Homeland Security Watch

Yesterday the Transportation Security and Infrastructure Protection Subcommittee held its hearing entitled “Partnering with the Private Sector to Secure Critical Infrastructure: Has the Department of Homeland Security Abandoned the Resilience-based Approach?”

I had the opportunity to testify along with DHS Assistant Secretary Bob Stephan, Bill Raisch of the International Center for Enterprise Preparedness at NYU, Dr. Kevin Stephens, Director of the New Orleans Health Department, and Shawn Johnson, Vice Chairman (soon-to-be chair), Financial Services Sector Coordinating Council. Dr. Stephens provided stark details about the state of the health system’s ability to manage another crisis in New Orleans, given the poor state of the infrastructure there nearly three years after Hurricane Katrina.

The 14th is part of a month of hearings the Homeland Security Committee is dedicating to resilience. Wednesday’s hearing focused on clarifying exactly how DHS views resilience as a priority in the overall strategy of the Department and on identifying ways that DHS can do better in working with the private sector to increase our resilience. Perhaps the best way to paraphrase everyone’s position would be as follows:

Chairwoman Jackson-Lee: Resilience should be part and parcel of the nation’s effort to protect the homeland. To do so requires that DHS effectively share threat information with the private sector, measure resilience (since protection can’t be measured: when is enough, enough?), and think creatively about the enterprise value to a company that invests in resilience. Citing the number of times we use the term resilience isn’t proof enough that action is being taken.

A/S Stephan: We already do resilience. It is mentioned ## times among our existing documents, such as the National Infrastructure Protection Plan (NIPP), the National Response Framework, and various sector specific documents. Through the NIPP, sector-specific plans are developed to accomplish the goal of security, resiliency, and preparedness. Moreover, the emphasis on resilience is a red herring generated by some in academia and think tanks to suggest that (a) DHS is misguided and (b) we ought to sacrifice efforts to prevent and protect in order to bounce back from likely fatal attacks.

Czerwinski: Resilience is more than the ability to “bounce back.” Measures to make the private sector more resilient must provide a “double bottom-line” that delivers both the ability to minimize the impacts of terrorism or natural disasters, but also the value of increased performance and improved commerce during the majority of the time when a threat isn’t present. Doing so requires connecting effectively across the sectors with a balanced approach to three key factors: strategic human capital, technology, and governance. Naturally, the framework offered in our paper on Global Movement Management would be a brilliant step forward.

Johnson: Nothing to see here. The Financial Services Sector has worked closely with the Treasury Department since long before 9/11 to manage an interdependent relationship among partners and competitors in this sector. DHS, through the FS-Sector Coordinating Council, works well in coordinating our efforts to be resilient, which for this sector means the ability to get business back online if ever a disruption were to interrupt our operations. I wouldn’t change a thing.

Raisch: If resilience is the goal, then a method to measure or assess progress is indispensable in order for businesses to determine if their investments in resilience are actually accomplishing anything and to be able to claim to stakeholders or possible adversaries that they are prepared to manage a crisis or disruption. Voluntary accrediting measures provided for in the 9/11 Act (H.R. 1) require the government to take the initiative “as a catalyst and investor in this process.”

Stephens: Help.

Main take-away is this: Resilience is still a complex concept that can be approached from a variety of different angles. DHS is doing a lot to make sure the private sector is prepared and protected, but more can be done through an overarching framework that recognizes the interdependencies among the different sectors and the ways in which the risks of the 21st century make those interdependencies more important than any specific sector. Incentivizing the private sector to take action can be done by embracing a broader definition of resilience to include some level of value that actually improves commerce during those times when no attack or disaster is taking place. Investments in security and performance can be mutually reinforcing, not just mutually exclusive.

The streamed recording is available at the Subcommittee’s website on the hearing.

The Transportation Security and Infrastructure Protection Subcommittee convenes its resilience hearing this Wednesday, the 14th. I’ll testify with DHS Assistant Secretary Bob Stephan, Bill Raisch of the International Center for Enterprise Preparedness at NYU, and the Director of the New Orleans Health Department.

The 14th is part of a month of hearings the Homeland Security Committee is dedicating to resilience. Wednesday’s hearing is intended to educate the members on what resiliency really means, what the private sector is doing to achieve resilience, and how DHS can work with the private sector within a framework to promote resilience.

The hearing begins at 2PM in the Homeland Security Committee’s room (311 Cannon House Office Building). Consider attending if you are in WDC. It’ll also stream at the Subcommittee website after the hearing concludes.

Among other things, I intend to describe ways in which the Global Movement Management framework applies to the goal of resiliency and will upload the oral statement later on Wednesday. In the meantime, please feel free to send in your thoughts on the issues in which the Subcommittee is interested for this hearing.

FEMA is accepting comments on the draft National Incident Management System (NIMS). NIMS is a nationwide template for federal, state/local governments, the private sector, and nongovernmental organizations to coordinate in prevention, response, and mitigation efforts. The draft NIMS document is available online at www.regulations.gov, in Docket ID FEMA–2008–0008.

On February 28, 2003, the President issued Homeland Security Presidential Directive–5 (HSPD–5), Management of Domestic Incidents, which directed the Secretary of Homeland Security to develop and administer a National Incident Management System (NIMS).

NIMS is described as a “core set of doctrines, concepts, principles, terminology, and organizational processes that enables effective, efficient, and collaborative incident management.” NIMS also supports the development of technologies that facilitate emergency management and incident response.

The changes in this revised NIMS document are described as “not substantively dramatic, and do not alter the basic NIMS doctrine published in the 2004 version.”

Comments must be received by June 2, 2008 via Federal eRulemaking Portal: http:// www.regulations.gov or through FEMA–POLICY@dhs.gov. Be sure to include the Docket ID FEMA–2008–0008.

Previous questions about the first draft NIMS document asked about the specifics of assigned roles and responsibilities for key participants from the federal, state, and local governments, nongovernmental entities, and the private sector.

