Homeland Security Watch

In an op-ed in the Wall Street Journal today (by subscription only), former Defense Secretary William Cohen and former DHS Deputy Secretary Adm. James Loy offer some sensible suggestions about how to potentially create a win-win outcome from the current imbroglio:

Congress should take this opportunity to identify the substantial gaps that exist in our current port security system and commit the funding necessary to begin to modify and upgrade our capabilities. It should also, among other actions, consult with our major trading partners to determine whether their procedures are in need of modification or emulation; compare DP World’s procedures with other world-class operators to determine what improvements should be made; and consider what management responsibilities should be imposed on DP World in addition to those required by the Department of Homeland Security. Finally, Congress should recognize that vulnerabilities will continue to exist, however stringent the security measures, and that an additional goal must be to manage the consequences of terrorist actions that go undetected or undefeated.

There are also several steps that might be taken by the parties involved to reduce the level of anxiety over the proposed action. DP World could voluntarily issue a White Paper addressing its worldwide system of running ports, with a focus on helping us understand its hiring practices and security procedures. The Treasury Secretary, who chairs the Committee on Foreign Investments in the U.S., could clarify just how thorough the review process actually is. Both of us were often part of that process during our public service and recall it to be essentially sound. Like most executive deliberations, it occurs behind closed doors for good reason, namely, that it deals with classified materials. It is a process designed to ensure that any such foreign investments will not place the U.S. at risk.

Whether you agree with the deal or not, these are all sensible steps that can improve port security and build public confidence about the ways in which these kinds of decisions are made.

I attended a Senate Appropriations Committee hearing today on the FY 2007 DHS budget request which had Sec. Chertoff as its sole witness. It provided an interesting preview of the fight ahead on DHS’s budget as well as the general outlook toward the Department in the Senate today.

Sen. Judd Gregg (R-NH), the chairman of the subcommittee, begans his remarks by criticizing the Administration’s general approach toward homeland security and describing it as a “stepchild to naitonal defense.” He noted that the proposed TSA fee increases were a “non-starter,” and commented on how that creates a $1.6 billion hole in the DHS budget - a hole that was filled last year by extra funds, which he said wouldn’t be possible in this constrained budget environment. He lamented the fact that the current FY 2006 supplemental bill contains funds for Iraq and Katrina - but nothing for homeland security. He questioned why TSA was singled out for user fees, asking Chertoff somewhat rhetorically whether there should also be “toll booths at the borders.” And he seemed to favor separating FEMA from DHS, arguing that emergency response activities in the wake of Katrina were distracting the Secretary and his team from terrorism prevention.

The ranking member of the committee, Sen. Robert Byrd (D-WV), had very strong words for Sec. Chertoff, commenting that when it comes to DHS, he “feel[s] like throwing the book down and saying to hell with it,” and that “there’s nothing secure about this thing.” He described an “odd complacency” in the budget, and criticized the cuts in homeland security grant funding and the levels of funding for port security, noting of the amounts requested by DHS, “if that’s robust, then I’m a 810-pound giant.”

The tone of the hearing confirmed my sense over the past few weeks that this is going to be a very difficult budget cycle. The fallout over Katrina and the Dubai ports issue have created a season of discontent on Capitol Hill about DHS, which could lead to a greater variance from the budget request in the appropriations bills than in previous years. And the divergence of opinion between the House, Senate, and Administration could lead to delays in passing the homeland bill - a likelihood exacerbated by the probable delay this spring in the passage of the budget resolution.

For more on the hearing, see these news dispatches from CNN, Congress Daily, and The Washington Times.

The two smartest people (in my opinion) on the topic of port security - CFR’s Steve Flynn and former DHS Deputy Secretary Adm. James Loy - have a co-signed op-ed in the New York Times today on the DPW case and the broader issue of port security. From the piece:

Ports are the on- and offramps to global markets, and they belong to a worldwide system operated by many different private and public entities. Since the United States cannot own and control all of that system, we must work with our trade partners and foreign companies to ensure its security. A major step in that direction would be to construct a comprehensive global container inspection system that scans the contents of every single container destined for America’s waterfront before it leaves a port — rather than scanning just the tiny percentage we do now….

Hutchison Port Holdings along with PSA Singapore Terminals, Dubai Ports World and Denmark’s APM Terminals handle nearly eight out of every 10 containers destined for the United States. If they agreed to impose a common security fee of roughly $20 per container, similar to what passengers are now used to paying when they purchase airline tickets, they could recover the cost of installing and operating this system worldwide. This, in turn, would furnish a powerful deterrent for terrorists who might be tempted to convert the ubiquitous cargo container into a poor man’s missile.

There is already a bipartisan bill that the White House and Congress could embrace to advance this effort. The GreenLane Maritime Cargo Security bill, co-sponsored by Senators Susan Collins, Republican of Maine, and Patty Murray, Democrat of Washington, provides incentives for American importers to accept the modest fees associated with a global container inspection system. The bill would also establish minimum security standards and encourages the tracking and monitoring of containers throughout the supply chain.

Moreover, it would create joint operations centers within American ports to ensure that, should there be a terrorist incident or a heightened level of threat, the ports will respond in a coordinated, measured way that will allow the flow of commerce to resume when appropriate.

A global regime for container security will require oversight. Congress should require that the security plans developed by importers be independently audited. It should also provide the Department of Homeland Security with adequate Customs and Coast Guard inspectors to audit these auditors. Today Customs has only 80 inspectors to monitor the compliance of the 5,800 importers who have vowed to secure their goods as they travel from factories to ship terminals. To assess worldwide compliance with the International Ship and Port Facility Security Code, the Coast Guard has just 20 inspectors — roughly the size of the average passenger screening team at an airport security checkpoint.

These are smart, sensible ideas by Flynn and Loy; hopefully there will be a vigorous debate on strengthening the port and cargo security system in the weeks and months ahead that moves them toward adoption.

The San Francisco Chronicle took a solid, detailed look at the current border fence proposals in a story this past weekend:

A proposal to build a double set of steel walls with floodlights, surveillance cameras and motion detectors along one-third of the U.S.-Mexican border heads to the Senate next month after winning overwhelming support in the House.

