Homeland Security Watch

News and analysis of critical issues in homeland security

March 30, 2010

The Open Question

The open source intelligence debate took on new meaning for me on Sunday night. Shortly after 8:00 PM a loud explosion shook houses all across the east side of Portland, Oregon. What ensued afterwards provides new insights not only into how intelligence is generated, but also illustrates some of the new challenges we face in managing the collection and analysis process.

Within minutes, more than 50 calls reporting the explosion came into the local 911 center. Police and fire units responded to investigate, but found nothing to indicate an emergency. No burning or collapsed buildings, no casualties, no obvious signs of damage or disruption were evident anywhere.

Public safety officials’ prompt response to this incident, like their response to another big boom about two weeks earlier in the same area, provided little comfort though because no one could confirm what had caused the explosion. As you might expect, this opened the to door to speculation as much as it opened the door to investigation.

Within minutes subscribers to the microblogging service Twitter had invented and agreed to use the #pdxboom hashtag to track reports. Within half-an-hour, an ad hoc collaboration started on Google Maps was tracking and color-coding these reports in an effort to locate the source of the noise. And more than 20 wiseguys had even created and logged into an event marking the occasion on the social networking site Foursquare using their wireless mobile devices.

The theories spawned by these efforts ran the gamut from the serious (an earthquake boom) to the nonsensical (unicorns fighting or a house falling on a wicked witch). But the map generated by the more serious reports painted a much more compelling picture of the event. Efforts by local officials and media outlets to isolate the source by consulting the National Weather Service, the local Air National Guard fighter wing and NORAD, the U.S. Geological Survey and various utilities likewise proved fruitless.

Yet the public remained undeterred. Hundreds of people logged in over the next several hours to record their experience of the event. Before long some patterns became evident.

The next day, aided by daylight, armed with these online contributions, information from the initial 911 reports and information gathered following the previous incident, investigators located the site of the explosion along a riverbank near downtown. Fragments of a PVC pipe bomb were also recovered.

What did we learn from this incident? Well for starters, people want to be of assistance, even in a town where the police are not currently held in very high esteem due to two recent officer-involved shootings. Second, they will seek out ways to make sense of confusing experiences, which more often than not includes sharing their personal observations and perspectives in a way that gives them meaning whether or not they produce a plausible explanation. Finally, the speed with which this process of sharing information about our common experience advances will exceed anything we saw before the dawn of the Information Age.

When we speak of intelligence we often conflate its epistemic and ontological meanings. From an epistemic perspective, intelligence involves identifying what we know, filling in gaps and discovering missing elements that will help us build a coherent picture of the situation. Interpreting this picture involves another aspect of intelligence. Ontology addresses how we synthesize data by dictating the sorts of frames we apply to create a shared sense of understanding.

Neither of these approaches alone, however, answers for us the bigger and as yet unanswered and therefore open question: “What was the intention or purpose of the person who built and detonated this device?”

We often assume that analysis and synthesis will lead us to the answers we seek to teleological (thanks Phil) — as opposed to epistemic or ontological — questions. Knowing what’s on the minds of those who seek to disrupt our lives, not in some abstract ideological or theological sense, but in the very tangible sense that links their intentions and actions, might actually help us interdict such threats before they emerge. If someone figures out a way to answer this question through crowdsourcing, we could make real progress against the threats we face.

85% More From The Private Sector About Critical Infrastructure

Filed under: Infrastructure Protection — by Christopher Bellavita on March 30, 2010

I was reading a paper by my colleague Nick Catrantzos  yesterday when I came across this sentence:

“…infrastructure defense is assumed to fall primarily into the hands of the private sector, which operates 85% of critical infrastructure.”

I ranted a year ago about the 85% number in a post that appeared on this blog.

The Number simply won’t die. It lives beyond truth or lie. Its reality is independent of time and space.

So I wrote back to Nick summarizing what I believe is the problem with The Number.

Nick — who loves the English language as a gardener treasures orchids — once presented me with a knit picker.  So he is aware of my tendency to occasionally pole vault over mouse turds.

Nick also has spent time in the same Circus and has been known to pick a nit or two, so he responded back with some evidence about the 85% number.  I pushed back.  He returned fire.  As did I.

Then he wrote something that shined a light on a bias I did not see I had.

A year ago, I wrote:

…the 85% figure has been used to justify a laissez fair critical infrastructure strategy. Private sector “ownership and control” has been interpreted to mean government frequently has to ask politely before it tries to do anything to improve safety and security.

If the 85% figure is wrong — or at least unsupported by any empirical basis — maybe the policies derived from that belief are also wrong.

Basically, I thought the 85% number was used to justify the government not pushing the private sector hard enough when it comes to protecting critical infrastructure.

Nick — who is a security manager and former security consultant for public and private organizations — described how this “who owns what” issue looks from the private sector.

My dilemma, perhaps a distant cousin to your own, has been in encountering an obdurate, logic-proof insistence by cops, fire fighters, emergency managers, fusion center staff, and DHS minions to define my employer and all critical infrastructure stewards as private sector entities.

It does not matter how much we demonstrate that we are a public agency and a regional extension of government.  As far as these people are concerned, we are private, hence unworthy of sensitive information (even if we were the ones to originate it) and inherently suspect of being profit driven (no matter how many wasteful, feel-good programs we underwrite for some avowed public good).  Even being part of the same retirement system and driving vehicles with tax-exempt license plates — two surefire convincers everywhere else — have no impact in shaking the conviction that we are infrastructure stewards, hence private sector mercenaries.

My unproven suspicion is that much of what is at the bottom of this categorization is a sort of tribal urge to satisfy two unstated objectives:

1.  Limit the in-group to an established comfort zone and organizationally and traditionally familiar faces.

2.  Assure that the existing in-group gains and keeps primacy at the trough of grants and other funding destined for public sector actors who are new both to homeland security and critical infrastructure protection.

If there are points to this fugue that resonate with me as an infrastructure steward, they are these:

A.  Critical infrastructure is definitely in both public and private hands.  Given the types of infrastructure that exist, it is reasonable and credible to accept that they are mainly privately owned and operated.

B.  Whether that percentage figure of 85% is anything more than an approximation or an archly crafted statistic meant to advance an ulterior agenda is mildly interesting to an infrastructure steward. At the end of the day, the hand on the wrench or on the SCADA system comes from the same gene pool, skill set,  and population.

C.  Even a critical infrastructure operation that is entirely managed by a public agency is going to have some private sector involvement and exposure.  Construction comes to mind.  We are always building or modifying facilities and upgrading systems.   Contrary to popular belief, even the wealthiest of public agencies cannot hire everyone they meet.   Contractors and subcontractors are as ubiquitous as they are indispensable.

D.  The original point of emphasizing private ownership and operation, to the extent I absorbed one, seemed to be as a means of emphasizing that protecting critical infrastructure is a shared responsibility and one that would be imperiled by ignoring private sector stakeholders. That point still makes sense to me.

March 29, 2010

Did DHS Get It Right?

Filed under: General Homeland Security — by Mark Chubb on March 29, 2010

CNN‘s AC360º news magazine focused its Keeping Them Honest segment Monday night on the question of whether or not political criticism of the Department of Homeland Security’s ill-fated April 2009 report on the rise right-wing extremism led to its withdrawal. As we like to say in academic circles, “Duuuhh!”

