Homeland Security Watch

News and analysis of critical issues in homeland security

May 28, 2008

Touting “Youth” and “Vitality,” McCain Suggests Nuclear Position of Treaties, Existing Policies, and Elimination of Nuclear Weapons

Filed under: Radiological & Nuclear Threats — by Jonah Czerwinski on May 28, 2008

Republican presidential candidate Senator John McCain yesterday outlined his views on nuclear weapons, proliferation, and America’s role in pursuing a world altogether free of nuclear weapons. His speech in Denver invoked a number of pre-existing programs, but also offered some bold departures from the Bush Administration.

HLSwatch.com takes a look at the speech to break it down to its basics in the hope that we might find some residual homeland security benefits in this position. I’ll leave it to ArmsControlWonk.com and others to dissect the proposals about the weapons postures and treaty nuances, such as the Fissile Material Cut-off Treaty and the special arrangements with India.

Senator McCain’s speech began with a description of America in carefully chosen words. “…We remain a young nation,” proclaimed the candidate. “We still possess the attributes of youth — spirit, energy, vitality, and creativity,” McCain explained. In sum, he asserted that “America will always be young.” Wonder what he’s getting at.

The rest of McCain’s speech unfolds with lofty goals representing a departure from what GOP politicians have embraced over the last couple decades, along with some commitments to keep the status-quo. In the Maverick mold, McCain:

• Recommends that “America must be a good citizen of the world – leading the way to address the danger of global warming and preserve our environment, strengthening existing international institutions and helping to build new ones, and engaging the world in a broad dialogue on the threat of violent extremists….”

• Adopts Reagan’s goal that “our dream is to see the day when nuclear weapons will be banished from the face of the Earth.”

• Proclaims that “It is my hope to move as rapidly as possible to a significantly smaller [nuclear] force.”

Of course, he couldn’t resist repeating a reference to a part of Senator Obama’s foreign policy. McCain claimed that “some people seem to think they’ve discovered a brand new cause, something no one before them ever thought of. Many believe all we need to do to end the nuclear programs of hostile governments is have our president talk with leaders in Pyongyang and Tehran, as if we haven’t tried talking to these governments repeatedly over the past two decades.”

While half-truths can be avoided in this presidential campaign, some things will never change: No policy speech is complete without the requisite strawman statement.

“Others think military action alone can achieve our goals, as if military actions were not fraught with their own terrible risks. While the use of force may be necessary, it can only be as a last resort not a first step.” Not exactly the stuff of a Maverick.

On to “the how” of it: Following is a breakdown of what McCain proposes in this nuclear weapons position. The very first move isn’t all that exciting: He would ask the Joint Chiefs of Staff to “engage in a comprehensive review of all aspects of our nuclear strategy and policy.” (Homework that any new President would assign.) Regardless of the outcomes of that study, McCain stakes out some preordained positions. They can be organized as selectively embracing current efforts underway, pursuing new dialogues with other countries (emphasis on Russia and China), and familiar counter-proliferation measures (that noticeably leave out the detection mission).

Stay on the current track:
• Continue to deploy a safe and reliable nuclear deterrent, robust missile defenses and superior conventional forces that are capable of defending the United States and our allies.

• Seek to reduce the size of our nuclear arsenal to the lowest number possible consistent with our security requirements and global commitments.

• Continue America’s current moratorium on nuclear testing.

• No new nukes, except the ones we want:

“I would only support the development of any new type of nuclear weapon that is absolutely essential for the viability of our deterrent, that results in making possible further decreases in the size of our nuclear arsenal, and furthers our global nuclear security goals.”

New dialogues with other countries:
• Seriously consider Russia’s recent proposal to work together to globalize the Intermediate Range Nuclear Forces Treaty.

• Russia and the United States should reduce – and hopefully eliminate – deployments of tactical nuclear weapons in Europe.

• Share with Russia early warning data and prior notification of missile launches.

• Begin a dialogue with China on strategic and nuclear issues to achieve “the greatest possible transparency and cooperation on nuclear force structure and doctrine.”