The wall would be intended to prevent illegal immigrants and potential terrorists from hiking across the southern border into the United States. It would run along five segments of the 1,952-mile border that now experience the most illegal crossings.

The plan already has roiled diplomatic relations with Mexico. Leaders in American border communities are saying it will damage local economies and the environment. And immigration experts say that — at a cost of at least $2.2 billion — the 700-mile wall would be an expensive boondoggle.

Back in early January I indicated my tentative acceptance of the idea of a border fence, subject to the simultaneous adoption of a guest worker program (or another program that promotes legal work in vital sectors) AND a clearer understanding that costs could be kept in the $2m-$3m/mile range. The statistics above are at the very high end of my cost comfort level, and worrisome given the overruns on the San Diego fence. Before making any funding commitments, Congress needs to get a better handle on the actual expected costs of any border fence: there have been too many numbers thrown around willy-nilly in this discussion in the past few months. Without a solid baseline cost assessment, taxpayer funds will be unnecessarily put at risk.

This paragraph was also interesting:

Among those hurt most by illegal immigration are members of the Tohono O’odham Indian tribe, whose desert land stretches along 70 miles of the Arizona-Mexico border. But tribal leaders don’t want their land to be fenced, as proposed under the Sensenbrenner bill, because that would prevent Indian people and wildlife from crossing the border as they are accustomed to. “We need the Border Patrol, but we have to balance that with respecting the sovereignty of our nation, our land and our people,” tribal Chairwoman Vivian Juan-Saunders said in an interview last year. “It’s a sensitive balancing act.”

These are very valid concerns by the Tohono O’odham, and there’s no easy answer to the question of what to do in this case of clashing sovereignties.

The Program Assessment Rating Tool (PART) benchmarks the results of key federal government programs, and the results of a number of key homeland security programs were released with the FY 2007 budget request and are available at this link (with additional details on the criterias for assessment). They are summarized within this Excel spreadsheet.

The programs with the top grade of “effective”:

Coast Guard: Domestic Icebreaking Program
Customs and Border Protection: Security Inspections and Trade Facilitation
Preparedness — Grants and Training Office National Exercise Program
Science and Technology: Biological Countermeasures
Secret Service: Domestic Protectees
Secret Service: Foreign Protectees and Foreign Missions
Secret Service: Protective Intelligence

The next level down of “moderately effective”:

Coast Guard Fisheries Enforcement
Coast Guard Marine Environmental Protection
Coast Guard Migrant Interdiction Program
Federal Emergency Management Agency - Mitigation Programs
Federal Protective Service
Immigration and Customs Enforcement: Detention and Removal
Immigration Services
Preparedness — Infrastructure Protection National Communications Service
Science and Technology: Rapid Prototyping of Countermeasures
Science and Technology: Emerging Homeland Security Threat Detection
Science and Technology: Homeland Security University Fellowships

Programs at the third level of “adequate”:

Coast Guard: Marine Safety
Federal Emergency Management Agency: Disaster Recovery
Federal Emergency Management Agency: Disaster Response
Federal Law Enforcement Training Center
Homeland Security Operations Center
Immigration and Customs Enforcement: Office of Investigations
Preparedness — Grants and Training Office Technical Assistance Program
Preparedness — Grants and Training Office Training Program
Science and Technology: Standards Development for Homeland Security Technology
Transportation Security Administration: Screener Training

And at the bottom level of “results not demonstrated”:

Border Patrol
Coast Guard: Aids to Navigation
Coast Guard: Drug Interdiction
Coast Guard: Polar Icebreaking Program
Coast Guard: Search and Rescue
Immigration and Customs Enforcement: Automation Modernization Program
Preparedness — Grants and Training Office Assistance to Firefighters Grant Program
Preparedness — Grants and Training Office State Homeland Security Grants
Preparedness — Infrastructure Protection Cyber Security
Science and Technology: Threat and Vulnerability, Testing and Assessment
Transportation Security Administration: Air Cargo Security Programs
Transportation Security Administration: Aviation Regulation and Enforcement
Transportation Security Administration: Baggage Screening Technology
Transportation Security Administration: Federal Air Marshal Service
Transportation Security Administration: Flight Crew Training
Transportation Security Administration: Passenger Screening Technology
Transportation Security Administration: Screener Workforce

The most notable trends from the rankings are the Secret Service’s strong performance and the TSA’s very weak performance. It should be kept in mind that low rankings are in some cases a natural function of the newness of certain program and activities, and that many other federal agencies fare equally poorly. But those are not excuses, and the Department needs to keep working on improving performance in these critical areas.

From a White House press release today:

The President intends to designate Jeffrey William Runge, of North Carolina, to be Acting Under Secretary for Science and Technology at the Department of Homeland Security.

Runge is currently the DHS Chief Medical Officer, a position created by Sec. Chertoff last July that reports to the Undersecretary for Preparedness. I don’t really understand the rationale behind this decision. The Chief Medical Officer has a very important role to play in strengthening DHS’s role for pandemic flu and bioterrorism preparedness, and giving him temporary double-duty as acting S&T undersecretary could slow down these efforts. Why not choose someone already within S&T as acting undersecretary and then move quickly to nominate someone for the job on a full-time basis?

Update (2/28): House HSC ranking member Bennie Thompson (D-MS) weighs in on this appointment in a Washington Technology story:

Thompson, the ranking Democrat on the House Homeland Security Committee, praised Runge as “very capable and talented,” but also cautioned against filling two posts with one person.

“While I have the utmost respect for Runge’s abilities to adequately handle the responsibilities of these two positions simultaneously, it will be an enormous challenge,” Thompson said in a statement. “It is my hope that secretary Chertoff will move expeditiously to fill either … position to ensure that nothing falls through the cracks.”

