Private And Physical Security | Security Debrief - a blog of homeland security news and analysis

Archive for the ‘Private and Physical Security’ Category

Connecticut Active Shooter Hammers Home Lessons for Companies and Law Enforcement

Wednesday, August 4th, 2010

The active shooter who killed eight people at Hartford Distributors in Manchester, Conn., Omar Thornton, revives sentiments among the employers and co-workers that come with every active shooter: how could this happen and why couldn’t we foresee it?

It concerns me just as much that such questions within the community are joined by a predictable refrain from the likes of me: Now that there has been one, expect others. An active shooter incident lowers the emotional burden for others to do the same, and both employers and law enforcement must be proactive in managing this low probability, high impact risk.

Local law enforcement agencies should be supporting efforts by their local companies by driving awareness and advising on how to manage the risks associated with workplace violence. If ever there was an instance where an “ounce of prevention is worth a pound of cure,” this is it. Workplace violence is an issue often understood with the attitude of “it can never happen here,” and yet those firms that do engage the problem often find that while there aren’t active shooter incidents, there are lower level instances of bullying, harassment and other issues that should be prevented.

Employers should actively manage employees who are going through negative events; this most recent active shooter was being given the choice to resign or be fired, and at the University of Alabama shooting earlier this year the college professor was being denied tenure. These are stressful events, and it is true that everyone has a threshold for violence. Negative events in a person’s career or employment have to be proactively managed and assessed jointly by Human Resources, the Legal Department and a senior-level security person. This enables the company to be pro-actively aware of internal situations that may escalate so they can take preemptive measures to protect their employees, customers and brand reputation. These measures range from something as simple as HR or a supervisor talking with the employee to a controlled termination of the employee with an escort out of the building by security personnel.

Systems must be in place for employees to raise concerns about their co-workers, not only concerns regarding their co-workers having a propensity for violence, but something as simple as a colleague who is clearly under stress. It is a purely personal opinion that employers have a duty to care for their employees. By their very status, employers occupy a role in their employees’ lives that significantly affect the employee and are in a position to do significant harm or good. A level of knowledge about employees that enables them to either act or provide support is both a necessary risk management measure to manage workplace violence and an investment in employee satisfaction, and therefore productivity.

The immediate action for all businesses must be to increase their internal awareness and security; one active shooter breeds others. Once this has been accomplished, firms must begin assessing whether their employee relations, duty of care, and support to their employees is of the necessary standard to reflect themselves as a business, as well as to protect their workers and brand in today’s uncertain economic times.

Posted in Emergency Preparedness & Response, Homeland Security Industry & Private Sector, Homeland State & Local, Private and Physical Security | Comments

UAE Blocks BlackBerry for the Sake of Security, at the Cost of Liberty

Tuesday, August 3rd, 2010

By Justin Hienz

The United Arab Emirates (UAE) is home to bizarre sights. Man-made islands shaped like palm trees; the tallest building in the world literally reaching the clouds in Dubai; vending machines offering gold bars; 16 year olds driving the newest Mercedes, BMW or Jaguar. It is a strange place, and the veneer of extreme luxury certainly impresses (or fools) most tourists.

But when you pull back the curtain (and it doesn’t take much), the UAE is revealed as a developing country with many challenges, such as a rigid class system, pollution and of course, security. Don’t forget that the UAE is a stone’s throw from Iran, has hundreds of miles of unsecured coastline and is one of the few GCC States to have escaped an al Qaeda attack thus far. That is no easy security situation, and one that merits as much preparation, vigilance and strategy as the country can muster.

Yet, the Emirates’ approach to securing the country is not bound by the same rights as those granted to U.S. citizens – the UAE is a not a democracy, and what the ruling sheikhs say, goes.

On Sunday, UAE officials announced that it would block BlackBerry mobile services. The rationale: to improve security. Apparently, the experts at Research in Motion (RIM), the producers of the BlackBerry, have done an excellent job encrypting information sent to and from the smart phone. The encryption is so effective in fact that UAE security services can’t hack it, meaning they can’t monitor it in search of potential threats – hence the block on BB mobile services. Clearly, the UAE is striving for security in every way, but at what cost?

When I worked in the UAE, I became familiar with threats in the region and the steps needed to secure the country. A mighty task but one the Emirates take seriously. But this move to block BB services comes at a high cost to those seeking information in the UAE. Here is an example.

Currently, if you access the Internet in the Emirates and you are looking for information about human rights abuses that occur there, a quick Google search reveals that the Human Rights Watch website has a page dedicated to the UAE. Click the link, but whoops:

“We apologize the site you are attempting to visit has been blocked due to its content being inconsistent with the religious, cultural, political and moral values of the United Arab Emirates.”

I did this exact search while living in Abu Dhabi, and when I received that message, I went straight for my BlackBerry. The state-owned communications giant Etisalat can monitor and control Internet servers, but my BB helped me find the information the UAE government didn’t want me to.

It’s a fact of life in most Middle Eastern countries (and others around the world) that communications are monitored by the state. Looking at this from the Land of the Free, one might feel a sense of relief that we enjoy liberty and the right to read, write and say anything we like (within the law, that is) without fear of government intervention. But we must remember that maintaining our individual freedoms is a never-ending struggle.

A Washington Post article this week quotes the U.S. State Department, which is criticizing the UAE’s decision. Yet, as the reporter notes, in another Post article from last week we find that the Administration is attempting to provide the FBI with more authority to demand “electronic communication transactional records” without a court order.

Though our governing styles are starkly different, are our approaches to security really that dissimilar?

We’ve had our challenges reconciling security needs with individual freedom and right to privacy. I need not review the public reactions to the Patriot Act or other instances in our history where elements of the government have sought information to the perceived detriment of the American people.

Should al Qaeda land another blow, whispers of a right to privacy would likely die out quickly amidst voices shouting that we must do more to defeat our enemies. In this way, the ban on BB mobile services in the UAE is not as far from U.S. practice as it might seem.

Both countries are pursuing security for the sake of its citizens. But at what point does this good intention cross the line into excessive intrusion? And if undemocratic countries are levying security tactics that violate a right to freedom and privacy, and similar efforts are pursued here in America, what does that say about the legitimacy of our freedom?

Justin Hienz is Managing Editor for Security Debrief and a Senior Account Executive at Adfero Group.

Posted in Civil liberties & Privacy, Cyber Security, Homeland Security & the Internet; Gov't 2.0, Intelligence, International, Private and Physical Security, Science & Technology, counterterrorism | Comments

The Disturbing Value of the Washington Post’s Work

Wednesday, July 21st, 2010

There is always something in the media that captures the conversation of people in Washington, whether it is some unfortunate gaffe that a political figure makes, some new gossip about a government official’s missteps, or the latest poll numbers identifying the rising and falling fortunes of one political power over another. This week seems to be different though.

In a series of front-page exposes entitled, “Top Secret America,” the Washington Post has essentially blown the cover off a number of classified programs and their geographic locations around the country. Using public sources and their own talents as investigative journalists, Post reporters Dana Priest and William Arkin have put together a very impressive piece of work that raises a number of important questions about the explosive growth of the intelligence community since 9/11.

These questions (most notably, “What are we spending billions of tax dollars on?” and “What difference are these investments making?”) echo questions that have been raised by both sides of the political aisles over the past few years. The ability to spend money without thinking or an overarching strategy is a skill that Washington has long perfected to the detriment of American taxpayers. Priest and Arkin’s work highlights some of the waste of tax dollars, particularly those instances where multiple intelligence players are conducting the same intelligence analysis work as their peers.