• Work with China to encourage conformity with the Non-Proliferation Treaty, including working toward nuclear arsenal reductions and toward a moratorium on the production of additional fissile material.

Counter-proliferation measures:
McCain wants to strengthen authorities and capabilities of the Proliferation Security Initiative, increase funding for U.S. non-proliferation efforts, including the Cooperative Threat Reduction programs established by the Nunn-Lugar legislation, and ensure the highest possible standards of security for existing nuclear materials.

Nothing here on improving the science and strategy behind detecting the illicit movement of special nuclear material. It is hard to discern why McCain would have left out the effort to detect smuggled nuclear weapons, an initiative this country has supported since the Manhattan Project.

The candidate agrees with the need to build an international consensus that “exposes the pretense of civilian nuclear programs as cover for nuclear weapons programs.” McCain also asserts that the most effective way to prevent this practice is to limit the further spread of enrichment and reprocessing. To persuade countries to forego enrichment and reprocessing, he would support international guarantees of nuclear fuel supply to countries that renounce enrichment and reprocessing, as well as the establishment of multinational nuclear enrichment centers in which they can participate.

McCain concedes that the Iranian government has so far rejected this idea. His solution: “Perhaps with enough outside pressure and encouragement, they can be persuaded to change their minds before it is too late.” As if we haven’t tried talking to these governments repeatedly over the past two decades….

May 27, 2008

Customs-Trade Security Program Scrutinized

Filed under: Port and Maritime Security — by Jonah Czerwinski on May 27, 2008

The Government Accountability Office today released its assessment of the Customs-Trade Partnership Against Terrorism (C-TPAT), a program by the Department of Homeland Security intended to reduce security scrutiny of importers, port authorities, and air, sea and land cargo carriers if these parties commit to self-imposed security standards. GAO finds that C-TPAT has gaps that terrorists could exploit to smuggle weapons of mass destruction in cargo containers.

C-TPAT is the federal program established after 9/11 to discover or deter a potential terrorist attack on or use of commercial cargo passing through 326 of the nation’s airports, seaports, and land crossings.

GAO is also currently investigating the DHS programs focused on combating the threat of smuggled nuclear weapons, specifically those managed by the Domestic Nuclear Detection Office. They have expressed a specific interest in the strategy aspects of how the global nuclear detection architecture figures in. This line of inquiry quickly gets us to the topic of port security in light of the 9/11 Act and its corresponding mandate for 100% scanning of all cargo en route to U.S. ports and corresponding programs like C-TPAT.

The nearly 8000 commercial participants in the C-TPAT program are granted reduced scrutiny of their cargo in exchange for submitting a security plan meeting U.S. Customs and Border Protection’s standards and allowing CBP officials to verify (even at random) implementation of their measures.

According to AP reporting on the GAO findings, under C-TPAT:

• Companies are certified based on self-reported security information that Customs employees use to determine if minimum government criteria are met. But due partly to limited resources, the agency does not typically test the member company’s supply-chain security practices and thus is “challenged to know that members’ security measures are reliable, accurate and effective.”

• Customs employees are not required to utilize third-party or other audits of a company’s security measures as an alternative to the agency’s direct testing, even if such audits exist.

• Companies can get certified for reduced Customs inspections before they fully implement any additional security improvements requested by the U.S. government. Under the program, Customs also does not require its employees to systematically follow up to make sure the requested improvements were made and that security practices remained consistent with the minimum criteria.

I hope to give this GAO report a closer read today, but readers are encouraged to weigh in on the study if they’ve already culled through it in detail. In the meantime, keep an eye out for coverage of the House Homeland Security Committee hearings on resilience in Congressional Quarterly.

May 22, 2008

International Security and Business Communities Take on Cyber Threat

Filed under: Cybersecurity — by Jonah Czerwinski on May 22, 2008

Seven NATO nations signed documents last week formally establishing a Cooperative Cyber Defence (CCD) Centre of Excellence (CoE) in Talin, Estonia. The International Multilateral Partnership against Cyber-Terrorism (IMPACT) will convene at least 30 governments at its summit this week.

NATO’s new CoE will conduct research and training on cyber warfare and have a staff of 30, half of them from sponsoring countries Estonia, Germany, Italy, Latvia, Lithuania, Slovakia, and Spain.

