This weekend I noticed that the full congressional justifications for the FY 2007 budget request for the Department of Homeland Security were available online at the Government Printing Office website, on a page for Senate appropriations documents. It’s an invaluable resource for DHS-watchers, 2933 pages in length, detailing the budget requests and strategic plans for all of the different parts of DHS, as of February 2006. I’m not sure when it was posted online, but kudos to the Senate appropriators for releasing it as a public document. Warning, for those who are trying to download it: the file is 122 megabytes in size.
October 23, 2006
Shane Harris of the National Journal continues his first-rate efforts to ferret out the details of the inner workings of the intelligence community in his latest article, headlined “Terrorist Profiling, Version 2.0.” The article focuses on an Air Force procurement solicitation entitled “Tangram,” which seems to be causally linked to the former Total Information Awareness (TIA) program. But more interestingly, the solicitation document describes the challenges that the intelligence community has faced in terror-related data analysis in recent years. Harris writes:
In addition to descriptions of Tangram, the document offers a rare and surprisingly candid analysis of intelligence agencies’ fits and starts — and failures — in other efforts to profile terrorists through data mining: Researchers, for example, haven’t moved beyond “guilt-by-association models” that link suspected terrorists to other, potentially innocent people, and then rank the suspects by level of suspicion.
“To date, the predominant approaches have used a guilt-by-association model to derive suspicion scores,” the Tangram document states. “In the cases where we have knowledge of a seed entity [a known person] in an unknown group, we have been very successful at detecting the entire group. However, in the absence of a known seed entity, how do we score a person if nothing is known about their associates? In such an instance, guilt-by-association fails.”
Intelligence and privacy experts who reviewed the document said that it reaffirms their long-held belief that many computerized terrorist-profiling methods are largely ineffective. It also raises significant privacy concerns, because to distinguish terrorists from innocent people, a system that’s as broad as Tangram purports to be would require access to many databases that contain private information about Americans, the experts said, including credit card transactions, communications records, and even Internet purchases.
I’ve read through the document myself, and it’s true that it’s a candid assessment of the challenges associated with terror-profiling. But after reading it, I don’t come to the conclusion that this program is futile or misguided, as several of the people that Harris talked to seem to do. Instead, I see a research program whose leaders have made progress in some areas, still have meaningful goals in others, and realize that certain objectives are unlikely to be achieved given the practical limitations imposed by human volition and cognition. It makes sense to continue to research and improve these programs, using “synthetic data or foreign-intelligence data already being used by analysts” as the article notes, as one of many facets of our homeland security and counterterrorism efforts.
My main concern about these programs is the lack of oversight, which creates the risk that this type of program will head in a direction that does violate privacy and civil liberties. The application of this type of technology is too important to be left solely to the scientists and technicians. But at the same time, we’ve seen that when these programs are publicly discussed by the executive branch – as was the case with Total Information Awareness – they become vulnerable to demagogic and misguided interpretations and accusations. The debate over the use of data analysis for counterterrorism thus has become something of a shell game over the last few years, which is too bad, but perhaps as good as we can do given the sensitivities involved.
The Journal of American Physicians and Surgeons published an article in their latest issue entitled “Homeland Security for Physicians,” a short piece that provides key facts of what doctors need to know in the event of a radiological or nuclear incident. It’s a useful and concise primer of steps that can and should be taken in a post-incident situation to minimize exposure to radiation and improve survivability.
October 20, 2006
I’ve been meaning to write about the final DHS appropriations bill for FY 2007 for the last couple of weeks, but it’s taken me a while to digest the 200-page final conference report. There are a number of important provisions in the bill that are worthy of close examination, such as the chemical security language, the extension of the deadline to implement the Western Hemisphere Travel Initiative, and the bill language that reorganizes FEMA and creates a new Office of Emergency Communications to coordinate DHS activities in this area such as SAFECOM and the Integrated Wireless Network (IWN) program.