Shining a light on those actions and raising the questions of why we are doing the same thing multiple times over is certainly of value. But Priest and Arkin and their employer, the Washington Post, have also done something of disturbing value that benefits no one but those persons foreign or domestic that wish to do us harm.

By identifying the geographic locations of some of our country’s top secret facilities (government and private sector) and surmising who does what and where at those spots, the Post reporters created an operative target list that is literally synthesized and ready for use by people whose allegiances are not in American’s best interest. While they used publicly available sources and had the cooperation of the public affairs offices of many of the federal intelligence pieces highlighted in the article, the authors seem to have taken the extra mile to share things that frankly need not be shared.

In the Editor’s note about the series, the Post does share that the newspaper removed from their map graphic the geographic locations of several sensitive facilities. As commendable as that may be, that which the Post details has potentially grave consequences for the men and women who work at those facilities. The fact is that every one of those facilities had a bull’s eye on their front door last week. After this series and its wide online dissemination, that bull’s eye just got a whole lot bigger.

There are very good reasons you are not allowed to photograph inside security screening areas (e.g. airport screening areas).

There are very good reasons that the President and other dignitaries’ motorcade routes are not published in the newspaper.

There are very good reasons that when you go to Google Earth or other digital map services some areas are not available for downloading and printing (e.g. Camp David, MD; Area 51; etc.).

There are also some very good reasons that organizations like the National Security Agency, the National Geospatial Information Agency, and others in the public and private sector do not actively place neon marquee signs outside their locations and say “WE DO INTELLIGENCE WORK HERE!”

Is there signage outside many of these facilities to denote who they are?

For many of these structures there is, but that does not mean any of them want to be featured on a local Chamber of Commerce tourism map. Each of those facilities is spread out around the country for reasons of politics, duplicity, expertise and assignments. None of them has made it a policy of publicly waving a flag to say, “Hey look at me” to draw attention to themselves or the people who work there.

Maybe the Post forgot about the 1993 shootings outside of the CIA’s Langley Headquarters, when Mir Amal Khasi got out of his car with an assault rifle and fired away at CIA employees killing two and injuring three more.

Maybe they’ve forgotten about the numerous shootings that have occurred at the Pentagon over the years by those individuals, whatever their grievance, who decided to open fire or display some type of weapon.

While CIA HQ and the Pentagon are much more publicly known (and accessible structures) than many of those identified by the Post series, the fact remains that the people who work at these lesser known facilities are much more vulnerable for potential harm than they were before. Lesser-known targets are easier to strike than the higher value and publicly recognizable ones. Those structures often have their own security forces to safeguard the perimeter. Some of these others facilities may not. As this series continues to be shared by friend and foe alike, the security posture at those locations is certain to change as terrorists, lunatics and the disenfranchised have been given a hefty menu of targets of opportunity.

According to the Editor’s note, as well as the reporters’ public comments, the Post is not interested in causing any personal harm. Unfortunately, their actions speak louder than their words.

Posted in Critical Infrastructure, Homeland Security Industry & Private Sector, Intelligence, International, Law Enforcement, Management & Administration, Military & Homeland Defense, Private and Physical Security, counterterrorism | Comments

The Value of Aspen

Friday, July 9th, 2010

As we continue to swelter in the ongoing summer heat wave, it is easy for me to reminisce about my recent visit to Aspen, Colo. Tucked amongst the Rockies with its clean air, fervent green and majestic views, a town known primarily for its skiing with the rich and famous was home to what was, simply put, the best conference program I have ever attended.

The first annual Aspen Security Forum put forward a program that I can only describe as pleasant, informational waterboarding. By the time each of the presenters and panelists were done, my hand was dead from writing so much and my head hurt from being given the firehouse treatment of a candor and content overload.

With a venerable “who’s who” of notable names in the national security arena attending the two and a half day program, attendees had the opportunity to hear first-hand from the men and women who have served or continue to serve in some of the most demanding positions in the world. It was literally very hard to turn around and not see a face that you did not recognize from some recent event or news program, sharing insights on our country’s national and homeland security challenges.

While the presented content was outstanding, the best part about the entire program was that the overwhelming majority of notable speakers and presenters made themselves available to engage with the attendees. All too often, speakers rush in, deliver their canned pitch, say thanks to the crowd and are whisked away by their aides to get back to the office, leaving actual human contact an afterthought. To have the many distinguished speakers stick around and engage in that lost art-form of “CONVERSATION” was an absolute pleasure.

Hosted by Clark Ervin and the Aspen Institute, this was the first time they had put on a program with this particular focus. You can call it beginner’s luck if you want, but they put together a top notch effort that literally became a “must attend” for anyone who is interested in national and homeland security issues. Fortunately, for those who weren’t able to attend the program, it was taped for later broadcast by C-Span, hopefully sometime this summer. I have to tell you, there is a significant portion of C-Span’s programming that can cure insomnia, but when they broadcast the presenters and panels from the Aspen Security Forum, it will be as NBC used to call it, “Must See TV!”

To understand why I write that, here’s a rundown of some sessions (with video hyperlinks):

Adm. Mike Mullen, Chairman of the Joint Chiefs of Staff

When your opening speaker travels all the way from Kabul to Tel Aviv to Aspen to take part in the program, it’s a pretty good indicator that the organizers are up to something big. That was especially true with Adm. Mullen. Coming off a week where Gen. McChrystal was taken out by a large Rolling Stone and replaced by Gen. Petraeus, and then traveling to Afghanistan and Israel to assuage any fears and concerns they may have about the big changes, Mullen made news by essentially not making news. While his comments about the state of the nation’s counter insurgency policy dovetailed those of the White House’s, the plainspoken manner in which they were delivered conveyed the gravity of the situation our military forces are faced with in Afghanistan. His comments about Iran’s nuclear ambitions – “They’ve given us no reason to trust them” – also spoke volumes about what few measures the Administration has left at its disposal in dealing with them.

Aviation Security Panel

There is probably no other facet of the post-9/11 world that Americans gripe about more than dealing with aviation security, but as the CEO of the Air Transport Association (ATA), Jim May, said, “What’s your alternative?” Joined by Erroll Southers of USC’s CREATE Program (and the first Obama Administration nominee to lead TSA) and Christopher Bidwell of the Airport Council International, this panel laid on the table the very real threats and frustrations that accompany this portion of the security environment. One of the most interesting things discussed was the use of full-body imaging devices by airports to screen passengers. While recognizing the civil rights and privacy concerns that people have about them, Jim May of ATA shared that he thought they should be mandatory. When it came to addressing the Government Accountability Office’s recently issued criticisms of TSA’s Behavioral Detection efforts, May and the other panelists pointed out that this program was part of many layers of security, and there was no one-size-fits-all solution or silver bullet that would reduce the aviation risks faced today.

Fran Townsend, former Homeland Security Advisor to President Bush

There are many things that have been written and said about Fran Townsend, the former Homeland Security Advisor to President Bush (43), but the word “shy” is not one that would be used to describe her. The only thing that could possibly surpass the candor of her public comments when she was working as a government employee was her candor in being a former government employee. With no holds barred, Townsend explained that, “We have a reason to expect we can connect the dots this time” given all of the post 9/11 work that has been done.

In a more than hour-long conversation with Walter Isaccson, the CEO of the Aspen Institute, and the Security Forum audience, Townsend pounded on the fact that much still needs to be done to improve information sharing amongst intelligence and law enforcement agencies across the board. Her declaration that there still needed to be a senior level official or “Cabinet Agency,” but “not a czar,” to “pound these government agencies into submission to do information sharing.” Her proposal that an NGO, public-private partnership, rather than a solely government-led approach to address the growing cyber security risks, was also interesting.