The agreement to form NATO’s Cooperative Cyber Defence CoE comes a year after a major cyber attack on Estonian government and private sector institutions. NATO’s Defense Ministers called for the development of a NATO cyber defense policy at their October 2007. The policy was adopted earlier this year.

The policy includes a Cyber Defence Management Authority that will manage cyber defense across all NATO’s communication and information systems and could support individual allies in defending against cyber attacks in the event of an Article V (mutual defense) request.

On the other side of the world, a new public-private partnership will meet in Malaysia to bring together government leaders and industry to address global cyber security. The International Multilateral Partnership against Cyber-Terrorism (IMPACT) received about $30 million in funding from the government of Malaysia and is currently convening its multilateral summit with about 30 governments represented.

May 20, 2008

DHS Promotes DIY for Hurricane Prep

Filed under: Preparedness and Response — by Jonah Czerwinski on May 20, 2008

Homeland Security Secretary Chertoff and FEMA Administrator Paulison sat down yesterday with HLSwatch.com, Rich Cooper of SecurityDebrief, and John Solomon of In Case of Emergency Blog to discuss the Department’s preparedness efforts as hurricane season approaches. The dominant theme was devolution: states and individuals can and should do a lot more to prepare themselves for emergencies and to manage for the first 72 hours without federal support if necessary.

A lot was learned from Hurricane Katrina in which local and state response capabilities were overwhelmed and the federal government was caught flat footed. Paulison explained yesterday that the previous framework wherein the state would respond after the local authorities failed, and then the federal government would engage only after the states failed was proven to be flawed.

The new paradigm gets the Feds involved from the outset, but within limits. Moreover, DHS now expects states and individuals to do a lot more for themselves than was previously expected of them. For example, individuals are expected to self-select out of the government support efforts if they can help themselves. We heard the Secretary recap situations when people in Louisiana and Florida lined up for emergency food and water supplies from FEMA when they had the money and means to go to the open grocery stores and buy it for themselves.

Chertoff probably didn’t mean to imply that these hurricane victims were exploiting the government selfishly. This phenomenon may actually reflect a type of information vacuum. We did not discuss in detail the sort of communications efforts that may inform victims that other options exist than FEMA’s free supplies.

We did discuss another information/communications program that Chertoff and Paulison believe should be shouldered by the states. The Integrated Public Alert and Warning System (IPAWS) was piloted by DHS last year as a means of delivering warning and emergency response information to blind and deaf people in areas endangered by hurricanes. The program was praised, but when the pilot ended the Department did not re-up the contract. This is the responsibility of the states, according to DHS. At a cost of roughly $1 million per year per state, Chertoff suggested this was minimal for states to pay given the obvious benefits of the program. I think he’s right.

Of course, the feds have a significant responsibility in helping to minimize the impact of natural disasters. There are some things DHS just can’t devolve to states and demand of individuals. Paulison described the “prescripted mission assignments” that DHS, Defense, and other agencies drafted to preload authorities and responsibilities for more timely federal engagement in emergency response. The Department also lined up pre-signed contracts with private sector entities to provide supplies where needed. For example, Home Depot could deliver water from one of its nearly 2000 locations, likely to be closely positioned to a crisis zone.

There is no question that emergency response and preparedness are the responsibilities of the federal government, states, and individuals. Clearly a lesson this DHS leadership learned from Katrina was that states and individuals can do a lot more the next time around. Its also clear that the Administration that presided over the Katrina response is going to have a difficult time communicating a “do-it-yourself” strategy. Fortunately, the kinds of proposals we heard yesterday are not a stretch. Encouraging the capable to get out of line for a handout so that FEMA can focus on the truly needy is an American value that just about anybody will embrace. Let’s hope the message isn’t overshadowed by the messenger.