According to GAO, the TOPOFF 3 exercise in April 2005 illustrated some uneven uptake of the NIMS framework at the federal level. The FBI, wrote GAO, never fully integrated into and accepted the unified command called for under NIMS…”, “did not appropriately staff the incident command post with its representatives,” and “kept management of the investigation separate from the incident management overseen by the unified command.”

One of our readers offered a healthy does of skepticism about resilience as a concept. I thought it would be valuable to make this part of a new post to follow up the recent coverage of this topic and the hearings in the House this week.

>>[Jonah does] not include concerns about response in this concept: “Turning victims into patients is important for response, but resilience is different.” Yet your guest poster, Robert Kelly, does: “That is the essence of resilience – the ability to rapidly respond to and recover from a catastrophic event.”

I see a difference between response/recovery and resilience. Being resilient should render the ability to respond effectively. However, rapidly flying in emergency food and water to a hurricane zone, for example, to limit the hardship of the victims would be response, while resilience would be building homes less vulnerable to the effects of a hurricane and getting the ports and businesses up and running. (I should note that my guests on this blog don’t have to agree with me and vice versa.)

>>And Steve Flynn includes it among his “four pillars of resilience” in his recent Foreign Affairs piece: “Second is resourcefulness, which involves skillfully managing a disaster once it unfolds…Ensuring that U.S. society is resourceful means providing adequate resources to the National Guard, the American Red Cross, public health officials, firefighters, emergency-room staffs, and other emergency planners and responders.”

It is important to take Steve’s four factors as a whole. If we selected only the third factor — rapid recovery — I could see the point that my separation of response and resilience would be problematic. However, Steve’s factors are robustness, resourcefulness, rapid recovery, and the means to absorb new lessons. Taken together, I think you’d agree that resilience is more than emergency response, but nevertheless dependant on it being executed well.

>>Unfortunately, I think the concept requires a lot of refining. But hopefully these hearings will not be the only cuts at this effort.

I, too, hope these hearings are the beginning of a sustained effort to build in, rather than bolt on, the important capability of resilience. But the concept of resilience already has been refined to a point that enables action. First steps would include making resilience a strategic goal as part of such plans as the Quadrennial Homeland Security Review.

To refine this concept further, consider the following parameters:

Resilience should afford a deterrent value: Terrorists are not deterred by fear of retaliation, but by fear of failure. Resilience delivers a deterrent value by reducing the likelihood that the impact of an intentional attack will transpire.

Resilience helps to avoid self-inflicted wounds: Resilience — if done right — affords the decision maker the enhanced ability to focus response efforts on the part of the system that is actually stressed.

Investments in resilience should be “dual use” in nature: Investments in resiliency not only address vulnerabilities due to terrorist attacks or natural disasters. Resilience also facilitates the global flows of trade/travel.

The private sector is an asset first, a target second: This is a critical step toward being able to make the case for private sector engagement. Several options exist.

Redundancy is not resiliency. Having costly back-up systems or two of everything is the easy and most expensive way to “bend and not break.” If done correctly, resiliency is more akin to the concept of Intelligent Immunity we put forth in the latest GMM paper.

Congressman Bennie Thompson, chairman of the House Homeland Security Committee, set the tone for yesterday’s first Congressional hearing on resilience by asserting that America’s strategy for protecting the homeland must balance prevention with resilience since 100% security is unobtainable. Moreover, “we all have a role to play,” he said, implying that resilience is the responsibility of the federal government, states and localities, academia, and the private sector, which explains the presence of DHS, MIT, ATT&T, SAP, and the Homeland Security Center for Risk & Economic Analysis of Terrorism Events at USC as witnesses. Chairman Thompson concluded his opening remarks with his refrain that success in this mission demands “honesty with the American people” and a worthy goal of securing the homeland is that we do so based on a “freedom from fear.”

DHS Assistant Secretary for Policy, Stewart Baker, represented the federal government and its views on resilience, as well as current efforts to invest in this capability. Much of A/S Baker’s prepared remarks focused on the ability to “bounce back” as the goal of resilience. This is important, but it leaves out other dimensions that make the concept of resilience valuable (i.e. deterrence, measured response, dual use, etc.).

However, he did emphasize certain efforts to use information more effectively as a resource for alerting populations at risk as soon as an attack or disaster is known to be imminent. Baker cited such measures as “reverse 9/11,” instant messaging, blogs, Google Maps, and twitter as means for fostering an organized response. (Blogs?)

Mr. Baker did identify at least one area that would generate substantial improvement. He described DHS’s work with the Treasury Department, the Financial Services Sector Coordinating Council Subcommittee for Research and Development, and ChicagoFIRST to develop a risk management tool for the finance sector. This includes a computer simulation of the value chains of a generic financial enterprise to allow organizations to create and run “disruption scenarios tailored to their individual business models, using their own proprietary data as well as generic data for the rest of the financial sector,” according to Baker.

Professor Yossi Sheffi of MIT broadened the scope of the discussion to include the important ability of obtaining information early in order to act earlier and with more precision. He cited specifically the prerequisite of devolving decision making to the levels closest to the “front lines” in order to be not only quicker in responding, but also more surgical in that response so as to minimize overreactions that risk amplifying the circumstances.

AT&T’s Susan Bailey echoed this with an explanation that her firm not only prepares for disruptions, but they monitor, pattern, and then profile internet traffic that they support to establish a baseline. Aberrations and abnormalities — often antecedents to cyber attacks — can then be identified and zeroed in on. Indeed, Erroll Southers of the Homeland Security Center for Risk & Economic Analysis of Terrorism Events described how the British implicitly join detection and resilience.

Several members cited the media coverage yesterday of a study that found a nationwide inability on the part of emergency rooms to manage large and unexpected influxes of patients that would likely follow a terrorist strike or natural disaster. Naturally, A/S Baker had little to say about this. That may be the job of the DHS Medical Advisor or HHS, but it isn’t even resilience in the first place. This scenario describes the need for “surge capacity” in hospitals in order to facilitate an emergency response. Turning victims into patients is important for response, but resilience is different.