Also interspersed amid the final bill and conference report are a number of provisions that exude the faint smell of bacon. Compared to other bills, DHS appropriations remains fairly clean in terms of pork barrel spending and other special interest language. But it’s a slippery slope from a clean bill to a dirty one, and that’s why it’s important to be vigilant about the inclusion of pork barrel language in DHS appropriations. I’ve identified the following pork barrel items in the final bill:
Page 31: Sec. 534 of the bill says that “Notwithstanding any other provision of law, the Secretary of Homeland Security shall consider the Hancock County Port and Harbor Commission in Mississippi eligible under the Federal Emergency Management Agency Public Assistance Program for all costs incurred for dredging from navigation channel in Little Lake, Louisiana, sediment deposited as a result of Hurricane George in 1998.” This might be an appropriate use of FEMA funds, but professionals at FEMA should decide this, not members of Congress.
Page 32: Sec. 541 of the bill says “Notwithstanding the requirements of section (404)(b)(2)(B) of the Robert T. Stafford Disaster Relief and Emergency Assistance Act, the Army Corps of Engineers may use Lot 19, Block 1 of the Meadowview Acres Addition and Lot 8 ,Block 5 of the Meadowview Acres Addition in Augusta, Kansas for building portions of the flood-control levee.” For some context on this matter, see this FEMA document from 1999. I’m not sure what the exact dispute is, but this section seems like unnecessary congressional micromanagement to me. Augusta is located in the district of House Appropriator Todd Tiahrt.
Page 32: Sec. 542 of the bill says “Notwithstanding any time limitation established for a grant awarded under title I, chapter 6, Public Law 106-31, in the item relating to Federal Emergency Management Agency – Disaster Assistance for Unmet Needs, the City of Cuero, Texas, may use funds received under such grant programs until September 30, 2007.” Cuero had floods in 1998, 2002, and 2004, which they’re evidently they’re still spending disaster relief money from that event. Again, if they deserve the money consistent with FEMA regulations then that’s fine, but I don’t see the rationale for congressional intervention here.
Page 53: Sec. 511 of Title V of the bill requires that “Each federal agency and department with critical infrastructure responsibilities under Homeland Security Presidential Directive 7, or any successor to such directive, shall establish a formal relationship, including an agreement regarding information sharing, between the elements of such agency or department and the National Infrastructure Simulation and Analysis Center, through the Department.” The NISAC is a center at Los Alamos National Laboratory and Sandia National Laboratory in New Mexico (the home state of Senate Appropriator Pete Domenici) that does simulation and modeling work on homeland security issues; the center gained notoriety following their report prior to Hurricane Katrina that accurately predicted its consequences (a report that I’d still like to see, btw.) The NISAC has done solid work, from every that I’ve heard, but this mandate for all federal agencies with CIP responsibilities to work with them seems overly aggressive, and feels like a strong-armed attempt to round up new work for the Center.
Page 121-22: The manager’s statement contains a section entitled “National Center for Critical Information Processing and Storage (NCCIPS), which includes $53 million of funding in FY 2007 for the migration of key DHS data centers to a primary facility at the Stennis Space Center in Mississippi (the home state of Senate Appropriations chairman Thad Cochran) and a secondary facility at a site to be determined. While it makes sense to have backup data centers for mission-critical DHS capabilities, the site selection on this program should have been “fair and open” for both sites, not just the secondary one. Stennis suffered roof and water damage during Hurricane Katrina – is it really the best place for a back-up site for critical IT assets?
This section of the bill also prohibits the transfer of data center assets from the Coast Guard’s Operations Systems Center in Martinsburg, West Virginia – the home state of Senate Appropriations ranking member Robert Byrd.
Page 134: This page notes that “the conferees direct ICE to submit a report on the costs and need for establishing sub-offices in Colorado Springs and Greeley, Colorado.” This Denver Post story notes that Senate Appropriations Committee member Wayne Allard attached this item. It should be up to professionals at ICE to determine the agency’s allocations of resources by geography, and not amendments of this ilk.
Page 156: The section on the “National Domestic Preparedness Consortium” does not mention any explicit earmarks, but as I noted last week, DHS seems to think that a large share of this money is earmarked for “New Mexico Technology.”
Page 157: The “Rural Domestic Preparedness Consortium” received $12 million in the final bill. Money in this program has been allocated disproportionately in the past to universities in the state of Kentucky, home to House Appropriations Subcommitee Chairman Hal Rogers. This program seems unnecessarily duplicative of other programs.
