Homeland Security Watch

News and analysis of critical issues in homeland security

August 29, 2008

UN Counter-Terrorism Study Updates Al-Qaeda Threat

Filed under: Terrorist Threats & Attacks — by Jonah Czerwinski on August 29, 2008

According to a new report by the Coordinator of the Al- Qaeda/ Taliban Monitoring Team of the United Nations Security Council, al- Qaeda is enduring a difficult period of weakness. They would be vanquished, in fact, if it were not for the one geographical area where Al- Qaeda has retained influence and consolidated or increased its standing over the last three years: the Afghan-Pakistan border region.

After the 2008 International Terrorism and Intelligence Conference on 9-10 June in London, a group of security experts started publishing a series of papers to address key long-term challenges posed by counter-terrorism and counter-radicalization. The authors of these papers take an integrated approach that considers the diplomatic, military, intelligence and law enforcement communities, as well as cooperation between the public and private sectors.

This latest report is by Richard Barrett, Coordinator of the Al- Qaeda/ Taliban Monitoring Team of the UN Security Council, who serves on the UN Secretary-General’s Task Force implementing the United Nations Global Counter- Terrorism Strategy. Barrett has a particular responsibility for addressing radicalization and extremism that lead to terrorism, terrorist use of the Internet, and terrorist financing.

Barrett explains in this new report that Al- Qaeda’s future largely depends on the safety of the Afghan-Pakistan border region and whether it can maintain its relationship with the Taliban there. The same Taliban that harbored al- Qaeda during the lead up to 9/11 remains the lifeline for al- Qaeda today and it is located right where we left if in 2003: just beyond the Tora Bora.

There is now a Pakistan and Afghan Taliban that are, according to the new report, becoming increasingly distinct. The report’s author suggests that “the most promising option from Al Qaeda’s perspective is to foster and deepen its relationship with the Pakistani rather than the Afghan Taliban.” Good thing the Pakistani government finally outlawed al- Qaeda.

The international community has a role to serve in eliminating al- Qaeda’s most promising option and finishing the job in Afghanistan. However, and the report notes this in detail, the international community must tread lightly. (Not particularly our strong suit these past years.) The experts warn that Al- Qaeda will “fight hard to obstruct the influence of” the central governments in both Pakistan and Afghanistan and will “try to discredit it by arguing that it acts on behalf of external interests; it will aim to provoke further intervention by foreign forces, knowing that this is the one thing all the tribes will unite against.”

After last night’s Democratic convention, I am tempted to round this out with a quote from a speech that Barack Obama gave on August 1, 2007:

“It is time to write a new chapter in our response to 9/11. . . . When I am president, we will wage the war that has to be won, with a comprehensive strategy with five elements: getting out of Iraq and on to the right battlefield in Afghanistan and Pakistan; developing the capabilities and partnerships we need to take out the terrorists and the world’s most deadly weapons; engaging the world to dry up support for terror and extremism; restoring our values; and securing a more resilient homeland.”

August 26, 2008

Cyber Splits Public & Private Sector

Filed under: Cybersecurity — by Jonah Czerwinski on August 26, 2008

Whatever happened to the public-private partnership? There may be a disconnect between what the private sector says is necessary to better secure cyber space and what the government is willing to do, according to a piece the LA Times runs today highlighting a rift between cyber experts among the private sector and the government, suggesting the latter is not taking the threat seriously.

Is this a symptom of Administration fatigue, wherein the political appointees assume they can’t make progress this late in the game so why try? Or is this a tough love approach wherein the Administration actually wants the private sector to secure its own dang databases?

Jerry Dixon, the previous director of the National Cyber Security Division at DHS is quoted as assessing that “Nothing is happening.” He believes that Washington needs to do much more to protect consumers, businesses, and the government from cyber attacks by criminals, state-based or rogue.

The report suggests two reasons for how we got here: First, the government embraces the notion that the private sector is better suited to deal with this problem. Second, because so many people are in charge of cyber, no one is.

Personifying the hands-off approach, the Director of the National Cyber Security Center (located at DHS) delivered a keynote address at this month’s Black Hat convention in Vegas. His remarks there discussed economic theory, why Abraham Lincoln was the nation’s “first wired president,” and that the financial industry and others needn’t spend more on cyber security than they already do.

The LA Times quotes from his speech, “Over time, the banking industry is pretty rational. So they’re probably doing a good job on investment.” He added that “private security spending in general was probably at about the right level.”

Apparently this was not the answer experts were seeking. The story describes how executives in attendance “grumbled that Lincoln had nothing to do with protecting their corporate networks.”

