Homeland Security Watch

The Department of Homeland Security held a press conference yesterday to discuss progress over the past year on border security and immigration enforcement, and CBP and ICE both issued press releases that contain statistics documenting their efforts over the past year.

Overall these two documents paint a justifiably positive portrait of the Department’s efforts at border security and interior enforcement. It’s clearly true that the increased attention to these missions has led to improved performance over the past twelve months.

My main complaint about the documents is that year-to-year comparisons are omitted in certain instances; for example, CBP notes the amount of marijuana seized in FY 2006, without providing the FY 2005 tally as a point of comparison. And it notes the number of C-TPAT validations in FY 2006, without mentioning the comparable statistic for FY 2005. These documents are better than previous DHS fact sheets on border security and immigration enforcement, but still have a way to go.

Finally, there’s this line item in the CBP fact sheet:

Developed and coordinated the Rice-Chertoff Initiative to establish two model international ports of entry at Washington/Dulles and Houston Intercontinental airports. This initiative seeks to renew America’s welcome with improved technology and efficiency, the development of secure travel documents for the 21st century, and improved information sharing.

I arrived on an international flight into Dulles last Friday, and I still don’t see any evidence that this “model airport” initiative has been implemented, unless a TV hanging on the wall showing “The Redskins Report” counts as “renewing America’s welcome.”

A few months ago, the White House quietly issued a classified joint Homeland Security Presidential Directive / National Security Presidential Directive - HSPD-16/NSPD-47 - and has not released its contents. The San Francisco Chronicle ran a story about the directive in mid-August, noting that it contained the following contents:

The order, confirmed to The Chronicle by officials with knowledge of its contents, focuses on threats to aircraft from passenger baggage and air cargo — including detection of conventional, nuclear, radiological, and chemical devices — securing the airspace over the continental United States, and developing technologies to detect and prevent missile attacks on aircraft.

The directive, known as both National Security Presidential Directive 47 and Homeland Security Presidential Directive 16, also orders the agencies to implement a plan to check airline passenger lists against the government’s watch lists and to assume the costs of conducting the database searches. The cost of checking passenger lists currently falls to the airlines.

Recently a notice appeared in the Federal Register that is the first government confirmation of HSPD-16/NSPD-47 that I’ve seen. The notice describes a new Plan for the Emergency Security Control of Air Traffic, which cleary defines DOD, DOT, and DHS roles in the event of an emergency airspace incident, and establishes a “ESCAT Air Traffic Priority List (EATPL)” which serves as an order of priority for use and entry into U.S. airspace in the event of the activation of this plan.

This EATPL seems a bit out of balance to me, putting state and local law enforcement and first response activities near the end of the air traffic priority list, after a long list of military air assets. In a scenario where an attack has taking place and out-of-region emergency services are needed, it seems as if this priority list create a risk that state and local response assets would be stuck at the back of the queue, behind military assets who may be necessary to secure airspace and facilitate continuity of government, but who aren’t going to save any civilian lives. Hopefully this is an issue that is being discussed between DHS and DOD; otherwise this could lead to of the same command-and-control response breakdowns that we saw in the response to Hurricane Katrina.

Note to self: don’t create script to allow anyone to print out fake airline boarding passes:

A website that let anyone with an Internet connection and a printer create fake airline boarding passes has been shut down after federal agents visited the creator.

FBI agents raided Christopher Soghoian’s home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him Friday afternoon with a request to take the site down, but when he got online, he found that the site had already been removed, he wrote.

….Soghoian’s “Northwest Airlines Boarding Pass Generator” let people create boarding passes that look virtually identical to the ones printed from the Northwest Airlines website. They could be used to get past airport security, but not to get on an airplane, because the airline would have no record of the reservation, Soghoian said.

Here’s Soghoian’s blog. While it probably wasn’t the wisest move to create this script and put it online, I think that making a criminal case out of this is an unfortunate response. Instead, the FBI and/or the airlines should be focusing on strengthening the security of commercial aviation documents - perhaps by working with Soghoian and offering him a job.

US News reported this week on a new collaborative tool within the Intelligence Community for analysis: Intellipedia. From the article:

Intellipedia. Many of the hottest online tools now in use turn out to be ideal for sharing intelligence, officials say. Two years ago, the CIA launched its own wiki. (A wiki is an online site that allows users to collectively add and edit content, like Wikipedia, the online encyclopedia.) Dubbed simply the CIA Wiki, it now boasts some 10,000 classified pages. In January, the DNI followed with a communitywide wiki, dubbed the Intellipedia. The DNI’s National Intelligence Council-which produces the government’s weighty National Intelligence Estimates on key topics-has just launched an experiment to produce the first NIE by wiki. The subject: Nigeria. Top experts on the oil-rich African nation are working together on the Intellipedia to help chart its future. “I don’t know if it’s going to work,” says Thomas Fingar, the chief of analysis for the DNI. “It might; might not.”

The DNI held a news conference yesterday to describe Intellipedia in greater detail. I think this is a great idea, and is a perfect example of how the intelligence community can harness new tools and technologies to strengthen analysis.