I’ve been reading Sen. Specter’s draft border security bill (the full draft bill is here) more closely today, and it contains a few interesting provisions beyond what has been widely reported in the media to date. For example, Sec. 114 contains provisions to strengthen Mexico’s southern border with Guatemala and Belize as a second line of defense against immigration from Central and South America. From the text of the bill:

(a) TECHNICAL ASSISTANCE - The Secretary of State, in coordination with the Secretary, shall work to cooperate with the head of Foreign Affairs Canada and the appropriate officials of the Government of Mexico to establish a program –
(1) To assess the specific needs of Guatemala and Belize in maintaining the security of the international borders of such countries;
(2) to use the assessment made under paragraph (1) to determine the financial and technical support needed by Guatemala and Belize from Canada, Mexico, and the United States to meet such needs;
(3) to provide technical assistance to Guatemala and Belize to promote issuance of secure passports and travel documents by such countries; and
(4) to encourage Guatemala and Belize –
(A) to control alien smuggling and trafficking;
(B) to prevent the use and manufacture of fraudulent travel documents; and
(C) to share relevant information with Mexico, Canada, and the United States.
(b) BORDER SECURITY FOR BELIZE, GUATEMALA, AND MEXICO. — The Secretary, in consultation with the Secretary of State, shall work to cooperate –
(1) with the appropriate officials of the Government of Guatemala and the Government of Belize to provide law enforcement assistance to Guatemala and Belize that specifically addresses immigration issues to increase the ability of the Government of Guatemala to dismantle human smuggling organizations and gain additional control over the international border between Guatemala and Belize; and
(2) with the appropriate officials of the Government of Belize, the Government of Guatemala, the Government of Mexico, and the governments of neighboring contiguous countries to establish a program to provide needed equipment, technical assistance, and vehicles to manage, regulate, and patrol the international borders between Mexico and Guatemala and between Mexico and Belize.

My initial reaction is that this is a sensible idea. All illegal immigrants traveling on land from Central or South America have to cross the Guatemalan-Mexican or Belize-Mexican borders, which together form a much shorter border than the US-Mexican border, with only a few major crossing points and impenetrable tropical forest covering much of its length. It’s not a slam dunk solution, but it makes sense as a relatively low cost way to create a new layer of security in the system. I would suggest adding language that relates to Mexico’s maritime borders with Guatemala and Belize, since these could quickly become new pathways if the land borders become more secure. But overall, this is a provision with strong merits, and hopefully it will not become lost in the coming legislative fray over border security.

Update (2/27): I realized after posting that this was also in the Kennedy-McCain border bill (S. 1033) introduced last year. So it’s not necessarily a new idea, but it’s still one that has received little attention.

Via the AP, the Coast Guard disclosed its prior concerns about the Dubai ports deal at a HSGAC meeting held earlier today. From the story:

“There are many intelligence gaps, concerning the potential for DPW or P&O assets to support terrorist operations, that precludes an overall threat assessment of the potential” merger,” an undated Coast Guard intelligence assessment says.

“The breadth of the intelligence gaps also infer potential unknown threats against a large number of potential vulnerabilities,” the document says….

The document raised questions about the security of the companies’ operations, the backgrounds of all personnel working for the companies, and whether other foreign countries influenced operations that affect security.

These are the exact types of vulnerabilities that I expressed concern about a week ago, and they are what need to be aggressively analyzed in the extended 45-day review. If that review finds nothing specific, then I’m inclined to believe that this deal should go through, subject to safeguards that protect against an insider threat, as I proposed here.

Update (2/27): Via Findlaw, here’s the memo.

Update 2 (2/27): Some background information from the GAO (see pg. 59) on the Coast Guard Intelligence Coordination Center, which authored the memo:

Intelligence Coordination Center (ICC). This strategic intelligence center serves as the focal point for interaction with the intelligence components of the Department of Defense, other law enforcement agencies, and the intelligence community. The ICC supports all Coast Guard missions and is the center for Coast Guard intelligence collection and management.

And this description from an official US Navy document:

The Intelligence Coordination Center, a Coast Guard tenant command at the [National Maritime Intelligence Center], provides strategic intelligence support to Coast Guard law enforcement, military readiness, port security, marine safety, and environmental protection missions. The ICC serves as the Coast Guard’s 24-hour I&W watch, maintaining a current picture of all maritime threats. It serves as the Coast Guard’s primary interface with the collection, production, and dissemination elements of the national intelligence and law enforcement communities.

Update 3 (2/27): The Coast Guard’s statement about this report, sent out by the DHS press office tonight:

Statement by Coast Guard Spokesman Commander Jeff Carter on Coast Guard Port Transaction Analysis

“What is being quoted is an excerpt of a broader Coast Guard intelligence analysis that was performed early on as part of its due diligence process. The excerpts made public earlier today, when taken out of context, do not reflect the full, classified analysis performed by the Coast Guard. That analysis concludes “that DP World’s acquisition of P&O, in and of itself, does not pose a significant threat to U.S. assets in [continental United States] ports.” Upon subsequent and further review, the Coast Guard and the entire CFIUS panel believed that this transaction, when taking into account strong security assurances by DP World, does not compromise U.S. security.”

The American Bar Association released a report earlier in the month authored by their Hurricane Katrina Task Force which looked at legal authorities for disaster response. From the report:

The mission of the working group was to look at the over-arching question – were laws and regulations applicable to the response by state and federal officials sufficient to deal with this natural disaster? In assessing this, the working group addressed a number of issues and questions: Were decision makers at various levels of government cognizant of and able to use the authorities they had? If the laws were not adequate, how should gaps be filled and where should changes be made? If the authorities were sufficient, where should the emphasis be in the future to avoid the difficulties which occurred? Emergency authorities at both the federal and state level are often deliberately broad, so as to empower government and its officials to take needed actions. Thus, the fact that authorities lack specificity in some instances does not necessarily indicate an inadequacy of such authority; however, this common characteristic of emergency authorities places a higher burden on officials at all levels of government to ensure that these authorities can be implemented in the most effective way possible. Thus, the question becomes whether authorities were clarified in such a way as to be easily understood and implemented, not whether authority did exist.

And later, the report concludes:

At the federal level, the existing constitutional and statutes provide sufficient response authority. The Stafford Act and the Homeland Security Act of 2002 coupled with the National Incident Management System and the National Response Plan are adequate from an overall perspective. The issue for debate is whether the governmental statutory authorities at every level should be broad, with specificity left for plans, procedures and protocols – or whether the statutes and regulations are sufficiently specific to remove ambiguity and force responsibility and accountability. Not every situation can be anticipated by the enabling statutes, but officials must prepare for, and execute, executive authority and must be accountable for failure to do so.

