Homeland Security Watch

News and analysis of critical issues in homeland security

December 29, 2006

CRS on Coast Guard Deepwater

Filed under: Port and Maritime Security — by Christian Beckner on December 29, 2006

The Congressional Research Service published a new report last week looking at the Coast Guard’s Deepwater acquisition program:

RL33753: Coast Guard Deepwater Program: Background, Oversight Issues, and Options for Congress, December 18, 2006

It’s a useful overview of the Deepwater program, which has been subject to a growing amount of media and watchdog scrutiny in recent weeks.

The full HLS Watch collection of CRS reports is available here.

DHS issues draft chemical security regs

Filed under: Infrastructure Protection — by Christian Beckner on December 29, 2006

The Department of Homeland Security issued an advance notice of rulemaking for chemical facility security regulations last week, published on Thursday in the Federal Register. These regulations follow the loose mandate set forth in Sec. 550 of the FY 2007 DHS appropriations bill, following blocked efforts to pass comprehensive chemical security legislation earlier in 2006 – a process followed closely, as loyal readers know, on this site. Comments on the regulations are due no later than February 7, 2007.

I’ve read through the full document, and while there are some solid sections of it (for example, the sections on risk assessment and vulnerability analysis), there are a number of aspects of the draft regulations that are troublesome. I find four key flaws with the draft regs:

1. Excessive deference. The regulations have a very obsequious and overly legalistic tone, bending over backward to provide the chemical facilities with means to contest decisions, and provide for a drawn-out mediation process before penalties might be used. This type of deference might be acceptable in non-security contexts, but it seems misplaced when the topic is a critical homeland security vulnerability.

2. Inspection process. The draft regulations state that DHS will only conduct inspections during regular business hours and will provide at least 24-hour notice of an incoming inspection. From a security perspective, this is ludicrous. Terrorists could attack a chemical facility at any hour of the day, and in fact might be more likely to attack some facilities at night, if the adjacent area has a larger nighttime population than a daytime population. And giving advance notice of inspections is an invitation for scofflaw plants to cover up poor execution of their security plans. Instead, DHS should be employing an “any place, any time” approach to inspections.

3. State law preemption. DHS interprets Sec. 550 as giving them the mandate to block the enforcement of state laws (such as the one on the books in New Jersey) on chemical facility security, a provision that has already earned a strident rebuke from Sen. Collins. Throughout the debate over the past year, I’ve argued that states should be allowed to set tougher regulations consistent with principles of federalism, and I believe it’s a mistake for DHS to block their ability to do so.

4. “Chemical Terrorism-Vulnerability Information”. A long section of the draft regs discusses DHS’s decision to create a new category of “sensitive-but-unclassified” information: Chemical Terrorism-Vulnerability Information (CVI). At a broader level, the last thing that DHS needs to do right now is to create a new category of SBU information; as the GAO has exhaustively analyzed, the proliferation of SBU categories has inhibited effective information-sharing within the federal government. Reading the draft regs, I worry also that this section would inhibit the ability of local law enforcement and response officials to learn about security at chemical facilities within their jurisdiction. This would be unfortunate, since these are the officials who will be on the scene before the feds if an attack occurred.

Overall, these draft regs confirm my earlier concerns that the language in the final appropriations bill would turn out to be insufficient. Congress needs to step up to the plate again in the 110th Congress on this issue, building off of the earlier proposals that passed the two homeland security committees. And concerned citizens can submit comments at regulations.gov (docket # DHS-2006-0073) by the Feb. 7th deadline.

December 21, 2006

DHS defends ATS

Filed under: Border Security,Risk Assessment — by Christian Beckner on December 21, 2006

DHS Asst. Secretary for Policy Stewart Baker spoke at a forum at CSIS yesterday, and defended the recently-criticized Automated Targeting System, as noted in this GCN story and this Reuters piece:

The U.S. Automated Targeting System, or ATS, a computerized program that collects personal data on travelers and retains it for up to 40 years, has come under fire in recent weeks from rights activists who say it violates privacy laws and a congressional-funding ban.

But Stewart Baker, assistant secretary of the Department of Homeland Security, said the system’s critics are either “paranoid” or don’t understand that ATS assigns risk ratings only to cargo.

“We have risk scores for cargo,” Baker told a forum hosted by the Center for Strategic & International Studies.