Update (10/31): More on Intellipedia from the L.A. Times.

In a post last week, I linked to a document on the Government Printing Office website that contained the full congressional justifications for the FY 2007 DHS budget request. In that post, I mentioned that it contained a wealth of information for DHS-watchers about the Department. On that note, I went through the document to research one topic that I haven’t seen analyzed previously: the average salaries within each of the constituent parts of DHS, which can be estimated by analyzing the “Permanent Positions by Grade” charts that are found throughout the document. You can see the full results of that analysis in this Excel spreadsheet, which computes average salaries for FY 2006. Some key findings:

1. The average salary of the 177,844 DHS employees included on the spreadsheet was $56,334 in FY 2006.
2. The average salary of a civilian (i.e. non-military Coast Guard) General Service (GS) or GS-equivalent civilian employee (e.g. TSA, which has a different pay-band system) was $56,319. And the average salary of a civilian Executive Service (ES) or ES-equivalent employee at DHS was $151,376 in FY 2006.
3. Within both categories (ES and GS) there is a lot of variation among agencies and sub-agencies in terms of average pay. Part of this is due to natural variations in the years of experience and skill requirements of employees, and/or is abnormal due to a small sample size, but it’s difficult to tell if it’s all attributable to these differences. The highest paying-components of DHS in the analysis (ES+GS) are as follows:
• US-VISIT, $151,197 average salary (115 employees).
• Office of the Undersecretary for Preparedness, $131,360 (85 employees).
• Infrastructure Protection and Information Security, $118,425 (445 employees)
• FEMA, Disaster Relief Account, $115,781 (25 employees).
• DHS Chief Information Officer, $112,590 (78 employees).
• US Coast Guard, Acquisition Account (Civilian), $112,311 (345 employees).

And the lowest-paying accounts are as follows:

• TSA, Aviation Security, $36,387 (51,275 employees).
• ICE, Immigration User Fee Account, $39,050 (275 employees).
• ICE, Breached Bond Detention Fund, $41,084 (63 employees).
• CBP, Puerto Rico Account, $51,098 (654 employees).
• US Coast Guard Military, $54,715 (39,764 employees).
• Customs and Border Protection, $59,852 (34,319 employees).

You can see the full analysis by downloading the spreadsheet which contains the complete analysis. Note that the Federal Air Marshal Service is not included within the scope of this analysis, because statistics on its workforce are classified.

Just published in the new issue of Washington Technology: an op-ed by my boss (and sometime co-author) Scott Gould and the Reform Institute’s Dan Prieto headlined “The data trail: Best vector to secure aviation.” Check it out.

The Post’s Stephen Barr reviews a new book entitled “Meeting the Challenge of 9/11: Blueprints for More Effective Government” today, one which he argues provides important lessons for the leaders of the Department of Homeland Security. His review focuses on a chapter of the book on the role of the Undersecretary of Management at DHS:

Dean and Ink discuss the importance of having a senior official in large agencies focused on management issues — such as accounting and finance, procurement, personnel, technology and property. They point to the undersecretary of management in the Department of Homeland Security as the kind of post that can help a Cabinet secretary succeed in pulling together internal operations.

As part of their review of the undersecretary’s job at Homeland Security, they recommend that the department ensure the job, which will probably be held by a political appointee, has a sidekick from the career ranks who can provide continuity during presidential transitions.

Dean and Ink also contend that too many jobs in the Homeland Security undersecretary’s office have been reserved for political appointees. “With respect to fighting terrorism overseas, there is recognition of the value of depending on professional career military leaders who serve under a small number of political policy leaders in Washington. Why should professional career leadership be any less critical for protecting our homeland against terrorism?” they ask.

They add, “It is essential that the management of homeland security not be politicized.”

That, however, appears to be happening. Members of Congress have questioned whether the position of undersecretary is needed at Homeland Security, in part because the deputy secretary has a strong hand in day-to-day operations. Congress also has cut funding requests for the undersecretary’s office, usually to reorder priorities. (Only one person has ever held the undersecretary position, and she left in May.)

This last paragraph is a correct assessment of the current conventional wisdom about the role of an Undersecretary for Management, confirmed by the fact that DHS hasn’t shown any real urgency to replace Janet Hale over the last seven months, since March when she announced her resignation. I think there is still an unsettled debate about whether this position is necessary, or if instead it’s more appropriate for the other C-level officials at DHS - CFO, CIO, CHCO - to report directly to the Secretary and Deputy Secretary. From an organizational design perspective, I’m inclined to favor the latter perspective, since the CFO, CIO, and CHCO need direct access to the Secretary and Deputy Secretary on the org chart if key initiatives are going to get the attention and priority that they deserve. If these officials are two levels away from the Secretary’s office on the org chart (and compounding the problem, in offices across town) then it’s more likely that key Department-wide financial, human capital, and IT initiatives will languish.

Below is a list of homeland security policy events in the DC area next week (as well as the occasional listing outside of DC). Please note that many events require prior invitations and/or RSVPs.

