The Congressional Research Service released a new report recently looking at the agenda for emergency communications legislation in the next Congress, for now publicly available only here at Homeland Security Watch:
December 14, 2006
I just returned from a speech that Sec. Chertoff gave this morning at George Washington University, where he reviewed the Department of Homeland Security’s accomplishments for 2006 and its goals for the next two years. Overall, it was an impressive and very solid speech, one that demonstrated the extent to which he has become stronger in his role as Secretary, particularly over the last six months.
The first part of the speech centered around three “transformative experiences” in the first two years of his tenure at DHS: (1) the increased political spotlight on immigration issues (which led to his reassertion of the need for a temporary worker program); (2) the disrupted UK aviation plot in August 2006 (and TSA’s response); and (3) Hurricane Katrina, which he acknowledged showed that the nation was “not prepared for a major catastrophe.”
He then discussed the Department’s goals and priorities for the next two years, following nearly the same top-level framework outlined two months ago in remarks by DHS Asst. Secretary Al Martinez-Fonts and identifying the following five priorities:
1. Protecting the nation against dangerous people
2. Protecting the nation against dangerous “things”
3. Securing the nation’s critical assets
4. Strengthening response capabilities
5. Making DHS into a more integrated, unified department.
In his discussion of priority #1, he offered a vigorous rebuttal to the recent criticisms of the Automated Targeting System, describing it as an important security tool in the border entry system, noting that 500,000 people were denied entry in 2005 as a result of such border security screening (which I assume refers to visa denials as well as physical denials at Points-of-Entry). And he defended it as constitutional and privacy-protecting, and argued that it was consistent with the 9/11 Commission recommendations and Congressional mandates in the Aviation and Transportation Security Act of 2002. His description of it made it sound like a “link analysis” system, and not a “pattern analysis” system. This distinction is important; whereas the latter type has largely been discredited as a data mining tool for counterterrorism, the former type can be effective if used with well-verified threat data as a starting point.
The rest of the speech contained a handful of interesting factoids for those who follow homeland security issues:
â— DHS will be issuing a Notice of Proposed Rulemaking for interim chemical security regulations “within a few weeks.”
â— DHS will release draft rail security regulations at an event tomorrow (Dec. 15th).
â— DHS has spent a total of $380 million on state/local intelligence fusion centers to date.
â— The Department is currently conducting a survey of 75 high-threat regions to identify interoperability gaps in their communications systems, and will work to close these gaps by the end of 2008, prioritizing homeland security grant funds for this task.
â— DHS will work in the next two years to develop a “joint path” for career development at DHS, one that facilitates the ability of employees to work across the respective agencies within the Department and be rewarded for such cross-agency career progression, in a manner similar to DOD’s drive toward “jointness” over the last twenty years.
Sec. Chertoff concluded his remarks by describing his “lessons learned” over the past two years. He talked about how he has consistently stressed the principles of risk management, cost-benefit analysis, and the need to make difficult choices and prioritize resources. He talked about the challenge of striking the right balance between doing too little and doing too much, criticizing the recently-aired notion that the terrorist threat is somehow “Overblown” and “rather limited.” And he concluded by professing his sense of personal responsibility for the job, describing how he understands that he will need to look into the eyes of victims’ relatives if another attack occurs, and tell them that DHS had done everything that it could.
Overall, a very good speech, and a solid agenda for the next two years. As always, the difficult challenges are in implementation, but a principled and consistent strategic perspective is a necessary starting point for implementing change.
Update (12/14): The AP wire story from the event.
December 13, 2006
This story sounds like something out of an ancient Incan ritual:
If terrorists ever unleashed a biological weapon, unusual molecules normally found in the blood of llamas could quickly help warn of the attack, scientists now report.
Researchers at the U.S. Naval Research Laboratory in Washington and their colleagues experimented with antibodies, which act as the red flags and magic bullets of the body’s personal defense arsenal.
….The researchers generated more than a billion kinds of antibody binding regions in the laboratory based on genes taken from small blood samples from llamas. After testing their antibodies against various biological threats, the researchers found they could within days successfully identify antibodies targeting cholera toxin, a smallpox virus surrogate and ricin, among other known menaces.
The article should be appearing here in the next day or so.
The Trust for America’s Health released an annual report yesterday on the nation’s public health preparedness, giving each of the 50 states grades on their level of preparedness. Oklahoma and Kansas come away with the highest grade, and the four states tied for the lowest ranking are California, Iowa, Maryland, and New Jersey. The complete report is available here.