“I don’t think that we’re scoring human beings, and we’re certainly not keeping score on them,” he said. “We do an assessment of people when we look at the data. But that could vary from flight to flight, day to day.”

I’ve maintained since this story started to break in early November that the concerns about this program have been overstated by its recent critics, and I’m glad to see DHS finally pushing back and defending the program. There needs to be more clarity about how ATS-P works and how information is saved and stored within it, but it clearly has a valid role within the broader border and traveler entry system, and is worthy of a vigorous defense.

Update (12/21): Here are Baker’s remarks from the CSIS event.

Update (12/29): The full transcript from the CSIS event is available here.

New docs from the DHS privacy committee

Filed under: Privacy and Security — by Christian Beckner on December 21, 2006

The DHS Privacy and Data Integrity Advisory Committee has released several interesting documents within the last week, including a report entitled “The Use of Commercial Data” and the transcript of its September advisory committee meeting: Part 1, Part 2. The latter documents transcribe interesting discussion at this meeting on issues related to the Privacy and Civil Liberties Oversight Board, the Office of Screening Coordination at DHS, and progress on establishing an effective traveler redress system.

IG assesses DHS management challenges

Filed under: DHS News,Organizational Issues — by Christian Beckner on December 21, 2006

The inspector general of the Department of Homeland Security released a very informative report yesterday that surveys the major management challenges currently facing DHS. The report contains a number of interesting sections and pieces of information, including:

  • An assessment of the key management and technology challenges that FEMA is still facing in the aftermath of Hurricane Katrina;
  • A discussion of the challenges of financial management within DHS, and the steps that Department needs to take to address these challenges;
  • An announcement, not mentioned previously by DHS, of plans to overhaul and integrate the Infrastructure Protection office’s multiple vulnerability assessment programs (e.g. National Asset Database, RAMCAP) into a single new Infrastructure Information Collection Program.

Overall, a useful and informative report about the challenges still facing DHS. I think it shows that DHS has been making progress on some key challenges, but that there is still has room for improvement in many critical areas.

For media coverage of the report, see this Federal Times story and this GovExec piece.

December 18, 2006

Port of NY/NJ makes security recommendations

Filed under: Port and Maritime Security — by Christian Beckner on December 18, 2006

The Port Authority of New York and New Jersey issued a press release today summarizing the recommendations of a port security taskforce that they’ve convened over the past year. The key recommendations:

  • The adoption of federal legislation sanctioning minimum mandatory cargo security standards that use innovative technology and business practices to monitor every cargo shipment.
  • The presidential appointment of a National Port and Cargo Security Director, reporting to the Director of Homeland Security, who has ultimate responsibility and accountability for coordinating port and cargo security activities throughout the various federal agencies as well as the international community.
  • Establishment of a nationwide “Port Security User Fee,” not later than January 1, 2008, dedicated exclusively to U.S. ports based on size, cargo volume and risk. This fee would be used to offset capital and operating costs incurred by port facility owners/operators associated with security installations and operations.
  • Establish response and recovery plans that are unique to the regional environment of each U.S. port, allowing individual ports to return to “normal business” as efficiently as possible after a disaster. Mandate and conduct annual exercises that test the quality of each port’s response and recovery plans.
  • Adopt federal legislation that requires every regulated maritime facility and Coast Guard Captain of the Port to implement a comprehensive risk-management plan that will form the basis for resource allocation decision making, similar to the protocols for other state, urban area and mass transit funding.

It’s unclear whether these recommendations are part of a larger task force report; if so, I don’t see it yet on the PANYNJ website. But I’ll post an updated link if one appears.

Update (1/4/07): Here’s the full task force report.

National Strategy for Aviation Security in the works

Filed under: Aviation Security — by Christian Beckner on December 18, 2006

A few months ago, Heritage Foundation scholar Jim Carafano wrote a memo proposing the need for the government to develop a “national air security strategy,” similar to the National Strategy for Maritime Security. Around that same time, the White House issued a still-classified directive (HSPD-16 / NSPD-47) on aviation security, about which few details are publicly known.

Consistent with this recommendation and directive, the federal government seems to be developing a National Strategy for Aviation Security. A Google search of this phrase reveals a link to the entry page for a TSA webboard where there is a menu option titled “National Strategy for Aviation Security.” The Google search also reveals a couple of other references to the Strategy, i.e. the program for an aviation conference in Oregon, within which one of the speakers’ bios references it.