May 19, 2008

Chertoff, FEMA Chief Meet with HLSwatch Today

Filed under: Preparedness and Response — by Jonah Czerwinski on May 19, 2008

The third “blogger roundtable” convenes this afternoon, this time the Secretary of Homeland Security is accompanied by the head of FEMA to discuss the upcoming hurricane season. Topics related to this month’s hearings on the topic of a resilience-based strategy for DHS, as well as the new draft National Incident Management process, will figure into our discussion. Submit a comment below if you have any specific questions in this general subject area that you would like raised during the roundtable.

May 15, 2008

House Homeland Subcommittee Sheds Light on Resilience

Filed under: Infrastructure Protection,Strategy — by Jonah Czerwinski on May 15, 2008

Yesterday the Transportation Security and Infrastructure Protection Subcommittee held its hearing entitled “Partnering with the Private Sector to Secure Critical Infrastructure: Has the Department of Homeland Security Abandoned the Resilience-based Approach?”

I had the opportunity to testify along with DHS Assistant Secretary Bob Stephan, Bill Raisch of the International Center for Enterprise Preparedness at NYU, Dr. Kevin Stephens, Director of the New Orleans Health Department, and Shawn Johnson, Vice Chairman (soon-to-be chair), Financial Services Sector Coordinating Council. Dr. Stephens provided stark details about the state of the health system’s ability to manage another crisis in New Orleans, given the poor state of the infrastructure there nearly three years after Hurricane Katrina.

The 14th is part of a month of hearings the Homeland Security Committee is dedicating to resilience. Wednesday’s hearing focused on clarifying exactly how DHS views resilience as a priority in the overall strategy of the Department and on identifying ways that DHS can do better in working with the private sector to increase our resilience. Perhaps the best way to paraphrase everyone’s position would be as follows:

Chairwoman Jackson-Lee: Resilience should be part and parcel of the nation’s effort to protect the homeland. To do so requires that DHS effectively share threat information with the private sector, measure resilience (since protection can’t be measured: when is enough, enough?), and think creatively about the enterprise value to a company that invests in resilience. Citing the number of times we use the term resilience isn’t proof enough that action is being taken.

A/S Stephan: We already do resilience. It is mentioned ## times among our existing documents, such as the National Infrastructure Protection Plan (NIPP), the National Response Framework, and various sector specific documents. Through the NIPP, sector-specific plans are developed to accomplish the goal of security, resiliency, and preparedness. Moreover, the emphasis on resilience is a red herring generated by some in academia and think tanks to suggest that (a) DHS is misguided and (b) we ought to sacrifice efforts to prevent and protect in order to bounce back from likely fatal attacks.

Czerwinski: Resilience is more than the ability to “bounce back.” Measures to make the private sector more resilient must provide a “double bottom-line” that delivers both the ability to minimize the impacts of terrorism or natural disasters, but also the value of increased performance and improved commerce during the majority of the time when a threat isn’t present. Doing so requires connecting effectively across the sectors with a balanced approach to three key factors: strategic human capital, technology, and governance. Naturally, the framework offered in our paper on Global Movement Management would be a brilliant step forward.

Johnson: Nothing to see here. The Financial Services Sector has worked closely with the Treasury Department since long before 9/11 to manage an interdependent relationship among partners and competitors in this sector. DHS, through the FS-Sector Coordinating Council, works well in coordinating our efforts to be resilient, which for this sector means the ability to get business back online if ever a disruption were to interrupt our operations. I wouldn’t change a thing.

Raisch: If resilience is the goal, then a method to measure or assess progress is indispensable in order for businesses to determine if their investments in resilience are actually accomplishing anything and to be able to claim to stakeholders or possible adversaries that they are prepared to manage a crisis or disruption. Voluntary accrediting measures provided for in the 9/11 Act (H.R. 1) require the government to take the initiative “as a catalyst and investor in this process.”

Stephens: Help.

Main take-away is this: Resilience is still a complex concept that can be approached from a variety of different angles. DHS is doing a lot to make sure the private sector is prepared and protected, but more can be done through an overarching framework that recognizes the interdependencies among the different sectors and the ways in which the risks of the 21st century make those interdependencies more important than any specific sector. Incentivizing the private sector to take action can be done by embracing a broader definition of resilience to include some level of value that actually improves commerce during those times when no attack or disaster is taking place. Investments in security and performance can be mutually reinforcing, not just mutually exclusive.