10/30-10/31: Border Management Systems and Technologies conference. San Diego, CA.
10/30: DHS press conference on immigration enforcement. Reagan Building, 1300 Pennsylvania Ave NW, 11am.
10/30: Wilson Center event with CFR’s Steve Simon on “Why the Jihad is So Durable.” Reagan Building, 1300 Pennsylvania Ave NW, 12noon.
10/30-10/31: Serious Games Summit. Crystal Gateway Marriott, 1700 Jefferson Davis Hwy, Arlington, VA.
10/31-11/2: Asia-Pacific Homeland Security Summit. Big Island, Hawaii.
10/31: American Trucking Association Management Conference features remarks by Sec. Chertoff. Gaylord, TX.
11/1: Financial Services Roundtable event to release a report on the pandemic flu. National Press Club, 529 14th St NW, 12 noon.
11/2: Global Justice Information Sharing Initiative meeting. Embassy Suites Hotel, 900 10th St NW, 8:30am.
11/2: UK-US Security Technologies Symposium hosted by UK Trade & Investment and CSIS. 1800 K St NW, B-1 Level, 9:30am.
11/3: Cyber Conflict Studies Association fall symposium. George Mason U. Law School. 3301 Fairfax Dr., Arlington, VA. 8am.
11/3: Middle East Policy Council conference: “Are We Trapped in the War on Terror?” 1319 18th St NW, 9:30am.

(Please e-mail me if you have suggestions about additions to this list for this week, or future weeks).

I attended and spoke at the Global Security Challenge Conference today in London, England, an event that was organized by a group of London Business School students over the past year centered around a business plan contest for promising homeland security start-ups. It was an excellent conference, featuring a diverse and interesting group of speakers and involving some top-notch companies in the business plan competition. I’m pretty jaded by all of the homeland security-related business pitches that I’ve heard over the past 4+ years, but the quality of these plans was excellent:

• Ingenia Technology
• ScanWalk
• Secerno
• TIRF Technologies
• Vumii

Ingenia Technology was the ultimate winner of the competition, for what looks to be a very interesting technology for document and asset authentication based upon the natural physical signatures of items.

The speakers at the conference were also very informative. A number of them invoked the Chatham House rules, so I can’t go into detail on the day’s remarks, but I can note that I was surprised by the extent to which many of the Europeans viewed the U.S. homeland security market as ideal in its openness and flexibility in comparison with what they experience in the European Union. And I learned details about two European technology development programs that I hadn’t previously known much about: the European Security Research Programme and NATO’s Defence against Terrorism program.

The most valuable takeaway from the event for me was witnessing the practical results that a small cohort of MBA students could achieve in putting together an event like this. The homeland security community has perhaps fallen for the fallacy of bigness over the past few years, thinking that we need Marshall Plan-like endeavors to solve our critical challenges. Yes, in some sectors we do need large projects akin to the traditional DOD system integrator model, but other elements of the homeland security R&D system require speed, agility, and openness as key parameters rather than size and scale. This conference demonstrated how you can catalyze the innovation cycle by bringing together technologists and business leaders and cut through many of the bureaucratic hurdles that hinder more effective R&D in the security arena. The students who started this event have created an excellent forum, which hopefully will continue in the years ahead.

I’ve pasted a copy of my remarks as prepared for delivery at this link. And I’ve created a webpage with a number of links that were relevant to these remarks at this link.

ps. A nice shot of Tower Bridge (not London Bridge, as MTV might have led one recently to believe) from the conference site:

Today was the yes-we-really-mean-final deadline for compliance with the new e-Passport requirements for participation in the Visa Waiver Program (VWP), and DHS reported this afternoon on the state of compliance. 24 of 27 VWP countries were able to comply with the new rules, with the European microstates of Andorra and Liechtenstein and the Sultanate of Brunei as the only laggards. Their non-compliance is essentially trivial - their combined population of 500,000 is on the order of 0.1% of the total VWP-area population. This deadline had to be extended by a year in each of the last two years, but evidently the third time’s a charm.

Tamar Jacoby from the Manhattan Institute has a compelling article entitled “Immigration Nation” in the new issue of Foreign Affairs, one which argues for a comprehensive approach to immigration reform and border security consistent with the legislation that passed the Senate in mid-2006. It’s a convincing piece, one that carefully weighs each of the key issues within this broader debate, and provides reasoned choices for her proposed course of action. The key paragraph in the story:

This, then, is the essential architecture of comprehensive reform: more immigrant worker visas, tougher and more effective enforcement, and a one-time transitional measure that allows the illegal immigrants already here to earn their way out of the shadows. Together, these three elements add up to a blueprint, not a policy, and many questions and disagreements remain. But on one thing everyone who shares the vision agrees: all three elements are necessary, and all three must be implemented together if the overhaul is to be successful. Think of them as the three moving parts of a single engine. There is no tradeoff between enforcement and legalization or between enforcement and higher visa limits. On the contrary, just as enforcement is pointless if the law is unrealistic, so even the best crafted of laws will accomplish little if it has no teeth, and neither one will work unless the ground is prepared properly.