Back in May of this year, a subcommittee of the DHS Data Privacy and Integrity Advisory Committee released a draft report entitled “The Use of RFID for Human Identification.” That paper prompted a minor controversy within DHS, given the extent to which it questioned the Department’s use of RFID in homeland security programs and applications.
After several months of re-writing, a final version of the paper was approved by the Privacy Committee at its meeting last week. It’s not yet on the DHS website, but the RFID Journal has a copy, which you can download at this link and read about in this article. The article provides a useful discussion of the differences between the first draft and the final draft.
Immigration and Customs Enforcement’s mass roundup of 1,282 illegal alien workers at six Swift & Co. meatpacking plans around the country yesterday has been a headline story today around the country. The Des Moines Register and the Salt Lake Tribune provide local perspective on the story, and DHS issued a press release and held a press conference with Sec. Chertoff and ICE Asst. Secretary Julie Myers to explain the Department’s actions. The latter documents focus on the ‘identity theft’ dimension of these raids, noting that 65 of the people arrested for immigration violations were also charged with identity theft-related infractions. And in his remarks, Sec. Chertoff focused on the administration’s continued desire to create a Temporary Worker Program, something which could potentially mitigate the need for such raids.
Overall, I think these arrests were warranted; without aggressive worksite enforcement, companies will face undue temptations to employ illegal workers, creating a race to the bottom in certain sectors of the economy. The tactics used were exceedingly dramatic – the law enforcement of “shock and awe” – but if that has a deterrent effect on similar scofflaws, then it’s perhaps warranted. However, I am concerned about the way in which some American citizens of Hispanic origin were treated during these raids, as recounted in the aforementioned Salt Lake Tribune story. And it’s undoubtedly true that the need for these types of raids would decrease with the creation of a Temporary Worker Program.
December 12, 2006
The National Governors Association and the National Council of State Legislatures and the ACLU both issued press releases yesterday praising legislation introduced late last week by Sen. Akaka and Sen. Sununu (S. 4117) that would repeal Title II of the Real ID Act and restore Sec. 7212 of the Intelligence Reform and Terrorism Prevention Act, language that established drivers license standards but was superceded by the REAL ID Act when the latter was attached to a wartime supplemental bill in March 2005.
This legislation is likely to reemerge early in the 110th Congress, perhaps as part of broader efforts to pass legislation that implements the 9/11 Commission recommendation. As I discuss on page 11 of the policy memo that I issued last week, Recommendation #18 from the 9/11 Commission on “secure identification” can be tackled either by providing new funding to accelerate the implementation of REAL ID as is, or alternatively, by revisiting its provisions in a way that accelerates efforts to strengthen ID standards.
Update (12/15): A good overview of this legislation at Information Week.
Federal Times had a story yesterday that surveyed the one piece of homeland security-related legislation to emerge from the lame duck session of Congress this past month: the Pandemic and All-Hazards Preparedness Act (S. 3678). From the article:
In its final days, the 109th Congress passed a bill creating a new $1 billion agency to fight bioterror threats.
Called the Biomedical Advanced Research and Development Authority (BARDA), it will fund research into cures for infectious diseases and other biological threats, a field that has drawn limited research from pharmaceutical companies due to its low profit potential. The new agency, to be located in the Health and Human Services Department, is intended to centralize federal efforts against bioterrorism.
The legislation updates the Project Bioshield Act of 2004 (S.15), with the objective of making it easier to fund mid-stage research that bridges the gap between existing biodefense capabilities and long-term biodefense R&D.
The final bill also makes HHS the lead federal agency for medical response in emergencies, taking the National Disaster Medical System out of FEMA and bringing it over to HHS.
In June 2006 I wrote about a plan in Texas to put up live Internet webcams on the Texas-Mexico border as a border security tool. Washington Technology reports today that Texas has completed its initial pilot of this technology:
Texasâ€™ month-long experiment with border surveillance Web cameras is being touted as a success with 221,000 people participating via the Internet, state officials said.
The Texas Border Watch Test Site operated for a month, closing on Dec. 3. During the experiment, live video feeds from border surveillance cameras in Texas were made available on a Web site. Subscribers registered to view the footage and report suspicious activity.