Page 159: The conferees note that they “support the budget request for the Protective Security Analysis Center.” This is a program at the Oak Ridge National Laboratory, touted by House Appropriations Committee member Zach Wamp as a project that will “use information about the thousands of manufacturing plants, monuments, bridges, schools and other structures and facilities in our country to help Department of Homeland Security officials assess the risk that any of them will be destroyed or damaged by either natural or man-made hazards.” There are a lot of other projects at DHS that serve this purpose, and this isn’t something that has been requested by DHS or openly debated in Congress. Therefore it smells suspicious to me.
Page 169-170: The section here on “New Technologies” contains an odd list of issues that the appropriators recommend that DHS S&T research, including “singlet oxygen generating chemical and enzymatic systems” and “photonic and microsystem technologies for high-threat problem solving.” These items seems like they are taken from outside parties’ R&D wishlists, and not part of a coherent Congressional or DHS agenda for homeland security R&D.
Altogether, the programs listed represent less than 0.5% of total spending by the Department of Homeland Security. The vast majority of DHS spending is not tied to pork-barrel actions by Congress. But even so, it’s worth pointing out examples of deviations from that norm, in order to ensure that DHS appropriations does not gradually become a morass of misallocated spending.
The Government Accountability Office released a report today entitled “Opportunities Exist to Enhance Collaboration at 24/7 Operations Centers Staffed by Multiple DHS Agencies,” which surveys four multi-agency DHS operations centers – the CBP National Targeting Center, the CBP Air and Marine Operations Center, the TSA Operations Center, and the DHS National Operations Center – and calls for increased integration of their efforts:
Opportunities exist to enhance collaboration among 24/7/365 multi-agency operations centers. While DHS has leveraged resources by having staff from multiple agencies work together, the centers lack joint strategies for collaboration and staffing needs assessments, and they have not established a definition of watchstander roles for all agencies at each center. The centers also lack standards and procedures for using DHSâ€™s primary information sharing network; mechanisms to monitor, evaluate, and report on results; and reinforced accountability through agency plans and reports.
The report mentions, but does not focus on, 21 other 24/7/365 single-agency operations centers at DHS, listing them in Appendix I. Added to these four, that’s 25 operations centers in existence today at DHS, and that doesn’t even begin to include the many regional and local operations center in existence as part of the nation’s homeland security efforts. It seems clear to me that there is room for consolidation and rationalization here. GAO’s recommendation for a “joint strategy” for operations centers could help identify these. This should be a top priority of the Operations Directorate at DHS, with the objectives of creating a true common operational picture while simultaneously reducing costs.
Below is a list of homeland security policy events in the DC area next week (as well as the occasional listing outside of DC). Please note that many events require prior invitations and/or RSVPs.
Of special note, I’ll be speaking next Thursday on a panel session at the Global Security Challenge conference in London, an event put together by a number of London Business School students that is the culmination of a business plan contest focused on new ideas about homeland security technology. It should be a very interesting event; hopefully I’ll have time to report from it.
On to this week’s list:
10/23: CQ Forum on “The Business of Homeland Security.” 101 Constitution Ave NW, 8:30am. E-mail to email@example.com for more info.
10/23: Jamestown Institute event on “The Next Stage in Counterterrorism: Analyzing Jihadi Radicalization on the Web.” 1111 16th St NW, 7th Floor, 9:30am.
10/23: Catholic University speech by former Rep. and 9/11 Commissioner Tim Roemer, on “Safeguarding America: National Security in the 21st Century.” Pryzbyla University Center, Catholic University, 620 Michigan Ave, NE. 4pm.
10/24-10/25: IDGA’s 2nd Annual Border Management Summit. Reagan Building, 1300 Pennsylvania Ave NW.
10/24-10/25: Information Security Conference & Expo (ISC East). Javits Center, NYC.
10/24: US Army War College and GWU colloquium on transnational crime. Duques Hall Suite 451, GWU, 10am.
10/24: Equity International’s 2007 Homeland Security Outlook Conference. National Press Club, 529 14th St NW, 1pm.
10/25: SPSS seminar on “Data and Text Mining for More Effective Government.” 2000 N 14th St, Suite 320, Arlington, VA. 9am.
10/25: Homeland Security Council of New York State meeting. Albany, NY. 1pm.
10/27: Heritage Foundation event on “Biotechnology: Empowering the Long War.” 214 Massachusetts Ave NE, 11am.
(Please e-mail me if you have suggestions about additions to this list for this week, or future weeks).