These are some important issues to think about as Congress considers legislation to change the framework for disaster response this year.

The Government Accountability Office released a report today on chemical security. The report provides a very solid and detailed overview of the state of chemical security today, and makes a strong case that DHS needs expanded authority to regulate security in the sector:

Because existing laws provide DHS with only limited authority to address security at chemical facilities, it has relied primarily on the industry’s voluntary security efforts. However, the extent to which companies are addressing security is unclear. Unlike EPA, for example, which requires drinking water facilities to improve their security, DHS does not have the authority to require chemical facilities to assess their vulnerabilities and implement security measures. Therefore, DHS cannot ensure that facilities are taking these actions. DHS has stated that its existing authorities do not permit it to effectively regulate the chemical industry, and that the Congress should enact federal requirements for chemical facilities. Many stakeholders agreed—as GAO concluded in 2003—that additional legislation placing federal security requirements on chemical facilities is needed. However, stakeholders had mixed views on the contents of any legislation, such as requirements that plants substitute safer chemicals and processes that potentially could reduce the risks present at these facilities.

The report notes that DHS disagrees with the need to regulate or mandate the use of alternative “safer technologies” as a tool to enhance security. But the GAO argues that DHS should be supportive of measures consider alternative technologies, based on DHS’s own assessment of the threat:

We continue to believe, however, that the use of safer technologies may have the potential to reduce security risks for at least some chemical facilities by making them less attractive to a terrorist attack and reducing the severity of the potential consequences of an attack. While we recognize in our report that inherently safer technologies can shift risks onto other facilities or the transportation sector, there may also be instances where implementing safer technologies could reduce the likelihood and severity of a terrorist attack. In fact, DHS’s July 2004 draft of the Chemical Sector-Specific Plan states that inherently safer chemistry and engineering practices can prevent or delay a terrorist incident. The draft also notes that it is important to make sure that facility owners/operators consider alternate ways to reduce risk, such as inherently safer design, implementing just-in-time manufacturing, or replacing high-risk chemicals with safer alternatives. Therefore, we continue to believe that studying the costs and security benefits of using safer technologies would be a worthwhile effort.

I’m agnostic on this particular issue for pragmatic reasons: the longstanding quarrel over it has delayed the passage of any chemical security legislation, and we can’t afford to let additional years slip by without developing some semblance of a regulatory framework for the sector. I’m starting to sound like a broken record, but the Collins-Lieberman chemical security legislation is sensible and balanced, and it should be passed as soon as possible.

The report also mentions the National Strategy for Securing the Chemical Sector which was mandated by the FY 2006 DHS appropriations legislation, and was due to Congress on Feb. 10th, 2006. That was more than two weeks ago. Is the report done? If so, why hasn’t it been publicly released yet? It deserves a public vetting.

Update (2/28): GovExec’s story on the report.

Confused about how the port and cargo security system works, and the relationship among the different stages of activity along the supply chain? This useful chart from the Washington Post provides a solid primer.

In a USA Today story, Sec. Chertoff responds to suggestions in Congress that the proposed TSA fee increases are unacceptable:

Homeland Security Secretary Michael Chertoff says the nation’s aviation system remains “the No. 1 target” for terrorists, and he warns that his agency may have to cut spending on security at airports if Congress rejects a fee increase for some passengers.

“If the airline industry fights a fee all the time and wins and the result is we have to cut spending on airline screening, then lines are going to be longer, and customers are going to be more ticked off,” Chertoff said in an interview Friday. “And of course, the worst thing would be if something happened and a plane blew up. That would be a real shot at the heart of the airline industry. So they’ve got a real interest in making sure we have adequate funding for this….”

Without the fee, the Transportation Security Administration, which runs airport security, will need to close a $1-billion-plus hole in its budget, Chertoff said. He said that could mean cuts to the nation’s force of airport screeners. When Congress rejected the fee increase last year, the number of screeners was cut from 45,000 to 43,000.

Chertoff seems to suggest that cutting TSA’s budget would be the only option if the fee wasn’t approved. Opponents of the increased TSA fee on the House appropriations subcommittee for homeland security have suggested that some of the new border security proposals could be cut back. The Senate appropriations subcommittee for homeland security has yet to tip its hand. Its chairman Sen. Judd Gregg (R-NH) has been a strong supporter of increased border funding, but he was against increased TSA fees last year, so it’s unclear what position he’ll take on the budget. We should learn more at a subcommittee hearing with Sec. Chertoff on Tuesday.

The new Canadian defence minister, Gordon O’Connor, discussed the Harper government’s intention to renew the NORAD treaty with the United States before it expires in May, and expand NORAD’s role in the area of maritime surveillance:

O’Connor, in his first public statement since Conservative Prime Minister Stephen Harper came to power last month, downplayed the significance of the updated treaty, dismissing the suggestion it could lead to U.S. warships patrolling Canadian waters.

The agreement will mean “merely a transfer of information,” he told reporters in the hangar deck of the Canadian frigate HMCS Halifax, after touring the navy dockyard.

“It doesn’t change our responsibility as a country,” he said. “We have to look after our own sovereignty. We have to deal with any threats coming from the sea.”

Once ratified, the new treaty would allow intelligence on shipping data and threats to the sea lanes to be sent directly into NORAD headquarters, which is staffed by Canadian and U.S. military at Peterson Air Force Base in Colorado Springs, Colo.

This is a sensible change for NORAD and the US-Canada security relationship, given the closely linked maritime domains of the two countries and the increased prominence of maritime security in the broader counterterrorism and homeland defense context. For more on what NORAD and NORTHCOM are doing on maritime security, see this recent Denver Post story.

One of the more intriguing pieces of homeland security legislation introduced this month is H.R. 4765, the High Threat Helicopter Flight Area Act, introduced by Rep. Anthony Weiner (D-NY). The bill would require aviation-style screening for passengers on helicopters in designated high-threat areas, at the discretion of the Secretary of Homeland Security. Weiner has apparently been interested in this issue for a while; he has issued press releases in the last two years about the helicopter security threat. And this follows the creation of a new helicopter shuttle service between Wall Street and JFK Airport, one where TSA will now be paying $560,000 to screen people for their outbound JFK flights at the heliport.