The one disagreement I would have with Jacoby’s analysis is her assumption that an illegal immigration flow of 400-500 thousand people per year is representative of the natural condition of the supply-demand equation. That amount is based in part on the labor demand pull in the U.S., but it’s also a reflection of the relative openness of the U.S. border. If the border were more open, those numbers would increase, and if it were tighter, those numbers would decrease, and the cost of labor would increase, reducing demand.

But other than that one point, it’s a very well-argued piece that argues convincingly in favor of a comprehensive approach for immigration and border security.

Steve Flynn from the Council on Foreign Relations issued a report card for the nation’s homeland security efforts, and the grades that he gives are the kind that any child would try to hide from his or her parents:

Port Security: D+
Nuclear Plant Security: B/B+
Air Defense: B
Airport Security: C+
Border Control and Immigration: C
Chemical Plant Security: D-/F
Disaster Response: C-
Bridges, Tunnels, and Other Infrastructure: C
Public Relations: D

I would probably give more favorable grades for some of these, such as airport security and border security, but that’s partially a function of the fact that I’m a product of the era of grade inflation, where a B- is considered a poor grade. But some of these grades - notably Chemical Plant Security and Public Relations - are deservedly poor, given the track record of DHS and Congress over the past couple of years.

Steve has a podcast on the CFR site that explains these grades in greater detail. And his new book The Edge of Disaster will be hitting bookstores in early 2007.

The DHS inspector general released a report yesterday that looks at TSA’s staffing of non-administrative positions at major airports. It finds a system in which airports’ administrative staffing decisions bore little relation to the size of the airport. For example, the chart on page 6 of the report shows airports that had 300-400 screeners and over thirty administrators, for a 10:1 ratio; whereas larger airports with over 1,000 screeners in some cases had 10-15 administrators, for up to a 100:1 ratio.

The report describes a current initiative within TSA to reapportion the administrative workforce, an effort launched in 2004 which thus far has not been implemented. Hopefully it will be soon. And it also looks at the use of TSA screeners for administrative purposes, which has led directly to the screener workforce racking up hundreds of thousands of hours of overtime in recent pay periods.

The report offers up four concluding recommendations:

1. Conduct a workforce analysis of FSD administrative staff and develop a staffing model to identify the number of employees actually needed at airports. This analysis should identify key mission areas and responsibilities; and take into consideration the time and nature of administrative work performed by screeners when assessing its workforce requirements.
2. Review proposed adjustments to FSD staffing levels and ratios of administrative to screener personnel. In particular, proposed changes to Hawaii’s administrative staff caught our attention as warranting more review.
3. Continue to study technologies or systems that will automate data entry functions at airports.
4. Reclassify administrative positions using more inclusive position titles to incorporate more of the functions employees perform and facilitate the hiring of administrative personnel.

In its response, TSA concurs with most of these recommendations, and indicates that it has recently started a comprehensive workforce review.

The Subcommittee on Investigations of the House Homeland Security Committee recently released a report entitled “A Line in the Sand: Confronting the Threat at the Southwest Border,” which provides a detailed and compelling overview of the current threats at the U.S.-Mexico, in terms of smuggling, violent gang activities, and potential terrorist infiltration. It’s a useful report in terms of establishing facts on the ground for border security efforts, but it offers little that’s new as far as recommendations about how to improve the current border security regime.

Reading the report reminded me of another similar report from a couple of years ago, by the minority staff of the House Homeland Security Committee during the 108th Congress, entitled “Transforming the Southern Border: Providing Security & Prosperity in the Post-9/11 World.” It’s still the best treatise on the challenges of US-Mexico border security that I’ve read in the last few years, driven by dispassionate analysis of the facts on the ground at the southern border.. Unfortunately the report is not online anymore, as best I can tell, so I’ve taken the liberty tonight of putting it up on the blog, at this link.

The Department of State issued draft regulations for the PASS card last week, indicating the intended price for the cards:

The limited-use passport card will be adjudicated to the same standards as a traditional passport book. The rule published today proposes a wallet-sized card that would cost $10 for children and $20 for adults, plus a $25 execution fee.

In other words, the PASS cards will be $45 for children and $35 for adults. This is slightly less expensive than the $50 price that was put forward when the PASS cards were announced in January, but I think it’s still at a price point that will be a deterrent to cross-border travel for a large proportion of people in the northern border states.

The full draft regulations are available at this link.

DHS Assistant Secretary for the Private Sector Office Alfonso Martinez-Fonts spoke at a presentation today at an event hosted by Congressional Quarterly, and in his remarks discussed some of the outcomes from a DHS senior-level offsite held two weeks ago. He noted that the offsite meeting led to the identification of six top-level priorities for DHS in 2007:

1. Keeping bad people out of the United States;
2. Keeping the “really bad stuff” out of the United States (esp. rad-nuke materials);
3. Strengthening the screening of workers and travelers;
4. Securing critical infrastructure;
5. Building a nimble, effective emergency response system and a culture of preparedness;
6. Strengthening the core management of DHS.