Sadly, no one questioned whether the report was original work. I attended an educational conference organized by the Center for Homeland Defense and Security (CHDS) at the Naval Postgraduate School (NPS) hosted by George Washington University’s Homeland Security Policy Institute in March 2009 during which Dr. Dave Brannan used almost identical language to describe the threat posed by rising right-wing militancy. He spoke plainly and passionately about signs he was witnessing that suggested the country’s deteriorating economy, the election of the nation’s first African-American president, the increasing disillusionment of the evangelical right, and the difficulties faced by veterans seeking to reintegrate following their return from wars in Iraq and Afghanistan created a perfect storm for ideologically motivated violence.

Today’s arrest of nine suspects in Indiana, Michigan, and Ohio on charges of seditious conspiracy is only the most recent evidence that some of our fellow citizens may be moved to violence. Whether they are linked to or took comfort from the overheated rhetoric surrounding the Tea Party Movement and mainstream opposition to the Obama Administration’s health insurance reform bill remains unclear, but it probably did not discourage them.

Other media outlets have questioned whether the steeped rhetoric of the right has become too astringent. At a minimum, some mainstream commentators have suggested, the right’s conspiracy of silence when it comes to disavowing extreme views, including those espousing violence, may all too easily be taken for silent assent.

What should we make of all the chest-beating and gnashing of teeth about the decision to withdraw the DHS report? Well, we are all familiar with 20/20 hindsight. Rather than questioning whether DHS was influenced to withdraw the report by political criticism or was motivated to issue it as a way of currying political favor with the new administration, we should question why its sources and methods could not withstand the scrutiny to which this work was subjected when it came to light.

We desperately need honest assessments of this sort and open sharing of information with state and local officials to detect and interdict genuine threats. But no one will condone the efforts required to produce such intelligence unless we can have confidence in the competence and independence of those those responsible for collecting the information and conducting the analysis.

March 26, 2010

Breaking News: Harding withdraws at TSA…

Filed under: Aviation Security — by Jessica Herrera-Flanigan on March 26, 2010

Despite what seemed like a rather smooth nomination hearing process this week, Retired Army Major General Robert Harding has withdrawn from consideration as the nominee for Administrator at the Transportation Security Administration.  Gen. Harding becomes the second nominee to withdraw his name from consideration.  Erroll Southers, formerly with the Los Angeles World Airport Police Department, withdrew his name in January 2010 amidst opposition from Republican lawmakers in Congress.

And the search for one of the nation’s most critical security jobs begins again…

Immigration- In the Background

Filed under: Immigration — by Jessica Herrera-Flanigan on March 26, 2010

While health care may have been grabbing most of the headlines, the last two weeks have been busy on the immigration front. Just over a week ago, Senators Schumer and Graham released an framework for immigration legislation that they would like to move forward with in the near future. Last Sunday, somewhere between “tens of thousands to more than 200,000” people descended on the National Mall for the “March for America: Change Takes Courage” to promote immigration reform.

On Tuesday, the House Committee on the Judiciary, Subcommittee on Immigration, Citizenship, Refugees, Border Security, and International Law held an oversight hearing on the U.S. Citizenship and Immigration Services (USCIS), touching upon a number of programs including E-Verify and the Systematic Alien Verification for Entitlements (SAVE) program, as well as the agency’s Transformation Program, designed to “transition the agency from a paper-based business model to a centralized and consolidated electronic environment.”

Yesterday, the Senate Judiciary Committee marked up two bills – S. 2960 and S. 2974 – that would allow immigrants living in the U.S. legally to work overseas without harming their immigration status. The first bill would exempt immigrants who are refugees or asylum grantees who are working for the federal government oversees to have their immigration status adjusted to permanent resident without being required to be physically in the U.S. for a year. The second would allow permanent residents to go home to assist in recovery efforts in their native country in the time of a disaster without an adverse effect on their opportunity for naturalization here in the U.S.

Also held yesterday was a hearing in the House Homeland Security Committee entitled “Visa Overstays: Can They be Eliminated?” Much of that hearing focused on the development and implementation of a biometric air exit system. Congress first requested an automated entry/exit system in 1996 as part of the Illegal Immigration Reform and Immigrant Responsibility Act (IIRIRA).. The 9/11 Commission, in its final report, called for the creation of such a system. In 2007, congress mandated the use a system to biometrically track the exit of all foreign visitors from US. Airports by June 30, 2009. That deadline was not met.

During the hearing, Committee Members posed a number of questions to the witnesses, specifically DHS National Protection & Programs Directorate Undersecretary Rand Beers about the future of a biometric air exit system. Members specifically asked why the Department did not request any funding for the air exit program in its Fiscal Year 2011 Budget Request. In response, Beers stated that since no decisions have been made on moving forward with a biometric exist system, it was impossible for the Department to predict costs. He did say that DHS would likely request funds in 2012 and that the estimates for the cost of any exit program could top $1 billion over 10 years. The decision on whether to continue with the program rests with Secretary Napolitano, who is evaluating its future.

Interestingly, even if a program was implemented, the Department – through Immigration and Customs Enforcement (ICE) – would still have to track those who have overstayed their visas and not left the country. This effort is tremendous, according to testimony given by the DHS IG Richard Skinner and ICE Assistant Secretary John Morton. ICE, for its part, has focused on the biggest risks – fugitives, potential terrorists and criminals – in its efforts to track down those who have overstayed.

It is very likely, whatever happens on the comprehensive immigration reform front, that immigration and border security will remain a significant issue for the next several months. Among the things to look out for:

Comprehensive Immigration Reform:

    • Will Senators Schumer and Graham’s bill, in the current toxic environment in D.C., be able to garner support this year and be considered?
    • If something goes through the Senate, how will the House respond?
    • What role will the White House play in shepherding the issue through Congress?

    Border Security:

    • SBINet- what is its future?
    • Air Exit – what is its future?
    • How will the increasing violence along the U.S.-Mexico border affect our nation’s border security efforts?

    March 25, 2010

    Cyber security and the two homelands hypothesis

    Filed under: Cybersecurity — by Christopher Bellavita on March 25, 2010

    The deputy assistant director of the FBI’s cyber division, Steven Chabinsky, told a conference on Tuesday:

    “The cyber threat can be an existential threat — meaning it can challenge our country’s very existence, or significantly alter our nation’s potential…. How we rise to the cybersecurity challenge will determine whether our nation’s best days are ahead of us or behind us.”

    That’s serious language.

    Several weeks ago I was with a group of homeland security executives who agreed the cyber threat was really important.  They were equally in agreement the nation would not get serious about the threat until we experienced the cyber equivalent of Pearl Harbor.

    Why is that?

    Beyond the usual “human nature” kinds of hypotheses, I think part of the answer has to do with the difficulty understanding what the cyber threat actually is.  Why should it have the same fear status as, say, a biological attack on the nation, a nuclear detonation in an American city, a Mumbai-style attack on multiple-cities — pick your own “challenge to our country’s existence” scenario?

    Chabinsky talks about cyber terrorism, the theft of state and corporate secrets, and cybercrime.  I am sure there are detailed reports available that give more information about why cyber is a serious threat.  And I mean to find and read them.