There is a potential terrorist threat from helicopters. A helicopter is not a powerful weapon by itself, but it could be an effective means to deliver a weapon (e.g. explosives, chemical agents) to a high-value target. But I don’t think that aviation-style screening is the right answer for this threat. It’s probably more appropriate to focus on a set of measures that would include improved physical security for urban heliports, locks on helicopters, and background checks for owners, pilots, and flight students.

It also seems like an abuse of taxpayer resources for TSA to pay for security screening at this Wall Street heliport. If people are going to have the privilege of going straight to the gate at JFK because they were screened at the heliport, then the costs for that screening should come completely from user fees that are part of the service’s cost, not out of the general TSA screener budget. Based on the company’s projections, $4-$5 per passenger should cover TSA’s screening costs.

The New York Times had an interesting story this weekend on the role of new data mining technologies in intelligence and homeland security:

A small group of National Security Agency officials slipped into Silicon Valley on one of the agency’s periodic technology shopping expeditions this month.

On the wish list, according to several venture capitalists who met with the officials, were an array of technologies that underlie the fierce debate over the Bush administration’s anti-terrorist eavesdropping program: computerized systems that reveal connections between seemingly innocuous and unrelated pieces of information….

Most of the blog reaction to this story has been critical, wondering why tech companies would get involved with the NSA. I’ve expressed concerns in the last two months about the apparent circumvention of U.S. law in the recent NSA revelations, but this seems like exactly what the NSA should be doing: seeking out new ideas from the nation’s brightest technology minds. The NSA absolutely needs to stay ahead of the technology curve and adopt leading-edge tools. That’s not inconsistent with wanting there to be a better framework to ensure that the applications of these technologies are legal and are used consistent with the nation’s system of checks and balances.

Sen. Arlen Specter (R-PA) introduced a 300-page draft immigration and border security bill on Friday, the Comprehensive Immigration Reform Act of 2006, which will be taken up by the Senate Judiciary Committee in March. The full draft legislation is available here, and stories in the New York Times, Orange Country Register, Los Angeles Times, Sacramento Bee, and the Washington Times provide an outline of its contents.

The contents of the bill include:

• A guest worker program, allowing participants a maximum of two three-year work stints in the U.S., with no right to permanent residency or citizenship;
• No authorization of funding for a Mexican border fence, but instead a call for a study of border fencing;
• A new workplace enforcement program, consistent with the House bill;
• Expanded funding for border agents and border technology;
• A student visa category for foreign students studying engineering and the sciences, allowing them to stay for a full year after graduation while seeking employment in the U.S.;
• A provision to allow indefinite “conditional work status” to illegal immigrants who were in the U.S. prior to January 2004.

This bill has already received a poor reception by many supporters of the House bill; Rep. Tom Tancredo (R-CO) promptly trashed it in this news release. And it has been criticized by many immigrant advocacy groups who argue that a guest worker program would create a permanent underclass, akin to the Turkish Gastarbeiter in Germany. But it’s received a generally solid (if somewhat lukewarm) response from Specter’s fellow senators, who recognize the extent to which this is an attempt at a compromise between many competing perspectives. And it satisfies the White House’s strong interest in a guest worker program.

The Judiciary Committee will take up the draft bill on Thursday. As I’ve noted previously, there’s still a long way to go in the process of passing a border bill. I’d say we’re now in the fourth inning.

Time Magazine has an important story out today that looks at the Dubai ports deal in the context of broader efforts to secure private sector infrastructure since 9/11. It focuses on the issue of chemical plant security, a topic that I’ve been harping on constantly in recent months:

Today only about 1,100 of the nation’s 15,000 biggest plants participate in the voluntary security program. Even Bush loyalists are worried about the vulnerability that remains. “Not all chemical sites are good partners,” said Asa Hutchinson, a former top Homeland Security official, at a recent chemical-industry gathering. “Some of the top-tier sites will not let Homeland Security inside the fence.”

For my money, the single most important thing that Congress could do in 2006 to strengthen homeland security has nothing to do with FEMA or border security: it’d be passing the Collins-Lieberman chemical security legislation as soon as possible.

According to a Fedbizopps posting last week, the TSA intends to hire an executive recruiting agency:

The Transportation Security Administration intends to begin market research pursuant to Executive Recruitment Services for multiple key Federal Government executive positions in the United States….

The contractor must provide nationwide services to assist in filling key Federal Government leadership (executive) positions. The ideal candidates for the leadership positions to be filled must have experience in security in one or more of the transportation modes (air, rail, highway, port, etc.). Candidates would also include those individuals with law enforcement/security experience or individuals with previous military leadership experience. The positions to be filled are located in the National Capital Region and at airports throughout the country.

Without a doubt, TSA needs to have a cadre of strong senior managers, both at headquarters and in the FSD positions. But do they really need to hire an outside executive recruiting firm? What’s wrong with USAJOBS? This seems like a questionable expenditure for an agency is likely to be cash-strapped in the coming fiscal year.

60 Minutes reported tonight on the Dubai ports story and the broader issue of port security. The transcript of the show is available here, and does a good job of outlining the key issues related to port and maritime security today.

From the summary of the report:

“We have a real problem on our waterfront. But it’s less about who owns these few terminals in our country. It’s about the systematic vulnerability,” [Stephen Flynn] says.

“So you’re not terribly concerned by the fact that a company from Dubai is going to be operating port terminals in the United States?” [Steve] Kroft asked.

“I’m concerned that the entire system is potentially vulnerable,” Flynn replied.

This is just the latest example of the media broadening their focus from the Dubai story to the much more important issue of broader port and maritime security activities. If there’s a silver lining from this whole Dubai ports story, it’s the fact that renewed attention to the issue of port security may very well lead to increased resources in this appropriations cycle.

Below is a list of homeland security policy events in the DC area next week. I post a list each week and will sometimes update mid-week when I find new items. You can always find current and previous postings under the “Events” category tab at right. And please note that many events require prior invitations and/or RSVPs.