This list seems to be an updated version of the “Six-Point Agenda” for DHS that emerged after the Second-Stage Review process in mid-2005. That list included “information-sharing with our partners,” which is missing in the updated list. Immigration and interior enforcement issues are likewise no longer emphasized. Added to this new list is critical infrastructure protection, and the bullet items for border and transportation security are reorganized in a way that suggests much more of a strategic focus focused on cross-cutting functions (screening, credentialing, etc.) rather than distinct missions (border security, cargo security, etc.)

This weekend I noticed that the full congressional justifications for the FY 2007 budget request for the Department of Homeland Security were available online at the Government Printing Office website, on a page for Senate appropriations documents. It’s an invaluable resource for DHS-watchers, 2933 pages in length, detailing the budget requests and strategic plans for all of the different parts of DHS, as of February 2006. I’m not sure when it was posted online, but kudos to the Senate appropriators for releasing it as a public document. Warning, for those who are trying to download it: the file is 122 megabytes in size.

Shane Harris of the National Journal continues his first-rate efforts to ferret out the details of the inner workings of the intelligence community in his latest article, headlined “Terrorist Profiling, Version 2.0.” The article focuses on an Air Force procurement solicitation entitled “Tangram,” which seems to be causally linked to the former Total Information Awareness (TIA) program. But more interestingly, the solicitation document describes the challenges that the intelligence community has faced in terror-related data analysis in recent years. Harris writes:

In addition to descriptions of Tangram, the document offers a rare and surprisingly candid analysis of intelligence agencies’ fits and starts — and failures — in other efforts to profile terrorists through data mining: Researchers, for example, haven’t moved beyond “guilt-by-association models” that link suspected terrorists to other, potentially innocent people, and then rank the suspects by level of suspicion.

“To date, the predominant approaches have used a guilt-by-association model to derive suspicion scores,” the Tangram document states. “In the cases where we have knowledge of a seed entity [a known person] in an unknown group, we have been very successful at detecting the entire group. However, in the absence of a known seed entity, how do we score a person if nothing is known about their associates? In such an instance, guilt-by-association fails.”

Intelligence and privacy experts who reviewed the document said that it reaffirms their long-held belief that many computerized terrorist-profiling methods are largely ineffective. It also raises significant privacy concerns, because to distinguish terrorists from innocent people, a system that’s as broad as Tangram purports to be would require access to many databases that contain private information about Americans, the experts said, including credit card transactions, communications records, and even Internet purchases.

I’ve read through the document myself, and it’s true that it’s a candid assessment of the challenges associated with terror-profiling. But after reading it, I don’t come to the conclusion that this program is futile or misguided, as several of the people that Harris talked to seem to do. Instead, I see a research program whose leaders have made progress in some areas, still have meaningful goals in others, and realize that certain objectives are unlikely to be achieved given the practical limitations imposed by human volition and cognition. It makes sense to continue to research and improve these programs, using “synthetic data or foreign-intelligence data already being used by analysts” as the article notes, as one of many facets of our homeland security and counterterrorism efforts.

My main concern about these programs is the lack of oversight, which creates the risk that this type of program will head in a direction that does violate privacy and civil liberties. The application of this type of technology is too important to be left solely to the scientists and technicians. But at the same time, we’ve seen that when these programs are publicly discussed by the executive branch - as was the case with Total Information Awareness - they become vulnerable to demagogic and misguided interpretations and accusations. The debate over the use of data analysis for counterterrorism thus has become something of a shell game over the last few years, which is too bad, but perhaps as good as we can do given the sensitivities involved.

The Journal of American Physicians and Surgeons published an article in their latest issue entitled “Homeland Security for Physicians,” a short piece that provides key facts of what doctors need to know in the event of a radiological or nuclear incident. It’s a useful and concise primer of steps that can and should be taken in a post-incident situation to minimize exposure to radiation and improve survivability.

I’ve been meaning to write about the final DHS appropriations bill for FY 2007 for the last couple of weeks, but it’s taken me a while to digest the 200-page final conference report. There are a number of important provisions in the bill that are worthy of close examination, such as the chemical security language, the extension of the deadline to implement the Western Hemisphere Travel Initiative, and the bill language that reorganizes FEMA and creates a new Office of Emergency Communications to coordinate DHS activities in this area such as SAFECOM and the Integrated Wireless Network (IWN) program.

Also interspersed amid the final bill and conference report are a number of provisions that exude the faint smell of bacon. Compared to other bills, DHS appropriations remains fairly clean in terms of pork barrel spending and other special interest language. But it’s a slippery slope from a clean bill to a dirty one, and that’s why it’s important to be vigilant about the inclusion of pork barrel language in DHS appropriations. I’ve identified the following pork barrel items in the final bill:

Page 31: Sec. 534 of the bill says that “Notwithstanding any other provision of law, the Secretary of Homeland Security shall consider the Hancock County Port and Harbor Commission in Mississippi eligible under the Federal Emergency Management Agency Public Assistance Program for all costs incurred for dredging from navigation channel in Little Lake, Louisiana, sediment deposited as a result of Hurricane George in 1998.” This might be an appropriate use of FEMA funds, but professionals at FEMA should decide this, not members of Congress.

