CEO of the Air Transport Association (ATA), Jim May, said, “What’s your alternative?” Joined by Erroll Southers of USC’s CREATE Program (and the first Obama Administration nominee to lead TSA) and Christopher Bidwell of the Airport Council International, this panel laid on the table the very real threats and frustrations that accompany this portion of the security environment. One of the most interesting things discussed was the use of full-body imaging devices by airports to screen passengers. While recognizing the civil rights and privacy concerns that people have about them, Jim May of ATA shared that he thought they should be mandatory. When it came to addressing the Government Accountability Office’s recently issued criticisms of TSA’s Behavioral Detection efforts, May and the other panelists pointed out that this program was part of many layers of security, and there was no one-size-fits-all solution or silver bullet that would reduce the aviation risks faced today.

Fran Townsend, former Homeland Security Advisor to President Bush

There are many things that have been written and said about Fran Townsend, the former Homeland Security Advisor to President Bush (43), but the word “shy” is not one that would be used to describe her. The only thing that could possibly surpass the candor of her public comments when she was working as a government employee was her candor in being a former government employee. With no holds barred, Townsend explained that, “We have a reason to expect we can connect the dots this time” given all of the post 9/11 work that has been done.

In a more than hour-long conversation with Walter Isaccson, the CEO of the Aspen Institute, and the Security Forum audience, Townsend pounded on the fact that much still needs to be done to improve information sharing amongst intelligence and law enforcement agencies across the board. Her declaration that there still needed to be a senior level official or “Cabinet Agency,” but “not a czar,” to “pound these government agencies into submission to do information sharing.” Her proposal that an NGO, public-private partnership, rather than a solely government-led approach to address the growing cyber security risks, was also interesting.

Bill Bratton, former Chief, Los Angeles Police Department

Dubbed by many media outlets as “America’s Top Cop” for having led the police departments of Boston, New York City and Los Angeles, I think Bill Bratton surprised everyone at the program when he explained how the terror attacks in Mumbai, India caused him to change the entire structure of the LAPD. His interview with CNN’s Jeanne Meserve detailed how 60 days after those attacks, he was able to transform his police department with new training, exercises and more. The relatively simply trained Mumbai terrorists were not interested in holding hostages; in fact, they were using so-called negotiations to buy time to kill more people. This showed Bratton that he had to change how his department was positioned to respond to a similar event, should it occur in Los Angeles.

Michael Leiter, Director of the National Counter Terrorism Center

For a man that much of Washington thought would have his head handed to him following the failed information sharing efforts surrounding the failed Christmas Day attack, Michael Leiter, the Director of the National Counter Terrorism Center (NCTC), displayed all of the skill and confidence that make him one of a few Bush Administration appointees to successfully transition into the Obama Administration. His description of his job, his work with the President to report on the range of threats to the country and how he thinks information sharing needs to work made this particular presentation one of the most revealing and compelling of the entire program.  Interviewed by Michael Isikoff, a former Newsweek reporter and now Chief Investigative Correspondent for NBC News, ended up producing some great back and forth between the two men that was as revealing as it was humorous. This session again explained more about Leiter’s job and the mission of the NCTC than any government report or Congressional hearing to date.

Border Security Panel

Despite the countless GAO and IG reports and the many hearings before the U.S. House and Senate, there was no better overview of America’s border security than a panel made up of:

  • Bob Mocny, Director of DHS’ US VISIT Program;
  • Mark Borkowski, Director of CBP’s Secure Border Initiative (SBI); and
  • Steve Oswald, Vice President of Boeing.

These three gentlemen described what worked, what didn’t, what could be better and what the future may look like on programs that have regularly been making news for years. In presenting the details of these newsworthy programs, they did so with none of the drama or hysterics that are so often associated with the Congressional hearings that have exhaustively covered the respective programs. What each of them said frankly offered more substantive insight than any of the previous Congressional hearings have produced to date. That was an observation made not just by the conference attendees but also by the first-tier media, congressional staff and others who have observed each of these respective programs closely. Truth be told, if you want to know what is really happening with US VISIT and the Secure Border Initiative (minus the belligerent questions and political posturing), spending 90 minutes watching this panel when it is aired on C-Span will be time well spent.

Attending News Media

As I mentioned, the conference was a literal “who’s who” of notable current and former national and homeland security leaders, and the same could be said for the attending members of the media.  With CNN’s Jeanne Meserve, Fox News’ Catherine Herridge, the Washington Post’s Spencer Hsu, Newsweek’s/NBC News’ Michael Isikoff, and more, it seemed as if there was a representative from every major news outlet, print and broadcast media in attendance. While many of them were there to serve as session/panel moderators for the various parts of the program, the entire forum was a reservoir of information for them on today’s security concerns and a background on the actions of the past. It was also a treasure trove for journalists in developing future sources for national and homeland security news stories.