This is a smart response to the August aviation plot in the UK, tackling what many experts have believed to be the biggest vulnerability in the commercial aviation security regime today:
Airport workers are finding themselves subject to surprise screenings as the government issues new security tactics at airports nationwide. The changes are a direct response to this year’s foiled plot to blow-up America-bound airplanes.
Baggage handlers, gate agents, ramp workers and other airport employees who in the past were not subject to any security searches before the enter restricted and secure areas are now being targeted in this latest government effort to make airports safer.
….Sources say that the London terror plot foiled in August prompted U.S. officials to ramp up security after United Kingdom officials disclosed that some of the men arrested were airport workers. Until today, airport workers in the U.S. only went through an initial background check in order to get hired.
There probably aren’t sufficient resources today to have comprehensive inspection procedures for airport workers, and it probably wouldn’t deliver a high security return-on-investment. But developing a system of random spot checks is an effective investment, and can act as a strong deterrent against a plot that involves an airport ‘insider’ as a conspirator or accomplice. This should be quickly expanded nationwide, and random checks should take place not just at entry doors and gates but also at places deep inside the airport, and include the air cargo and general aviation areas within major airports – not just the passenger terminals.
The Secretary of Homeland Security has determined that the establishment of the Homeland Security Information Network Advisory Committee is necessary and in the public interest in connection with the performance of duties of the DHS, Office of Operations and Coordination.
The HSINAC is being established in accordance with the provisions of the Federal Advisory Committee Act (FACA) 5 U.S.C. App. 1, et seq.(Pub. L. 92-463). The HSINAC is being established to provide organizationally independent advice and recommendations to the leadership of the Department of Homeland Security, particularly the DHS Director, Office of Operations and Coordination (Director), on the requirements of end users within State, local, Federal and tribal governments and the Private Sector regarding the Homeland Security Information Network (HSIN).
Balanced Membership Plans: HSINAC membership shall include not more than 20 representatives from State, Tribal and Local governments and the Private Sector, who are outstanding within their specialty field, and who have the experience to ensure the Director and DHS leadership is informed of the needs and requirements of the information network users and communities of users.
This advisory committee was first announced in Operations Director Roger Rufe’s testimony before the House Homeland Security Committee in mid-September.
October 18, 2006
The Christian Science Monitor reports today on a novel technique to monitor the water supply systems against potential threats:
Somewhere in New York State (we can’t say where), a computer is monitoring every move of eight bluegill fish in a tank. The moment a few start to cough (yes, fish cough) the computer sends an alert and takes water samples.
Called the Intelligent Aquatic BioMonitoring System (IABS), the contraption is the latest high-tech defense against potential terrorism attacks on the nation’s water supply – and it comes in handy, too, for detecting other types of contamination, say a diesel spill from a truck accident.
….The bluegill fish and their companion computers are so sensitive that three major cities – New York, Washington, and San Francisco – used them in a pilot program. The cities found them so successful they’re making them a permanent part of their water-monitoring defenses. The Army, which developed the fish sensor with a private company, also uses the sensor at some undisclosed locations. (These fish are highly classified.)
More information about this is available here on the website of the company that sells the IABS.
RAND released a report on Monday entitled “Maritime Terrorism: Risk and Liability” which provides a comprehensive qualitative risk assessment of terror threats in the maritime domain (including container shipping, cruise lines, and passenger ferries) and discusses issues related to civil liability in maritime terrorism. The press release for the report highlights some of its key conclusions:
Cruise ships and ferry boats need more protection against terrorist attacks that could kill and injure many passengers and cause serious financial losses, according to a new RAND Corporation report.
â€œAttacks on cruise ships and ferry boats would meet the interrelated requirements of visibility, destruction and disruption that drive transnational terrorism in the contemporary era,â€ said Peter Chalk, one of the report’s co-authors. â€œRecognizing this is essential to any comprehensive regime of maritime security.â€
The report concludes it is not adequate to base maritime counterterrorism efforts only on increasing port security and the security of cargo container ships, rail cars and trucks that transport goods into and out of United States ports.
â€œFocusing solely on securing the container supply chain without defending other parts of the maritime environment is like bolting down the front door of a house and leaving the back door wide open,â€ said Henry Willis, a RAND researcher and a co-author of the report.