Page 32: Sec. 541 of the bill says “Notwithstanding the requirements of section (404)(b)(2)(B) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act, the Army Corps of Engineers may use Lot 19, Block 1 of the Meadowview Acres Addition and Lot 8 ,Block 5 of the Meadowview Acres Addition in Augusta, Kansas for building portions of the flood-control levee.” For some context on this matter, see this FEMA document from 1999. I’m not sure what the exact dispute is, but this section seems like unnecessary congressional micromanagement to me. Augusta is located in the district of House Appropriator Todd Tiahrt.

Page 32: Sec. 542 of the bill says “Notwithstanding any time limitation established for a grant awarded under title I, chapter 6, Public Law 106-31, in the item relating to Federal Emergency Management Agency - Disaster Assistance for Unmet Needs, the City of Cuero, Texas, may use funds received under such grant programs until September 30, 2007.” Cuero had floods in 1998, 2002, and 2004, which they’re evidently they’re still spending disaster relief money from that event. Again, if they deserve the money consistent with FEMA regulations then that’s fine, but I don’t see the rationale for congressional intervention here.

Page 53: Sec. 511 of Title V of the bill requires that “Each federal agency and department with critical infrastructure responsibilities under Homeland Security Presidential Directive 7, or any successor to such directive, shall establish a formal relationship, including an agreement regarding information sharing, between the elements of such agency or department and the National Infrastructure Simulation and Analysis Center, through the Department.” The NISAC is a center at Los Alamos National Laboratory and Sandia National Laboratory in New Mexico (the home state of Senate Appropriator Pete Domenici) that does simulation and modeling work on homeland security issues; the center gained notoriety following their report prior to Hurricane Katrina that accurately predicted its consequences (a report that I’d still like to see, btw.) The NISAC has done solid work, from every that I’ve heard, but this mandate for all federal agencies with CIP responsibilities to work with them seems overly aggressive, and feels like a strong-armed attempt to round up new work for the Center.

Page 121-22: The manager’s statement contains a section entitled “National Center for Critical Information Processing and Storage (NCCIPS), which includes $53 million of funding in FY 2007 for the migration of key DHS data centers to a primary facility at the Stennis Space Center in Mississippi (the home state of Senate Appropriations chairman Thad Cochran) and a secondary facility at a site to be determined. While it makes sense to have backup data centers for mission-critical DHS capabilities, the site selection on this program should have been “fair and open” for both sites, not just the secondary one. Stennis suffered roof and water damage during Hurricane Katrina - is it really the best place for a back-up site for critical IT assets?

This section of the bill also prohibits the transfer of data center assets from the Coast Guard’s Operations Systems Center in Martinsburg, West Virginia - the home state of Senate Appropriations ranking member Robert Byrd.

Page 134: This page notes that “the conferees direct ICE to submit a report on the costs and need for establishing sub-offices in Colorado Springs and Greeley, Colorado.” This Denver Post story notes that Senate Appropriations Committee member Wayne Allard attached this item. It should be up to professionals at ICE to determine the agency’s allocations of resources by geography, and not amendments of this ilk.

Page 156: The section on the “National Domestic Preparedness Consortium” does not mention any explicit earmarks, but as I noted last week, DHS seems to think that a large share of this money is earmarked for “New Mexico Technology.”

Page 157: The “Rural Domestic Preparedness Consortium” received $12 million in the final bill. Money in this program has been allocated disproportionately in the past to universities in the state of Kentucky, home to House Appropriations Subcommitee Chairman Hal Rogers. This program seems unnecessarily duplicative of other programs.

Page 159: The conferees note that they “support the budget request for the Protective Security Analysis Center.” This is a program at the Oak Ridge National Laboratory, touted by House Appropriations Committee member Zach Wamp as a project that will “use information about the thousands of manufacturing plants, monuments, bridges, schools and other structures and facilities in our country to help Department of Homeland Security officials assess the risk that any of them will be destroyed or damaged by either natural or man-made hazards.” There are a lot of other projects at DHS that serve this purpose, and this isn’t something that has been requested by DHS or openly debated in Congress. Therefore it smells suspicious to me.

Page 169-170: The section here on “New Technologies” contains an odd list of issues that the appropriators recommend that DHS S&T research, including “singlet oxygen generating chemical and enzymatic systems” and “photonic and microsystem technologies for high-threat problem solving.” These items seems like they are taken from outside parties’ R&D wishlists, and not part of a coherent Congressional or DHS agenda for homeland security R&D.

Altogether, the programs listed represent less than 0.5% of total spending by the Department of Homeland Security. The vast majority of DHS spending is not tied to pork-barrel actions by Congress. But even so, it’s worth pointing out examples of deviations from that norm, in order to ensure that DHS appropriations does not gradually become a morass of misallocated spending.