The development of this Strategy prompts a number of questions. Is it still under development, or has it been finished and quietly disseminated inside the federal government? Are there plans to make it public, or will this be like the frequently-panned National Strategy for Transportation Security, which was a classified document and never published? Which non-governmental stakeholders have been consulted in the development of this Strategy?

Hopefully we’ll see a public version of this National Strategy in the next year, following the model of the National Strategy for Maritime Security, which has served its purpose since publication as a useful reference strategy for all maritime security stakeholders.

New issue of JHSEM online

Filed under: General Homeland Security — by Christian Beckner on December 18, 2006

The Journal of Homeland Security and Emergency Management’s latest issue (Vol. 3, Issue 4) is now online. The full-length articles within it are:

  • Terrorist Attacks against Children: Vulnerabilities, Management Principles and Capability Gaps, Mark Brandenburg and James L. Regens
  • A Précis of Suicide Terrorism, Daniel B. Kennedy
  • Cybersecurity: From Ad Hoc Patching to Lifecycle of Software Engineering, Clyde G. Chittister and Yacov Y. Haimes

There are also a number of book reviews and shorter pieces in the issue.

The Daily Show looks at security tech

Filed under: Humor,Technology for HLS — by Christian Beckner on December 18, 2006

New on YouTube, a Daily Show oldie-but-goodie on homeland security technology:


A “Senior” Freight initiative?

Filed under: Humor — by Christian Beckner on December 18, 2006

As noted here previously, DHS announced the launch of the Secure Freight Initiative on December 7th. But UPI seems to think that this project has a different name:

The U.S. Departments of Homeland Security and Energy have launched a new Senior Freight Initiative to boost port security.

Or could this be some distinct new initiative by DHS? Are the elderly going to inspect cargo? Or is DHS now planning to inspect them? What does the AARP think about this? ;)

December 15, 2006

Book Review: “Overblown”

Filed under: General Homeland Security,Risk Assessment,Terrorist Threats & Attacks — by Christian Beckner on December 15, 2006

Last month Ohio State University professor John Mueller published the book “Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them.” The book expands upon his article in Foreign Affairs earlier this fall entitled “Is There Still a Terrorist Threat?” (which I reviewed in this post). Mueller has taken these arguments on the road recently, with an appearance on The Daily Show (Part 1, Part 2) in October and a policy event at the Cato Institute earlier this week.

The book makes three main arguments: (a) the terrorist threat is overstated today, (b) we’re exacerbating the threat by believing that it’s serious, and (c) there is now a “terrorism industry” that has a vested interest in maintaining public alarm.

These are all topics that are worthy of debate. You can read my earlier critique of (a) in this post on his Foreign Affairs piece. I partially agree partially with (b); it is imperative that our leaders avoid fearmongering, and that we take steps to make our society more resilient to avoid adverse secondary effects from disruption. And I think (c) uses a cheap epithet to make a blanket ad hominem criticism of anyone who believes that the terrorist threat is serious and consequential.

But unfortunately, Mueller undermines the basis for this debate by using false and misleading examples and statistics in numerous places in the book. For starters, take the opening paragraphs of his Introduction:

Upon discovering that Weeki Wachee Springs, his Florida roadside water park, had been included on the Department of Homeland Security’s list of over 80,000 potential terrorist targets, its marketing and promotion manager, John Athanason, turned reflective. “I can’t imagine bin Laden trying to blow up the mermaids,” he mused, “but with terrorists, who knows what they’re thinking. I don’t want to think like a terrorist, but what if the terrorists try to poison the water at Weeki Wachee Springs?”

Whatever his imaginings, however, he went on to report that his enterprise had quickly and creatively risen to the occasion – or seized the opportunity. They were working to get a chunk of the counterterrorism funds allocated to the region by the well-endowed, anxiety-provoking, ever-watchful Department of Homeland Security.

Which is the greater threat: terrorism, or our reaction against it? The Weeki Wachee experience illustrates the problem.

This sounds terrible, right? Another example of people being opportunistic and unjustly trying to grab that homeland security cash?