Bill Bratton, former Chief, Los Angeles Police Department

Dubbed by many media outlets as “America’s Top Cop” for having led the police departments of Boston, New York City and Los Angeles, I think Bill Bratton surprised everyone at the program when he explained how the terror attacks in Mumbai, India caused him to change the entire structure of the LAPD. His interview with CNN’s Jeanne Meserve detailed how 60 days after those attacks, he was able to transform his police department with new training, exercises and more. The relatively simply trained Mumbai terrorists were not interested in holding hostages; in fact, they were using so-called negotiations to buy time to kill more people. This showed Bratton that he had to change how his department was positioned to respond to a similar event, should it occur in Los Angeles.

Michael Leiter, Director of the National Counter Terrorism Center

For a man that much of Washington thought would have his head handed to him following the failed information sharing efforts surrounding the failed Christmas Day attack, Michael Leiter, the Director of the National Counter Terrorism Center (NCTC), displayed all of the skill and confidence that make him one of a few Bush Administration appointees to successfully transition into the Obama Administration. His description of his job, his work with the President to report on the range of threats to the country and how he thinks information sharing needs to work made this particular presentation one of the most revealing and compelling of the entire program. Interviewed by Michael Isikoff, a former Newsweek reporter and now Chief Investigative Correspondent for NBC News, ended up producing some great back and forth between the two men that was as revealing as it was humorous. This session again explained more about Leiter’s job and the mission of the NCTC than any government report or Congressional hearing to date.

Border Security Panel

Despite the countless GAO and IG reports and the many hearings before the U.S. House and Senate, there was no better overview of America’s border security than a panel made up of:

Bob Mocny, Director of DHS’ US VISIT Program;
Mark Borkowski, Director of CBP’s Secure Border Initiative (SBI); and
Steve Oswald, Vice President of Boeing.

These three gentlemen described what worked, what didn’t, what could be better and what the future may look like on programs that have regularly been making news for years. In presenting the details of these newsworthy programs, they did so with none of the drama or hysterics that are so often associated with the Congressional hearings that have exhaustively covered the respective programs. What each of them said frankly offered more substantive insight than any of the previous Congressional hearings have produced to date. That was an observation made not just by the conference attendees but also by the first-tier media, congressional staff and others who have observed each of these respective programs closely. Truth be told, if you want to know what is really happening with US VISIT and the Secure Border Initiative (minus the belligerent questions and political posturing), spending 90 minutes watching this panel when it is aired on C-Span will be time well spent.

Attending News Media

As I mentioned, the conference was a literal “who’s who” of notable current and former national and homeland security leaders, and the same could be said for the attending members of the media. With CNN’s Jeanne Meserve, Fox News’ Catherine Herridge, the Washington Post’s Spencer Hsu, Newsweek’s/NBC News’ Michael Isikoff, and more, it seemed as if there was a representative from every major news outlet, print and broadcast media in attendance. While many of them were there to serve as session/panel moderators for the various parts of the program, the entire forum was a reservoir of information for them on today’s security concerns and a background on the actions of the past. It was also a treasure trove for journalists in developing future sources for national and homeland security news stories.

Michael Chertoff, former Secretary of Homeland Security

After consecutive 12-hour days of literally (albeit pleasantly) waterboarding attendees with tons of substantive content, it’s hard to figure out how to end a program such as that in Aspen, but they picked a great closer in former DHS Secretary Chertoff. Whether it was the fact that he’s been out of office for almost a year and half and doesn’t have to worry about a 2 AM phone call from National Operations Center about someone doing something vile to the homeland, Chertoff’s candor and demeanor crystallized for everyone the seriousness of the threats we face while also assuring we should continue to go about our regular lives. As one of the very few “senior statesmen” on homeland issues that we have in this country, his conversation with Fox News’ Catherine Herridge conveyed the balance that we need to have when planning for and operating against the range of risks we face.

A wondering disappointment

I can say without doubt that I loved every moment at the Aspen Institute, but I can’t sign off without discussing the one disappointment that I and many others had in the presentation by DHS Deputy Secretary, Jane Holl Lute. Whether it was her discomfort at the conversational interview format led by CNN’s Jeanne Meserve, her fear in the week after the McChrystal debacle, not wanting to say anything to cause problems for herself or the Administration, or the fact that maybe she was having a bad day, her presentation left the overwhelming majority of attendees scratching their heads in wonder as to the real story at the Department.

All of the questions that were asked by Meserve were fair and nothing was out of the ordinary, but Lute’s responses were defensive, sometimes evasive and could have been dramatically better. Time and time again in her hour long session there were questions to which she could have responded with hard and fast examples of the Department’s accomplishments. Instead, she offered simplistic, almost apple-pie like anecdotal responses that left the audience wondering why she wouldn’t answer the most basic of questions.

When she stated, “the [U.S.] border has never been more secure,” and offered no facts to prove that statement, portions of the audience looked around at one another in shock while others openly chortled at the declaration.

When it came time for Q&A with the audience, the tenor of her responses seemed to be even more defensive. When Michael Isikoff asked her about her statement on the border’s security and her metrics to prove that it had never been more secure, Lute seemed to bristle at the question. She firmly retorted, “The Secretary has been very clear on what those metrics are,” and effectively cut him off.

Lute’s response referred to the speech Secretary Napolitano delivered at CSIS the week before, when she declared, “the U.S. border has never been more secure…but there is more work to be done” and that “no one is satisfied with the status quo.”

In that speech, Secretary Napolitano detailed a series of metrics to back up her statement, but none of those were shared by Lute with Isikoff or the observing audience. In speaking with Isikoff and some of the other attendees after her remarks, none of them were aware of the CSIS speech and the metrics behind the powerful declaration. To the credit of the Department, Bob Mocny and Mark Borkowski did an exceptional job during their joint appearance on the Border Security panel explaining why DHS leadership is stating things have improved on the border.

It is certainly a debatable point to make a declaration like the Secretary and the Deputy Secretary have made in recent forums about border security. When you back it up with information and facts, it provides some measure of credibility and fosters informed debate. When you state it and don’t want to defend it with facts, it leaves people wondering why you would state something like that and not be able to prove it. After her appearance in Aspen, a lot of people were left wondering about the Deputy Secretary, and after viewing her session either on-line or on C-Span, I expect there will be a lot more.

Final thoughts

All of our time is valuable, and God knows we don’t have enough of it, but if you can set your DVRs to record the Aspen Security Forum or go to the Aspen Institute webpage and download panels for your Ipod/MP3 player – DO IT. Think of each of the respective sessions as graduate level courses shared by esteemed faculty who have the real life scar tissue and experiences to tell you what happened and what we can all do better. If you do, I’m confident you will walk away from each session with a lot more knowledge and a bit of a mild headache too. That’s what pleasant informational waterboarding will do to you, but I have to say, it is much more enjoyable amongst the mountains and beautiful vistas of Aspen.

Posted in Aviation and airport security, Border Security, Congress, Politics & PR, Critical Infrastructure, Cyber Security, Homeland Security & the Internet; Gov't 2.0, Homeland Security Industry & Private Sector, Ideology & Public Diplomacy, Immigration & Visa Policy, Intelligence, International, Law Enforcement, Management & Administration, Military & Homeland Defense, Private and Physical Security, Science & Technology, Supply Chain Security, Terror Finance, Terror Strategic Analysis, Transportation Security, WMD, Chemical & Biological, counterterrorism | Comments

Rich Cooper Reflects on Admiral Mullen at the Aspen Security Forum

Tuesday, June 29th, 2010

Security Debrief contributor Rich Cooper is in Colorado for the Aspen Security Forum. Admiral Michael Mullen, the Chairman of the Joint Chiefs of Staff, provided the forum’s opening remarks. Here’s what Cooper told Government Security News after the Admiral’s talk.