Interestingly, Rep. Lungren invoked a missing aspect of resilience. If “we all play a part,” as the Chairman appropriately notes, then we must find a way for resilience to become a part of the bottom line for the private sector. He raises a good point. While regulations will surely get industry’s attention, the best form of resilience — indeed the best form of homeland security — reduces the risk of terrorist attack or disruption while also improving the facilitation of trade and travel.

Resilience in the form of redundancy (costly back up facilities or other investments that go unused until disaster strikes) is a blunt measure. Today the Subcommittee on Border, Maritime, and Global Counterterrorism convenes their hearing on “Assessing the Resiliency of the Nation’s Supply Chain.” This is a perfect opportunity to explore smart resilience, as opposed to simply the ability to bounce back.

Senate Homeland Security and Governmental Affairs Committee issued an eight-page letter to Secretary Chertoff demanding details about the ministration’s new Cyber Initiative. This follows the classified hearing the Committee held on March 4.

The Comprehensive National Cybersecurity Initiative (CNCI), formally established in January, is intended to strengthen the federal government’s ability to secure the electronic networks and databases of the federal government. According to the Committee, the March hearing included a threat assessment from DHS and the National Security Agency and a review of the interagency roles and responsibilities of the CNCI. The following witnesses testified:

• Robert D. Jamison, Under Secretary, National Protection and Programs Directorate at the Department of Homeland Security;
• Melissa A. Hathaway, Cyber Coordination Executive, Office of the Director of National Intelligence;
• G. Dennis Bartko, Special Assistant to the Director for Cyber at the National Security Agency; and
• Scott O’Neal, Section Chief, Cyber Division at the Federal Bureau of Investigation.

The Administration received $115 million for FY 2008 to fund the Cyber Initiative, and another $83 million is being requested for FY09. The Committee puts this into context by explaining the budget request as a three-fold increase over the course of one year.

Here’s where things get a little tense. Senators Lieberman and Collins, chair and ranking member of the Homeland Security and Governmental Affairs Committee, respectively, yesterday released a letter they sent to Secretary Chertoff asking for specific information about the CNCI, its dependence on contractors, and the potential lack of involvement by the private sector, which owns and/or operates the majority of the nation’s cyber infrastructure.

Such basic details as the role of the National Cyber Security Center and the authority under which its director was named. In terms of metrics, the Committee would like to know how DHS will determine when the CNCI is succeeding and Einstein is measuring something tangible.

If I were a betting man, this looks like the beginning of another investigation from the GAO….

Click here to view the full text of the letter.

Full Committee hearing on:
“The Resilient Homeland - Broadening the Homeland Security Strategy.”

Tuesday, May 6, 2008 @ 10am
311 Cannon House Office Building

Witnesses (partial):
• Hon. Stewart A. Baker, Assistant Secretary for Policy, Department of Homeland Security;
• Susan R. Bailey, Ph.D., AT&T Operations, Inc., Vice President Global Network Operations Planning;
• Professor Yossi Sheffi, Massachusetts Institute of Technology;
• Mr. Erroll G. Southers, Assistant Chief, Los Angeles Airport Police, Homeland Security & Intelligence Division, Adjunct Professor of Terrorism and Public Policy, Associate Director for Educational Programs, Homeland Security Center for Risk & Economic Analysis of Terrorism Events (CREATE), University of Southern California

Subcommittee on Border, Maritime, and Global Counterterrorism
“Assessing the Resiliency of the Nation’s Supply Chain.”

Wednesday, May 7, 2008 @ 2pm
311 Cannon House Office Building

Witnesses (invited/partial):
• Admiral Thad Allen, Commandant, U.S. Coast Guard, Department of Homeland Security;
• Commissioner W. Ralph Basham, U.S. Customs and Border Protection, Department of Homeland Security;
• Mr. Robert W. Kelly, Senior Advisor for Homeland and National Security, Reform Institute;
• Mr. Paul Zimmermann, Director of Operations, Port of New Orleans

– Guest Post –

It won’t just be the flowers blooming in May. With House Homeland Security Committee Chairman Bennie Thompson (D-MS) declaring May as “Resilience Month” in his committee, “resilience” has blossomed from the seed first planted by the likes of Steve Flynn at the Council on Foreign Relations and IBM’s work on Global Movement Management into an influential concept that has attracted the attention of leaders in the public and private sectors.

I will be one of the many corporate leaders and experts to testify as the House Homeland Committee and each of its subcommittees hold hearings in May centered on resilience. The newfound prominence of the issue on Capitol Hill comes as many firms have made great strides in improving their ability to continue operations in the face of a crisis. That is the essence of resilience – the ability to rapidly respond to and recover from a catastrophic event. As government authorities explore strategies for enhancing national resilience, they must look to the private sector for examples to follow and for opportunities for partnership.

I was honored to chair a national symposium, Building a Resilient Nation: Enhancing Security, Ensuring a Strong Economy, in New York City at the end of March of this year that brought together business leaders and industry experts to discuss the importance of resilience to our national and economic security. Listening to presentations from speakers representing major sectors of our economy – the supply chain, risk assessment and management, financial, energy and telecommunications – I was inspired by the pioneering efforts of many corporations and also anxious about the enormous work that remains. The Reform Institute will soon release a report with findings and recommendations for enhancing resilience based on the proceedings of the symposium.

Making resilience a national priority will bring the focus that has been lacking from the mission of DHS since its inception. Resilience can also tap into the energy, resolve and ingenuity of the American people, as opposed to current policy, which views citizens and private industry only as potential victims and targets. And, perhaps most importantly, a national focus on resilience can bring much-needed stability to an economy that has been overwhelmed by market failure, heightened uncertainty, and failing infrastructure.

A catastrophic event that severely disrupted economic activity could have a devastating effect on our economy. By hardening vulnerabilities such as our infrastructure and supply-chain and generally enhancing the ability of the U.S. to stay open for business during a crisis, we will bolster investor and consumer confidence in our economy. Moreover, every dollar spent on resilience can be a dollar invested in deterrence: targets that don’t fail or generate ripple effects when attacked are far less attractive to terrorists.