Michael Chertoff, former Secretary of Homeland Security

After consecutive 12-hour days of literally (albeit pleasantly) waterboarding attendees with tons of substantive content, it’s hard to figure out how to end a program such as that in Aspen, but they picked a great closer in former DHS Secretary Chertoff. Whether it was the fact that he’s been out of office for almost a year and half and doesn’t have to worry about a 2 AM phone call from National Operations Center about someone doing something vile to the homeland, Chertoff’s candor and demeanor crystallized for everyone the seriousness of the threats we face while also assuring we should continue to go about our regular lives. As one of the very few “senior statesmen” on homeland issues that we have in this country, his conversation with Fox News’ Catherine Herridge conveyed the balance that we need to have when planning for and operating against the range of risks we face.

A wondering disappointment

I can say without doubt that I loved every moment at the Aspen Institute, but I can’t sign off without discussing the one disappointment that I and many others had in the presentation by DHS Deputy Secretary, Jane Holl Lute. Whether it was her discomfort at the conversational interview format led by CNN’s Jeanne Meserve, her fear in the week after the McChrystal debacle, not wanting to say anything to cause problems for herself or the Administration, or the fact that maybe she was having a bad day, her presentation left the overwhelming majority of attendees scratching their heads in wonder as to the real story at the Department.

All of the questions that were asked by Meserve were fair and nothing was out of the ordinary, but Lute’s responses were defensive, sometimes evasive and could have been dramatically better.  Time and time again in her hour long session there were questions to which she could have responded with hard and fast examples of the Department’s accomplishments. Instead, she offered simplistic, almost apple-pie like anecdotal responses that left the audience wondering why she wouldn’t answer the most basic of questions.

When she stated, “the [U.S.] border has never been more secure,” and offered no facts to prove that statement, portions of the audience looked around at one another in shock while others openly chortled at the declaration.

When it came time for Q&A with the audience, the tenor of her responses seemed to be even more defensive. When Michael Isikoff asked her about her statement on the border’s security and her metrics to prove that it had never been more secure, Lute seemed to bristle at the question. She firmly retorted, “The Secretary has been very clear on what those metrics are,” and effectively cut him off.

Lute’s response referred to the speech Secretary Napolitano delivered at CSIS the week before, when she declared, “the U.S. border has never been more secure…but there is more work to be done” and that “no one is satisfied with the status quo.”

In that speech, Secretary Napolitano detailed a series of metrics to back up her statement, but none of those were shared by Lute with Isikoff or the observing audience. In speaking with Isikoff and some of the other attendees after her remarks, none of them were aware of the CSIS speech and the metrics behind the powerful declaration. To the credit of the Department, Bob Mocny and Mark Borkowski did an exceptional job during their joint appearance on the Border Security panel explaining why DHS leadership is stating things have improved on the border.

It is certainly a debatable point to make a declaration like the Secretary and the Deputy Secretary have made in recent forums about border security. When you back it up with information and facts, it provides some measure of credibility and fosters informed debate. When you state it and don’t want to defend it with facts, it leaves people wondering why you would state something like that and not be able to prove it. After her appearance in Aspen, a lot of people were left wondering about the Deputy Secretary, and after viewing her session either on-line or on C-Span, I expect there will be a lot more.

Final thoughts

All of our time is valuable, and God knows we don’t have enough of it, but if you can set your DVRs to record the Aspen Security Forum or go to the Aspen Institute webpage and download panels for your Ipod/MP3 player – DO IT. Think of each of the respective sessions as graduate level courses shared by esteemed faculty who have the real life scar tissue and experiences to tell you what happened and what we can all do better.  If you do, I’m confident you will walk away from each session with a lot more knowledge and a bit of a mild headache too. That’s what pleasant informational waterboarding will do to you, but I have to say, it is much more enjoyable amongst the mountains and beautiful vistas of Aspen.

Posted in Aviation and airport security, Border Security, Congress, Politics & PR, Critical Infrastructure, Cyber Security, Homeland Security & the Internet; Gov't 2.0, Homeland Security Industry & Private Sector, Ideology & Public Diplomacy, Immigration & Visa Policy, Intelligence, International, Law Enforcement, Management & Administration, Military & Homeland Defense, Private and Physical Security, Science & Technology, Supply Chain Security, Terror Finance, Terror Strategic Analysis, Transportation Security, WMD, Chemical & Biological, counterterrorism | Comments

International Criminal Information Sharing

Wednesday, July 7th, 2010

A brief June 25 Washington Post article reports that Homeland Security Secretary Napolitano and Salvadoran Foreign Minister Martinez have agreed to share criminal information about deportees. The article goes on to note that the United States has a similar agreement in place with Mexico. DHS should be congratulated for this and other innovative agreements to share information to combat serious crime, especially serious transnational crime such as trafficking and smuggling.