We’ve covered here the ways on which DHS needs to get its own house in order with respect to organizing for the cyber security mission. But the entire cyber landscape is by design a daunting complex of authorities and interests that fail to fit neatly into a box. DHS oversees protection of government networks. The FBI and Secret Service prosecute perpetrators of cyber crimes. The State Department is involved if a case crosses national boundaries. The role of the armed services is more complicated as described in this post about how to measure cyber attacks in comparison to armed attacks. Moreover, the Internet’s infrastructure is mainly owned and operated by the private sector.

Dixon makes a point that is at the heart of the problem: lack of leadership. The private sector will not spend on security that doesn’t have an obvious and immediate benefit to the bottom line without a coordinated rationale provided by the public sector because the government has no competitive dog in the fight. (It is one thing for Citi to suggest that all banks should beef up cyber security attribution capabilities and quite another for the government to do so.)

“The biggest thing we’ve noted is the lack of a guiding Net plan that includes privacy and infrastructure security,” Dixon said. “We need an overarching cyber doctrine that’s shepherded by the White House.”

August 25, 2008

McCain Offers 82 Seconds for Homeland Security

Filed under: General Homeland Security — by Jonah Czerwinski on August 25, 2008

For all the talk about terrorism, there is not a single web page on John McCain’s website devoted to homeland security. But I did locate the campaign’s video recording on homeland security with John McCain reading his statement explaining that “Nothing can guarantee our security.”

An analysis of McCain’s views on homeland security reveal vague details and a perspective that seems stuck in the past. In many ways, his ideas are a continuation of what’s been underway for years.

He starts by citing how Truman orchestrated a “massive overhaul” of our federal government to combat the Cold War and suggests that we need the same today. More overhauls beyond DHS? McCain says that we must “improve the leadership, coordination, and capacity of our first responders.” We’re really not trying to do that now? How would he do it differently?

He adds that we should make a similar improvement with non-government organizations and the private sector. Yet that’s what the ISACs, the Sector Coordinating Councils, the DHS Office of the Private Sector, numerous advisory councils, and other entities – already in existence – actually work on today.

Sure, we have far to go. But what is McCain’s plan? The following: We need “people, plans, and performance.” Any particular people? Any specific plan? Which performance metrics that we don’t already apply?

McCain says in his video that preventing terrorism is his first priority. We should do this, he reads, by working with our allies to deny terrorists access to WMD, by securing land borders, and by “expanding our screening process.” Of course prevention is the first priority, but combating WMD, building a wall along the border with Mexico, and screening more people amount to only a partial picture. He makes no mention of resilience and only indirectly refers to emergency response except to say that “Hurricane Katrina must never happen again.”

Moreover, which allies does McCain have in mind? Another coalition of the willing? What’s the right role for NATO? How does Pakistan figure in? It is strange that a candidate who accepts that we “fight’em [terrorists] over there [Iraq] so we don’t fight’em here at home” doesn’t make a single reference to Afghanistan or Iraq in his campaign’s only material on homeland security.

McCain does have a webpage on national security that describes 9/11 and the bombing of the USS Cole in 2000 as warnings of the threat posed by terrorism. For a person that accuses his opponent of having a pre-9/11 mindset, McCain sure seems stuck in the past with his description of the terrorist threat. We do not face the al Qaeda of 9/11 any longer. They have morphed since outlasting our offensive in Afghanistan. They invaded Iraq after we invaded Iraq. They have emerged brazenly on the internet to establish a daunting capability to radicalize and recruit through cyberspace. Moreover, the terrorists have bombed modes of public transportation in Madrid and London, aggrandized portions of Pakistan, and initiated their own surge in Afghanistan. All of this since 9/11.

For comparison, I recommend reading Obama’s detailed priorities for securing the homeland. For their part, Obama and Biden intend to:

• Safeguard Public Transportation
• Prepare Effective Emergency Response Plans
• Improve Airline Security
• Better Monitor our Ports
• Protect Local Water Supplies
• Support First Responders
• Improve Interoperable Communications Systems
• Create a Real National Infrastructure Protection Plan
• Secure our Chemical Plants
• Ensure Safe and Secure Disposal of Nuclear Waste
• Allocate Homeland Security Funds Based on Risk

A paragraph for each, and then a three-page fact sheet outlining the “how” of it. Obama calls it his plan and it reads like one: Statements of the problems, corresponding policy solutions, and details about how to get those accomplished.