The attention towards resilience is a welcome sign. We must now ensure that resilience becomes a comprehensive plan of action, and not simply an empty slogan. This will require public-private collaboration to implement innovative new systems and programs already being initiated by the private sector, such as SAP’s supply chain management software and CSX’s Network Operations Workstation. It will also demand effective leadership to shepherd these changes through. That will be my message to Congress.

Robert W. Kelly is Senior Advisor to the Reform Institute’s Homeland and National Security Center.  He is also a Founder and Managing Partner of CenTauri Solutions, LLC, a professional services firm that specializes in high-end consulting and technical services for the public and private sectors.

Secretary Chertoff and his Mexican counterpart, Juan Camilo Mouriño Terrazo, Secretary of the Interior, signed a binding agreement between the U.S. and Mexico on science and technology related to homeland security. The signing took place at last week’s annual North American Leaders Summit in New Orleans. President Bush and the leaders of Canada and Mexico also attended.

The DHS S&T Directorate is responsible for executing on the agreement, which was described as focusing on cross-border cooperation, information sharing, research and development, test and evaluation, pilot projects, and vulnerability and risk assessments.

Readers may recall the posts here about missed opportunities for greater international coordination in combating terrorism by way of strategic relationships based on a common interest in protecting civilians. Well, I have to say that I was overly focused on Europe, the Middle East, and the Mediterranean regions to even think of Mexico as a potential partner in this regard. Or maybe I’ve watched too much Lou Dobbs.

This agreement is being vaunted as a framework to enhance scientific and technical understanding for the benefit of both countries. Its mission-area focuses include maritime security, counter-explosives equipment, the detection of infectious diseases, travel and trade security, and the protection of critical infrastructure. Not much is ruled out.

This will get the bizarre and misguided Minute Men and Mr. Dobbs talking: The agreement allows the sharing of classified information between Mexico and the United States and can be used across the federal government. The professionals in the intel community and law enforcement know the limits in this regard. As analysts become more proficient at writing to the tear line and open-source material becomes more instrumental in identifying and assessing risks, this type of information sharing only makes sense.

Models for this exist with long-time near-peer allies like the UK, Canada, and Australia. But Mexico is a different case altogether. That the focus is first on science and technology is worth pointing out. This effort is also intended to build the capacity of our Mexican partners so that better coordination can take place. S&T is not only less polarizing than building a wall, its also far and away a wiser investment for the long-term: We gain improved Mexican cooperation and capabilities.

Below the radar, similar efforts are taking place through non-government channels to engage countries such as Iran, Israel, and Palestine on the basis of science and technology. From what I can tell so far, this is time, expertise, and money well spent.

DHS today rolled out its Small Vessel Security Strategy (SVSS). The SVSS is designed to reduce risk without needlessly reducing “the freedom of operation common to the nation’s waterways,” according to the Department’s statement.

Homeland Security Secretary Michael Chertoff cites the bombing of the USS Cole at a port in Yemen in 2000 as evidence that terrorists view the maritime domain as a target. He is quoted as saying that the security paradigm in today’s domestic waterways and port areas rely on an “honor-based neighborhood watch program.” The SVSS, he said, replaces this environment “with an efficient and successful means to combat terrorism along our waterways.”

Readers may recall the National Small Vessel Security Summit that DHS convened in June 2007. Findings from this event informed the SVSS and identified risks associated with the illicit use of small vessels. The SVSS focuses on the following threats:
• waterborne improvised explosive devices;
• use of conveyances for smuggling weapons into the U.S.;
• use of conveyances for smuggling terrorists into the U.S.; and
• use of “waterborne platforms for conducting a stand-off attacks.”

To mitigate these threats, the Small Vessel Security Strategy seeks:
• Better identification of small vessels operating in U.S. waters;
• Expanded radiological/nuclear detection capabilities;
• Improved situational awareness and information sharing;
• Enhanced data analysis to identify high-risk concerns;
• Leveraged technology to enhance the ability to detect, determine intent and when necessary, interdict small vessels; and
• Deepened “coordination, cooperation, and communications between federal, state, local and tribal partners in addition to the private sector and international partners.”

The document actually includes descriptions of the authorities vested in DHS and the overall federal government in implementing this strategy. It also includes details about the roles served by each agency within and outside of DHS, and also a list of relevant interagency institutions. DHS plans next to develop the small vessel security implementation plan to take place this year.

In follow up to the April 22 post detailing an aspect of the DHS Transition Plan, the House Homeland Security Committee posted a presentation from Under Secretary for Management Elaine Duke on their website that explains the stages of the transition and succession plan the Department is executing.

As part of this transition plan, DHS is addressing the interagency dimension to establish communications paths among new officials, transfer relevant knowledge to new officials, engage in curricula that can enhance relationships among agencies with homeland security missions. The presentation cites the Executive Order on National Security Professionals and an apparent role that is now given to department or agency Deputy Chiefs of Staff for Transition.

But through all the briefing books and guidance documents, there was a recommendation of the Administration Transition Task Force that doesn’t appear to be a part of the current plan. (There are a few, actually, but this is one of the more important.) To mitigate the on-boarding process of incoming appointees and staff at DHS, the ATTF recommends providing a process “by which federal, state, local, tribal and the private sector authorities may submit to DHS officials their list of priorities and compilation of decisions made and decisions needed.”

This could help reduce the speed bumps that are largely outside of DHS’ control, but will be waiting in the new person’s in-box on day one. Some of these priorities will be parochial, but many will not be. This process enables the interagency and the broader homeland security community to contribute to the transition in a meaningful way that can shine a light on problems under the surface that the outgoing team may not be addressing.

For more on the transition efforts, see this page at the House Homeland Security Committee’s website.

I am at this year’s GovSec conference here in DC for the next couple days. IBM is a sponsor of the event and my two colleagues, Scott Gould and Dan Prieto, and I are moderating the panel discussions as part of the Counterterrorism and Technology and Tactics track. There are supposed to be several hundred people at the event so I’ll look forward to reporting back on HLSwatch.com about how the proceedings unfold.