The Government Accountability Office released a report today entitled “Opportunities Exist to Enhance Collaboration at 24/7 Operations Centers Staffed by Multiple DHS Agencies,” which surveys four multi-agency DHS operations centers - the CBP National Targeting Center, the CBP Air and Marine Operations Center, the TSA Operations Center, and the DHS National Operations Center - and calls for increased integration of their efforts:

Opportunities exist to enhance collaboration among 24/7/365 multi-agency operations centers. While DHS has leveraged resources by having staff from multiple agencies work together, the centers lack joint strategies for collaboration and staffing needs assessments, and they have not established a definition of watchstander roles for all agencies at each center. The centers also lack standards and procedures for using DHS’s primary information sharing network; mechanisms to monitor, evaluate, and report on results; and reinforced accountability through agency plans and reports.

The report mentions, but does not focus on, 21 other 24/7/365 single-agency operations centers at DHS, listing them in Appendix I. Added to these four, that’s 25 operations centers in existence today at DHS, and that doesn’t even begin to include the many regional and local operations center in existence as part of the nation’s homeland security efforts. It seems clear to me that there is room for consolidation and rationalization here. GAO’s recommendation for a “joint strategy” for operations centers could help identify these. This should be a top priority of the Operations Directorate at DHS, with the objectives of creating a true common operational picture while simultaneously reducing costs.

Below is a list of homeland security policy events in the DC area next week (as well as the occasional listing outside of DC). Please note that many events require prior invitations and/or RSVPs.

Of special note, I’ll be speaking next Thursday on a panel session at the Global Security Challenge conference in London, an event put together by a number of London Business School students that is the culmination of a business plan contest focused on new ideas about homeland security technology. It should be a very interesting event; hopefully I’ll have time to report from it.

On to this week’s list:

10/23: CQ Forum on “The Business of Homeland Security.” 101 Constitution Ave NW, 8:30am. E-mail to cqforum@dittus.com for more info.
10/23: Jamestown Institute event on “The Next Stage in Counterterrorism: Analyzing Jihadi Radicalization on the Web.” 1111 16th St NW, 7th Floor, 9:30am.
10/23: Catholic University speech by former Rep. and 9/11 Commissioner Tim Roemer, on “Safeguarding America: National Security in the 21st Century.” Pryzbyla University Center, Catholic University, 620 Michigan Ave, NE. 4pm.
10/24-10/25: IDGA’s 2nd Annual Border Management Summit. Reagan Building, 1300 Pennsylvania Ave NW.
10/24-10/25: Information Security Conference & Expo (ISC East). Javits Center, NYC.
10/24: US Army War College and GWU colloquium on transnational crime. Duques Hall Suite 451, GWU, 10am.
10/24: Equity International’s 2007 Homeland Security Outlook Conference. National Press Club, 529 14th St NW, 1pm.
10/25: SPSS seminar on “Data and Text Mining for More Effective Government.” 2000 N 14th St, Suite 320, Arlington, VA. 9am.
10/25: Homeland Security Council of New York State meeting. Albany, NY. 1pm.
10/27: Heritage Foundation event on “Biotechnology: Empowering the Long War.” 214 Massachusetts Ave NE, 11am.

(Please e-mail me if you have suggestions about additions to this list for this week, or future weeks).

This is a smart response to the August aviation plot in the UK, tackling what many experts have believed to be the biggest vulnerability in the commercial aviation security regime today:

Airport workers are finding themselves subject to surprise screenings as the government issues new security tactics at airports nationwide. The changes are a direct response to this year’s foiled plot to blow-up America-bound airplanes.

Baggage handlers, gate agents, ramp workers and other airport employees who in the past were not subject to any security searches before the enter restricted and secure areas are now being targeted in this latest government effort to make airports safer.

….Sources say that the London terror plot foiled in August prompted U.S. officials to ramp up security after United Kingdom officials disclosed that some of the men arrested were airport workers. Until today, airport workers in the U.S. only went through an initial background check in order to get hired.

There probably aren’t sufficient resources today to have comprehensive inspection procedures for airport workers, and it probably wouldn’t deliver a high security return-on-investment. But developing a system of random spot checks is an effective investment, and can act as a strong deterrent against a plot that involves an airport ‘insider’ as a conspirator or accomplice. This should be quickly expanded nationwide, and random checks should take place not just at entry doors and gates but also at places deep inside the airport, and include the air cargo and general aviation areas within major airports - not just the passenger terminals.

From the Federal Register today:

The Secretary of Homeland Security has determined that the establishment of the Homeland Security Information Network Advisory Committee is necessary and in the public interest in connection with the performance of duties of the DHS, Office of Operations and Coordination.

The HSINAC is being established in accordance with the provisions of the Federal Advisory Committee Act (FACA) 5 U.S.C. App. 1, et seq.(Pub. L. 92-463). The HSINAC is being established to provide organizationally independent advice and recommendations to the leadership of the Department of Homeland Security, particularly the DHS Director, Office of Operations and Coordination (Director), on the requirements of end users within State, local, Federal and tribal governments and the Private Sector regarding the Homeland Security Information Network (HSIN).