August 21, 2008

Congress Amends HSA Again; This Time for DHS Cyber

Filed under: Congress and HLS,Cybersecurity,Organizational Issues — by Jonah Czerwinski on August 21, 2008

The House recently passed a bill introduced by Rep. Langevin to amend the Homeland Security Act of 2002 to grant the DHS Chief Information Officer (CIO) authority for the development, approval, implementation, integration, and oversight of certain DHS cyber security initiatives (e.g “information management and information infrastructure”). The Homeland Security Network Defense and Accountability Act of 2008 authorizes the CIO to manage the policies, procedures, activities, funding, and systems relating to DHS networked information and infrastructure, and this surely bears on the Department’s role in the National Cyber Security Initiative.

Why the CIO? The GAO issued a report in June questioning DHS’s organization for addressing its cyber missions. There is CERT. There is an Assistant Secretary for Cyber Security and Communications and the director of the National Cyber Security Center at DHS. Of course, most of the component agencies of DHS also have their own CIOs.

The new bill directs the DHS CIO to establish and manage security control testing protocols to protect DHS’s and contractors’ information infrastructure against cyber-based attacks. It also tasks the DHS Inspector General with determining the effectiveness of the Department’s cyber security policies and controls. Moreover, the Secretary – through the CIO – has to determine that any contractors have their own cyber security policies and protections in place before entering into or renewing a covered contract.

That’s a lot on the CIO. The bill therefore sets forth a list of qualifications for the CIO. These quals include at least five years of executive leadership and management experience in IT and information security.

August 19, 2008

Global Supply Chain Security Makes Progress Through Partnerships

Filed under: International HLS,Port and Maritime Security — by Jonah Czerwinski on August 19, 2008

Whoever says that homeland security is a domestic enterprise misses the big picture (and a number of posts here). GAO this month released a study commissioned by the Congress that investigates how U.S. Customs and Border Protection engages the global community to harmonize security standards intended to secure the international supply chain. “CBP has taken a lead role in working with foreign customs administrations and the World Customs Organization (WCO),” GAO states.

Oceangoing cargo containers serve as the lifeblood of global trade. Yet they also pose a risk of terrorist exploitation, according to the GAO and numerous other studies. CBP is the main government entity in the U.S. responsible for overseeing security of the global supply chain.

The adoption of uniform international customs security standards is the foundation for governance frameworks that can support greater security through mutual recognition of customs security-related practices and programs. Ultimately, such governance frameworks enable partnering nations to recognize and accept security measures taken by another administration. This leads to less porous security networks, greater efficiencies, and a more resilient global economy.

CBP collaborated with eleven other members of the WCO to develop the Framework of Standards to Secure and Facilitate Global Trade (SAFE Framework), which draws upon familiar concepts of the Container Security Initiative (CSI) and the Customs-Trade Partnership Against Terrorism (C-TPAT). While these two programs have their flaws, the SAFE Framework provides standards for collaboration among numerous national customs organizations participating in the global supply chain. As of July 2008, 154 WCO members had signed letters of intent to implement the SAFE Framework standards.

While the SAFE Framework establishes a system of mutual recognition for smoother global trade among interdependent countries, it is by no means the only effort underway to harmonize global supply chain security initiatives. GAO reports that in June 2007, “CBP signed a mutual recognition arrangement with New Zealand – the first such arrangement in the world – to recognize each other’s customs-to-business partnership programs.” Just this summer, CBP signed mutual recognition agreements with Jordan and Canada, and by early 2009, CBP anticipates establishing a mutual recognition agreement with the European Commission, representing 27 nations of the European Union.

August 18, 2008

When is a Cyber Attack an Act of War?

Filed under: Cybersecurity,International HLS,Strategy — by Jonah Czerwinski on August 18, 2008

First, a sincere thank you to PJ Crowley, James Carafano, Clark Ervin, and Peter J. Brown for their contributions to HLSwatch during this past week. James’ piece on the cyber attacks conducted on Georgia during its confrontation with Russia over South Ossetia raised questions about not only who was to blame, but how Georgia should respond.

Both The Washington Post and The Wall Street Journal ran stories this past week about how cyber attacks on government and private sector entities of Georgia are invoking a debate about whether offensive measures in cyber space amount to acts of war. Because the cyber attacks occurred during the military offensive between Russia and Georgia, it begs the question about whether and how a government should respond to attacks on its cyber assets by way of the electromagnetic spectrum.

Finely-calibrated responses to attacks involving traditional kinetic methods has existed and evolved over the centuries. But measuring the appropriate response to a cyber attack is a unique challenge because information operations (IO) use digital weapons, new methods of attack, and novel targets.

Michael N. Schmitt, author of Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework, (1999), offers perhaps the most concrete way of answering the difficult question: “When does the attack rise to the level of a ‘use of force’ under international law?”