The streamed recording is available at the Subcommittee’s website on the hearing.

May 13, 2008

Homeland Transportation & Infrastructure Committee Holds Hearing on Resiliency this Week

Filed under: Congress and HLS,Infrastructure Protection — by Jonah Czerwinski on May 13, 2008

The Transportation Security and Infrastructure Protection Subcommittee convenes its resilience hearing this Wednesday, the 14th. I’ll testify with DHS Assistant Secretary Bob Stephan, Bill Raisch of the International Center for Enterprise Preparedness at NYU, and the Director of the New Orleans Health Department.

The 14th is part of a month of hearings the Homeland Security Committee is dedicating to resilience. Wednesday’s hearing is intended to educate the members on what resiliency really means, what the private sector is doing to achieve resilience, and how DHS can work with the private sector within a framework to promote resilience.

The hearing begins at 2PM in the Homeland Security Committee’s room (311 Cannon House Office Building). Consider attending if you are in WDC. It’ll also stream at the Subcommittee website after the hearing concludes.

Among other things, I intend to describe ways in which the Global Movement Management framework applies to the goal of resiliency and will upload the oral statement later on Wednesday. In the meantime, please feel free to send in your thoughts on the issues in which the Subcommittee is interested for this hearing.

May 10, 2008

FEMA Opens Key Response Plan to Public Comment

Filed under: Preparedness and Response — by Jonah Czerwinski on May 10, 2008

FEMA is accepting comments on the draft National Incident Management System (NIMS). NIMS is a nationwide template for federal, state/local governments, the private sector, and nongovernmental organizations to coordinate in prevention, response, and mitigation efforts. The draft NIMS document is available online at www.regulations.gov, in Docket ID FEMA–2008–0008.

On February 28, 2003, the President issued Homeland Security Presidential Directive–5 (HSPD–5), Management of Domestic Incidents, which directed the Secretary of Homeland Security to develop and administer a National Incident Management System (NIMS).

NIMS is described as a “core set of doctrines, concepts, principles, terminology, and organizational processes that enables effective, efficient, and collaborative incident management.” NIMS also supports the development of technologies that facilitate emergency management and incident response.

The changes in this revised NIMS document are described as “not substantively dramatic, and do not alter the basic NIMS doctrine published in the 2004 version.”

Comments must be received by June 2, 2008 via Federal eRulemaking Portal: http:// www.regulations.gov or through FEMA–POLICY@dhs.gov. Be sure to include the Docket ID FEMA–2008–0008.

Previous questions about the first draft NIMS document asked about the specifics of assigned roles and responsibilities for key participants from the federal, state, and local governments, nongovernmental entities, and the private sector.

According to GAO, the TOPOFF 3 exercise in April 2005 illustrated some uneven uptake of the NIMS framework at the federal level. The FBI, wrote GAO, never fully integrated into and accepted the unified command called for under NIMS…”, “did not appropriately staff the incident command post with its representatives,” and “kept management of the investigation separate from the incident management overseen by the unified command.”

May 8, 2008

The Resilience Debate Begins

Filed under: Infrastructure Protection,Strategy — by Jonah Czerwinski on May 8, 2008

One of our readers offered a healthy does of skepticism about resilience as a concept. I thought it would be valuable to make this part of a new post to follow up the recent coverage of this topic and the hearings in the House this week.

>>[Jonah does] not include concerns about response in this concept: “Turning victims into patients is important for response, but resilience is different.” Yet your guest poster, Robert Kelly, does: “That is the essence of resilience – the ability to rapidly respond to and recover from a catastrophic event.”

I see a difference between response/recovery and resilience. Being resilient should render the ability to respond effectively. However, rapidly flying in emergency food and water to a hurricane zone, for example, to limit the hardship of the victims would be response, while resilience would be building homes less vulnerable to the effects of a hurricane and getting the ports and businesses up and running. (I should note that my guests on this blog don’t have to agree with me and vice versa.)