Not really. Unlike John Mueller, I wrote earlier this week to John Athanason, the manager of Weeki Wachee who is quoted in the passage above. This was the first that he had heard about his inclusion in this book. Athanason quickly wrote back to me and clarified the story (emphasis his):

You don’t see anywhere in the press about the park getting money for the “terrorism threat”, because the attraction was never intended to get any money.

In the state of Florida, each and every county had one request given to them by Homeland Security. Within your county, where would the most likely target occur in the event of a terrorist attack? Within Hernando County, our attraction was listed by our local authorities because we have a venue that attracts a large number of people at any given time. We did not pursue any money, nor did we ever apply for any money. All communication went directly to the local authorities to see what supplies they would need to assist them in any crisis, if one were to happen. We have never received any amount of money from Homeland Security.

The reality is the exact opposite of what Mueller reports in his book. The actions of Athanason and the Florida officials were appropriate across the board. I’m surprised that Mueller or someone from Simon & Schuster didn’t double-check this story, especially given the fact that it kicks off the book, and is mentioned repeatedly later in the book and in his remarks as the paragon of homeland security waste. This is just plain shoddy.

And so it goes throughout the book and in his public remarks. For example:

  • The end of my earlier blog post mentions one such statistical miscalculation, in his comparison of bathtub deaths to deaths by acts of terrorism.
  • He miscalculates aviation security spending on page 31 of the book, suggesting that TSA spends $4 billion on airline passenger screening, another $4.7 billion on “zapping checked baggage”, and another half-billion on air marshals. That adds up to $9.2 billion, but the actual entire TSA budget in FY2007 is $6.4 billion – he’s clearly double-counting somehow.
  • In his remarks at Cato on Wednesday, he noted that federal law enforcement prosecutions have suffered because of attention to terrorism – a statement that this chart seems to contradict.
  • He suggested in those same remarks that zero people have been killed by acts of terrorism within the United States since 9/11 – an untrue statement, and one that is disrespectful to the families of the victims of the anthrax attacks.
  • Also in those remarks, he dismissed the relevance of the UK aviation plot to the U.S. aviation system because it was “on a different continent.” Does he not realize that the plotters were intending to fly to the United States? And that our aviation system is inherently global in scope?

I could go on, but you get the point. This book is wrong in its key points and misleading in its details. It paints a falsely benign picture of the terrorism threat – a viewpoint which could lull us into a dangerous sense of complacency were it to be increasingly accepted. We need to overcome our fears, live resolutely, and build a culture of preparedness and resilience into our societies, but we should not for a minute become complacent about the real and persistent threats that we face.

HLS in DC, Dec. 18-22, 2006

Filed under: Events — by Christian Beckner on December 15, 2006

Below is a list of homeland security policy events in the DC area next week (as well as the occasional listing outside of DC). This will be the last such events list in 2006. Please note that many events require prior invitations and/or RSVPs.

12/18: National Press Club event with White House Homeland Security Advisor Fran Townsend on “Preparing for a Pandemic: The National Strategy for Pandemic Influenza.” National Press club, 529 14th St NW, 10am.
12/18: CSIS event on “Avian and Pandemic Influenza: Bamako Conference Briefing.” 1800 K St NW, 2pm.
12/19: CSIS event with DHS Asst. Secretary Stewart Baker on “Terrorist Screening and Privacy Issues.” 1800 K St NW, 11am.
12/19: National Security Telecommunications Advisory Committee meeting. 1615 H St, NW, 1pm.
12/20: Washington Foreign Press Center briefing with DHS Acting Asst. Sec. for International Affairs Paul Rosenzweig on “”Review of 2006 for the Department of Homeland Security and Priorities for 2007.” 14th and F St NW, 4pm.

(Please e-mail me if you have suggestions about additions to this list for this week, or future weeks).

US-VISIT: No Exit?

Filed under: Border Security — by Christian Beckner on December 15, 2006

The New York Times reported today that DHS, in an elaborate tribute to Jean-Paul Sartre, is planning to scuttle the “exit” portion of the US-VISIT program, based on the belief that developing such a system is technologically infeasible and would cost too much to implement. This represents a 180 degree turn from a report in mid-November which suggested that DHS was moving forward within the exit portion of US-VISIT. From the NYT story:

Domestic security officials, who have allocated $1.7 billion since the 2003 fiscal year to track arrivals and departures, argue that creating the program with the existing technology would be prohibitively expensive.