    I also mean to track down a copy of CNN’s “We Were Warned: Cyber Shockwave”  attack simulation.  I hear two stories about it: On the one hand, the “presentation was excellent and it highlighted some very real vulnerabilities.” On the other hand,  “This scenario is removed from reality. This could have possibly happened 9 years ago. The pillars of the private sector have developed contingency plans just in case of this type of “event”.   At best this is a poorly constructed “war game” at worst this is a piece of think tank propaganda.”

    I am confused.  So I am looking to learn about the cyber threat and understand why it should be a high priority homeland security issue.

    As a part of my education, I came across an out-of-frame essay in the Financial Times [free, but registration is required] that sees cyber space not as a way to exchange information, but as a “new continent,” rich in both resources and peril. And before too long, many of us will spend so much time living in the new continent that, “… almost any human interaction of any kind will require use of the internet.”

    From this perspective, we will have two homelands: the United States and the Internet.

    States embark on a scramble for cyberspace

    By Misha Glenny
    Published: March 17 2010 23:20 |
    It is time to stop thinking of cyberspace as a new medium or an agglomeration of new media. It is a new continent, rich in resources but in parts most perilous. Until 30 years ago, it had lain undiscovered, unmined and uninhabited.

    The first settlers were idealists and pioneers who set out from San José, Boston and Seattle before sending back messages about the exciting virgin lands that awaited humanity in the realm of the net. They were quickly followed by chancers and adventurers who were able to make fortunes by devising their own version of the South Sea Bubble.

    It was inevitable that the wondrous materials found all over this territory would attract the interest of nation states. Now, the scramble for cyberspace has begun. Military and intelligence agencies are already staking their claim for the web’s high ground as civilian powers lay down boundaries to define what belongs to whom and who is allowed to wander where.

    Cyberspace is being nationalised rapidly. In some parts of the world, this has been going on for a while. Russia has been running a programme known by the delightfully sinister acronym Sorm-2 (System of operational investigative activities) since the late 1990s. This ensures that a copy of every single data byte that goes into, out of or around the country ends up in a vast storage vault run by the Federal Security Service. You can read about atrocities committed in Chechnya if you wish but you can be confident that somebody will be looking over your digital shoulder.

    China, of course, has its “great firewall”, filtering politically incorrect sites along with pornography and other forms of cultural contamination. But of even greater import is China’s demand, effectively conceded, that the US relinquish control of the internet’s language and domain names through the Californian non-profit organisation Icann. This is being transformed into a United Nations-style regulatory operation. China will soon have absolute say over the internet’s structure within its borders. [Note: this was written before this week’s skirmish in the first war between nation states and virtual states: i.e., China v. Google.]

    The legal mapping of cyberspace in the west is more chaotic. But we are now witnessing the establishment of myriad laws and rules by legislators and in the courts. In a hearing this week … in London following a major cybercrime trial, [an attorney] put his finger on it when he argued that “we are entering a world where almost any human interaction of any kind will require use of the internet”.

    So while there is clearly a pressing need to define rules that apply in cyberspace, they are emerging at speed with little coherent strategy behind them. Nobody knows where this process will lead for two central reasons. The speed of technological change means that the traditional tools of state used to carve up the world in the 19th century, such as laws and treaties, are often inadequate, if not entirely irrelevant, when applied to this new domain.

    Law enforcement agencies such as the FBI and the Serious Organised Crime Agency in Britain have invested considerable time and money in bringing down criminal networks on the web. But as the Internet Crime Complaints Centre in the US has just reported, the losses from cybercrime continue to climb at a staggering rate because criminals adapt at lightning speed to new policing methods.

    In the commercial world, major legislation concerning copyright … is unlikely to withstand the second great variable – the coming of age of the net generation. Laws banning file-sharing are likely to prove as unpopular as the poll tax that helped bring down the Thatcher government. They also look utterly unenforceable.

    As a harbinger of change, we are seeing political parties springing up throughout Europe with names such as the Internet party or the Pirate party, which understand the web as simply part of human DNA. “In the collision between the old and the new on the web,” argues Rex Hughes, a Chatham House fellow who is leading a cybersecurity project, “the old always wins the first few rounds but eventually they die off.” [my emphasis]

    But the greatest battle is happening in the area of cyberwarfare and cyberespionage. Symbolically, the US designated cyberspace as the “Fifth Domain” last June and the first man-made one after land, sea, air and space. Nato lawyers are trying to work out how the laws of war operate in cyberspace. Hysteria is accompanying this new arms race, as when Admiral Mike McConnell, former director of US National Intelligence, claimed at a Senate hearing last month that “if the nation went to war today in a cyberwar, we would lose”.

    Meanwhile, the phenomenon of “anonymisation”, so useful for cybercrime, is a gift to intelligence agencies as they sniff into every corner of the web to find out who is up to what.

    None of this would amount to a hill of beans were it not for [the attorney cited above’s] point that everything we do is somehow mediated by the web. Governments are becoming obsessed about the need to control the internet but have yet to work out how to do this without suffocating the noble goal of those pioneers who merely wanted to facilitate communication between ordinary people. Heaven forbid!

    March 24, 2010

    Failure is Fertilizer

    Filed under: General Homeland Security — by Mark Chubb on March 24, 2010

    Much of what passes for recovery falls under the broad heading “learning from our mistakes.” This approach to learning leaves a lot to be desired.

    For starters, when we examine our failures, we almost inevitably focus more on the consequences than the causes. When we do consider causes, we tend to focus only on execution errors, forgetting that mistakes arise from failures of intention, failures of execution, or both.  And, finally, our efforts to address failures all too often tempt us to look for someone to blame before we have identified something we should change.

    When problems that lead us down the path to failure have no simple or clearly identifiable solutions, we often assume that no one is to blame. This overlooks the fact that we often had a choice over the path we took, or whether to embark on the journey at all.

    Accepting responsibility for recovery begins by acknowledging that failure is like fertilizer. A little bit can help us grow. But too much can kill us.

    A good gardener only applies fertilizer when it is indicated, and, even then, she carefully selects the fertilizer to match the soil conditions, climate and a host of other variables. When we look to learn from failure, it would behoove us to take similar care and exercise considerable discretion.

    Here are ten principles that can help us approach recovery from a more positive and productive perspective:

    1.     Acknowledge the loss. Do not start by assuming the future will be better simply because the worst has already happened. Allow people time to grieve and take note of the things they valued about the people and places they lost. These values figure prominently when it comes to deciding a vision of the future.

    2.     Avoid the temptation to blame others. We would all like to believe someone else is responsible for our misfortune. When we treat those affected by disaster like victims rather than recognizing them as resources, that is effectively what we are doing. It is too easy and far too convenient to assume anyone experiencing a disaster either had it coming or is no longer capable of taking care of himself. No single decision or action produces a disaster; it takes a community. Leave it to the community to decide when (or even if) it’s appropriate to lay blame. In the immediate aftermath of an event, those directly affected by a disaster usually have much higher priorities and would rather get to work rebuilding their lives.

    3.     Question assumptions. When we look at the effects of a disaster, it is far too easy to allow ourselves to assume others could see it coming as clearly as we see it after the fact. Even well-prepared communities that have carefully assessed their hazards and vulnerabilities cannot foresee with accuracy or precision how any particular part of the community or its infrastructure will perform when disaster strikes. Anyone who thinks otherwise is itching for a fight.