At Aspen: Diplomatic Admiral Mullen carefully avoids the inflammatory McCrystal script – Government Security News

Admiral Michael Mullen, the Chairman of the Joint Chiefs of Staff, kicked off the Aspen Security Forum in front of a sold-out crowd of approximately 800 people on June 28, with observations and answers to audience questions that were so polite, so balanced, so calibrated and so devoid of news-making content that they set a new standard of excellence in this “button-your-lip” post-General Stanley McCrystal era…

…One observer, Rich Cooper, principal with Catalyst Partners, was impressed with Mullen’s tough comments on Iran. “Seeing a person in his position stating that Iran has given us ‘no reason to trust them’ spoke volumes to me,” said Cooper. “Here’s a military officer saying we’ve exhausted what we can do there.”

Posted in Homeland Security Industry & Private Sector, Management & Administration, Military & Homeland Defense, Private and Physical Security, Terror Strategic Analysis, counterterrorism | Comments

An Exercise in Idiocy

Wednesday, June 2nd, 2010

As all of us know, exercise is good for one’s health. It gets you in shape. It improves your game. It gets you ready for whatever play may come your way. Whether it is sports, emergency drills or military maneuvers, the adage of “how you train is how you fight” describes the benefit of being ready for anything.

It’s a shame that a group of exercise organizers in Nevada did not think of that adage and apply an ounce of common sense to their recent exercise at a hospital in Henderson, just outside of Las Vegas.

As detailed in an article from the Las Vegas Sun, “an off-duty cop pretending to be a terrorist stormed into a hospital intensive care unit brandishing a handgun, which he pointed at nurses while herding them down a corridor and into a room. There, after harrowing moments, he explained that the whole caper was a training exercise.”

An active shooter in a hospital is not an outlandish scenario, and there is significant value in educating hospital personnel in what to do should such an incident like that occur.

An exercise like the one described though is an exercise in idiocy. Violating any premise of common sense and risking greater harm and stress to patients and hospital personnel, the exercise organizers and participants allowed their own “gung-ho preparedness” to cross a line and go too far.

If, God forbid, there had been an armed security guard or someone with a concealed weapons permit sitting in the waiting room that had unknowingly reacted to the exercise by trying to defend themselves and others in the hospital, this story would have a very different and potentially tragic ending.

There is any number of scenarios that could have played out here, but the fortunate one we have is that we can shake our heads in collective disbelief that anyone would play out a scenario such as this in real time in a critical care unit. Besides embarrassing themselves and making themselves the easy target for late night comedians, these exercisers have shaken the confidence of the public they serve.

Instead of sitting down to educate hospital personnel (and others) about these often tragic situations, they chose to scare the hell out of them. I’m sure the citizens of Henderson, Nev. are wondering what good that type of exercise did for them. I don’t have an answer for that one, and I bet the organizers don’t have a good one either.

Posted in Emergency Preparedness & Response, Law Enforcement, Private and Physical Security, counterterrorism | Comments

International Passenger Name Record Agreements Critical to Stopping Terrorists

Thursday, May 20th, 2010

On May 5, 2010, the newly empowered European Parliament issued its guidelines for beginning new negotiations on Passenger Name Record (PNR) agreements with the United States, Australia and Canada. This resolution received minimal coverage in the U.S. media, though its consequences for international travel security are potentially significant.

Criminals and terrorists know no borders, as recent arrests and uncovered plots prove. We have no choice but to cooperate with international partners and to deepen that cooperation wherever possible. The collection and analysis of PNR data – along with its counterpart Advance Passenger Information (API) – is a critical tool to identify and disrupt the travel of terrorists and other international criminals.

API and PNR are used to find watchlist matches; to provide leads on terrorist activity by providing links between known and unknown terrorist travel routes and patterns; to identify previously unknown associates of known or suspected terrorists and other criminals; and to discover fraudulent travel documents.

The PNR agreement between the United States and the European Union (EU) – the most recent version has been in effect since 2007 – provides a safe harbor for European-based airlines to provide PNR to DHS without conflicting with EU law. However, since its inception, the agreement has been plagued by the ongoing dispute over privacy between the United States and the EU.

The privacy issue has also affected the Treasury Department’s collection of bank transfer data on the Terrorist Finance Tracking Program, a program also known as “SWIFT, the name of the Belgian banking consortium that provided the data.)

The United States has endured much unfounded criticism in Europe on the subject of privacy and data protection. Specifically, EU critics charge American privacy laws with failing to provide appropriate redress to European citizens and that American privacy authorities lack the authority and independence necessary to protect personal information.

Unfortunately, the European Parliament’s direction to its negotiators continues to pick this fight, stating “the use of PNR data for law enforcement and security purposes must be in line with European data protection standards, in particular regarding purpose limitation, proportionality, legal redress, limitation of the amount of data to be collected and of the length of storage periods.”

For various legal, historical and cultural reasons, the U.S. privacy system has a different structure than its European counterpart, but the principles and goals remain the same. There are practices in the United States that might not conform to EU privacy rules, just as some EU practices would not be legal in the Untied States. These facts are not likely to change. More to the point, European governments have been cooperating on law enforcement and security issues with the United States for decades without compromising personal information or running afoul of national laws.

To date there has not been a noticeable privacy breech during our daily law enforcement and security cooperation at the operational level. The PNR agreement is no different. For the safety and security of the traveling public, it is in our mutual interest to move beyond tired debates about privacy standards. Instead, we should embrace the extensive amount of common ground between our systems and continue to share PNR and other critical information.

Posted in Aviation and airport security, Border Security, Critical Infrastructure, International, Law Enforcement, Management & Administration, Private and Physical Security, counterterrorism | Comments

Stratfor’s Bad Day Forecast

Wednesday, May 19th, 2010

You know it’s going to be rough day when you go to get in your car and discover a flat tire. You know your day has the potential to get even worse when you’re listening to the morning news, and they tell you that the Nation’s Capital or New York City are going to be attacked by terrorists in the next five to six months. So say the forecasters of Stratfor.

Great. All I really wanted to hear were the scores of the NHL playoff games and the traffic and weather report. Now this.

Stratfor’s forecast is one of those instances where an organization really puts itself out there. As a result of making that bold prediction, WTOP and other media outlets are giving them lots of attention today. As anyone who makes predictions knows, whenever you make a very public call – be it in sports, the weather, or in this case, acts of terrorism – you have every chance of looking like Nostradamus or a complete fool who doesn’t have a clue.

As bold as their prediction might be, it is in concert with what a lot of what people in the security and intelligence communities have been warning about for some time, both publicly and privately. As attention grabbing and media attractive as Stratfor’s warning may be, it also serves as a wake up call to citizens, businesses, public safety officials and others to prepare themselves for what could truly be a “bad day.”

That means following through on the “See Something, Say Something” adage that saved hundreds of lives from the failed efforts of Faisal Shahzad in Times Square. It means having an emergency communications plan for you and your family should something occur and you can’t leave downtown as fast as you like.

It also means taking a good look at places to shelter and other business continuity practices to make sure everyone knows their role should something horrible occur. There are lots of things that a forecast like Stratfor’s should spur us to do. Even if nothing occurs, the fact that people act on information to prepare themselves is a step every one of us should be taking today.

There are critics that will see Stratfor’s comments, and those of government and private sector experts, on a prospective terror strike to DC and NYC as fear-mongering.