The Schmitt analysis applies a quantitative scale (1 to 10) to each of seven factors in order to determine if a cyber attack equates to an armed attack and to characterize any information operation as being closer to one end of a spectrum or the other. These seven factors are:
• Severity
• Immediacy
• Directness
• Invasiveness
• Measurability
• Presumptive Legitimacy
• Responsibility

This amounts to a modern adaptation of Just War Theory. One of the latter’s tenets is “always in response.” Let’s see whether that makes it into practice in the 21st century.

August 16, 2008

Quick Pace, Ambitious Goals Set for National Emergency Communications Plan

Filed under: Preparedness and Response,State and Local HLS — by Peter J. Brown on August 16, 2008

~Guest Post~

The new National Emergency Communications Plan (NECP) , which was released last month is definitely a work in progress. And yet, exactly how far we have now come in general with respect to synchronizing planning and communications as we work to achieve national preparedness objectives including the NECP was apparent, for example, during the Nuclear Regulatory Commission’s meeting earlier this week with FEMA and state and local representatives.

In a free-flowing, roundtable discussion, state and local representatives spoke directly to the full Commission along with FEMA Director David Paulison. Among the issues raised was the need for federal personnel to actually take part in large-scale drills and exercises. This sort of frank exchange was unimaginable a few years ago. Today, however, it is essential. Making the NECP a coherent and user-friendly plan in a short amount of time requires a serious effort from all stakeholders.

The NECP’s stated “milestones” illustrate just how little time they have.

The first milestone calls for a review of the DHS’ emergency communications capability framework within 18 months “during a series of technical working group meetings with stakeholders from the emergency response community.” Another requires the creation within 24 months of the new emergency communications capability framework, which will be incorporated as the communications and information management capability in the DHS/FEMA National Preparedness Guidelines/TCL. This will serve as a basis for future grant policies.

The very next initiative demands that “within 12 months, tactical planning among Federal, State, local, and tribal governments occurs at the regional interstate level.”

Consider these goals set forth by the NECP:

Goal 1: By 2010, 90 percent of all high-risk urban areas designated within the Urban Areas Security Initiative (UASI) are able to demonstrate response-level emergency communications 3 within one hour for routine events involving multiple jurisdictions and agencies.

Goal 2: By 2011, 75 percent of non-UASI jurisdictions are able to demonstrate response-level emergency communications within one hour for routine events involving multiple jurisdictions and agencies.

Goal 3: By 2013, 75 percent of all jurisdictions are able to demonstrate response level emergency communications within three hours, in the event of a significant incident as outlined in national planning scenarios.

Progress toward the initial milestones appears to be underway already. According to the NECP, Regional Emergency Communications Coordination Working Groups (RECCWGs) are taking shape in each of the 10 FEMA regions, “to assess emergency communications capabilities within their respective regions, facilitate disaster preparedness through the promotion of multijurisdictional and multiagency emergency communications networks, and ensure activities are coordinated with all emergency communications stakeholders within the RECCWG’s specific FEMA region.”

The NECP makes no mention of how all this greater emphasis on regional coordination ties into the Task Force for Emergency Readiness (TFER), a new concept which has received considerable attention lately. This will have to be addressed by the DHS Office for Interoperability and Compatibility (OIC) as it fine tunes Communications Unit Leader (COML) training. OIC is charged with devising, “a tool for training (COMLs) and their command and general staff to perform the critical mission of managing interagency and cross-disciplinary communications during all hazards incidents.”

In the next 18 months, OIC must not only develop and disseminate “training program guidance and curricula for emergency communications technical staff,” but also provide, “educational and training opportunities to emergency response agencies per requests through technical assistance programs.”

Roy Jones, communications manager at the Maine Emergency Management Agency, offers an upbeat assessment of the NECP. “It is really good to have these deadlines. Some may be difficult to achieve, and others may need to be revised as with any plan. However, overall, they are reasonable and they reflect input from the stakeholders. This plan allows us to better see what is on the way and what everyone else is currently working on,” says Jones.

Yet deadlines are not the only source of pressure on the implementation of the NECP. The Association of Public-Safety Communications Officials (APCO) International stressed to Congress that motivation and organization can only get you so far.

During his testimony last month before the House Homeland Security Committee’s Subcommittee on Emergency Communications, Preparedness and Response, APCO International Vice President Richard Mirgon asserted that if “the goals of the NECP are to be successful, the Administration and Congress must ensure the NECP and the interoperable emergency communications grant programs are fully funded.”

Peter J. Brown, a freelance writer from Maine, writes frequently about the role of satellite technology in disaster response and emergency management operations.