    4.     Account for the effects of actions and intentions. Our assumptions tend to inform our intentions. When our assumptions prove incorrect, we should consider the untoward consequences unexpected only insofar as they are unwanted. Unless we recognize and take responsibility for our original intentions and the latent effects of the decisions and actions they influenced, we are liable to lose the respect of others even if we do not repeat our mistakes.

    5.     Assess what worked. Murphy may be an optimist, but he is not an emergency manager. Even when it seems that everything that could go wrong did go wrong, a surprising number of things probably worked well or at least better than expected in light of what happened. In fact, most disasters result from a series or chain of small errors the absence of any one of which could either have prevented or at least minimized the subsequent consequences. Many big things often go right even when the tumblers fall into place and allow a small error to unlock the door opening everyone up to a major disaster. When the cause or consequences were foreseen or even voiced but not acted upon, it can be especially important to acknowledge the courage of those who came forward and the correctness of their actions.

    6.     Analyze alternatives. In the heat of disaster response, officials rarely consider multiple possibilities or competing courses of action. Even when the situation seems clear and everyone agrees on the goals, the stakes are often too high, the resources too constrained, and the time pressure too great to make good the enemy of good enough. As the dust settles, literally, and ambiguity gives way to awareness of the task ahead, decision-makers must avoid falling into the trap of making decisions about recovery the same way they made them during response. If alternatives are not immediately apparent, it is almost always a sign that we are trying to move too quickly or have too few people involved in framing the problem, much less offering potential solutions.

    7.     Access local knowledge and listen to aspirations. Like a family confronting the grieving process, communities often need rituals and structure to help them embrace the changes that come from the passing of a loved one. The early phases of a disaster response are too hectic to provide this structure, but as the response winds down and recovery begins, officials need to recognize that involving the people affected by the disaster in decisions about their future begins with simple questions. Many of these are mundane questions like those surrounding a funeral such as burial or cremation, the location of a memorial plot, picking songs for the funeral or memorial service and a designating a charity to receive memorial gifts. The answers guiding individual preferences about such matters often reflect the local culture and customs. As time goes by, people will begin to take charge of their lives again, and they should be encouraged to do so at their own pace. If you listen carefully, you can tell how far long they have come by the sorts of aspirations they express for their futures.

    8.     Act with local assent. Aside from the stark reminder of our vulnerability to forces greater than ourselves, disasters remind us how much we depend on one another for the simplest things. When an individual or community asks for help, it does not give up its right to make decisions for itself, especially about matters that have a direct impact on its safety, health or welfare. Too much aid is conditioned either on evidence of need or donor expectations. Giving should make both the donor and the recipient feel good about themselves. Real giving comes not from an open hand, but from an open mind and an open heart. Leaving decisions about how aid is dispensed and what it gets spent on with those who receive the help rather than those who lend a hand should go without saying, but it doesn’t. If we are wise enough to leave well enough alone and let people make decisions for themselves, they will often surprise us by asking for less than we are prepared to give, using it more widely than we could, doing better work than we expect and in the end getting back on their feet faster and fitter.

    9.     Anchor all changes in community capital. One of the best ways to assure donors that their resources will be used wisely is to leverage community capital. Even the poorest communities have vast and diverse stores of capital, many of which remain under appreciated before a disaster and therefore unrecognized after one occurs. Almost everyone appreciates the importance of financial and material capital, and the importance of natural capital to the development of communities and their economies is well known. But none of these resources will produce meaningful gains in community welfare without robust stores of human and social capital. If nothing else, disasters present an ideal opportunity to develop people and rally them around a cause bigger than themselves. Sustainable development cannot occur unless communities use their resources to become more resilient.

    10. Atone and attest. Even when communities see no value in laying blame for a disaster at the feet or any one person or institution, they cannot move on without accepting individual and collective responsibility for the failures that left them vulnerable in the first place. Any successful recovery requires people to make amends for such errors and affirm their intention to do things that reflect the lessons they learned from the last disaster.

    If failure in the form of disaster is like fertilizer, then disaster recovery must take account of the additional steps required to grow more resilient communities. With these ten principles in mind, it should be clear that aerating the ground, selecting our seeds carefully, casting them freely, watering them regularly and sharing responsibility for the weeding and the harvesting are essential to success.

    March 23, 2010

    The reflective practitioner in homeland security

    Filed under: General Homeland Security — by Christopher Bellavita on March 23, 2010

    The reflective homeland security practitioner is someone who does daily battle in the messy world of the real, while not losing sight of what might be.

    The reflective practitioner is the man or woman with the guts and skill to use power, and the contemplative patience to wait for opportunity.

    The reflective practitioner in homeland security combines the insight to know what should be done, with the genius to know he or she is not the only one in the arena with insight.

    The reflective practitioner is someone who knows many things, the first of which is how much more there is to learn.


    On Friday, the Naval Postgraduate School’s Center for Homeland Defense and Security — sponsored by the Department of Homeland Security — will graduate another cohort of reflective practitioners. I am posting the titles of their master’s degree theses to illustrate the range of topics covered by their reflective interest. Many of the theses — adding to what we know, think, and believe about homeland security — will be available through the NPS Dudley Knox library in a few weeks.

    The Naval Postgraduate School is not the only place homeland security professionals systematically reflect on their practice. There are hundreds of other academic programs — some small, some quite large — that encourage reflection about homeland security.

    One need not be a registered student to be a reflective homeland security practitioner.  Reflection also takes place in scholarship, at conferences, on blogs, and (I am informed by mostly reliable sources) in bars.

    I am further informed that reflecting is bars is a long honored tradition among practitioners.

    Tacitus, a Roman historian, wrote about council meetings where the participants drank massive quantities of wine, believing one could not lie very well if one were drunk. Hence the doctrine: in vino veritas.

    A few years after Tacitus, another reflective practitioner, Marcus Aurelius, said “‘Wrestle to be the man philosophy wished to make you.”

    The authors of the works described below each wrestled — with ideas, work pressures, family pressures, and life — to add light to the still forming world of homeland security. Their efforts hint at how much more there remains to learn.