They say it would require additional employees, new buildings and roads at border crossings, and would probably hamper the vital flow of commerce across those borders.

….Efforts to determine whether visitors actually leave have faltered. Departure monitoring would help officials hunt for foreigners who have not left, if necessary. Domestic security officials say, however, it would be too expensive to conduct fingerprint or facial recognition scans for land departures. Officials have experimented with less costly technologies, including a system that would monitor by radio data embedded in a travel form carried by foreigners as they depart by foot or in vehicles.

Tests of that technology, Radio Frequency Identification, found a high failure rate. At one border point, the system correctly identified 14 percent of the 166 vehicles carrying the embedded documents, the General Accountability Office reported.

DHS’s decision to not move forward on an exit system is criticized by members of Congress from both parties in the NYT piece, in large measure due to the fact that it’s already been ten years since Congress created the legislative mandate for an entry-exit system.

As I noted in my previous post on the exit system, I think the develop of an exit system is a critical part of a border security strategy, and I’m concerned by the idea of scuttling this activity. To be sure, there are real challenges with this in terms of the land border infrastructure (e.g. very few exit “lanes” at major border checkpoints today, creating the need for significant amounts of construction), but many of the other technology issues should be feasible; for example, why did DHS’s RFID test only work 10% of the time when RFID-based EZPASS works with nearly 100% reliability?

For more info, you can read the GAO report on US-VISIT that is mentioned in the story at this link.

New Civitas report on homeland security market

Filed under: Business of HLS — by Christian Beckner on December 15, 2006

The homeland security strategy advisory firm Civitas Group LLC released a report this week entitled “The Homeland Security Market: Essential Dynamics and Trends”, updating a 2004 report on the same topic (full disclosure: I was a co-author of that earlier paper). The new report contains some valuable insight into the state of the homeland security market, in particular the section from pages 8-11 on “dominant market characteristics,” which outlines nine top-level issues that people need to understand about the homeland security market. As with the earlier version of the report, I think that it’s an objective and sober take on the homeland security market, in contrast with other reports of this ilk that forecast multi-gazillions of dollars of DHS spending in the coming years.

TSA issues draft rail security regs

Filed under: Ground Transport Security — by Christian Beckner on December 15, 2006

TSA held a press conference this morning to release a Notice of Proposed Rule Making (NPRM) for rail security regulations. The complete draft regs are available at this link, and will be open for comment for the next 60 days. The press release describes the major measures within the regs:

The proposed rule is part of a package of new security measures that will require freight rail carriers to ensure 100 percent positive hand-off of Toxic Inhalation Hazard (TIH) materials, establish security protocols for custody transfers of TIH rail cars in the high threat urban areas, and appoint a rail security coordinator to share information with the federal government, as well as formalizing the Transportation Security Administration’s (TSA) freight and passenger rail inspection authority.

This AP story and this NYT piece discuss the draft regs and offer some initial reactions to them from Capitol Hill.

At first glance, the portions of the NPRM that deal with hazardous materials on freight rail look solid; this is a high-risk segment of the broader rail environment, and safeguards on the security and chain of custody of hazmat rail cars is needed, going beyond what has generally been a relatively solid effort to date by the freight rail industry. But the NPRM essentially punts the ball on the topic of passenger rail, beyond establishing some vague reporting requirements. While it’s true that passenger rail security is inherently difficult in comparison with aviation security, given the open nature of rail and transit systems, I would have expected more of a discussion of these passenger issues in the regs.

December 14, 2006

House reforms intelligence oversight

Filed under: Congress and HLS,Intelligence and Info-Sharing — by Christian Beckner on December 14, 2006

Incoming House Speaker Nancy Pelosi announced the creation today of a new Select Intelligence Oversight Panel within the House Committee on Appropriations, the role of which would be to bridge the gap between intelligence oversight and authorization at the HPSCI and intelligence spending, which is largely controlled today by the Subcommittee on Defense of House Committee on Appropriations. This change is part of the incoming Congress’s efforts to implement the 9/11 Commission Report recommendations, and is specifically responsive to Recommendation #33 in the 9/11 Commission Report (see pages 20-21 here). It runs counter to a Washington Post story from November which suggested that reorganization of intelligence authorities was unlikely to take place in the House, given opposition to the idea among House appropriators.

Next Page »