In fact, over the past years more than a dozen agreements to share information about criminals have been signed with our Visa Waiver Program (VWP) partners. Known as Preventing and Combating Serious Crime (PCSC), these agreements stem from the more robust VWP information sharing requirements mandated by the 9/11 Act.

A PCSC agreement provides for the reciprocal exchange of biometric and biographic data and any relevant underlying information for law enforcement purposes. It works like this: The parties provide each other automated access to their fingerprint (and potentially DNA databases) on a hit/no hit basis. Each party can query the other’s database and, if a match is found, can request identity and other information about the individual through established, informal police-to-police channels. The parties may also “spontaneously” share terrorism or criminal information with each other, even without a query being made. This spontaneous or voluntary sharing may occur on a case-by-case basis or in bulk and may be used for criminal investigations, for preventing a serious threat to public security, and for other related uses. The PCSC contains extensive provisions designed to ensure that the data is protected from any unlawful release and that data will be swiftly corrected or deleted at the request of the party that originated and owns the data.

DHS and the Department of Justice lead PCSC negotiations for the U.S. government.  Most recently, PCSCs have been signed with Finland, Spain, Portugal, Italy and Greece.  Additional signatories include Germany, the Czech Republic and South Korea.

Although more agreements are on the way, significant work remains to be done to complete bilateral agreements with each VWP country in accordance with the 9/11 Act.  A few countries have resisted the VWP’s core information-sharing requirements due to domestic political concerns or by citing restrictive privacy laws. DHS has continued its efforts to find common ground, and while no country has yet arrived at the point of outright non-compliance, several appear to be heading in that direction. It is therefore imperative for DHS—supported by the Departments of State and Justice—to continue to communicate a firm message on the necessity of timely compliance and clearly signal the costs of backward movement to VWP participants.

It is equally important that DHS be clear and consistent regarding the potential consequences of a failure to comply with the requirements, up to and including termination from the program. This method proved to be a successful approach for previous security enhancements to the VWP, such as mandating the adoption of electronic passports for VWP travel.

If a VWP participant continues to prove unwilling to comply with statutory standards, DHS would be forced to consider suspension or termination of that country from the program until the legal requirements are met. While necessity of suspending or terminating VWP countries from the program in the event of noncompliance is clear, the diplomatic, political and economic consequences of such a decision could be far-reaching. Even so, the Department’s relationship with Congress, which has demonstrated a strong interest in the VWP, as well as the broader goals of securing our borders and enforcing our immigration laws, depend on holding VWP members to these high standards in a timely manner.

Posted in Featured Feed, Immigration & Visa Policy, Intelligence, International, Law Enforcement, counterterrorism | Comments

Cyber Criminals May be Talented but they are not Superhuman

Tuesday, June 29th, 2010

Even the bad guys have vulnerabilities. It is perhaps poetic that many of the “successful” cyber criminals can be and are being hacked in the same ways they attack their legitimate targets. We tend to attribute near god-like cyber powers to these miscreants, when in reality, they write into their software the same kind of weaknesses that they are so good at exploiting.

At the SyScan 2010 Security Conference in Singapore, Laurent Oudot of Tehtri Security made exactly this point. His brief demonstrated the numerous exploitable flaws in the hacker kits available on the Web. He showed 13 unpatched vulnerabilities in some of the most widely purchased and used kits.

Additionally, Billy Rios of Google gave a similar presentation at the New York State Cyber Conference. Rios, a former U.S. Marine Corps officer and security expert walked the audience through breaking the security of a botnet software kit that would allow the user to either create bots or go after them. The bad guys need to read their own products.

On the other side, one wonders why law enforcement is not doing more “reverse hacking.” Hackers turned white hats should be recruited to attack botnet controllers and malware distribution systems through their own vulnerabilities. In the same way cops “sting” drug dealers, unscrupulous government officials, and other criminals, they should be attacking cyber criminals.

As long as we let cyber crime grow and prosper, they will become increasingly bold.   My concern is the increasing likelihood that the most capable cyber criminal networks will connect with terrorist organizations. The lure of hard cash will not be turned down by the Cyber Organized Crime Underworld when offered, regardless of the source. They have large chinks in their armor, and they should be exploited now. If we continue to give the criminals a pass, and do not begin to retaliate, they will become a national security threat. Then it might be too late.

Posted in Critical Infrastructure, Cyber Security, International, Law Enforcement, Science & Technology, counterterrorism | Comments

« Older Entries
©2008 Adfero Group. All Rights Reserved.