August 14, 2008

Embrace Common Sense Security at Our Airports

Filed under: Aviation Security — by Clark Kent Ervin on August 14, 2008

~Guest Post~

All too often, the visceral reaction to a story about homeland security is “huh?” The latest example for me is this headline in last week’s USA Today, “TSA weighs gun ban in unsecured areas.”

The gist of the article is that, prompted by the request of Atlanta’s Hartsfield-Jackson Airport, the Transportation Security Administration is pondering whether airports may ban firearms from terminals, parking lots, and other parts of the airport before screening checkpoints. At checkpoints and beyond, firearms, as well as other weapons – knives, bombs, etc. – are, of course, banned. The rationale for that ban, of course, is that firearms can be used to kill masses of people past the checkpoint, including people on board airplanes.

The “huh” factor here comes from two things. First of all, if guns are banned past the checkpoint because they can be used to kill people, doesn’t it go without saying that they should likewise be banned before the checkpoint because they can be used to kill people? In other words, isn’t the point of the present ban to prevent mass killing? If so, why should guns be banned past the checkpoint but not before it?

Second, if there’s no practical difference between the pre-checkpoint area and the post-checkpoint area in terms of the possibility that guns can be used to kill people, what is TSA “weighing?”

Yes, of course, there is the Second Amendment. Under certain circumstances, people may legally carry firearms. However, implicitly, the foregoing sentence means that there are other circumstances under which people legally may not carry firearms. The circumstance that legally permits airports to ban firearms past the checkpoint – people on board airplanes could be killed – is the same circumstance that should make banning firearms anywhere on airport property a no-brainer.

Surely it isn’t the case that the lives of those in airports who are planning to board airplanes are worthier of protection than the lives of those who are at airports for other reasons – to drop off family or friends; to shop or dine at restaurants or shops before checkpoints; or to work in parts of the airport before checkpoints. If not, as I say, TSA’s deliberative process can and should be short.

That is not to say that there wouldn’t be legal challenges. (Remember the judge who sued his dry cleaners for ruining his favorite pants, seeking $65 million in damages?) But that’s what TSA’s lawyers are for. Those lawyers stand a good chance of ultimately prevailing, if the recent upholding of the ban by a federal judge Monday is any indication. In any event, TSA policy makers should take out their “Approved” stamp; firmly affix it to Hartsfield-Jackson’s application; and move on to weighing closer questions.

Clark Kent Ervin is Director of the Homeland Security Initiative at The Aspen Institute. Ervin served as the first Inspector General of the United States Department of Homeland Security from January 2003 to December 2004. Prior to his service at DHS, he served as the Inspector General of the United States Department of State from August 2001 to January 2003.

August 12, 2008

When Electrons Attack

Filed under: Cybersecurity — by James Carafano on August 12, 2008

~Guest Post~

Bombs and bullets are not the only thing flying around in the Russia-Georgian war that broke out over the weekend. According to a recent story in The Telegraph, the Georgian Ministry of Foreign Affairs claimed “[a] cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs.” That is not the first time Russia has been accused of cyber warfare.

A widely publicized cyber assault against Estonia in 2007 increased suspicion that Russia is using online malicious activity as a tool of national policy. The assault disrupted public and private Estonian information networks with massive denial-of-service attacks. The Estonia attacks targeted the Web sites of banks, telecommunication companies, media outlets, and government agencies, eventually forcing the country to block all foreign Internet traffic. Many Web sites were shut down by denial-of-service attacks, in which the attacker uses thousands of hijacked computers to bombard a Web site with use­less information until it is overloaded. Estonia’s defense minister described the attacks as “a national security situation…. It can effectively be compared to when your ports are shut to the sea.” The Estonia and Georgian attacks testify to the dis­ruptive power of a coordinated cyber offensive

Russia is not the only one. China uses “cyber-spying” as a matter of course -and America is one of their prime targets.

U.S. government information systems are attacked every day from sources within the country and around the world. Some of these intrusions have been extremely serious, compromising security and costing millions of dollars. Penetration of computer networks at the National Defense University proved so pervasive that the university was forced to take the entire computer network offline and install new information system defenses.

These attacks come from states, criminal networks, “hackivists” (online political activists) and other malicious actors.

In addition, bad people exploit the freedom of the Internet-terrorists included. They go online to gather intelligence, raise money, share tradecraft in chat rooms, and coordinate propaganda messages.

The lesson for the United States is take the challenge of cyber threats seriously. The initiatives that will likely best serve the United States and its international partners in the cyber conflicts of the 21st century are those derived from private sector experience, emerging military and intelligence capabilities for conducting information warfare, and law enforcement measures for combating cyber crime. The U.S. needs a national framework that builds on these capabilities, encouraging them to collaborate and reinforce one another. These initiatives should include:

• Adopting best practices. Both government agencies, such as the National Institute for Standards and Technology, and the private sector continue to develop best practices and lessons learned. These can be effective tools. Ensuring that these are refreshed and applied should be government’s first priority.