They call economics the dismal science, but take a look at our agenda over the next two days:

I’m moderating the discussions on “Recognizing Fraudulent Passports & Visas” and on “Federal Resources to Prevent the Next Rad/Nuc Attack.” If you’ll be at the conference, send me an email and hope to see you at these panels.

An AP story by Scott Lindlaw sheds some light on how DHS is preparing for its first ever presidential transition. On or about January 20, 2009, DHS will lose its political appointees who will leave when the new president comes to town. Shane Harris at the National Journal put that into perspective with his piece on the impending transition as follows:

According to figures compiled in the quadrennial Plum Book by the Office of Personnel Management, as of September 2004 the 180,000-employee Homeland Security Department had more than 360 politically appointed, noncareer positions.

By contrast, the Veterans Affairs Department — the government’s second-largest department, at 235,000 employees — had only 64. And the Defense Department — far and away the largest department in the government, at 2.1 million employees, including military and civilian — counted 283 appointed, noncareer billets. That figure includes political appointees at the Army, Navy, and Air Force. DHS’s own reports show that since 2004, it has often added more political positions to its ranks, and more frequently, than other large departments.

Secretary Chertoff told Lindlaw that the department is “working to line up career officials for about 50 key roles” to manage DHS until the next president’s appointees are named and, if necessary, confirmed by the Senate. This could take months, but the new Secretary of Homeland Security is likely to be on a fast track through the Senate.

Next month, AP reports, DHS is convening a three-day conference with nearly 200 senior career officials to conduct a table-top exercise in response to a scenario depicting a national-level incident. It is unclear if this effort includes state and local partners, international counterparts, or even officials from other departments (i.e. Defense).

In some ways, we are seeing the impact of the work done by the Administration Transition Task Force, organized under the auspices of the Homeland Security Advisory Council, that issued earlier this year its report with basic recommendations for the DHS transition. However, there is still a sense in the Congress that DHS is conducting the transition planning effort behind closed doors. An article in the Wall Street Journal about the effort to convert political appointee positions to career slots in advance of the next election contributed to the Congressional oversight of DHS transition planning.

House Homeland Security Committee Chairman Bennie Thompson and Secretary Chertoff traded letters in which Thompson requested more information on the DHS plans. In his response, Chertoff declines to provide the laundry list of details requested by the Committee. “In most cases, the transition planning documents are still under development and, in any event, they constitute executive branch materials intended to be shared in the first instance with the incoming administration.”

UPDATE: Special thanks to William Cumming for sending in the CRS report released yesterday on “National Security Considerations and Options” related to the 08-09 presidential transition. You can download a copy here.

The report outlines critical issues that pertain to five phases of a transition, spanning from the campaign to the inauguration. The report also includes a table of recent military operations occurring during Presidential transitions and a table of Congressional legislation addressing various aspects of national security during Presidential transitions.

Ever wonder why the perception that every step forward in securing the homeland is two steps back in strengthening commerce? Take a look at the fiscal year 2009 budget. The $37.6 billion requested by DHS is focused on five objectives:
- Protect our Nation from Dangerous People
- Protect our Nation from Dangerous Goods
- Protect Critical Infrastructure
- Build a Nimble, Effective Emergency Response System and a Culture of Preparedness
- Strengthen and Unify DHS Operations and Management

Based on the details in the budget request, success in three of these categories can be measured rather bluntly:
- An increase, possibly followed by a decrease, in arrests or denied entries
- An increase, possibly followed by a decrease, in “no-load” orders for shipments from overseas
- An increase in high tech equipment and more staff for regulatory offices

Building a culture of preparedness and investing in more unified DHS management functions are goals worth pursuing. However, the bulk of the budget request is dedicated to a lop-sided investment in the guns, guards, and gates paradigm that favors a narrow focus on keeping threats at bay, as opposed to reducing overall risk through a more strategic approach that considers the broader mission.

In the seven years since 9/11 and the five years since DHS opened its doors, we have learned that securing the homeland includes a broader concept than what is offered in this Administration’s final DHS budget request. The mission of DHS is not only to reduce the threat of terrorism and bolster the nation’s ability to respond to attacks and disasters. The Department has an implicit mission that includes making the country a better place — with a stronger economy — at the same time. For example:

Protecting our nation from dangerous people is not the only goal in managing the flow of people. The priority ought to be on doing so through solutions that also enhance the commercial viability of enabling the flow of legitimate travelers while better targeting threats in a more surgical manner. Success in this mission would measure not only the number of arrests or denied entries, but also the veracity of information gathered, the integrity of the privacy protections in place, and the overall through-put of people entering and exiting the U.S. to support our trade and travel economy.

Protecting our nation from dangerous goods is not the only goal in managing the flow of cargo and their conveyances around the globe. The priority ought to be on distributing authorities among our trading partners within an effective governance framework - empowered by effective technology - that assures an even application of preventive measures that increasingly facilitate the movement of legitimate goods to better support our nation’s competitiveness. Success in this mission would measure not only the number of alarms tripped by suspicious cargo en route to the U.S., but also the accuracy of the information shared within a flexible system that enables a more exact understanding of where weaknesses reside in the system so as to better shore up vulnerabilities and better localize disruptions and attacks in order to limit the overall impact on trade.

The next Administration cannot reboot the whole HLS system and start over. However, the importance of taking a new strategic reassessment of where the billions of dollars go and how we measure success in these investments will be a vital initial move by the next team.

P.J. Crowley, Senior Fellow and Director of Homeland Security at the Center for American Progress convened a panel discussion yesterday morning on the near-term future of HLS and the new report from P.J. and CAP, entitled “Safe at Home.”

The Chairman of the House Homeland Security Committee, Congressman Bennie Thompson, kicked off the gathering with his own scene setter of where things are today. The discussion invoked such important topics as resiliency, HLS doctrine, the role of people in securing the homeland, and how to overcome information sharing obstacles that currently hinder overall progress.