2/27-2/28: Bird Flu Summit. Hyatt Regency Crystal City, Arlington, VA.
2/27: Heritage Foundation event on “What’s in a Name? How to Talk about Terrorism.” 214 Mass Ave NE, 11am.
2/28: Carnegie Mellon University conference on “Before the Next Crisis: Steps to Secure America’s Essential Services.” Hart 911, 8:30am.
2/28: The Trust for America’s Health forum on business and pandemic flu preparedness. National Press Club, 14th and F St. NW, 8:30am.
2/28: Senate Committee on the Judiciary hearing on “Wartime Executive Power and the NSA’s Surveillance Authority.” Dirksen 226, 9:30am.
2/28: Senate Appropriations Committee hearing on the FY 2007 DHS budget request. Dirksen 192, 10:30am.
2/28: House Government Reform committee hearing on “Progress Since 9/11: Protecting Public Health and Safety Against Terrorist Attack.” Rayburn 2154, 2pm.
2/28: Senate Commerce Committee hearing on “Security of Terminal Operations at U.S. Ports.” with DHS Deputy Secretary Michael Jackson et al. Dirksen 106, 2:30pm.
3/1: Senate HSGAC hearing on “The Department of Homeland Security’s Budget Submission for Fiscal Year 2007″ with Sec. Chertoff. Dirksen 342, 9:30am.
3/1: Senate Committee on the Judiciary hearing on “Federal Strategies to End Border Violence.” Dirksen 226, 9:30am.
3/1: CSIS Homeland Security Program event on “The Dubai Ports Deal: How Secure is It?” with Adm. James Loy, Judge William Webster, Jayson Ahern from CBP and Rear Adm. Craig Bone from the Coast Guard. 1800 K St, NW, 9:30am.
3/1: United States Animal Identification Organization press conference to unveil a new web-based system to track livestock. National Press Club, 14th and F Sts. NW, 10am.
3/1: House T&I committee hearing on “The United States Coast Guard and The Federal Maritime Comission FY ’07 Budget Requests.” Rayburn 2167, 10am.
3/1: Center for American Progress and American Constitutional Society for Law and Policy event on “Warrantless Domestic Surveillance: Its Roots and Where We Go From Here” with former Sen. Gary Hart and others. CAP, 1333 H St, NW, 10th Fl., 12:30pm.
3/1: House HSC hearing on “The State of Interoperable Communications: Perspectives from State and Local Governments.” Cannon 311, 2pm.
3/1: Johns Hopkins SAIS Center for Transatlantic Relations conference on “International Aspects of Homeland Security: A Congressional Conference.” Rayburn 2237, 2pm.
3/2: House Appropriations Committee hearing on “Avian Influenza - International Response.” Rayburn 2359, 10am.
3/2: Senate Banking Committee hearing on “Continued Examination of Implementation of the Exon-Florio Amendment: Focus on Dubai Ports World’s Acquisition of P&O.” Dirksen 538, 10am.
3/2: New America Foundation brown bag lunch with former Sen. Gary Hart on his new book, The Shield and the Cloak: The Security of the Commons. 1630 Conn Ave NW, 7th Fl., 12:15pm.
3/2: House Armed Service Committee hearing on “National Security Implications of the Dubai Ports World Deal to Take over Management of U.S. Ports.” Rayburn 2118, 1pm.
3/2: House HSC hearing on “The 9/11 Reform Act: Examining the Implementation of the Human Smuggling and Trafficking Center” with DHS Asst. Secretary Randy Beardsworth. Cannon 311, 2pm.
3/2: House Appropriations Committee hearing on the Department of Homeland Security’s Science and Technology budget. Rayburn 2359, 2pm.
3/3: Center for Immigration Studies discussion on the proposed guest worker program. National Press Club, 14th and F St. NW, 12 noon.

(Please e-mail me if you have suggestions about additions to this list for this week, or future weeks).

The LA Times published an op-ed last week by Milton Leitenberg, the author of a recent book entitled “Assessing the Biological Weapons and Biological Threat” published by the Army War College.

In the editorial he notes:

The United States has spent at least $33 billion since 2002 to combat the threat of biological terrorism. The trouble is, the risk that terrorists will use biological agents is being systematically and deliberately exaggerated. And the U.S. government has been using most of its money to prepare for the wrong contingency.

A pandemic flu outbreak of the kind the world witnessed in 1918-19 could kill hundreds of millions of people. The only lethal biological attack in the United States — the anthrax mailings — killed five. But the annual budget for combating bioterror is more than $7 billion, while Congress just passed a $3.8-billion emergency package to prepare for a flu outbreak.

The exaggeration of the bioterror threat began more than a decade ago after the Japanese Aum Shinrikyo group released sarin gas in the Tokyo subways in 1995. The scaremongering has grown more acute since 9/11 and the mailing of anthrax-laced letters to Congress and media outlets in the fall of 2001. Now an edifice of institutes, programs and publicists with a vested interest in hyping the bioterror threat has grown, funded by the government and by foundations.

He then goes on to examine the bioterrorism threat posed by hostile states and terrorists, and argues that the former is rapidly in decline and the latter is unsubstantiated. He then argues that the United States’ strong focus on bioterrorism might actually be exacerbating the threat:

The real problem is that a decade of widely broadcast discussion of what it takes to produce a bioweapon has provided terrorists with at least a rough roadmap. Until now, no terrorist group has had professionals with the skills to exploit the information — but the publicity may make it easier in the future.

There is no military or strategic justification for imputing to real-world terrorist groups capabilities that they do not possess. Yet no risk analysis was conducted before the $33 billion was spent.

Some scientists and politicians privately acknowledge that the threat of bioterror attacks is exaggerated, but they argue that spending on bioterrorism prevention and response would be inadequate without it. But the persistent hype is not benign. It is almost certainly the single major factor in provoking interest in bioweapons among terrorist groups. Bin Laden’s deputy, the Egyptian doctor Ayman Zawahiri, wrote on a captured floppy disk that “we only became aware of (bioweapons) when the enemy drew our attention to them by repeatedly expressing concerns that they can be produced simply with easily available materials.” We are creating our worst nightmare.