    • Prostitution as a Possible Funding Mechanism for Terrorism
    • Interagency Modeling Atmospheric Assessment Center: Operations Framework Model
    • An Epidemiological Approach to the Radicalization Process
    • Enhancing Unity of Effort in Homeland Defense, Homeland Security and Civil Support Through Interdisciplinary Education
    • The Contribution of Police and Fire Consolidation to the Homeland Security Mission
    • Applying a Community Policing Strategy to the Aviation Domain
    • Achieving Shared Situational Awareness During Steady-State Operations in New York State: A Model for Success
    • Ensuring the Endgame: Facilitating the Use of Classified Evidence in the Prosecution of Terrorist Subjects
    • Synchronizing Federal Operational Planning for National Catastrophes
    • Homeland Security Advisory System: An Assessment of its Ability to Communicate A Risk Message
    • Are the Means of the Next Terrorist Attack Already in the Country? An Analytical Examination of Cargo Containers That Have Entered the United States
    • Validation of Rational Deterrence Theory: Analysis of U.S. Government and Adversary Risk Propensity and Relative Emphasis on Gain or Loss
    • Fusion 2.0: The Next Generation of Fusion in California: Aligning State and Regional Fusion Centers
    • Effective State, Local, and Tribal Police Intelligence: The New York City Police Department’s Intelligence Enterprise — A Smart Practice
    • Collaboration in the Metropolitan Medical Response System
    • Should Cops be Spies? Evaluating the Collection of National Security Intelligence by State, Local and Tribal Law Enforcement
    • Arizona Law Enforcement Biometrics Identification and Information Sharing Technology Framework
    • Leveraging Rural America in the Fight Against Terrorism in America through the use of Conservation Districts
    • Improbable Success: Risk Communication and the Terrorism Hazard
    • Homeland Security: The President Has No Clothes — The Case for Broader Application of Redteaming within DHS.
    • Succession Planning in Homeland Security — How Can We Ensure the Effective Transfer of Knowledge to a New Generation of Employees?
    • Leveraging Successful Collaborative Processes to Improve Performance Outcomes in Large-Scale Event Planning: Superbowl — A Planned Homeland Security Event
    • Defining the Role and Responsibility of the Fire Service within the Homeland Security Discipline
    • The Collaborative Capacity of the NYPD, FDNY and EMS in New York City: A Focus on the First Line Officer
    • Community Preparedness: Creating a Model for Change

    March 19, 2010

    Combating the Terrorists Online

    Earlier this week, I wrote – Is the Internet Creating Terrorists? – in recognition of the modern Internet’s 25th birthday.  In that piece, I asked whether the Internet has enabled terrorists to increase their recruiting efforts and what does it mean for law enforcement.  Yesterday, Christopher Bellavita wrote an interesting related piece, Could terrorists on the internet be the next dot com bubble?, exploring Marc Sageman’s book Leaderless Jihad, and its analysis of potential Internet radicalization.  Chris’ conclusion, if I may simplify,is that there may be less of a link between the Internet and radicalization than expected.  He approached the issue from a different angle than I did – reviewing, in part, the lack of a correlation between countries that access extreme websites and countries that produce foreign fighters.   He does caution that without a critical analysis of claims and evidence demonstrating that the Internet is creating terrorists, we may end up wasting resources on the wrong problem.

    So, what is the federal government doing to analyze the use of the Internet as a potential terrorist recruitment, dissemination, and tool for terrorism? Obviously, with proper procedures and legal process, the government can monitor non-public sites promoting criminal behavior.  We will leave out of the discussion scenarios of what our cloak and dagger friends may be doing.

    Also not discussed here are the legislative and legal procedures at the federal level for tracking an individual’s use of the Internet if criminal or security implications exist.  The intricacies of surveillance policy – bother criminal and intel-related – is a topic that alone fills many a blog.

    Instead, this post focuses on what potential government action exists to address the potentially offending websites that are disseminating terrorist information and/or inciting terrorist activity.  In doing so, I admittedly am taking a simplified approach to a complicated subject but hope to at least start a dialogue on the issue.

    As far as I am aware, there is no public analysis that explores the degree to which the U.S. is generally monitoring public websites and communications on open blogs, social networks, and the like, though we know such efforts are underway in some form or fashion.  Just last month, the Department of Homeland Security undertook a Privacy Impact Assessment for the “Office of Operations Coordination and Planning, 2010 Winter Olympics Social Media, Event Monitoring Initiative.” The PIA assessed a number of DHS activities in preparation for the Vancouver Olympics, including the monitoring of social media websites (including this site) to “provide situational awareness and establish a common operating picture.”

    In 2008, the Senate Committee on Homeland Security and Governmental Affairs released a report, Violent Islamist Extremism, The Internet, and the Homegrown Terrorist Threat,  which touched upon the government’s response capability.  The report stated:

    Despite recognition in the [National Implementation Plan] that a comprehensive response is needed, the U.S. government has not developed nor implemented a coordinated outreach and communications strategy to address the homegrown terrorist threat, especially as that threat is amplified by the use of the Internet. According to testimony received by the Committee, no federal agency has been tasked with developing or implementing a domestic communications strategy.

    Shortly after the report was released, Committee Chairman Joe Lieberman sent a letter to Google Chairman and CEO Eric Schmidt saying that the company needed to take extensive steps to remove videos from YouTube that promoted terrorism.  While YouTube is hardly a terrorist-sponsored site in and of itself,  Lieberman found that some videos posted on the sharing site “provide weapons training, speeches by Al-Qaeda leadership, and general material intended to radicalize potential recruits.”  While Google removed a number of videos that violated its own guidelines,  Lieberman continued to raise concerns with additional videos that remained on the site.

    Lieberman’s actions were met with criticism from civil rights and First Amendment advocacy groups, who saw it as an attack on the First Amendment and the Constitution. Others balked at the potential for censorship of content on the Internet.

    The First Amendment, at least with regards to acting on and removing materials from sites, is one of the biggest challenges facing the federal government.  Those hosting websites may loathe removing or censoring sites without some legal process served by authorities,  a process that requires a determination of a specific illegal act, or without a clear violation of their contractual agreements with site owners.   In looking at the offending act for terrorist sites, part of the challenge goes back to an issue that Homeland Security Watch discussed in great detail several weeks ago – what is terrorism and what constitutes a criminal (or national security) act?  Do lone wolf sites suffice?  Does it have to be linked to a terrorist group?  How does the government meet the threshold of a terrorist act when it involves online speech?

    Of course, there may be ways to avoid the “what is terrorism” definition for potential acts by looking at other laws, especially if criminal activity is evident.  For example,  in 1996, Senator Diane Feinstein included in the Omnibus Anti-Terrorism Act a provision that required the Justice Department to produce a report analyzing the extent to which bomb-making instructions are available in the U.S. via various forms of media.  The Justice Department issued a report in April 1997 stating that laws restricting the dissemination of the media could be constitutional if narrowly-crafted.    Senators Feinstein and Orrin Hatch included an amendment on the Violent and Repeat Juvenile Offender Accountability and Rehabilitation Act that prohibited teaching or showing how to make explosives with the intent that the information will be used to  commit a federal crime.   Consequently, if a potential terrorist site shows how to make explosives and IF intent can be shown that the site’s owners planned for individuals to use that information to commit a violent crime, then legal process could be attainable.  Likewise, if specific links to fraud, money laundering, or inciting specific incidents of violence are evident, there potentially could be legal action in those cases.

    Even then, however, if the sites are hosted outside the U.S., the issues become murkier and require international cooperation, perhaps with nations with different norms, standards, and definitions of criminal and national security acts than the U.S.

    Complicating the situation even more — if  a site is successfully knocked off a hosting company’s server,  it is very easy to migrate and move a site to a new location.  Indeed, in testimony before Lieberman’s Committee in May 1997, Lt. Col. Joseph H. Felter, U.S. Army director of the Combating Terrorism Center at the U.S. Military Academy, testified that “[a]ttempts to shut down websites have proven as fruitless as a game of whack-a-mole.”

    The government actions above, however, assume that law enforcement or security officials want a site to be removed. There may be instances where the preferred action is to leave something up as it may be valuable for intelligence or evidence gathering reasons.