My very first post on this blog covered a presentation by Chairman Thompson at an event at the Homeland Security Policy Institute. Then, as now, the oversight environment for DHS was contentious. Back then, the policy community was abuzz with the switch in power in the Congress. Yesterday morning’s discussion focused on how this Congressional session will finish out and how the next Presidential administration can obtain the best footing in taking leadership in securing the homeland.

Chairman Thompson intends to dedicate a series of hearings to resiliency and another solely to the topic of the transition from this administration to the next in terms of handling the transfer of DHS leadership. Thompson’s strategic goal, he said, was to achieve a secure homeland based on a “freedom from fear.”

Thompson also dropped a couple of other news items, too:

The Senate is expected to work up an authorization bill for the Department of Homeland Security sometime this July.

The HLS Committee plans to reach out to members of the presidential campaigns in their process of looking into transition issues.

My colleague, Dan Prieto, and former 9/11 Commission senior staffer Barbara Grewe spoke on the panel that followed, with P.J. Crowley moderating.

P.J. opened with an incisive analysis of the state of homeland security affairs based on his new paper, Safe at Home: A National Strategy to Protect the American Homeland, the Real Central Front. That last clause is a direct criticism of those who suggest that Iraq is the central front in the war on terrorism. P.J. explains that its just the best funded front: We spend twice as much on securing Iraq as we do on securing the U.S. He didn’t miss the opportunity to take issue with the term “war on terror” either.

Dan, noting the roll-out this week of IBM’s new report on the subject, clarified the role for resilience in this domain:

“Resiliency is defined as the ability to recover quickly from, or to resist being affected by a shock or disruption. Resiliency is a more powerful concept than simply “response and recovery” because it demands that security and commerce be treated as simultaneously achievable goals.”

The new IBM report, Global Movement Management: Strengthening Commerce, Security, and Resilience in Today’s Networked World, provides a survey and analysis of the \ three main components of resilience: people, technology, and governance. Dan explained further that:

“[Resilience] implies a greater level of forethought and planning ahead of time instead of simply reacting after an event. It stresses the importance of how to train people, build systems and technology and implement governance so that people are prepared on the front lines to react in the right way. It is about making sure that the right people have the right information at the right time to make the right decisions in the right way.”

Overall, a pithy deconstruction of how our nation’s investments risk being misapplied led to a trenchant discussion of how best to trigger the next phase in securing the homeland. If he had his way, P.J. would focus far more resources on the likelier threats, such as IEDs, chem., and cyber. His report offers, among other things, the following table:

Click to enlarge

Thursday, April 17

2:00 PM EDT
Principal Deputy Under Secretary for Intelligence and Analysis Jack Tomarchio will testify before the Senate Homeland Security Governmental Affairs Committee, Ad Hoc Subcommittee on State, Local and Private Sector Preparedness and Integration on state and local fusion centers
342 Dirksen Senate Office Building
Washington, DC

Friday, April 18

2:00 PM EDT
Secretary Michael Chertoff will sign a memorandum of understanding on the Visa Waiver Program with Korean Minister of Foreign Affairs and Trade Yu Myung-hwan followed by a press availability
Ronald Reagan Building
U.S. Customs and Border Protection
Press Briefing Room
1300 Pennsylvania Avenue, NW
Washington, DC

Last week DHS Secretary Michael Chertoff delivered a speech at Yale University entitled “Confronting The Threats To Our Homeland.” Citing the five-year mark for DHS and the three-year mark for his tenure as its head, he explained that such an occasion warrants not just one speech, but four.

And the first — the one he delivered at Yale — offers insight into the way he views the “challenges and threats that we face over the next five and ten years relating to homeland security in the broadest sense.” He did offer this caveat: his views would be focused not only on counterterrorism, but also on threats to public safety and other risks that “are of national dimension.”

Chertoff promised that his second speech would address “what we have done and what we need to continue to do to prevent these threats.” The third speech will focus on how to reduce vulnerabilities to threats. (Not sure how this will differ from speech #2.) The final speech he plans to give is on response to catastrophic events, man-made or natural.

Readers may recall the February 28, 2008, post that described ways in which we could work with other countries to build their counter- and anti-terrorism capacity through existing multilateral mechanisms to gain better cooperation overseas. The Center for Strategic and International Studies yesterday rolled out their new report that delves into the same topic with a focus on how the State Department and Pentagon ought to be better integrated in executing security assistance programs. While interagency coordination is the goal, and the report makes significant gains in this direction, there no mention of the Department of Homeland Security and its overseas presence serving a role.

The explicit recommendation in the paper is to rebalance the roles of State and DOD in carrying out “preventative civilian foreign and development policy instruments.” In doing so, the authors of the report, Kathleen Hicks and Stephen Morrison, recommend a better engagement of the U.S. Agency for International Development (USAID) and international NGO’s. Congresswoman Susan Davis, Congressman Geoff Davis, former DOD CFO Dov Zakheim, and president and CEO of CARE USA Helene Gayle spoke on the panel that convened at the Capitol to introduce the paper’s findings.

The aspects of the report most relevant to this blog deal with counter terrorism capacity building. The report suggests that “joint strategic planning and coordination” ought to occur between State, DOD, and USAID. The report offers solid recommendations for accomplishing this, but includes no mention of the role of the federal agency most involved with civilian efforts to combat terrorism: the Department of Homeland Security. The panel expressed doubt that DHS could contribute much to the mission due to its own lack of organization. The moderator even questioned whether the topic has anything to do with the new report.

It is no surprise that DHS does not immediately come to mind when considering an international strategy. However, this one, focused on civilian capacity for combating terrorism with reduced role for DOD, is incomplete with out DHS. And while DHS may not yet be up to the task, let’s make it so. The February 28, 2008, post offers some specific options.

Much of the CSIS report focuses on critical details about how things work now and where the drivers of the problems actually exist. For example, it describes the potential of USAFRICOM, the use and misuse of CERP funds, and the lessons learned from Provincial Reconstruction Teams. It is clear that an interest remains in attempting to reassert the role of the State Department’s regional Assistant Secretaries in the context of powerful country ambassadors and unified combatant commanders (formerly CINCs). There is a call for joint regional planning entities to better integrate these roles.