The accepted challenge in saying something about these conditions is that it is fair warning to one and all of what might occur. In this type of environment, you are truly damned if you do and damned if you don’t but the truth is hard and cold for NYC and DC. They are the number one and two targets in the United States and everything else in this country is also fair game for international and domestic terrorists.

Such is the reality and risk of living and working in DC or the Big Apple. If you live in either place, you accept that risk if you want to go about living your life in those areas. If you don’t, you either decide to move away or live a life that many people would not find as outgoing or enjoyable.

But let’s face facts, the “bad day” forecasts have been around for a while now, and I don’t expect anything is going to happen to radically change those conditions.

We all need to do our part to make ourselves ready and resilient to endure whatever event occurs, whenever it happens – even on those mornings when your day begins with a flat tire.

Posted in Critical Infrastructure, Emergency Preparedness & Response, Homeland State & Local, International, Law Enforcement, Management & Administration, Private and Physical Security, counterterrorism | Comments

“Riot” Provokes Long Overdue Discussion on Appropriate Use of Force

Friday, April 16th, 2010

There are instances in crowd management situations where force is appropriate, but simply because it’s a crowd management situation doesn’t mean that force is automatically appropriate. The University of Maryland incident last month wasn’t a riot; it was a celebration, but a college student was severely beaten by police officers nevertheless. The long-term implications of the ongoing investigation must be a rethink of crowd management in the United States, because the current systems predispose police officers towards violence and the abrogation of First Amendment rights where neither is appropriate. The most urgent capability gap is an understanding of, and means to manage, people who are non-violent and non-compliant.

Four Prince George’s County Police officers have been suspended for the misuse of force on a University of Maryland student. While I wholly believe that such abuses by police must be investigated, it is a critical failure to concentrate just on the officer(s) rather than the system; the officers involved are not unlike many officers placed in similar situations, where police officers assault assembled students who are non-compliant but non-violent.

There are myriad examples over the past ten years of police officers conducting activities that if conducted by civilians would have been construed as assault or worse. For some reason, because students are assembled or people were protesting they somehow “deserved it” when police used violence against them.

This incident highlights a moral failure among police departments and city leaders to execute their duty of care, not only to property owners but to those seeking to protest or celebrate. Someone not acting as police wants them to is not a justification for violence, let alone baton strikes to the head. There is every justification for those causing damage to be arrested, and those clearly threatening violence to be arrested; force is appropriate where it is necessary to subdue a suspect demonstrating a threat.

Every arrest must be followed by a prosecution, just as every use of force absolutely must be followed by a prosecution. To use force, there must be imminent danger and a crime. Effective crowd management is achieved by targeting individuals and successfully prosecuting them for their crimes.

It is regrettable that this event is being investigated because one of the victims is related to lawyers; an outraged family with the clout to achieve an investigation should be the last reason that a use of force is investigated. This incident and the many others like it should spark outrage and a top-to-bottom review of the systems in place that drive crowd management among most police forces in the United States. Often, the students simply did not deserve it, regardless of what the police department spokespeople say afterwards.

The other implication of this incident is that the likelihood of protest-related violence being challenged by the public, and particularly by those upon whom violence was used, is rising exponentially. As of today, police departments must be sure that their accountability chain for use of force is rock solid – the value of a police officer’s word in a crowd management situation has dropped dramatically in the last 24 hours.

The firm that I have the pleasure of leading, The Densus Group, publishes a Demonstration Report and Threat Analysis every two weeks. We described the incident and accurately predicted the likely fall-out at the time in this way:

UNIVERSITY OF MARYLAND – DISTURBANCE AFTER SPORTS EVENT

SUMMARY OF EVENTS. On March 3 students from the University of Maryland gathered in the street after watching a basket ball game in local bars. The crowd grew until approximately 1,500 people were blocking a major street. Some elements of the crowd became unruly, a street sign was pulled down and there were reports of trash cans being set alight.

Police deployed to disperse the crowd using horses, batons, pepper spray and pepper balls. 27 arrests were made

COMMENT. Police actions have come in for a great deal of criticism from students who were present and a number of videos have been released on the internet showing police using batons outside the proscribed manner including multiple strikes to individuals on the ground.

Although the event has been widely described by the press as a riot there appears to have been very little property damage and almost no violence from the students towards the police.

RECOMMENDATION. Incidents such as this where crowds are non-compliant but are also non-violent are amongst the hardest types of crowd situation for police to deal with. Deploying the same tactics and weapon systems to deal with a non-violent crowd as would be used against a violent crowd will always lead to criticism, damage to the reputation of the police and it is highly likely to lead to expensive lawsuits.

It is therefore vital that police have a variety of tactical options for dealing with different levels of aggression from the crowd. The level of force used on those who fail to comply with commands from officers needs to be carefully considered. Baton strikes and the use of less lethal weapons against individuals who are not posing a violent threat will be seen as an over use of force by most people and the legality of the action may be called into question.

The Demonstration Report and Threat Analysis is available to law enforcement free of charge by e-mailing DemonstratorThreat@densusgroup.com.

Posted in Civil liberties & Privacy, Homeland State & Local, Law Enforcement, Private and Physical Security | Comments

The Airport Security Process: Learning the Hard Way

Monday, February 22nd, 2010

Last week, Transportation Security Administration (TSA) workers at the Philadelphia airport grossly mistreated Ryan Thomas, a 4-year-old boy who has intellectual and physical disabilities, and his parents. Headed for an Orlando-bound flight to celebrate Ryan’s birthday at Disney World, TSA security screeners forced Ryan’s parents to strip off his leg braces to clear security. Refusing to allow Ryan to be carried through the metal detector, he was literally dropped from his father’s arms on one side of the machine into his mother’s arms on the opposite side. Turns out he was unarmed – who could have known?!

As a physically disabled frequent flyer, I am stunned by what happened to Ryan and am fully supportive of him and his family. As a homeland security expert, however, I view this sad experience through a broader lens. What happened to Ryan is a symptom of what’s wrong with the airport security process, and it should be leveraged to enhance safety while improving the airport experience for all flyers. In order for that to happen, the following needs to take place:

The at-fault screeners need to be fired. After making Ryan’s parents remove his leg braces, the screening supervisor tried justifying his actions by saying, “You know why we’re doing this.” The implication here is that because of the underwear bomber, TSA should treat every passenger (no matter how vulnerable) like a terror suspect. This attitude cannot be allowed to permeate the Agency. Rules and protocols were violated, and the screeners need to be held accountable.

President Obama needs a TSA Administrator. This incident represents a significant breakdown between the Agency’s leadership office and its boots on the ground. How else could such a thing occur? TSA has been diligent about working with the disabled community to develop training programs, guidelines and operating procedures specifically designed to address screening individuals with special needs. The longer the White House takes to check this box, the worse the breakdown will become.

Congress needs to hold hearings. It’s time to take a fresh look at how and why we screen people. Because of Richard Reid, we all have to remove our Nikes to board a flight; a plot to down transatlantic flights by mixing commonly found liquids to create explosives resulted in a ban on all liquids in excess of 3.4 ounces; and because of Umar Farouk Abdulmutallab, the so-called “underwear bomber,” people like Ryan and I are at greater risk of being treated like terrorists by overzealous screeners. Knee-jerk reactions do not equate to effective security practices. Congress needs to revisit how TSA is tasked with securing the “friendly skies” by revisiting the debate over total screening verses risk-based screening. How much time and energy do you suppose was wasted bothering this boy when efforts could have been more focused on those who more likely pose a serious risk?

As sorry as I am for Ryan and his parents, I’ll feel even worse for the nation as a whole if we don’t learn from this and improve our security practices.