    Tackling terrorism online is not one that the U.S. alone is facing.  Just last month, the United Kingdom’s Association of Chief Police Officers created a unit for fighting online terrorism activity, complete with a portal for citizens to report suspected sites.  Other nations that do not provide the same free speech protections have taken similar actions for a variety of criminal security activities, including those related to hate speech.

    In short, the challenges for government action against terrorist sites “generally” are many and raise serious constitutional and legal hurdles, both here and abroad.  Of course, we still most determine the extent to which terrorism-promoting sites are a problem – and that, in and of itself, may be our biggest challenge.

    March 18, 2010

    Could terrorists on the internet be the next dot com bubble?

    Filed under: Radicalization,Technology for HLS,Terrorist Threats & Attacks — by Christopher Bellavita on March 18, 2010

    Monday’s post about whether the internet is creating terrorists ended with the observation “Jihad Jane is likely not an anomaly but a troubling preview of the future of terrorism.”

    The Los Angeles Times article by Bob Drogin and Tina Susman cited in the same post, conveys a similar concern, aided by multiple anecdotes.

    I think both essays illustrate the emerging dominant view: The “Internet is making it easier to become a terrorist.”


    A few months ago, I attended a lecture about terrorism by David Tucker, a colleague at the Naval Postgraduate School.   In a passing comment, Tucker suggested there might be less to the perceived relationship between the internet and radicalization than meets the eye.

    There was an immediate — and in some ways intellectually hostile — reaction by the audience of public safety leaders. They thought the role the internet plays in radicalization was so obvious that questioning it was akin to — well, challenging the Creation story in the Book of Genesis.

    OK, that’s an exaggeration. But Tucker’s thought was not well received.

    Tucker then did what he often does with such controversaries. He looked for data.

    In an article I will synthesize below, Tucker found “some evidence to suggest that the web sites do aid in radicalization.” But he cautions the data is limited and may be misleading. Importantly, without a critical analysis of claims and evidence purporting to demonstrate that the internet is creating terrorists, we may end up wasting resources on the wrong problem, and ignoring potentially more effective ways to mitigate the creation of additional terrorists.

    Tucker concludes his article saying there is very little evidence to support the claim “the internet is transforming how terrorists interact …. Perhaps over time, the evidence will emerge. In the meantime, we are stuck with the difficult task of focusing ‘on the social and religious networks’ from which extremists emerge if we want ‘to interrupt or fragment face-to-face recruitment.’”

    Below is an extended excerpt (quasi-crypto-mashup may be a better term) of Tucker’s January 2010 Homeland Security Affairs article, “Jihad Dramatically Transformed? Sageman on Jihad and the Internet.”

    For this post, I have not included the footnotes or page references from the original document. Nor have I followed the normal convention about the use of ellipses. But I have emphasized parts of the article that I think are especially relevant to the internet-terrorism theme.

    The complete, properly referenced, emphasized and formatted article can be found at this link.

    “Jihad Dramatically Transformed? Sageman on Jihad and the Internet.”

    In his book Leaderless Jihad, Marc Sageman claims…that Jihad in the modern world is changing from a centrally organized and structured activity into a more dispersed, decentralized movement in which small groups self-organize to carry out attacks….

    [Not] enough attention had been paid to the claims that Sageman made about the role of the internet in the development of what he calls the leaderless Jihad movement….

    Sageman claims it is the internet that “has dramatically transformed the structure and dynamic of the evolving threat of global Islamic terrorism by changing the nature of terrorists’ interactions… Starting around 2004, communication and inspiration shifted from face-to-face interactions…to interaction on the internet.”

    Assessing Sageman’s claim is important because if he is right, it would suggest that we switch attention and resources to combating digital recruitment. If he is wrong, then this would be a waste of resources.

    Sageman says the interactivity of the internet (particularly forums and chat rooms) is changing human relationships in a revolutionary way and hence, he implicitly assumes, must be changing the way those who become extremists interact online. In support of this claim, Sageman cites one article and six terrorism cases he says show the revolutionary impact of the internet and substantiate his claim that the internet “has dramatically transformed the structure and dynamic of the evolving threat of global Islamic terrorism.”

    [Tucker then argues one article and six cases is a too small a sample to make large scale generalizations. Small numbers is a persistent research problem.]

    Sound generalization is always a problem in terrorism studies because terrorism is such a rare event that we seldom have a large number of well-understood cases to base our claims on. Any scientific or even simply reasonable and candid analysis of terrorism should acknowledge this problem, however, and be modest in the claims it makes.

    Sageman considers … the effect of the internet on human relations in general. He states that “people’s relationships are being completely transformed through computer-mediated communications.” Sageman offers no support for this claim…. He proceeds, however, to draw conclusions about terrorism from these undocumented claims, arguing that the trust and intensity of emotion that is necessary for the sacrifices that terrorism requires can be generated online. At this point he states that “online feelings are stronger in almost every measurement than offline feelings. This is a robust finding that has been duplicated many times”

    In support of this broad claim, Sageman cites one article: a review of research on the effects of the internet on social life.

    [However], the article does not state that “online feelings are stronger in every measurement than offline feelings” or that this is a robust finding. It states rather that in two experiments “those who met first on the Internet liked each other more than those who met first face-to-face.” (It also reports that, depending on assumptions about the social context, interactions on the internet can be negative, displaying lack of trust, for example. ) Overall, the article offers no support for the claim that the internet is transforming social life. …

    Instead of supporting Sageman’s claims, the article suggests that Sageman is wrong in stressing the transformational character of the internet. It reports that people tend to take online relationships offline into the non-internet world, for example. This suggests that whatever the internet’s advantages, individuals still prefer face-to-face social life to online social life. Indeed, the article reports that “international bankers and college students alike considered off-line communication more beneficial to establishing close social (as opposed to work) relationships.”

    Other research on the social effects of the internet published since the one article that Sageman refers to does not support Sageman’s claim that the internet is transforming people’s relationships. First, the internet does not appear to be displacing people’s social activity. People who use the internet are not less likely to have other forms of social contact. Internet use “appears to expand activity engagement rather than replace previous personal channel contacts [including face-to-face contact] or media use.”

    This research suggests that if Islamic extremists are replacing face-to-face contact with internet mediated contact, as Sageman claims, then they are doing something that others who use the internet are not doing.

    ….If research on internet use does not support Sageman, neither does the other evidence he uses, the six cases he refers to in his book.

    After presenting [evidence about the six cases] in narrative form, Sageman states “this clearly shows the change from offline to online interaction in the evolution of the threat.”

    In fact, it does not.

    In two of the six cases that Sageman mentions, he tells us only that the terrorists got support from the internet (an inspirational document in the case of the Madrid bombing and bomb-making instructions in the case of the Cairo bombing).

    There is nothing new here. Terrorists did not begin using the internet for support in 2004. The 9/11 bombers used it, as did others before them. More important, “support” is not “interaction,” and it is interaction among terrorists that Sageman says the internet has “dramatically transformed.”

    Interaction did occur on the internet in the other four cases, but it also occurred face-to-face. How do we know which kind of interaction was more important? If terrorists are meeting as they have always done and then communicating online, which would be consistent with research on internet use, this does not suggest a dramatic change in terrorists’ interactions. It is important to note, then, that only in one case (the German bombing) does Sageman tell us the terrorists met first online.