For more on this topic, see the 2001 report on Forward Strategic Empowerment: Synergies Between CINCs, the State Department, and Other Agencies. The report is the product of a taskforce led by former Army Chief of Staff Shy Meyer and former Undersecretary for Political Affairs Tom Pickering.

Monday, April 14
1:00 PM EDT
Private Sector Office Assistant Secretary Al Martinez-Fonts will participate in a panel discussion on the state of travel and tourism at the American Hotel and Lodging Association Annual Legislative Action Summit
Willard InterContinental Hotel
1401 Pennsylvania Avenue, NW
Washington, DC

Tuesday, April 15
10:40 AM EDT
Under Secretary for Science and Technology Jay M. Cohen will deliver remarks to the Annual Azalea Festival Symposium
Old Dominion University
Ted Constant Convocation Center
4320 Hampton Boulevard
Norfolk, VA

12:00 PM Local
Secretary Michael Chertoff will participate in a ceremony commemorating the 65th anniversary of the Warsaw Ghetto uprising
Ghetto Heroes Monument
Walowa
Warsaw, Poland
OPEN PRESS

2:00 PM EDT
Transportation Security Administration Assistant Secretary Kip Hawley will testify before the House Homeland Security Committee Subcommittee on Transportation Security and Infrastructure Protection on how the transportation security administration will continue to enhance security for all modes of transportation
311 Cannon House Office Building
Washington, DC

7:30 PM EDT
Deputy Chief Privacy Officer John Kropf will deliver remarks at the 7th International Public Safety/Counterterrorism Conference
Marriott Seattle Waterfront
2100 Alaskan Way
Seattle, WA

Wednesday, April 16
2:00 PM EDT
Office of Policy Screening Coordination Office Director Kathleen Kraninger and U.S. Customs and Border Protection Office of Field Operations Deputy Assistant Commissioner Bob Jacksta will testify before the House Homeland Security Committee, Subcommittee on Border, Maritime and Global Counter-terrorism on ensuring successful implementation of the Western Hemisphere Travel Initiative
311 Cannon House Office Building
Washington, DC

Thursday, April 17
Events TBD

Friday, April 18
Events TBD

Richard Mangogna is the new DHS Chief Information Officer, according to a DHS press release. The announcement is noteworthy for its brevity.

Before we get into the investigation, DHS deck chairs move as follows: Mangogna succeeds Scott Charbo, who was appointed deputy undersecretary of National Protection and Programs. Since Charbo’s departure, Deputy CIO Charles Armstrong has served as acting CIO. Armstrong will support Mangogna’s on-boarding before moving over to become CIO for Customs and Border Protection.

Not a lot out there on Mr. Mangogna. He is identified in the official release as an independent consultant with the Mason Harriman Group. MHG doesn’t list any of its staff on its website. It characterizes its employees as consultants who “are 45 seasoned former C-Level executives from the Fortune 200.” Only generic contact information is available, but at least we can tell where MHG is located: Towaco, N.J.

The White House and DHS releases cite Mangogna as a former president and CEO of Covidea. You don’t know Covidea? The New York Times and Covidea announced a videotex service on September 16, 1986, with a product called New York Pulse. On December 6, 1988, Covidea closed its videotex services, Pronto and Business Banking. New York Pulse shut down the following year.

So what’s the new DHS CIO been up to for the last twenty one years? The Administration only acknowledges that Mangogna worked as executive vice president and CIO at JP Morgan Chase and was the division head of Business Re-engineering Management at Chase Manhattan Bank. I found no evidence of the Business Re-engineering Management role. In its 1999 annual report, Chase Bank refers to him as Global Bank CIO.

It is unclear why more wasn’t said about his experience there. When Chase and JP Morgan merged in 2000, a massive systems and business integration project began. As CIO for the newly created company, Mangogna co-chaired the technology and operations steering committee that guided the integration of the technology that supported the operations of about 100,000 employees with systems across the country and on six continents, involving more than 90 data and processing centers, according to a 2001 piece in InfoWorld. You might say that’s a transferable skill set.

However, DHS is a larger undertaking. With over 200,000 employees operating in a different paradigm than pre-9/11 banking, DHS represents a challenge for anyone. USCIS alone is embarking on a major overhaul of its business processes and technology foundation under its $3.5 billion Transformation program. Perhaps more details about Mangogna’s resume will come out in the press. But since the CIO at DHS doesn’t need to be Senate confirmed, it won’t come easily.

Final note: When Chase Bank purchased a major new Sun Microsystems server for about $900K back in 1999 (that was big then), Mangogna justified the investment, explaining “IT performance is a competitive weapon in the global economy.” He might easily update that assessment to include the bigger picture that DHS is responsible for.

The DHS Inspector General’s report on FEMA’s readiness is public. Thanks to reader William Cumming for sending in a copy. The IG identified nine areas in which FEMA must be invested in order to be ready for catastrophic emergencies. The report shows how FEMA fairs in each of the areas using a four-tiered scale of substantial progress, moderate progress, modest progress, and limited or no progress.

FEMA officials told IG investigators “that budget shortfalls, reorganizations, inadequate IT systems, and confusing or limited authorities negatively affected their progress” in these areas researched. While the IG agrees with FEMA, it also suggests that FEMA would benefit from better “knowledge management” and plans for sustaining initiatives.

After a July 31, 2007, hearing on FEMA preparedness, the House Committee on Oversight and Government Reform tasked the DHS Office of the Inspector General (OIG) with providing a high-level assessment of DHS and FEMA’s preparedness for the next catastrophic disaster.

The report identifies key areas for managing catastrophic disasters and determines the progress FEMA has made in these areas since Hurricane Katrina struck in August 2005. FEMA’s funding spiked following Hurricane Katrina, but is today approaching to pre-Katrina levels.

Click to enlarge.