• Employing risk-based approaches. All information programs must include assessments of criticality, threat, and vulnerability as well as measures to efficiently and effectively reduce risks.

• Fostering teamwork. Cybersecurity is a national responsibility requiring international cooperation. The United States must maintain effective bilateral and multinational partnerships to combat cyber threats.

• Exploiting emergent private sector capabilities. These may come from many sources, such as small companies and foreign countries. The U.S. government must become a more agile consumer of cutting-edge commercial capabilities.

• Focusing on professional development. Most government information programs underperform because, due to inattentive senior leadership, they lack clear requirements and hold unrealistic projections of the resources required to implement those requirements. National security professionals must have familiarity with a number of diverse security-related disciplines and practice in interagency operations, working with different government agencies, the private sector, and international partners.

• Developing robust offensive capabilities to respond to cyber attacks and malicious acts by either state or non-state threats using the full range of military, intelligence, law enforcement, diplomatic, and economic means.

What is needed, however, is not massive reorganization, massive government bureaucracy, massive infusions of government cash, or massive intrusions into the marketplace and the lives of Americans. What is needed is long-term commitment and sound initiatives based on better and faster acquisition of commercial services; better and smarter management of military, intelligence, and information technology programs; and better and sustained professional development of federal, state, local, and private sector leaders.

James Jay Carafano, Ph.D., is Assistant Director, Kathryn and Shelby Cullom Davis Institute for International Studies and Senior Research Fellow, Douglas and Sarah Allison Center for Foreign Policy Studies at The Heritage Foundation in Washington, DC.

August 11, 2008

Case Not Closed: The Government Must Provide Answers to Lingering Questions from Ivins Case

Filed under: Biosecurity,Investigation & Enforcement,Terrorist Threats & Attacks — by PJCrowley on August 11, 2008

~Guest Blog~

Last week the FBI outlined its new “theory of the case” regarding the 2001 anthrax attack. So far, almost all of the focus has remained on the whodunit, a scientist named Dr. Bruce E. Ivins, who committed suicide late last month as the FBI was closing in on him. Far less attention has been given to whatdunit, the United States Army Research Institute of Infectious Diseases or USAMRIID, and whether sufficient institutional security measures have been developed within government laboratories and government-sponsored research programs to ensure that we can detect the next bio-bomber.

Lingering questions from the Ivins case, particularly the reaction of his co-workers at Fort Detrick, suggest that we have a lot of work to do to build an effective security system to monitor the potential misuse of the world’s most deadly substances. And it is possible that our actions since 2001 have expanded the danger.

Based on new scientific tools used in the investigation, the FBI is certain that the agent used in the attack came from a specific flask used in research at the Army lab. That flask was “effectively the murder weapon” according to U.S. Attorney Jeffrey Taylor. So, whether or not Dr. Ivins did it, the FBI is convinced that someone at USAMRIID did. At least one government scientist weaponized an agent, removed it from the facility and used it to kill five people without being detected. The combination of background checks, peer observation and physical security at Fort Detrick in place in 2001 was inadequate.

Even now, many of Dr. Ivins’ co-workers are not convinced he did it because they believe they would have seen him do it. These doubts should sound an alarm about the state of bio-security today. Seven years after the incident, no one associated with Fort Detrick has yet explained what has been done to make a repeat incident less likely.

Let’s compare aviation and bio-security. Aviation security is far from perfect, but we have responded aggressively and systematically to the 9/11 failure. We know a lot more about passengers before they arrive at the airport. We inspect them and their baggage thoroughly before they are allowed to board an airplane. Once on board, a potential hijacker faces a locked cockpit door, an air marshal, a better trained crew and a plane-full of inquisitive eyes. There remains a residual threat to aviation, most likely from air cargo, but at least we have done as much as we can to prevent another suicide hijacking.

Unfortunately, it is possible our response to the other 2001 terror attack has been backwards. We have spent many billions of dollars developing vaccines and deploying detection equipment based on the belief that the threat was external – a terrorist organization would develop and deploy a biological weapon against the United States.

That danger certainly exists, but we now know that this was an insider job. Someone working for a secretive agency and in control of the most dangerous technologies that exist used them against the society they were charged to protect. And, because the scope of research on bio-defenses has expanded exponentially since 2001, the insider threat now could be even greater.