During the month, 221,562 subscribers visited the Web site and viewed footage 27 million times, generating more than 13,000 emails, according to an update on the Texas Border Watch test project.
â€œSome wrote to alert law enforcement officials to suspicious activity, others to recommend improvements to the Web site or offer other comments. Many of the recommendations for improvements to the Web site were incorporated during the test period,â€ the Web site said.
Given these results, Texas should move forward and deploy this on a wider basis. And this is something that other border states should look into as well.
The report that I released last Friday analyzing the implications of the 9/11 Commission recommendations in terms of the agenda for the 110th Congress received media attention yesterday in this story at GovExec. You can download the full report at this link.
The operations research journal Interfaces is publishing an entire issue of homeland security-related articles this month, and highlighted one of the articles in it in a press release in mid-November. That article, entitled “How Effective is Security Screening of Airline Passengers?” attempts to answer a question that has long bedeviled TSA and other aviation screening agencies: what is more effective, risk-based screening or random screening?
The authors, Susan Martonosi at Harvey Mudd and Arnold Barnett at MIT, build a model that includes variables for primary screening effectiveness, secondary screening effectiveness, % of passengers elected for random screening, the effectiveness of the prescreening system, and the terrorists’ deterrence threshold. They test the model several times using different assumptions for these variables, and get results for a range of scenarios that suggest that neither risk-based secondary screening nor random secondary screening is inherently better than the other:
As this simple mathematical model suggests, neither side has made a persuasive case about the effectiveness of airport passenger-profiling systems. Supporters of such systems have focused mostly on the ability of the algorithm to identify terrorists (C), an ability they may well overestimate. They say little about screening effectiveness of both low-risk passengers and selectees (p1) and (p2), yet these effectiveness parameters are crucial to the overall success rate of the system. Skeptics may have given insufficient weight to deterrence (Ï„), because of which, the selection and screening system might prevent attacks even though it falls well short of perfect. Probing the system, as we have seen, could sometimes prevent a terrorist act rather than ensure its success.
They conclude the article by suggesting that improving the baseline screening for all passengers might be a better investment than improving prescreening or secondary screening. Overall, a good article, and a useful exercise in trying to analyze an issue too often guided by intuition or emotion. You can see the descriptions of some of the other articles in this issue of Interfaces at this link.
The Cato Institute published a paper yesterday entitled “Effective Counterterrorism and the Limited Role of Predictive Data Mining” by Cato’s Jim Harper (whose book Identity Crisis I reviewed here last month) and fellow IBMer/blogger Jeff Jonas. The paper argues against the value of pattern-based predictive data mining as a tool for counterterrorism, instead favoring tools that investigate links among and outward from known suspects, using intelligence and detection tools within a more robust information-sharing environment.
This seems to be an emerging consensus viewpoint about predictive data mining; indeed, as the National Journal reported recently, a recent procurement document admitted the challenges that the US government has faced in developing reliable predictive models for counterterrorism applications. There is still a value in using predictiving modeling in limited security applications – e.g. looking for trends among cleared government personnel that would suggest counterintelligence activity (as mentioned in this post) – but in general, other forms of data analysis are more suited for counterterrorism.
Overall, a solid piece. For more on this topic, I would again recommend Mary DeRosa’s Data Mining and Data Analysis for Counterterrorism.
December 11, 2006
The controversy over the passenger component of the Automated Targeting System has simmered over the past month (see my previous posts here and here) in the media and the blogosphere, with the latest feud centering around whether a provision in the FY 2007 appropriations acts prohibits the risk assessment function of the ATS-P. Privacy and civil liberties groups have argued in the past week that it does. DHS has started to fight back against these charges in the media, as exemplified by Sec. Chertoff’s quotes in this National Journal piece by Shane Harris.
You can read the full provision in question, Sec. 514, on pages 25-26 of the FY 2007 DHS appropriations bill (H.R. 5441) at this link. My take on this question is that ATS-P does not violate Sec. 514, which specifically references the domestic Secure Flight program and “any successor programs.” ATS-P is a program that preceded Secure Flight. And all of the references to GAO requirements in Sec. 514 confirm that this was solely written with Secure Flight in mind.