>>And Steve Flynn includes it among his “four pillars of resilience” in his recent Foreign Affairs piece: “Second is resourcefulness, which involves skillfully managing a disaster once it unfolds…Ensuring that U.S. society is resourceful means providing adequate resources to the National Guard, the American Red Cross, public health officials, firefighters, emergency-room staffs, and other emergency planners and responders.”

It is important to take Steve’s four factors as a whole. If we selected only the third factor — rapid recovery — I could see the point that my separation of response and resilience would be problematic. However, Steve’s factors are robustness, resourcefulness, rapid recovery, and the means to absorb new lessons. Taken together, I think you’d agree that resilience is more than emergency response, but nevertheless dependant on it being executed well.

>>Unfortunately, I think the concept requires a lot of refining. But hopefully these hearings will not be the only cuts at this effort.

I, too, hope these hearings are the beginning of a sustained effort to build in, rather than bolt on, the important capability of resilience. But the concept of resilience already has been refined to a point that enables action. First steps would include making resilience a strategic goal as part of such plans as the Quadrennial Homeland Security Review.

To refine this concept further, consider the following parameters:

  • Resilience should afford a deterrent value: Terrorists are not deterred by fear of retaliation, but by fear of failure. Resilience delivers a deterrent value by reducing the likelihood that the impact of an intentional attack will transpire.
  • Resilience helps to avoid self-inflicted wounds: Resilience — if done right — affords the decision maker the enhanced ability to focus response efforts on the part of the system that is actually stressed.
  • Investments in resilience should be “dual use” in nature: Investments in resiliency not only address vulnerabilities due to terrorist attacks or natural disasters. Resilience also facilitates the global flows of trade/travel.
  • The private sector is an asset first, a target second: This is a critical step toward being able to make the case for private sector engagement. Several options exist.
  • Redundancy is not resiliency. Having costly back-up systems or two of everything is the easy and most expensive way to “bend and not break.” If done correctly, resiliency is more akin to the concept of Intelligent Immunity we put forth in the latest GMM paper.
  • May 7, 2008

    House Homeland Homes in on Resilience

    Filed under: Strategy — by Jonah Czerwinski on May 7, 2008

    Congressman Bennie Thompson, chairman of the House Homeland Security Committee, set the tone for yesterday’s first Congressional hearing on resilience by asserting that America’s strategy for protecting the homeland must balance prevention with resilience since 100% security is unobtainable. Moreover, “we all have a role to play,” he said, implying that resilience is the responsibility of the federal government, states and localities, academia, and the private sector, which explains the presence of DHS, MIT, ATT&T, SAP, and the Homeland Security Center for Risk & Economic Analysis of Terrorism Events at USC as witnesses. Chairman Thompson concluded his opening remarks with his refrain that success in this mission demands “honesty with the American people” and a worthy goal of securing the homeland is that we do so based on a “freedom from fear.”

    DHS Assistant Secretary for Policy, Stewart Baker, represented the federal government and its views on resilience, as well as current efforts to invest in this capability. Much of A/S Baker’s prepared remarks focused on the ability to “bounce back” as the goal of resilience. This is important, but it leaves out other dimensions that make the concept of resilience valuable (i.e. deterrence, measured response, dual use, etc.).

    However, he did emphasize certain efforts to use information more effectively as a resource for alerting populations at risk as soon as an attack or disaster is known to be imminent. Baker cited such measures as “reverse 9/11,” instant messaging, blogs, Google Maps, and twitter as means for fostering an organized response. (Blogs?)

    Mr. Baker did identify at least one area that would generate substantial improvement. He described DHS’s work with the Treasury Department, the Financial Services Sector Coordinating Council Subcommittee for Research and Development, and ChicagoFIRST to develop a risk management tool for the finance sector. This includes a computer simulation of the value chains of a generic financial enterprise to allow organizations to create and run “disruption scenarios tailored to their individual business models, using their own proprietary data as well as generic data for the rest of the financial sector,” according to Baker.

    Professor Yossi Sheffi of MIT broadened the scope of the discussion to include the important ability of obtaining information early in order to act earlier and with more precision. He cited specifically the prerequisite of devolving decision making to the levels closest to the “front lines” in order to be not only quicker in responding, but also more surgical in that response so as to minimize overreactions that risk amplifying the circumstances.