The study by RAND, a nonprofit research organization, also says a maritime terrorist attack is likely to create complicated liability issues that will slow efforts to compensate victims of an attack.
â€œWe need to examine closely the challenges that a maritime attack would create for our civil justice system,â€ said Michael Greenberg, another of the report’s authors. â€œTort liability is supposed to compensate victims while providing appropriate security incentives for firms. But ambiguous liability standards in the maritime terrorism context raise the prospect that the civil justice system may neither be effective as a compensation mechanism, nor in generating clear incentives for the private sector.”
Overall, it’s a useful and relevant study, in particular the threat assessment in Chapter Two. You can download the full report at this link.
The AP reports today on positive news in the race to develop a vaccine for H5N1 viruses:
Human trials indicate an H5N1 bird flu vaccine developed using a virus isolated in Vietnam can neutralize antibodies from H5N1 viruses found in other countries, the vaccine’s manufacturer said Wednesday.
The preliminary trial results raised hopes that vaccines based on older H5N1 bird flu strains might prove effective against future variants of the virus in the event of a pandemic.
In Sanofi Pasteur’s trial, 300 volunteers were vaccinated with a strain of the virus isolated in Vietnam in 2004. Antibodies were then examined from their blood, and tests were done using H5N1 viruses from Turkey and Indonesia. The results indicated that the volunteers’ antibodies were able to neutralize the other H5N1 viruses, proving that some measure of cross-protection is possible.
“This is a milestone for vaccine development,” said Dr. Klaus Stohr, the World Health Organization’s top official on pandemic influenza vaccines.
This could turn out to be very good news, and deliver a solution to an ominous challenge. We aren’t out of the woods yet, but the world’s leaders and scientists deserve a lot of credit for their effective and timely response to this challenge over the last twelve months.
October 17, 2006
CQ breaks a story today (available by subscription only) that I haven’t seen reported elsewhere yet (it’s not on the wires or reported by the St. Louis media):
An air monitoring system in St. Louis picked up particles of a biological agent on Monday that can be deadly in large doses.
Tularemia â€” also known as rabbit fever â€” is naturally found in the St. Louis region. But officials have been working since last night to determine whether the detection is a threat after a BioWatch sensor near Busch Stadium picked up the bacteria, according to a source familiar with the investigation.
Local officials have the lead on the investigation, but the Department of Homeland Security is closely monitoring the progress. Testing is on-going.
Update (10/17): The AP now has the story.
The Combating Terrorism Center at West Point has released an updated Terrorism and Counterterrorism bibliography, which contains annotated descriptions of hundreds of recent books and reports on terrorism-related topics, including dozens of homeland security-related reports. It’s likely to be a very useful document to relevant academics and practitioners, and its well-written summaries facilitate efforts to catch up on the latest thinking on key issues.
(Hat tip: HSDL)
CQ’s Jeff Stein has an op-ed in today’s New York Times that makes me cringe. In it, he cites recent interviews with senior officials at the FBI and members of Congress with key oversight roles, in which he poses the following question to them: what’s the difference between Sunni and Shi’ite Muslims? From the piece:
A few weeks ago, I took the F.B.I.â€™s temperature again. At the end of a long interview, I asked Willie Hulon, chief of the bureauâ€™s new national security branch, whether he thought that it was important for a man in his position to know the difference between Sunnis and Shiites. â€œYes, sure, itâ€™s right to know the difference,â€ he said. â€œItâ€™s important to know who your targets are.â€
That was a big advance over 2005. So next I asked him if he could tell me the difference. He was flummoxed. â€œThe basics goes back to their beliefs and who they were following,â€ he said. â€œAnd the conflicts between the Sunnis and the Shia and the difference between who they were following.â€
O.K., I asked, trying to help, what about today? Which one is Iran â€” Sunni or Shiite? He thought for a second. â€œIran and Hezbollah,â€ I prompted. â€œWhich are they?â€
He took a stab: â€œSunni.â€
Al Qaeda? â€œSunni.â€
Yet another data point that suggests that the FBI is incapable of leading the nation’s domestic intelligence activities, and that we need a new, independent MI5-type organization.
And the members of Congress who Stein queried didn’t fare much better:
Take Representative Terry Everett, a seven-term Alabama Republican who is vice chairman of the House intelligence subcommittee on technical and tactical intelligence.