Umar Farouk Abdulmutallab

Posted in Aviation and airport security, Civil liberties & Privacy, Law Enforcement, Management & Administration, Private and Physical Security, counterterrorism | Comments

Workplace Violence Highlights Wider Relevance of Corporate Security Departments

Monday, February 8th, 2010

Workplace violence is an important threat; it also demonstrates how much security departments can add value to the company, rather than simply be a cost. While corporate security departments are often seen as a necessary evil cost center with little to contribute but managing the gate guards – manned by knuckle-dragging former law enforcement and military personnel without a clue about “real business” – they actually can be an important part of the company’s self perception and management and a critical source of time-sensitive information and analysis.

Workplace violence, like information operations, is an area where corporate security departments can materially affect the prospects of the business. Security departments see the world through a different lens, bringing not only a unique perspective but potentially the tools to affect the success of the business. However, because many security departments don’t speak the same language as the rest of the company – like the IT people down the corridor – their contributions and potential to add value are underestimated, including by themselves.

Workplace violence has taken a back seat in corporate concerns for many over the past 12 months, yet it poses a very real threat to company personnel, operations, reputation and profitability. Recent active shooter events have returned workplace violence to the forefront of corporate security concerns and media attention, albeit with some very worrying thought processes coming to the fore.

My favorite insight into corporate and consultant culture is the advocacy of preventing belittling people and bullying because they may contribute to workplace violence. Companies managing belittling and bullying because they wish to manage the risk of workplace violence are fundamentally flawed; belittling and bullying undermine corporate cohesion and morale, doing far more damage in terms of actual productivity lost than the expected loss (cost of damage multiplied by likelihood) than an incident of workplace violence – they also demonstrate a critical failure of duty of care and leadership.

Information operations are a critical part of the security department’s role. Depending on the size of the business, the department monitors the news 24/7, tracks employees around the world, ensures that business continuity plans are in place and that they are sufficiently informed to understand how those plans may be affected by current events. They are the department that takes a serious interest in active shooter incidents because one incident inevitably will lead to more (for a good explanation why, see Malcolm Gladwell’s Tipping Point), and who seek to understand the physical threats to the company because it is their responsibility to manage those threats.

All that information they gather and the analysis they see and do has value, much of it not only to them but to the rest of the company. Somewhere else in the company is someone who really is interested in the daily security analysis on Indian politics because they’re thinking of outsourcing a critical component there, while a snap announcement of an OPEC price change is critical to one of the business units because they’re finalizing pricing new products and this will affect that process.

Security departments will be as relevant as they want to be; often the critical event is understanding their real value to the company, and ensuring that the rest of the company also understands. While security departments are unlikely to be revenue centers, they should be adding significant intangible value that increases the return on investment, a return that is far beyond the cost of managing guards and gates.

Posted in Homeland Security Industry & Private Sector, Intelligence, Management & Administration, Private and Physical Security | Comments

Getting Smart about the Smart Grid

Monday, January 18th, 2010

By Justin Hienz
Adfero Group

Perhaps America’s most critical infrastructure is its national electrical grid. It has served us well to this point, supporting all our grandiose and astounding technological innovations. But the grid is getting old, and it doesn’t keep up with our innovations (and electronic appetites) as well as it should. So, we’re upgrading – to a Smart Grid.

Smart Grid, you say? Smart indeed, and we need it. While the national power system ages, we continue to charge into the technological future – and this requires power – lots of it. Our increasing power needs must be delivered when and where we want it with the flip of a switch. Moreover, we need our power intake to be consistent, resilient and less vulnerable to interruptions, be they natural or human-caused.

Here’s why. When the power goes out, we lose billions with a B – specifically, even with the power system 99.97 percent reliable, power outages cost $150 billion a year. What’s worse, if the power is out, we’re less able to protect our infrastructure and population, particularly as we become more reliant on computer systems and surveillance technologies. And if even one person has to miss the Real Housewives of Orange County, by God that’s an infringement on our liberty! Whatever we want, whenever we want it. That’s capitalism to a T.

The Smart Grid will help make this possible. It decentralizes power generation, increases transmission and allows the grid to interact with “smart” appliances based on consumer desires – smart, because advanced computer systems will better distribute power based on pre-determined and perceived needs. This makes it cheaper, more efficient and less likely to go on the fritz.

The grid also incorporates alternative fuel sources, such as wind and solar energy. Ah, green. Mother Nature will be pleased. Terrorists will not be, as decentralized production and distribution makes it much harder for attacks to create any significant or lasting impact.

And so the other shoe drops: What does the Smart Grid have to do with homeland security?

Everything.

I don’t claim to be an expert on the Smart Grid, but after reading much of what information is openly available, it is clear that the Grid touches on every aspect of homeland security. That’s intuitive because technology has become a central aspect of our national security. Yet, despite this, there is not the kind of widespread discussion on how to improve Smart Grid security – the kind we need if we’re going to keep the Grid safe.

We must be constantly aware that the United States without power is like a battleship without fuel. The guns might work, but for the most part, we’re dead in the water. Aviation and maritime security are important but impossible without constant, secure power – no screening technologies, no lights, no alarms. Supply chain security is essential to our continued prosperity – but once again, no power, no chain. Cyber security and electronic surveillance technology is a no-brainer, but what about waste management, clean water, heating and air conditioning, and food refrigeration? Homeland security isn’t only about a war on terror. There are many elements to our critical infrastructure that rely on a constant supply of power, and if the Smart Grid isn’t tough enough to withstand all threats, we’re in for a world of hurt.

The time to improve Smart Grid security is now, while we are developing it. The information is readily available (some would say too available, as al Qaeda and other American enemies use open-source information to do us harm). So before the doors of information close, and only those with clearance can keep up with the rapid developments, let’s focus our collective efforts on digesting the wealth of information available. Let’s make Smart Grid debates and improvements as key an element of our homeland security analysis as any other (e.g., aviation security). To be sure, there are expert voices sounding off, but in my opinion, given the importance of the Smart Grid, there are not nearly enough.

This isn’t some future plan getting dusty in the back room. It’s happening right now. Parts of the grid have already been built and are operating in California. President Obama pushed the development full-steam ahead with $4.5 billion from the 2009 economic stimulus money dedicated specifically to fast track Smart Grid technology development. Piece by piece, the Smart Grid is coming together. It deserves more expert attention. Otherwise, lights out.

Justin Hienz is a Senior Account Executive at Adfero Group, working with the firm’s Homeland Security practice. He is also assistant editor of Security Debrief.

Posted in Critical Infrastructure, Homeland Security Industry & Private Sector, Management & Administration, Maritime & Seaport Security, Private and Physical Security, Science & Technology, Supply Chain Security | Comments

Leaked TSA Screening Procedures Only One Aspect of Transport Security

Wednesday, December 9th, 2009

Certainly the posting of the Transportation Security Administration’s screening procedures on the Internet was not the agency’s finest hour, but it was not the worst breach of security since 9/11, as I heard last night on CNN. While some were quick to pounce and ridicule, most of what was in that document can be deciphered by studying procedures at the checkpoint, something terrorists are known to do before they execute an attack.

TSA is a complex organization, and its people and policies should not be underestimated. The agency bases its operations on intelligence, and the document that was revealed does not account for constant updates and tweaks made based on current intelligence. Such changes can be applied at a given airport or on certain flights as needed. TSA also operates on the premise that ideally a terrorist is caught before the day of the attack. That is why there are so many layers of security, beyond physical screening at the checkpoint, and why the agency coordinates daily with law enforcement partners at the federal, state and local level.