In the coming days, it will be imperative for the Departments of Defense, Homeland Security and Health and Human Services to come forward and tell us what has been done at government labs across the country and within government-sponsored research programs in light of the USAMRIID case to strengthen bio-security. What new research protocols have been established? What kind of peer review system is now in place? What kind of detection equipment has been installed as workers exit labs? How have background checks been strengthened? If Dr. Ivins was suffering from declining mental health, to what extent are labs monitoring scientists and looking for danger signs?

We now know that in 2001 we were attacked not just by al Qaeda but also by a government agency. Significant questions linger as to whether the government’s biological security is keeping pace with biological research. The government cannot retreat behind a veil of secrecy. The American people deserve to know that government bio-defense programs now have more effective security measures in place so that we are sufficiently protected from both internal and external threats.

The case should be far from closed.

P.J. Crowley is a Senior Fellow and Director of Homeland Security at the Center for American Progress in Washington, D.C. He served as Principal Deputy Assistant Secretary of Defense for Public Affairs and then as Special Assistant to the President of the United States for National Security Affairs, serving as Senior Director of Public Affairs for the National Security Council.

August 7, 2008

Guest Bloggers

Filed under: General Homeland Security — by Jonah Czerwinski on August 7, 2008

I am taking vacation next week. This break presents an opportunity to bring in some real talent. On Monday, we’ll have a post from P.J. Crowley, author of Safe at Home: A National Security Strategy to Protect the American Homeland, the Real Central Front. P.J. is Senior Fellow and Director of Homeland Security at the Center for American Progress.

August 6, 2008

Why Haven’t We Been Attacked Since 9/11?

Filed under: Strategy,Terrorist Threats & Attacks — by Jonah Czerwinski on August 6, 2008

The presidential campaigns are being fought on several fronts. This week, energy policy is the most visible front line, but terrorism and the imperative to keep Americans safe at home will return to the front page soon. In that process, we’ll hear about why staying the course in Iraq is desirable as a means of “winning it the right way by winning it” as Senator McCain asserted yesterday at a celebtrity appearance before a crowd of bikers waiting to see Kid Rock perform. We’ll also hear from Senator Obama that the logic of staying in Iraq is based on a wish that America continue to vindicate bad decisions made ever since we invaded, to include the decision to invade in the first place.

All of this is important, but it is a secondary argument to the important question of determining what has worked and what hasn’t in achieving the indisputable success that no attack has been successfully carried out on the U.S. since 9/11. Depending on our answer to that question, we can focus on continuing those efforts that are constructive and promptly end those efforts that are ineffective or counterproductive, or both.

It is hard to make the case that the invasion of Iraq has allowed the U.S. to fight terrorists overseas rather than here on the CONUS. If anything, that war has made the U.S. less secure by a number of measures (overstretched military, denuded international legitimacy, skyrocketing national debt, inflamed rather than defanged terrorist adversaries, etc.). However, by taking a comprehensive assessment of efforts we as a nation have undertaken, those developments that are reasonably out of our control but still relevant, and the indirect consequences of a combination of the two trends, we can gain a useful understanding of what has worked and what hasn’t.

Fortunately, national security analysts at SAIC and professional staff from the Defense Threat Reduction Agency’s Advanced Systems and Concepts Office conducted an open-source literature review to identify hypotheses explaining why the United States has not been attacked successfully by terrorists since 9/11. This two hundred page study organized the reasons why we’ve not yet been attacked successfully into two categories:

Capabilities – Terrorists have been unable to succeed in conducting another large-scale attack on the homeland due to the effectiveness of U.S. defenses or because of the terrorists’ limited capabilities. The authors further address this thesis as part of two different “baskets” of issues:

• U.S. and Allied Counterterrorism Efforts: U.S. and allied initiatives have decisively limited terrorists’ capabilities to conduct attacks on the homeland by driving al-Qaeda’s leaders from their Afghanistan sanctuary, disrupting several terrorist plots, and forcing operatives to focus on preserving their own security rather than training for and carrying out new attacks. At home, potential targets have been hardened, coordination between government agencies has improved, and public awareness has increased scrutiny of suspicious behavior.

• Terrorist Attack Capabilities: Limitations on terrorist capabilities that are less dependent on U.S. and allied counterterrorism activities have prevented terrorist attacks on the U.S. This treatment suggests that a number factors independent of our anti-and counter-terrorism efforts are to credit. Examples of such factors include the time needed to recover from damage done to al-Qaeda and the requirements necessary for deploying terrorist veterans of the Iraq war, the challenged of acquiring WMD capabilities, and the broad assimilation of U.S. Muslims limiting the pool of potential “homegrown” jihadists.