These are strong arguments by Leitenberg, and are worthy of debate. I’m inclined to believe that the bioterrorism threat is real, especially if we look at it from the appropriate 15-20 year time horizon. But I also think he has a good point about the relative value of spending money to prevent bioterrorism from a risk assessment perspective. $33 billion is a lot of chips to be putting on one type of threat, when there are a lot of other very relevant threats (both terrorist and non-terrorist related) that we face today. From a risk-based perspective, are we better off spending an additional billion at the margin to develop vaccines for non-contagious threats such as anthrax and ricin, or for programs to secure WMD-related materials in Russia? Or for enhancing our humint capabilities? Or strengthening security at ports? These types of questions need to be asked as part of a strategic approach to homeland security.

The National Journal has a very solid piece of reporting on the process by which the Total Information Awareness project at DARPA (which Congress cut off funding for in 2003) went over to the classified world:

Research under the Defense Department’s Total Information Awareness program — which developed technologies to predict terrorist attacks by mining government databases and the personal records of people in the United States — was moved from the Pentagon’s research-and-development agency to another group, which builds technologies primarily for the National Security Agency, according to documents obtained by National Journal and to intelligence sources familiar with the move. The names of key projects were changed, apparently to conceal their identities, but their funding remained intact, often under the same contracts.

The story is full of interesting details, introducing the codenames of the ex-TIA programs in their new incarnations (Genoa II, Topsail, Basketball) and providing a lot of convincing evidence that ties TIA contractual activities together with very similar programs at the NSA-linked Advanced Research and Development Activity. Hopefully the revelations in this story will encourage these programs, if they continue, to strengthen their internal privacy controls - something that was a key element of the original vision for TIA.

I’ve taken a closer look at the White House’s report on Katrina, released earlier today, focusing on one of the core sections of the report - Chapter Six, entitled “Transforming National Preparedness.” The chapter looks at the core, systemic lessons of the response to Katrina, noting that the reliance on “pull-model” for disaster response where states and cities request federal assistance is now inoperative in cases of large-scale, catastrophic disaster. The report then suggests that a model of national security is perhaps more appropriate in such catastrophic incidents today:

While this [pull] approach has worked well in the majority of disasters and emergencies, catastrophic events like Hurricane Katrina are a different matter. The current homeland security environment—with the continuing threat of mass casualty terrorism and the constant risk of natural disasters—now demands that the Federal government actively prepare and encourage the Nation as a whole to plan, equip, train, and cooperate for all types of future emergencies, including the most catastrophic.

A useful model for our approach to homeland security is the Nation’s approach to national security. Over the past six decades, we have created a highly successful national security system. This system is built on deliberate planning that assesses threats and risks, develops policies and strategies to manage them, identifies specific missions and supporting tasks, and matches the forces or capabilities to execute them. Operationally organized, it stresses the importance of unity of command from the President down to the commander in the field.

Perhaps most important, the national security system emphasizes feedback and periodic reassessment. Programs and forces are assessed for readiness and the degree to which they support their assigned missions and strategies on a continuing basis. Top level decision-makers periodically revisit their assessments of threats and risks, review their strategies and guidance, and revise their missions, plans, and budgets accordingly.

This is a very important passage in this report, and deserves some careful scrutiny.

At a general level, the idea of a “national security approach” makes intuitive sense to me. Reactive strategies for catastrophic response are definitely insufficient, and new, more forward-leaning strategies are required given the increasing likelihood of response situations where state and local responders will be overwhelmed.

But what exact “national security” model are we talking about here? Are we talking about traditional military models - the command-and-control principles that have governed military strategies from the Gallic Wars to the Cold War defense of the Fulda Gap? Or are we talking about leading-edge, technology-enabled models such as net-centric warfare or fourth generation warfare (4GW) that empower decentralized unit-level decision-making and initiative?

Given the language in the second paragraph of the excerpt above, I’m afraid it’s the former, when what we really need is the latter. The paragraph seems to envision planning for every conceivable contingency to a very detailed level, and assigning specific responsibilities in advance. Is that what we really need? I don’t think so. Instead, I think we need a flexible, capabilities-based planning system that focuses on developing the broad set of capabilities that we need - trained people, equipment, systems, etc. - and prepares people by robustly testing these capabilities against a broad set of scenarios in a way that encourages creativity, adaptability and cross-organizational teamwork.

The paragraph also speaks of a hierarchical “unity of command” in this model. But that’s an outdated model in a networked world. Even with robust system awareness, I’d contend that in any large-scale catastrophic response situation, the “effectiveness benefits” due to rapid on-the-ground decision-making will outweigh the “efficiency benefits” of centralized control.

As I mentioned earlier today, I think there are some important and positive lessons in this report. But any shift to greater centralization of the emergency management process has serious risks, and could ultimately weaken the system rather than strengthen it. Instead of trying to over-plan and assert greater control over the national preparedness effort, the federal government should focusing on empowering and enabling the millions of direct participants in the national response system around the country. That’s the ‘national security approach’ that we should take.

In the Senate Armed Services hearing on the Dubai ports deal today, Sen. Levin made the following statement about spending on port security:

At the same time, it has been a constant struggle to devote adequate funds to strengthen port security. According to the Wall Street Journal, while $18 billion has been spent on airport security since 9/11, the amount spent on port security has been only $630 million.

This quote is taken from a story in today’s (2/23) edition of the Wall Street Journal; the story itself provides no detail as to the source of this statistic.

This figure of $630 million seems incorrectly low to me. It’s very close to the total level of port security grants that have been allocated since 9/11 - the AAPA noted this total at $708m in a recent press statement.

But port security grants are NOT the totality of port security spending. The “ports, waterways, and coastal security” budget line item within the Coast Guard’s budget has totaled nearly $5 billion since FY 2003. ($1.25 billion in FY 2003, $1.26 billion in FY 2004, $1.21 billion in FY 2005 and $1.26 billion in FY 2006.) There is no similar estimate available for FY 2002, but it’s likely similar - I’ll estimate $1.1 billion. Not all of this is for port security per se, but a large share of it is - I’ll estimate 60%. Spending within Customs and Border Protection (CBP) on port security is harder to break down, but in FY 2006, the Container Security Initiative is funded at $139m, C-TPAT is at $54m, the National Targeting Center at $16m, Automated Targeting Systems at $28 million, and spending on radiation portal monitors at $125 million (some of which are for land borders). I’d imagine that there’s at least another $200-$300m within the entire $1.27 billion in CBP’s budget for border inspections for FTE’s at seaports (with the balance at land border checkpoints and international airports). That add ups to around $600m/year within CBP’s budget for port security, although prior years are significantly lower since many of these line items have only been introduced in the last 1-3 years. Finally, I’d add the Department of Energy’s Megaports initiative, funded at $74m this year and $28m in FY 2005.