The real bummer about this incident is that it gives critics another chance to take a jab at the agency that has managed to avoid controversy for quite some time. The agency employs nearly 50,000 patriotic Americans who are dedicated to ensuring that another terrorist attack on planes and other transportation modes does not occur. The majority of the front line workforce has at least five years experience, and that collective knowledge is a great asset against a would-be terrorist.

Officers and management nationwide completed an intense training earlier this year that takes them beyond the checklist mentality and enables them to rely on experience, and yes, even what their gut is telling them in a given situation. It has taught them to rely on their team as a network, just as terrorists try to infiltrate as a network. These public servants are formidable and deserve the public’s respect.

The beleaguered news media got a quick hit yesterday; good for them. The men and women of TSA are strong enough to shrug it off and keep going.

Posted in Law Enforcement, Management & Administration, Private and Physical Security, counterterrorism | Comments

Senate Judiciary Addresses Cyber Security Status

Saturday, November 21st, 2009

On November 17, the Senate Judiciary Committee took up the subject of cyber security. An FBI witness said his organization considers “the cyber threat to our nation to be one of the greatest concerns of the twenty-first century.” He later said that cyber-based attacks and high tech crime were the FBI’s highest criminal priority.

Numerous witnesses from the present and previous Administration testified to the dangers, the steps that needed to be taken and the plans to fix the problems. Almost all admitted that there was much that needed to be done, and that they were just getting started. They also made a call for new and updated laws as well as authorities to help them fight the threats we face today.

Terrorism obviously came up. While most felt that the leading terrorist groups do not have a robust cyber capability today, they want it and are actively seeking to obtain it. It was also noted that this was probably easier for them to accomplish than their desire for WMD. In either case, everyone believed that unlike some nation states that have the cyber capability to attack us now but are deterred by our interconnected systems and economies, terrorists will use this capability as soon as they get it and have the opportunity.

Several witnesses discussed the ongoing debates in the Administration over issues such as privacy, civil liberties and how to provide cyber security without adversely affecting them. Few new points were raised in the discussion. Even the calls for a new public/private-sector partnership have all been heard before. They are the right points; we just need to act on them.

One hopes the Obama Administration will finally begin to leverage all the efforts, ideas and energy that continue to build in this space. Industry wants to help, law enforcement needs to act and the Defense/Intel communities are concerned with our present abilities. Give these groups the leadership they need Mr. President. Release them, with a valid vision to serve the Nation, and we will all be amazed at what they might provide.

Posted in Critical Infrastructure, Cyber Security, Homeland Security Industry & Private Sector, Intelligence, Law Enforcement, Management & Administration, Private and Physical Security, Science & Technology, counterterrorism | Comments

Global Cyber Company AVG Stresses Importance of Safe Online Shopping

Monday, November 16th, 2009

Here at Adfero Group, I’ve been working with AVG and Shop.org, who are teaming in a series of social media strategies aimed at spreading the word about how to shop safely online while finding the best bargains of the holiday season. Over the past few months, AVG, a global cyber company, initiated a dialogue here in Washington, D.C., to stress the importance of individual responsibility in cyber security.

Shop.org, part of the National Retail Federation, operates Cybermonday.com, which aggregates the best deals from 600 retail members. Their members are all reputable online outlets, which is key to shopping safe.

Online retail is a bright spot this holiday season – online sales are expected to increase by about eight percent, and 42 percent of Americans say they will buy at least one gift online. So, just as you might be more vigilant about safety at the busy shopping mall this time of year, that vigilance should carry over to your online activities as well.

Shop.org and AVG offer these five tips for online shoppers this holiday season.

1. Look for the “S” for security. Make sure the sites you are shopping from are secure and have “https” in the URL. The “s” ensures security. When you are on a secure site, you will also see an icon for a locked padlock on your browser either on the address bar or on the bottom right corner. Additionally, use the Internet to research retailers not familiar to you. There are many sites such as Shopzilla.com, Pricegrabber.com and others that provide ratings of retailers.

2. Stay current on security software. This means making sure you have the latest virus protection software updates from your provider. It’s important because the bad guys move around frequently. Security software companies are working to stay one step ahead of them. If you are updated, you are staying one step ahead, too.

3. Think before you link. Employ a URL scanning tool to ensure you’re not clicking on links that lead to infected Web sites. The time to find out whether a page is bad is BEFORE you click. AVG LinkScanner does this. It’s free, and it works with all other security and anti-virus offerings.

4. Keep your private information private. When shopping online, create a separate e-mail account that is just for shopping. Use a unique password, different from any other accounts you have. Your dedicated shopping e-mail account should be in no way affiliated with your personal, everyday e-mail account. Also, keep records of your online shopping – print confirmation pages and e-mail confirmations.

5. Mix up your passwords. Each shopping account, bank account, credit card account and e-mail account should have a unique password. Write them down and keep the information in a secure location. Unique passwords for each account make it tougher for a thief to steal your information.

Posted in Cyber Security, Homeland State & Local, Private and Physical Security, Science & Technology | Comments

Homeland Security: America in Action

Monday, November 9th, 2009

Two miles from home, on what had been a typical evening, I sat on a Metrobus last week and saw a bright orange flash cut through the dark night – 50 feet in front of us, a car erupted in flames. To my horror, someone was inside.

Without hesitation, the driver stopped the bus, opened the door and four men ran out. Amid the screams of fear and shock, the cries for help, and the roar of growing flames, four random commuters put their lives on the line to save a stranger.

Sitting in my wheelchair, I did all I could do – I dialed 911 and said a silent prayer. I watched as these four individuals worked as a team to save a life. Using a fire extinguisher from the bus, one man doused back flames from the driver side of the vehicle long enough to enable another individual to open the car door. The other two heroes then worked in tandem to pull a woman away from certain death. Seconds after carrying her from the car, flames reignited and transformed the vehicle into a fireball.

When action was needed, these brave men ran to answer their unexpected call to duty. At its very essence, this is Homeland Security – it’s America in action. It’s a bus full of strangers praying together one moment and celebrating like family the next.

I believe in homeland security because I see its true definition to be the greatness and goodness that lies within each of us and the courage needed to act on behalf of one another despite the circumstances or situation.

Does it work? It did that night.

Posted in Emergency Preparedness & Response, Private and Physical Security | Comments

PASSING THE PEACE BUT NOT THE H1N1 FLU

Monday, November 2nd, 2009

The H1N1 outbreak has left no part of our lives untouched. From schools, businesses and public gatherings, how we interact with one another has really changed. While we may see these things on a fairly regular basis during our day-to-day work (e.g., hand sanitizer at the front desks of offices, stores and schools; sneezing into our sleeves, etc.), I found myself surprised at my church, Heritage Presbyterian in Alexandria, VA when our Chaplain, Arnie Porter, at the outset of the service offered a very polite, humble plea to the congregation – please refrain from hand shaking and if you’re sick, please stay home.

In a church that takes great pride in friendly greetings, and people getting up from their seats to shake hands with members and visitors alike, his kindly put words were a shocking reminder that there is no place immune from the H1N1 or other flu viruses. The numbers associated with H1N1 are no joke, and every person and place has a responsibility to do their part to stop its further spread. That includes places of worship.

I’ve heard a lot of different messages from the churches I’ve attended but being told to not shake hands and to stay home were a bit surprising. Yet, it was the right message to hear and practice. I thought how Chaplain Porter explained the situation was as kind and polite as it possibly could be. His words are below.