    AT&T’s Susan Bailey echoed this with an explanation that her firm not only prepares for disruptions, but they monitor, pattern, and then profile internet traffic that they support to establish a baseline. Aberrations and abnormalities — often antecedents to cyber attacks — can then be identified and zeroed in on. Indeed, Erroll Southers of the Homeland Security Center for Risk & Economic Analysis of Terrorism Events described how the British implicitly join detection and resilience.

    Several members cited the media coverage yesterday of a study that found a nationwide inability on the part of emergency rooms to manage large and unexpected influxes of patients that would likely follow a terrorist strike or natural disaster. Naturally, A/S Baker had little to say about this. That may be the job of the DHS Medical Advisor or HHS, but it isn’t even resilience in the first place. This scenario describes the need for “surge capacity” in hospitals in order to facilitate an emergency response. Turning victims into patients is important for response, but resilience is different.

    Interestingly, Rep. Lungren invoked a missing aspect of resilience. If “we all play a part,” as the Chairman appropriately notes, then we must find a way for resilience to become a part of the bottom line for the private sector. He raises a good point. While regulations will surely get industry’s attention, the best form of resilience — indeed the best form of homeland security — reduces the risk of terrorist attack or disruption while also improving the facilitation of trade and travel.

    Resilience in the form of redundancy (costly back up facilities or other investments that go unused until disaster strikes) is a blunt measure. Today the Subcommittee on Border, Maritime, and Global Counterterrorism convenes their hearing on “Assessing the Resiliency of the Nation’s Supply Chain.” This is a perfect opportunity to explore smart resilience, as opposed to simply the ability to bounce back.

    May 6, 2008

    Senate Demands Details About New Cyber Initiative

    Filed under: Cybersecurity — by Jonah Czerwinski on May 6, 2008

    Senate Homeland Security and Governmental Affairs Committee issued an eight-page letter to Secretary Chertoff demanding details about the ministration’s new Cyber Initiative. This follows the classified hearing the Committee held on March 4.

    The Comprehensive National Cybersecurity Initiative (CNCI), formally established in January, is intended to strengthen the federal government’s ability to secure the electronic networks and databases of the federal government. According to the Committee, the March hearing included a threat assessment from DHS and the National Security Agency and a review of the interagency roles and responsibilities of the CNCI. The following witnesses testified:

    • Robert D. Jamison, Under Secretary, National Protection and Programs Directorate at the Department of Homeland Security;
    • Melissa A. Hathaway, Cyber Coordination Executive, Office of the Director of National Intelligence;
    • G. Dennis Bartko, Special Assistant to the Director for Cyber at the National Security Agency; and
    • Scott O’Neal, Section Chief, Cyber Division at the Federal Bureau of Investigation.

    The Administration received $115 million for FY 2008 to fund the Cyber Initiative, and another $83 million is being requested for FY09. The Committee puts this into context by explaining the budget request as a three-fold increase over the course of one year.

    Here’s where things get a little tense. Senators Lieberman and Collins, chair and ranking member of the Homeland Security and Governmental Affairs Committee, respectively, yesterday released a letter they sent to Secretary Chertoff asking for specific information about the CNCI, its dependence on contractors, and the potential lack of involvement by the private sector, which owns and/or operates the majority of the nation’s cyber infrastructure.

    Such basic details as the role of the National Cyber Security Center and the authority under which its director was named. In terms of metrics, the Committee would like to know how DHS will determine when the CNCI is succeeding and Einstein is measuring something tangible.

    If I were a betting man, this looks like the beginning of another investigation from the GAO….

    Click here to view the full text of the letter.

    May 4, 2008

    Upcoming Resilience Hearings in the House

    Filed under: Congress and HLS,Events — by Jonah Czerwinski on May 4, 2008

    Full Committee hearing on:
    “The Resilient Homeland – Broadening the Homeland Security Strategy.”