There is one other important difference between the two programs that is also worth pointing out: the domains in which the two programs are used. ATS-P is for inbound international arrivals. Secure Flight, if it were to become operational, would be for domestic air travel. The security imperatives and the personal rights of individuals are inherently different in these two domains. In the domestic realm (Secure Flight), travelers are presumed to be legally in the United States, and the sole purpose of risk assessment is related to risks associated with the air travel. In the international realm (ATS-P), identity is not assumed but needs to be proven, and the government has a legitimate role in determining the identity and nationality of individuals entering the United States as a legitimate assertion of national sovereignty. At borders and points-of-entry, the government has greater authority to conduct search and inspection activities than at any place inside of the country’s borders. This same inherent authority is what, I think, should give the ATS-P system a greater authority to conduct security-related risk analysis than any domestic risk assessment system.
There are some legitimate concerns that the privacy and civil liberties groups have brought forward in the course of this debate, e.g. questioning the rationale for retaining records for 40 years. But overall, I find myself sticking to my original impression of this issue when I first posted about it in early November, and wondering what all the fuss is about.
The Arizona Republic has a story today that discusses efforts by state and local officials to keep Phoenix on the list of cities eligible for the Urban Area Security Initiative. Last January, eleven cities were put on notice that they didn’t make the risk cut-off for the UASI grant program: Phoenix, Sacramento, San Diego, Tampa, Louisville, Baton Rouge, Omaha, Las Vegas, Buffalo, Toledo, and Oklahoma City. These cities were still funded in 2006, but are now subject to be dropped from the UASI program unless they can now prove that they are worthy based on the riskiness of the cities’ assets. This story discusses Arizona’s pitch on that point:
“Phoenix is the country’s fifth-largest city, contains the world’s sixth-busiest airport, and is within 50 miles from the country’s largest nuclear power plant,” McCain wrote. “Phoenix is also one of the country’s top tourist destinations, hosting more than 12 million domestic and international visitors and over 500 conventions each year. . . . Phoenix is neighbor to Luke Air Force Base and less than 200 miles from the U.S.-Mexico border.”
Gordon also points out that the region hosts major sporting events, such as the Super Bowl in 2008.
Some of the eleven cities do deserve to be dropped from the list of UASI recipient cities; the only two that I think have an ironclad case for continued inclusion are Las Vegas and San Diego. Phoenix, Tampa, and Buffalo have the next-best cases to make, and a chance of surviving the cut. The other six cities have a harder sell to make, and I wouldn’t be surprised to see all of them drop off the list of UASI recipients.
The last chapter of the Dubai Ports World (DPW) brouhaha unfolded earlier today, with DPW announcing the sale of their American port assets to an investment arm of the insurance company AIG. While there were undoubtedly concerns with the initial deal that the federal government struck with DPW in the initial CFIUS review of their purchase of P&O Ports (see my initial concerns here), these issues were manageable, and the political melee in February and March following this announcement inappropriately vilified the company. And since that time, DPW has proven its mettle as a world leader in port and supply chain security, becoming the first company in the world certified to meet the ISO 28000 supply chain security standards and just this week earning praise from a Democratic Congressional delegation examining their operations in the Dominican Republic. While this story had a silver lining – a new political focus on port security that led to the passage of the SAFE Port Act – it was also ultimately unfair to DPW, a reality that can’t be reversed, but one that hopefully will lead to more sober responses the next time that a story like this appears on the political radar.
The Department of Homeland Security today announced the appointment of Donald H. Kent Jr. as the new Assistant Secretary for Legislative Affairs at DHS. (The position does not require Senate confirmation). From the press release by Sec. Chertoff:
I am pleased to announce the appointment of Donald H. Kent Jr. as Assistant Secretary for Legislative Affairs at the Department of Homeland Security. Don has been an integral part of the departmentâ€™s outreach to Capitol Hill for the past three years as Deputy Assistant Secretary for Legislative Affairs, and is well deserving of this important promotion.
Since joining the department in January of 2004, Don has been a strong advocate and highly respected representative for the department on the Hill, ensuring close coordination with members and staff on both sides of the aisle. He has played an invaluable role in guiding department officials through Senate confirmations, Hill briefings, and congressional testimony, including my own, as well as relentlessly championing our priority issues. He is a valued counselor on homeland security policy and legislative strategy.
Prior to joining the department, Don was a key member of former Assistant Majority Leader Don Nicklesâ€™ staff, where he served as director of transportation policy as well as having coordinated policy and legislative development on various homeland security issues. Don is a graduate of Roanoke College in Virginia, and resides in Alexandria, Va.