The report reveals that FEMA has shown moderate progress across the board, but several FEMA shortcomings identified in the report are vital to managing this year’s upcoming hurricane season. FEMA was found to have made limited progress in establishing regulations, policies, and operating procedures for major emergencies, in staffing and training, and in the management of mission assignments.

Next, the OIG plans to review the development of FEMA’s plans, policies, and procedures for managing major disasters. This includes the development and implementation of the National Response Framework, community preparedness, and planning for catastrophic scenarios.

When HLSWatch asked DHS Secretary Chertoff during yesterday’s meeting about his intentions for the forthcoming Cyber Initiative, which will orchestrate a cross-agency, several hundred-million-dollar, effort to combat and defend against cyberterrorism, he laid out a three part plan:

1. DHS applies a computer program called EINSTEIN
2. The US-CERT is up and running
3. Security patches to protect against cyber threats will be shared with the private sector

1. EINSTEIN is computer program that detects attacks on federal computer networks and assembles data on how to defend against them. Its been in place selectively for a few years, but now its mandatory.
2. US-CERT, the United States Computer Emergency Readiness Team was established in 2003 to support DHS cooperation with “the public and private sectors” in defense against and responses to cyber attacks. Think of US-CERT as the enforcement guys who make sure that measures are taken to defend against cyber attacks. Apparently they have more authority under the Initiative.
3. Work with the private sector to share information about cyber threats has been underway since before 9/11 through the Information Sharing and Analysis Centers, each dedicated to a specific industry. (The Financial Services ISAC was formed in late 1999 and the IT-ISAC was established in late 2000).

The Chem ISAC and Oil&Gas ISACs came in 2001 and left in 2005.

So what’s new? Its classified, actually. We’ll see what the transcript says, but it sounds like the article by Ellen Nakashima in the Post is as close as we’re going to get for now to shedding light on the Cyber Initiative.

More available here.

The assasination of Marin Luther King forty years ago today represents one of the darkest times in our nation’s past. This blog about homeland security acknowledges today as a reminder that threats to our nation do not always come from the outside. Leaders of the Civil Rights Movement struggled against deep rifts in the country. And while the Civil Rights Movement continues to this day with a great deal yet unfinished, so much has been accomplished in the wake of its early work and the day that MLK was killed.

For the famous speech by Robert F. Kennedy announcing the death of MLK to a predominantly African American would-be campaign rally in Philadelphia on the night of the assasination, click here.

For more on MLK, his speeches, the civil rights movement, and other topics commemorating this anniversary, see the Washington Post’s coverage and NPR’s repository of King speeches here.

Reader Eric asked about the adoption by other nations of the ‘homeland security’ concept. HLSWatch asked Secretary Chertoff in yesterday’s meeting to discuss his recent trip to the Middle East. A member of the media there asked him a question that allies in general ask the U.S.:

The “U.S. fights terrorism overseas to prevent terrorists from performing terrorist acts in the U.S. What’s your comment on these thoughts?

Read: The U.S. advocates a layered global defense against terrorism to keep the threat away from the homeland. This implies to audiences overseas that we’d rather have it out on their homelands. Can’t blame them for assuming the worst, but Chertoff is right to say that a layered defense is the best defense. How that helps allies is in how we define “layers.”

A layered defense isn’t just about geographic layers though. There are information layers that reveal intentions and enable us and our allies to act before an attack. Financial flows also serve as a layer to create a hurdle that terrorists must cross in organizing an attack. Layers like these are opportunities to complicate the efforts of an adversary and force him into a vulnerable or detectable position.

Allies don’t just benefit from the U.S. pursuing a layered defense. We all do since a true layered defense in the 21st century requires certain basic agreements to be struck among allies. They include the nature of the threat, concepts of success, and acceptable trade-offs. In this sense, any progress the U.S. and Europe make in resolving information sharing for transatlantic flights is mutually beneficial. Of course, if we can’t convince our allies of the mutual benefit, either there isn’t one or we’re not very convincing.

Reader Arnold asked whether we can expect a public report on the lessons learned from the TOPOFF 4 exercise, which took place October 15-19, 2007, with thousands of federal, state, and local officials responding to a full scale response to a simulated dirty bomb attack in Oregon and Arizona. The Secretary explained that the TOPOFF lessons learned are under review now and being circulated for sign off.
Two things to consider:

1. The Secretary also said that planning for TOPOFF 5 is underway. It would be important for the lessons from TOPOFF 4 to inform that design.

2. Its unclear if the lessons from TOPOFF 4 are being drafted as a deliverable to the public, including state and local officials, who clearly drew their own lessons that should probably have a hand in crafting the review.

Look for a public version no sooner than summer.

This and following posts are quick squibs about subjects HLSWatch.com discussed with Secretary Chertoff today in a small roundtable of four homeland security bloggers. The session was an informal setting in the old DHS International Affairs digs: Four bloggers, a cabinet secretary, and the press staff leadership.

This is the second roundtable the Secretary has organized and it was far more engaging this time. Topics include cyber, the Fence, the presidential transition, REAL ID, immigration, politics, and planning for the future of the Department.

I should mention President Bush’s stenographer was there to cover the meeting. She’s a real pro having worked for three consecutive presidents. Once the transcript is out, we’ll revisit these posts and respond to your questions/comments.

The other bloggers were David Venturella of Security Debrief, Anne Broache of CNET, and Robert Bluey of the Heritage Foundation.

UPDATE 4/3/08: We now have the transcriptfrom this meeting.

DHS Secretary Mike Chertoff reconvenes a group of us bloggers for a roundtable tomorrow at DHS Headquarters. Topics are likely to include the recent developments surrounding REAL ID deadlines and compliance by states. Or perhaps the legal waivers Chertoff issued today that suspend environmental laws and regulations to finish building 670 miles of fence along the southwest border. (Eileen Sullivan at AP reports that these pesky laws currently prevent DHS from building the 267 miles of fencing in California, Arizona, New Mexico, and Texas.)

Readers are encouraged to submit here the questions they would like answered by the Secretary. The last time we met with him, each of us was given only enough time for one question. I hope we’ll be able to make more use of this session. Looking forward to your questions.