    Tuesday, May 6, 2008 @ 10am
    311 Cannon House Office Building

    Witnesses (partial):
    • Hon. Stewart A. Baker, Assistant Secretary for Policy, Department of Homeland Security;
    • Susan R. Bailey, Ph.D., AT&T Operations, Inc., Vice President Global Network Operations Planning;
    • Professor Yossi Sheffi, Massachusetts Institute of Technology;
    • Mr. Erroll G. Southers, Assistant Chief, Los Angeles Airport Police, Homeland Security & Intelligence Division, Adjunct Professor of Terrorism and Public Policy, Associate Director for Educational Programs, Homeland Security Center for Risk & Economic Analysis of Terrorism Events (CREATE), University of Southern California

    Subcommittee on Border, Maritime, and Global Counterterrorism
    “Assessing the Resiliency of the Nation’s Supply Chain.”

    Wednesday, May 7, 2008 @ 2pm
    311 Cannon House Office Building

    Witnesses (invited/partial):
    Admiral Thad Allen, Commandant, U.S. Coast Guard, Department of Homeland Security;
    Commissioner W. Ralph Basham, U.S. Customs and Border Protection, Department of Homeland Security;
    • Mr. Robert W. Kelly, Senior Advisor for Homeland and National Security, Reform Institute;
    • Mr. Paul Zimmermann, Director of Operations, Port of New Orleans

    May 1, 2008

    “Resilience” Blooming Into Its Own

    Filed under: Strategy — by Robert W. Kelly on May 1, 2008

    Guest Post

    It won’t just be the flowers blooming in May. With House Homeland Security Committee Chairman Bennie Thompson (D-MS) declaring May as “Resilience Month” in his committee, “resilience” has blossomed from the seed first planted by the likes of Steve Flynn at the Council on Foreign Relations and IBM’s work on Global Movement Management into an influential concept that has attracted the attention of leaders in the public and private sectors.

    I will be one of the many corporate leaders and experts to testify as the House Homeland Committee and each of its subcommittees hold hearings in May centered on resilience. The newfound prominence of the issue on Capitol Hill comes as many firms have made great strides in improving their ability to continue operations in the face of a crisis. That is the essence of resilience – the ability to rapidly respond to and recover from a catastrophic event. As government authorities explore strategies for enhancing national resilience, they must look to the private sector for examples to follow and for opportunities for partnership.

    I was honored to chair a national symposium, Building a Resilient Nation: Enhancing Security, Ensuring a Strong Economy, in New York City at the end of March of this year that brought together business leaders and industry experts to discuss the importance of resilience to our national and economic security. Listening to presentations from speakers representing major sectors of our economy – the supply chain, risk assessment and management, financial, energy and telecommunications – I was inspired by the pioneering efforts of many corporations and also anxious about the enormous work that remains. The Reform Institute will soon release a report with findings and recommendations for enhancing resilience based on the proceedings of the symposium.

    Making resilience a national priority will bring the focus that has been lacking from the mission of DHS since its inception. Resilience can also tap into the energy, resolve and ingenuity of the American people, as opposed to current policy, which views citizens and private industry only as potential victims and targets. And, perhaps most importantly, a national focus on resilience can bring much-needed stability to an economy that has been overwhelmed by market failure, heightened uncertainty, and failing infrastructure.

    A catastrophic event that severely disrupted economic activity could have a devastating effect on our economy. By hardening vulnerabilities such as our infrastructure and supply-chain and generally enhancing the ability of the U.S. to stay open for business during a crisis, we will bolster investor and consumer confidence in our economy. Moreover, every dollar spent on resilience can be a dollar invested in deterrence: targets that don’t fail or generate ripple effects when attacked are far less attractive to terrorists.

    The attention towards resilience is a welcome sign. We must now ensure that resilience becomes a comprehensive plan of action, and not simply an empty slogan. This will require public-private collaboration to implement innovative new systems and programs already being initiated by the private sector, such as SAP’s supply chain management software and CSX’s Network Operations Workstation. It will also demand effective leadership to shepherd these changes through. That will be my message to Congress.

    Robert W. Kelly is Senior Advisor to the Reform Institute’s Homeland and National Security Center.  He is also a Founder and Managing Partner of CenTauri Solutions, LLC, a professional services firm that specializes in high-end consulting and technical services for the public and private sectors.