Motivations – While a number of terrorist groups possess the ability to attack the United States, they have chosen not to do so for a variety of reasons. These categories are further subdivided into the following four baskets:

• Another Attack is a Bad Idea: Terrorists have concluded that another strike on the United States is ill-advised. This category suggests that al-Qaeda’s leaders prefer to wait until they can perpetrate an attack that surpasses 9/11 in terms of destruction and symbolism or that terrorists are concerned that another attack on the homeland would be counterproductive/ineffective in achieving their objectives.

• These Are Busy Times: Various groups maintain a significant attack capability, but other targets (i.e. n Europe, Middle East, and apparently China) are more attractive than the U.S. homeland due to operational challenges or political inclinations.

August 4, 2008

The Eastern Front?

Filed under: International HLS,Terrorist Threats & Attacks — by Jonah Czerwinski on August 4, 2008

Two presumed terrorists crashed a truck bomb into a state police station Monday and threw two grenades, killing 16 policemen and wounding 16 others. It wasn’t in Iraq or Afghanistan. Nor was the attack even in the Middle East. This was in China.

Chinese officials have warned that Uighur extremists with links to foreign-based Islamist extremist organizations pose the greatest security threat to the Beijing Olympic Games.

The attack killed patrol troops from the People’s Armed Police, a paramilitary force responsible for putting down riots, guarding embassies and safeguarding the border. Last month, police in the regional capital killed five Uighurs in a raid on an apartment. Authorities accused them of preparing a holy war against Chinese rule.

Chinese authorities have identified the East Turkestan Islamic Movement as a key terrorist group in this situation. The Washington Post reports in its coverage of today’s bombing that China executed three people in the restive Xinjiang region July 9 convicted of being East Turkestan Islamic Movement members. The Uighur population is overwhelmingly Muslim seeks to break away from Chinese rule.

In April China announced that it had broken up two Uighur terrorist cells plotting to kidnap foreigners and bomb hotels during the Olympics. 45 people were arrested and accused of ties to the East Turkestan Islamic Movement.

August 1, 2008

Anthrax Attack Suspect Dead

Filed under: Biosecurity,Terrorist Threats & Attacks — by Jonah Czerwinski on August 1, 2008

The LA Times is reporting the suicide death of the bioweapons scientist employed at Ft. Detrick who was considered by the FBI to be the suspect in the 2001 anthrax attacks that killed five people and severely sickened 17 others. Steven Hatfill? Nope.

The LA Times report said the Feds ruled out Hatfill and settled on Bruce E. Ivins, a different bioweapons expert at Ft. Detrick, as the culprit. Hatfill had been under investigation for years and publicly proclaimed “a person of interest” by then Attorney General John Ashcroft.

In June, the Justice Department reached a settlement valued at $5.85 million with Steven Hatfill, who sued them for trashing his name in the media.

The Washington Post tells that FBI Director Robert Mueller changed leadership of the anthrax investigation in 2006, instructing the new investigators to re-examine leads and reconsider potential suspects. Turns out that Ivins had an impressive record for his research on behalf of the Defense Department in the area of anthrax decontamination. Ivins also is reported to have conducted extra-curricular research that tipped the investigation in his direction. What is odd is that the following information was public for years:

Ivins was one of the nation’s leading biodefense researchers, according to the Times report, and co-author of numerous anthrax studies, including one on a treatment for inhalation anthrax published in the July 7 issue of the journal Antimicrobial Agents and Chemotherapy.

In the six months following the anthrax mailings, Ivins conducted unauthorized testing for anthrax spores outside containment areas at USAMRIID and found some, according to an internal report by the U.S. Army Medical Research and Materiel Command, which oversees the lab.

In December 2001, after conducting tests triggered by a technician’s fears that she had been exposed, Ivins found evidence of anthrax and decontaminated the woman’s desk, computer, keypad and monitor, but didn’t notify his superiors, the Times reported. The report says Ivins performed more unauthorized sampling on April 15, 2002.

This information was reported by USAToday in 2004.

“I swabbed approximately 20 areas of (her) desk, including the telephone computer and desktop,” Ivins told Army investigators. Half of the samples, he found, “were suspicious for anthrax.”

Rather than report the contamination, Ivins said, he disinfected the desk. “I had no desire to cry wolf.”

Ivins also helped the FBI analyze one of the anthrax-tainted envelopes sent to Senator Daschle’s Washington office.

It is unclear if anything Ivins did before the attacks in September and October 2001 was suspicious. We’ll never know whether Bruce Ivins was indeed the perpetrator among the 20-30 scientists at Ft. Detrick under investigation. Ivins had been told about the impending prosecution and apparently committed suicide by overdosing on Tylenol with Codeine.