Balanced Membership Plans: HSINAC membership shall include not more than 20 representatives from State, Tribal and Local governments and the Private Sector, who are outstanding within their specialty field, and who have the experience to ensure the Director and DHS leadership is informed of the needs and requirements of the information network users and communities of users.

This advisory committee was first announced in Operations Director Roger Rufe’s testimony before the House Homeland Security Committee in mid-September.

The Christian Science Monitor reports today on a novel technique to monitor the water supply systems against potential threats:

Somewhere in New York State (we can’t say where), a computer is monitoring every move of eight bluegill fish in a tank. The moment a few start to cough (yes, fish cough) the computer sends an alert and takes water samples.

Called the Intelligent Aquatic BioMonitoring System (IABS), the contraption is the latest high-tech defense against potential terrorism attacks on the nation’s water supply - and it comes in handy, too, for detecting other types of contamination, say a diesel spill from a truck accident.

….The bluegill fish and their companion computers are so sensitive that three major cities - New York, Washington, and San Francisco - used them in a pilot program. The cities found them so successful they’re making them a permanent part of their water-monitoring defenses. The Army, which developed the fish sensor with a private company, also uses the sensor at some undisclosed locations. (These fish are highly classified.)

More information about this is available here on the website of the company that sells the IABS.

RAND released a report on Monday entitled “Maritime Terrorism: Risk and Liability” which provides a comprehensive qualitative risk assessment of terror threats in the maritime domain (including container shipping, cruise lines, and passenger ferries) and discusses issues related to civil liability in maritime terrorism. The press release for the report highlights some of its key conclusions:

Cruise ships and ferry boats need more protection against terrorist attacks that could kill and injure many passengers and cause serious financial losses, according to a new RAND Corporation report.

“Attacks on cruise ships and ferry boats would meet the interrelated requirements of visibility, destruction and disruption that drive transnational terrorism in the contemporary era,” said Peter Chalk, one of the report’s co-authors. “Recognizing this is essential to any comprehensive regime of maritime security.”

The report concludes it is not adequate to base maritime counterterrorism efforts only on increasing port security and the security of cargo container ships, rail cars and trucks that transport goods into and out of United States ports.

“Focusing solely on securing the container supply chain without defending other parts of the maritime environment is like bolting down the front door of a house and leaving the back door wide open,” said Henry Willis, a RAND researcher and a co-author of the report.

The study by RAND, a nonprofit research organization, also says a maritime terrorist attack is likely to create complicated liability issues that will slow efforts to compensate victims of an attack.

“We need to examine closely the challenges that a maritime attack would create for our civil justice system,” said Michael Greenberg, another of the report’s authors. “Tort liability is supposed to compensate victims while providing appropriate security incentives for firms. But ambiguous liability standards in the maritime terrorism context raise the prospect that the civil justice system may neither be effective as a compensation mechanism, nor in generating clear incentives for the private sector.”

Overall, it’s a useful and relevant study, in particular the threat assessment in Chapter Two. You can download the full report at this link.

The AP reports today on positive news in the race to develop a vaccine for H5N1 viruses:

Human trials indicate an H5N1 bird flu vaccine developed using a virus isolated in Vietnam can neutralize antibodies from H5N1 viruses found in other countries, the vaccine’s manufacturer said Wednesday.

The preliminary trial results raised hopes that vaccines based on older H5N1 bird flu strains might prove effective against future variants of the virus in the event of a pandemic.

In Sanofi Pasteur’s trial, 300 volunteers were vaccinated with a strain of the virus isolated in Vietnam in 2004. Antibodies were then examined from their blood, and tests were done using H5N1 viruses from Turkey and Indonesia. The results indicated that the volunteers’ antibodies were able to neutralize the other H5N1 viruses, proving that some measure of cross-protection is possible.

“This is a milestone for vaccine development,” said Dr. Klaus Stohr, the World Health Organization’s top official on pandemic influenza vaccines.

This could turn out to be very good news, and deliver a solution to an ominous challenge. We aren’t out of the woods yet, but the world’s leaders and scientists deserve a lot of credit for their effective and timely response to this challenge over the last twelve months.

CQ breaks a story today (available by subscription only) that I haven’t seen reported elsewhere yet (it’s not on the wires or reported by the St. Louis media):

An air monitoring system in St. Louis picked up particles of a biological agent on Monday that can be deadly in large doses.

Tularemia — also known as rabbit fever — is naturally found in the St. Louis region. But officials have been working since last night to determine whether the detection is a threat after a BioWatch sensor near Busch Stadium picked up the bacteria, according to a source familiar with the investigation.

Local officials have the lead on the investigation, but the Department of Homeland Security is closely monitoring the progress. Testing is on-going.

This is reminiscent of a similar incident on the National Mall in DC last year. Game five of the NLCS is scheduled to take place at Busch Stadium in St. Louis tonight.

Update (10/17): The AP now has the story.