Flu Advice, Chaplain Arnie Porter
As we head into the cold and flu season, the church is reviewing what we can do to promote a healthy environment. Oddly enough, those most severely affected are children and young adults. So while the elderly among us, (and you know who you are) may not be in as much danger, we all need to do whatever we can to protect each other. What can you do? Well, if you are sick, stay home. To be honest, I hate to give that advice. I so love to see people in church that I would like to have sick people arrive in an ambulance, crawl through the door and lie down in their pew, just to fill the church. But if we did that, it would be the hospital that would be filled, not the church. So to protect the health of our children and young people, if not our own health, let’s stay home when we don’t feel well. Another thing we can do is wash our hands before coming here so we won’t contaminate the church; and wash our hands when we get home so the church won’t contaminate us.

What else can you do during the flu season? We can and should limit handshaking. That brings us to the ritual of Passing the Peace, when we all shake hands with each other — clearly not a safe practice during flu season. Some churches have simply abolished Passing the Peace. We didn’t want to do that because we enjoy blessing and being blessed by our brothers and sisters. Many churches have been Passing the Peace for two thousand years. At Heritage Church, which never rushes into anything, we have only been Passing the Peace for about ten years. Bob Curry, bless his heart, started us doing this one Sunday. We all ran about (some of you may remember) as though we were seeking and shaking hands with long-lost relatives. It was a small riot. Order (so precious to Presbyterians) was difficult to restore. But we finally got it right, and we want to continue getting it right. So we suggest we don’t shake hands for a little while. But we will say the ancient words to each other, with eye contact, often using names, perhaps with a nod, perhaps a touch on a shoulder or arm.

Our goal is to pass the peace, not the flu, in a time of real danger. What you do in the privacy of the Fellowship Hall is clearly your business, but it might be wise to postpone shaking hands there too.

Posted in Emergency Preparedness & Response, Homeland State & Local, Private and Physical Security | Comments

Who Decides on Security?

Wednesday, October 28th, 2009

In a letter to Congress today, a coalition of privacy advocates have called on Congress to investigate the DHS Privacy Office. The gravamen of their complaint is that the Privacy Office is insufficiently independent from the Department and isn't protecting privacy. Proof of this, they say, lies in the Privacy Office's approval of Privacy Impact Assessments for several programs (e.g. Whole Body Imaging) that allegedly erode privacy interests.

Talk about shooting the messenger. It's not as if the current Privacy Officer has a long-history of anti-privacy activity. Quite to the contrary. One has to wonder exactly what the privacy advocates are expecting from the Privacy Office? Do they really expect the creation of a system where the Privacy Officer can substitute his or her judgment on security necessity for that of the Secretary of Homeland Security (or the President, for that matter)? While that might be something the advocates hope for, its not likely in the cards anytime soon.

And as for their call for independence, the history of independence, at least here in the United States, is less than comforting. We are, after all, still waiting for the appointment of the Privacy and Civil Liberties Oversight Board (first called for in legislation in August 2007). And that same legislation formally enhanced the independence and powers of the very Privacy Office the critics are now complaining about — adding a probably unconstitutional direct Congressional reporting requirement and subpoena powers. So it really can't be the architecture of the system that is problematic.

Rather, the advocates real complaint seems to be that the Privacy Office doesn't just substitute its view of the security requirements of the United States for that of the Cabinet Officer under which it serves. To which the rest of us can only say "huh?"

This piece was originally posted on Skating On Stilts.

Posted in Aviation and airport security, Law Enforcement, Management & Administration, Private and Physical Security, Science & Technology | Comments

Legislating Water Security the Hard Way – via Compromise

Tuesday, October 20th, 2009

The House Energy & Commerce Committee is set to markup the Drinking Water System Security Act of 2009 (H.R. 3258) tomorrow. The bill, which would regulate drinking water utilities through a “CFATS-like” regime under the Environemental Protection Agency (EPA), will require utilities to update their vulnerability assessments, develop site security plans, and evaluate their disinfection processes. Were the bill to stop there, Congress could have avoided controversy – but we all know how Congress loves a good controversy…

Concerns regarding use of chlorine have led members from the majority to include a mandate within the bill requiring utilities to adopt so-called Inherently Safer Technologies (ISTs) if a switch can be made without impacting public health, shifting risk, or bankrupting a given system. The “decision-maker,” or entity with final say as to whether a utility has to change processes, is the State (or the EPA if the State lacks primacy, such as in Wyoming or DC). While other concerns exist, enabling someone beyond the local utility to be able to force a change in treatment process is by far the standout issue of this legislation.

For my money, I’d say the current language represents a perfect compromise in that neither side is completely happy. Democrats on the Committee, like Chairman Waxman and SubCommittee Chairman Markey, wanted a bill that mandated all utilities to switch by giving EPA the authority to force them to banish chlorine. Drinking water systems wanted to continue operating without new regulations, or at the very least, maintain decision-making authority regarding disinfection processes. Neither side ran the table.

On this particular issue, the Energy & Commerce Committee gave “the people” what they claimed to want – compromise and thoughtful negotiation. Too bad we’re living in an ”all or nothing” society…

Posted in Critical Infrastructure, Homeland State & Local, Intelligence, Law Enforcement, Management & Administration, Private and Physical Security, Supply Chain Security, Terror Strategic Analysis | Comments

The Small Boat Threat In the U.S. Is Real

Tuesday, October 6th, 2009

The Department of Homeland Security’s Office of the Inspector General recently released a report on DHS’ strategy to address small boat threats in U.S. waters. The report, “DHS’ Strategy and Plans to Counter Small Vessel Threats Need Improvement” (OIG-09-100), criticizes Customs & Border Protection (CBP), the Coast Guard and DHS policy for failing to write a complete strategy that includes measures of effectiveness and resource requirements. The criticism may be technically deserved, but there may be a good reason for its shortcomings.

The threat of a small boat attack in the U.S is real. Terrorist enemies are known to use means of attack that are tested and have proven effective in the past. The Liberation Tigers of Tamil Eelam (LTTE) guerrillas developed and perfected small boat attack methods that were emulated by terrorists around the globe. The USS Cole attack is an example. U.S. efforts to destroy al Qaeda and associated terrorist groups have prevented major attacks on the U.S. since 9/11 but the recent breakup of a domestic terrorist threat planning to use high explosives highlights the continuing danger. Past performance and the desire to use high explosives suggests that a small boat might be a preferred method of delivery for a terrorist attack in the U.S. The small boat could come from within the U.S., sail from a neighboring country or be launched from a mothership offshore. Current migrant and contraband smuggling activities to the U.S. using small boats prove that this avenue of attack is viable.

DHS leadership knows that understanding and control of small boat activity in and around the U.S. is key to addressing the small boat terrorism threat. But DHS leadership also understands that the small boating public is known for its vocal protection of privacy and independence, and the participation of the small boating public is absolutely critical to addressing the terrorist threat in our waterways. A top down grand strategy with draconian requirements would be strongly resisted by the small boating public and doomed to failure. Wisely, DHS leadership issued this first strategy as the first salvo in a long campaign to win the buy-in and participation of a group of loyal, but independent citizens desperately needed to be part of the solution. That is why the DHS Inspector General did not find many of the elements you might expect to find in a top-down strategy. The current DHS small boat threat strategy is the start of a bottom up solution. In the long run, this approach will have more success than a traditional top-down strategy. While this bottom up strategy begins to take shape, DHS must continue its aggressive implementation of Maritime Domain Awareness regimes and improve DHS operating agency coordination both internally and with State and local law enforcement to address the small boat attack threat.

Posted in Border Security, Critical Infrastructure, Homeland Security Industry & Private Sector, Immigration & Visa Policy, Intelligence, International, Law Enforcement, Military & Homeland Defense, Narcotics, Private and Physical Security, Smuggling, Transportation Security, counterterrorism | Comments