â€œDo you know the difference between a Sunni and a Shiite?â€ I asked him a few weeks ago.
Mr. Everett responded with a low chuckle. He thought for a moment: â€œOneâ€™s in one location, anotherâ€™s in another location. No, to be honest with you, I donâ€™t know. I thought it was differences in their religion, different families or something.â€
One might argue that this was an unfair ‘gotcha’ question. But even if it is, what it reveals is entirely valid, and it’s a disturbing indication about our attitude as a nation and our moral seriousness in addressing the critical challenges in the war on terror. We need to fight against the anti-intellectual strain within our political class today, and fight back against the all-too-frequent efforts to belittle or degrade regional experts. If we ignore or laugh away these trends, then we’re compromising our ability to successfully face up to the threats that we face today.
Jim Carafano at the Heritage Foundation published an article yesterday entitled “Missing Pieces in Homeland Security: Interagency Education, Assignments, and Professional Accreditation” which identifies the lack of a professional development strategy at the Department of Homeland Security and offers a number of recommendations to address this deficit. He writes:
Yet building a core of homeland security professionÂalsâ€”the most important initiative in making the enterprise a sucÂcessâ€”has hardly begun. The Administration can and must address this shortfall. Homeland security needs the foundation of a professional development system that will provide the cadre of leaders required to meet the demands of the 21st century.
Carafano offers a number of specific recommendations, focused on building new government-led institutions and courses for DHS professionals, facilitating interagency rotations, and accrediting outside institutions on homeland security education. I might come up with a slightly different list of recommendations (e.g. that a homeland security equivalent to the Foreign Service is needed) but overall these are sensible ideas, and we agree on the most important issue – that action is needed today. Carafano argues in his conclusion that the “clock is ticking,” and it’s time for the Administration and Congress to address this issue. Some steps have already been taken by Congress (e.g. see language in Sec. 844 and Sec. 845 of the DHS appropriations bill that addresses this issue), but this is far from a complete response, and the leadership of DHS needs to make this one of their top priorities in the coming year.
The GAO issued a report today that criticizes the Domestic Nuclear Detection Office’s cost-benefit analysis of investment in second-generation radiation portal monitors (RPMs). The report argues that this analysis does not provide a sound basis for investment in next-generation RPMs, which cost $377,000 per unit vs. $55,000 per unit for current RPMs, and according to the GAO, provide a negligible additional benefit in terms of their capabilities. From the report:
DNDOâ€™s cost-benefit analysis does not provide a sound analytical basis for DNDOâ€™s decision to purchase and deploy new portal monitor technology. DNDO did not use the results of its own performance tests in its cost-benefit analysis and instead relied on assumptions of the new technologyâ€™s anticipated performance level. Performance tests also showed that the ability of new radiation detection portal monitors to correctly identify masked HEU (placed next to or within another, usually more benign, radiological substance) was even more limited. According to the cost-benefit analysis and radiation detection experts to whom we spoke, masked HEU is a significant concern because it is difficult to detect. DNDO also focused the analysis exclusively on identifying HEU and did not consider in the analysis how well (either as a goal or in testing) new portal monitor technology can correctly detect or identify other dangerous radiological or nuclear materials. Furthermore, the analysis did not include the results from side-by-side tests that DNDO conducted of the advanced portal monitors and current portal monitors.
The cost-benefit analysis for acquiring and deploying portal monitors is also incomplete because it does not include all of the major costs and benefits required by DHS guidelines. In particular, DNDO did not assess the likelihood that radiation detection equipment would either misidentify or fail to detect nuclear or radiological material. Rather, it focused its analysis on reducing the time necessary to screen traffic at border check points and reduce the impact of any delays on commerce. DNDO also used questionable assumptions about the procurement costs of portal monitor technology. DNDO assumed a purchase price for current portal monitor technology that is more than twice what CBP typically pays.
The DNDO responds to these charges on pages 25-26 of the report, arguing that the testing that the GAO cited was for baselining and source selection purposes, and not intended to represent the final capabilities of second-generation RPMs. And in fairness to the DNDO, it’s inherent difficult to assess the benefits of any investment like this, since the value of any single layer in a system of protection are difficult to isolate. Nevertheless, the concerns put forward by GAO are valid, and it’s imperative that DHS not move forward with full-scale acquisition until value can be demonstrated.