    The reason Sageman does not mention terrorists meeting first online in the other cases is that it did not happen. In all the other cases, it appears the terrorists met first face-to-face.  In fact, the evidence suggests terrorists tend to be friends, acquaintances or relatives, who then become radicalized and carry out an attack.

    What about cases that have occurred since Sageman’s book appeared in 2008? There have been a number of cases over the past several years.  Full details on these cases are not available but we can look at what we know about a few of the more prominent ones. [And Tucker’s article reviews those cases]

    While sketchy and limited, none of the information we have on these recent plots suggests anything like what Sageman claims. Internet images sometimes appear to assist if not initiate the movement to extremism. Chat rooms play a role but rarely are the place terrorists first meet; face-to-face contact predominates. Mosques and other physical gathering places figure more prominently than the internet. In this limited sample, the internet appears to be a useful but by no means a transforming or even dominant means of mobilizing recruits for extremism.

    In showing the complex interaction of social relations, the internet and recruiting, all of these cases show a marked resemblance to the summary description one analyst of the Madrid bombing has offered of those who carried out that attack:

    It was in Mosques, worship sites, countryside gatherings and private residences where most of the members of the Madrid bombing network adopted extremist views. A few adopted a violent conception of Islam while in prison. The internet was clearly relevant as a radicalization tool, especially among those who were radicalized after 2003, but it was more importantly a complement to face-to-face interactions.

    Further evidence suggesting that Sageman’s claims are wrong comes from research done on the recruitment of foreign fighters from the Middle East and North Africa.

    Analysis of data captured in Iraq shows that 97 percent of a group of 177 foreign fighters met their recruitment coordinator “through a social (84 percent), family (6 percent) or religious (6 percent) connection.” Only 3.4 percent of the 177 foreign fighters mentioned the internet.

    Furthermore, when countries of origin for the foreign fighters were compared to the number of internet users in those countries, “more internet users correlated with lower numbers of fighters.”

    Finally, analysis shows that there is no correlation between countries that access extremist web sites and countries that produce foreign fighters. If the internet were an important tool of mobilization and recruitment, we would expect to see a correlation between accessing extremist web sites and numbers of foreign fighters.

    What holds true for the Middle East and North Africa might not hold true for other places with greater general rates of access to the internet and less of a supporting social and cultural network for extremists to rely on. In these places, one night argue, the internet might be the only place where would-be radicals could find the contacts and encouragement they need to join the extremist movement. Yet what is true of the Middle East and North Africa appears to be true of North America, judging by the cases Sageman cites and the additional cases discussed above. “The internet plays a minor radicalization role…. Conversations, sermons, print and radio communication, family and social networks present foreign fighters with local justification for joining the jihad.” This finding accords with research that finds internet use tends to “activate the active;” that is, promote engagement and activity among those already inclined that way and focus attention on the local community.

    One must conclude, therefore, both that Sageman offers no evidence to support his claim the internet is transforming how terrorists interact and there is little evidence elsewhere to support this claim. Perhaps over time, the evidence will emerge. In the meantime, we are stuck with the difficult task of focusing “on the social and religious networks” from which extremists emerge if we want “to interrupt or fragment face-to-face recruitment.”


    Is the internet really creating terrorists?  In the beginning did God really create the heaven and the earth?

    Tucker’s contrarian article reminds us — it reminds me — it is important to know what we believe.  It is equally important to examine why we believe it.

    March 17, 2010

    Crowdsourcing Solutions

    Filed under: General Homeland Security,Intelligence and Info-Sharing — by Mark Chubb on March 17, 2010

    In Sunday’s New York Times, the Week in Review section featured an article about the open source software application known as Ushahidi. It asked the rather provocative and somewhat tongue-in-cheek question, “Could wiki technology find Osama bin Laden?”

    Ushahidi — a free and open source software (FOSS) application developed in Kenya to support user-collected reports of election irregularities — has found a sudden following in the emergency management and disaster relief communities following its deployment in Haiti following the earthquake there. In a very short time after its deployment, relief agencies sharing information using Ushahidi had collected the single most authoritative single source of information on incidents, impacts, and internally-displaced persons in the disaster-ravaged country.  And they had accomplished this despite the lack of pre-written common operating procedures and almost no prior information with which to populate geographic information system (GIS) databases.

    The name of the application, taken from the Swahili language most closely translates to the English words “witness” or “testimony”, as in the first-person observations and reports of those in the best position to know what’s really happening. This, in-fact, is the single-most powerful premise underlying the application’s design and its successful deployment. In the early stages of an incident, the quantity of information is a bigger problem for responders than its quality. And those closest to the source of information are in the best position to generate both quantity and quality if properly enabled. As the incident expands, the ability to discover patterns and discern meaning from data points depends more on quantity than quality.

    To many emergency managers and homeland security professionals, this seems somewhat counter-intuitive. We place great stock on authoritative sources and time-tested methods. Indeed, sources and methods are so highly prized we often hold their identity so close that we compromise our own understanding of the information they provide because we cannot or will not disclose it with others who could help us put it in its proper context.

    The rather simple idea behind Ushahidi would be revolutionary enough if all it did was help diverse individuals and organization quickly aggregate, verify, and assess intelligence. But the application has spawned another important innovation that may be more important than what people can do with the software, and that has to do with how they use it.

    During past disasters, the spontaneous mobilization of volunteers has proven problematic for those managing response and recovery operations.  In the days after the Haiti earthquake, cadres of volunteers from the tech community mobilized in cities across the United States and around the world in what have become known as CrisisCamps. These ad hoc gatherings deploy Web 2.0 technologies en masse to aid humanitarian relief efforts. But unlike disaster tourists, these volunteers self-organize and stay well out of the way.

    Using the power of networks and collaborative techniques carefully honed in their day jobs, these assemblies have proven the power of information technology to facilitate co-production both in the technological and socio-political senses. By breaking very large, complex problems into smaller, bite-sized chunks and processing them quickly — which computers do better than people — these camps have enabled people to do what they do best: manage ambiguity.

    By leveraging the resources of a worldwide network of technical professionals, those responsible for response and recovery on the ground can focus their resources and energy on resolving goal, role, task, and value conflicts that impede their efforts to get help where it is needed most. By organizing and clarifying information, tools like Ushahidi and processes like the CrisisCamps enable decision-making and foster engagement. And successful transitions from response to recovery depend on both.

    If responding creatively to constraints and exigencies, successfully negotiating competition for resources, and securing satisfactory commitments from resource owners and those in need are the keys to collaboration, tools like Ushahidi are demonstrating the power of crowdsourcing solutions to our most challenging and complex problems. Whether these technologies can help us apprehend Osama bin Laden remains to be seen. But I wouldn’t be surprised if they did.

    March 16, 2010

    Why I Hate Freedom

    Filed under: Aviation Security,General Homeland Security — by Deirdre Walker on March 16, 2010

    Dee Walker has appeared in Homeland Security Watch several times.  Her initial and subsequent posts about her experiences with the Transportation Security Administration continue to ripple. — Chris Bellavita


    I was recently quoted in a column in the Philadelphia Inquirer.  The column was a re-hash of my on-going struggle with TSA.  I have struggled over many months to elevate the debate about TSA above the “why can’t I keep my water”  and “why does my grandma have to get out of her wheelchair” dialogue.  Apparently, my struggle has been in vain.