All told, I’d have to estimate cumulative port security spending at $6.13 billion during the 4.5 years between the start of FY 2002 (Oct. 1, 2002) and the midpoint of FY 2006 (March 31, 2006).

Are we spending enough, however? As I’ve said in recent days, I don’t believe so. MTSA implementation has been underfunded, and there has never really been a “system-wide commitment” to the challenges of port security in the same way that the federal government has addressed the vulnerabilities of the commercial aviation system. But I think it’s important to provide fair spending estimates when engaging in this important debate.

Fran Townsend’s report on “The Federal Response to Hurricane Katrina: Lessons Learned” is now available here (3MB PDF)on the White House website. The White House also released a summary fact sheet about the report.

At first glance, the high-profile recommendations look familiar, and it also looks like there are some interesting items buried in the weeds of it. For example, the set of recommendations on “Homeland Security Professional Development and Education” are definitely worth a closer look, and seem closely aligned with the bill introduced by Sens. Collins and Lieberman to create a National Homeland Security Academy. And the recommendations on public communications, critical infrastructure protection, and citizen preparedness are all solid and forward-looking.

My overall impression is that the report seems relatively solid, and many of its recommendations are things that the federal government should do. The essential question is whether the Administration is willing to both find the resources and push on the key agencies to turn these recommendations into reality.

Watch out Dig Dug.

Sen. Dianne Feinstein has introduced a bill that would set criminal penalties for people who build, use, or finance border tunnels - something that is apparently not against the law today. The LA Times story on the legislation is here.

This seems like a sensible idea, the kind of thing that is likely to attract near-unanimous support in Congress. I wouldn’t be surprised to see it attached to the border bill when the Senate takes up the issue next month.

Update (3/8): Here’s a link to the bill.

This Los Angeles Times op-ed echoes my contention on Monday morning that the real issue should be port security funding:

This week’s hubbub diverts attention from a pressing and genuine debate over what those agencies really need to do to keep our commercial harbors safe. Compared to airport security, port security is woefully underfunded and undeveloped.

A paper written by former Coast Guard Cmdr. Stephen E. Flynn in the current issue of the Far Eastern Economic Review calls the system a “house of cards.” Flynn argues that any terrorist worth his salt could simply seek out a well-known “trusted” shipper’s containers to stash his deadly contraband. He calls for a slate of inspection-oriented reforms, including the adoption of better screening technologies.

Who owns the companies that operate the ports isn’t the point — it’s how those companies work together with federal and local authorities to keep ports safe. And the Department of Homeland Security has a long way to go before it figures out how best to get that done.

I still think there are some security issues that need to be examined more closely with the Dubai deal, such as building safeguards against insider threats - but otherwise, this editorial is spot-on.

For more info, read the original article by Flynn mentioned in the editorial. And here’s my take on Flynn’s piece from a post last month.

Update (2/23): On a related note, this sentence from an NYT story in Thursday’s paper stood out (emphasis mine):

But Mr. Seymour, head of the subsidiary now running the operations, says only one of the six ports whose fate is being debated so fiercely is equipped with a working radiation-detection system that every cargo container must pass through.

Closing that gaping hole is the federal government’s responsibility, he noted, and is not affected by whether the United Arab Emirates or anyone else takes over the terminals.

Update 2 (2/23): Similar comments from USA Today’s editorial page:

The uproar in Congress does raise one useful question: What is the government doing to secure ports? The major threat is that a terrorist could smuggle a radioactive “dirty bomb,” nuclear device or another weapon of mass destruction in one of millions of cargo containers that land on U.S. docks each year. If lawmakers want to prevent that, here are a few real concerns they’ve been ignoring:

• Congress’ investigative arm, the Government Accountability Office, has issued more than a dozen reports since 9/11 revealing huge gaps in just about every shipping security program the government runs.

• A program to inspect high-risk, U.S.-bound containers at foreign ports misses many of its targets; others get inspected but not very effectively, the GAO found.

• An effort to issue federal identification cards to more than 5 million transportation workers has barely started. The Transportation Security Administration has issued just 4,000 “prototype” cards so far.

• Radiation sensors deployed in some foreign ports are not “capable of detecting a nuclear weapon or a lightly-shielded dirty bomb,” according to security expert Stephen Flynn of the Council on Foreign Relations.

Yes, Congress is welcome to take a hard look, unvarnished by political gamesmanship, at the involvement of Dubai Ports World in a sensitive industry. But it could do far more for security by working to fix the broad vulnerabilities in shipping.

Both tasks would be easier if lawmakers got down to business, instead of tripping over each other on the way to the cameras.

Congress Daily reported today on the current state of play for border security legislation in the Senate, which suggests that the Senate leadership is pursuing a “two-track” approach: letting the Judiciary committee draft a bill, but with Majority Leader Bill Frist reserving the right to draft his own bill. From the article:

A chairman’s mark expected to be introduced this week will resemble the mark [Senate Judiciary Committee Chairman Arlen] Specter circulated last year, which borrows components from various immigration proposals. It included the border security provisions in the plan introduced by Sens. John Cornyn, R-Texas, and Jon Kyl, R-Ariz., as well as the guestworker plan introduced by Sens. John McCain, R-Ariz., and Edward Kennedy, D-Mass. Specter has characterized the mark as a “starting point” for debate.

Frist has told colleagues he wants to begin floor debate in late March, likely March 27. Senate aides said whether the bill will be written by the committee or leadership depends on how the Judiciary Committee markup goes. “If the committee keeps the bill solid, and if it gets it done on time, Frist won’t need to introduce anything,” one GOP aide said.

The question remains: what would cause Frist to write his own bill? He has generally seemed inclined to favor the broad outlines of the Judiciary Committee’s bill. Perhaps he’s reserving this as a contingency in case the political climate requires a more punitive and interdiction-focused bill, akin to the one that passed the House in December.