    In a comment posted to Daniel Rubin’s column, a reader asked, “Why does Deirdre Walker hate freedom?”

    Wow.  I didn’t know I hated freedom.  Then, I began to think about it and I realized, yup, I do hate freedom.

    Here are my top 10 reasons: (Well, I was going to have 10, but since everyone in the public sector is cutting back, I’ll cut back to 5.)

    1. I am a hedonist. Freedom requires work and sacrifice.  As a former police officer, I worked rotating shifts, weekends, Thanksgiving, St. Patrick’s Day and New Year’s.  I worked midnights and then got up after two hours of sleep to sit in court all day, then returned to work the street a few hours later.  I worked snowstorms and tropical storms, undercover and sometimes unarmed in order to arrest drug dealers and pimps.  Later in my career, I jumped from bed at 2am or whenever the phone rang on my birthday, on Christmas and during vacations.  Until very late in my career, none of this felt less a privilege than a sacrifice.  Then I looked back at an adult life characterized by missed birthdays, funerals, family dinners and some seriously dysfunctional personal relationships.  Only then I realized what sacrifice looks like and more importantly, I understood what it feels like.  I don’t just speak of it.  I did it.  Generally, it kinda sucks.  It makes you older faster and more cynical than most.  I hate sacrifice, therefore, I must hate freedom.
    2. I am adventurous. Freedom, apparently, requires that we all have the same, safe perspective on freedom.  This apparently means neither questioning authority nor challenging conventional wisdom (an oxymoron that I love).  Clearly, those irritating activities were good enough for our Founding Mothers and Fathers, but why should I get involved?  I have built a life and career on asking “why” and challenging the answers I received.  That is how, I think, we step into the abyss of change.  Change, it seems, is a threat to freedom.  I love change.  Therefore, I must hate freedom.
    3. I am agnostic. I was not raised in a religious family, and I see that as a good thing, personally.  I am generally very ignorant regarding most forms of formal religion.  Due to my interest in all things homeland security, I probably know more about Islam than I do about Buddhism or Christianity.  I have deep and abiding respect for the rights of my fellow citizens to worship as they please.  I do not see a commensurate tolerance for those of us who choose not to worship formally; in fact, we are often viewed with pity, regarded with suspicion and spoken of with bile.  Religious freedom is a foundation of our Constitution, and apparently, God loves freedom.  I do not believe in God and therefore, I must hate freedom.
    4. I am comfortable. I have no room for learning from people with whom I disagree.  I cannot fathom that I might not be right, all of the time, and why on earth anyone with half a brain would bother to disagree with me when I am so very clearly right.  As a retiree, I recently enrolled in a graduate studies program so that I might more effectively plumb the depths of my lack of tolerance for new ideas; but really, I already know everything I need to know.  Therefore, I must hate freedom.
    5. I am disingenuous. I made a career of being a good “second”.  As an assistant chief of police, I did not aspire to my bosses job.  I got to do the work, and he got to take the heat.  Well, it seems I say I like to fly under the radar, but I currently miss no opportunity to step into the light to rag on TSA.  Unfortunately, I am very deeply concerned about the agency trajectory and have spent quite a bit of time composing my thoughts on this topic.  I have tried to ensure that this dialogue is informed by my education and experience, not just my emotions.  Challenging a key component of the Department of Homeland Security has led many people to quite reasonable offer that I because I do this, I must hate my country.  Fortunately, I like it when people question my motives and label me as unpatriotic.  I thrive on reflexive insults.  I am rebellious not robotic and therefore, I must hate freedom.

    So, I hope I have made clear why it is that I hate freedom.  Freedom is overrated and undermined.  It is perishable.  It takes too much thought and debate.  It requires a lot of work.  It breeds humility and tolerance.  Who has time for any of that?

    March 15, 2010

    Is the Internet Creating Terrorists?

    Filed under: International HLS,Privacy and Security,Radicalization,Terrorist Threats & Attacks — by Jessica Herrera-Flanigan on March 15, 2010

    Happy birthday today to the Internet as we know it.  It was on March 15, 1985,  that Symbolics Computers of Cambridge, Massachusetts registered Symbolics.com, the first .com domain.   Today, there are more than 84 million addresses and growing as more than 668,000 sites are registered each month.

    Interestingly, the Los Angeles Times ran a story late last week entitled “Internet making it easier to become a terrorist,” detailing how the Internet has become a “crucial front” in the battle for and against terrorism, making it easier for potential homegrown terrorists to get and share information.  Potential terrorists no longer have to travel around the world to terror training camps but can become militarized and taught to “wage violent jihad” in their PJs from the comfort of their bedrooms, according to the article.

    Much of the article focused on the transformation of Colleen R. LaRose from a bored middle-aged American into her Internet alter-ego, “Jihad Jane.”  The Christian Science Monitor ran a similar story Friday, noting an increase in U.S. terror suspects and how “advances in online communication have made it easier to recruit Americans to radical Islam.”  The publication did a separate story last week about the troubling and possibly increasing ability of Al Qaeda to attract American women to terrorism. The story, however, only noted only two other instances where women have been charged in the U.S. with terror violations:

    • The case of Lynne Stewart who was convicted of helping imprisoned Sheikh Omar Abdel Rahman communication with this followers; and
    • Aafia Siddiqui, a Pakistani scientist found guilty of shooting at U.S. personnel in Afghanistan while yelling, “Death to Americans!”

    Neither of these cases, however, involved the Internet or sophisticated plots to communicate with others via email or technology to commit terrorist acts.  Which leads us to the question – should the Jihad Jane case be of concern or is it an anomaly?

    Women are increasingly turning to the Internet, according to a number of studies.  According to the Pew Internet & American Life Project, 74% of women use the Internet (as of December 2009).  Other studies show that women are increasingly turning to the technology to conduct many daily activities.  A Burst Media study released in March 2009 found that 69.4% of women cited the Internet as the “primary source for information to keep their household running with information on family activities, recipes, health news, and entertainment listings.”  Just over 62% used Internet to research products or services. Those statistics increased for women in the 35-54 range, with 71.1% an 66.6% using the Internet to help run their households and research products, respectively.

    A survey by BlogHer, a woman’s blog network, in May 2009 found that approximately 53% of adult U.S. women participate in social media.  The survey found that more than 31.5 million participate weekly in social networks such as Facebook and MySpace, 23 million blog, 16.8 million participate in message boards/forum; and 6.7 million conduct status update (e.g. Twitter).  Given the high rate in which social networking has increased over the past year, especially with more wireless devices now able to allow users to use social media interfaces, these numbers surely have increased as well.

    Of course, a mere increase in women online does not necessarily translate into women turning to terrorism.  We do know, however, that marketers and online behavioral advertising experts are increasingly exploring how to market and tailor material to women online.  Why wouldn’t terrorist groups looking for new recruits do the same?  According to expert Gabriel Weimann in his 2006 book “Terror on the Internet: The New Arena, the new Challenges” – they already have.  Terrorist groups can narrow their message to a particular audience, appealing to specific sympathies and touch points.

    We know that terrorist organizations are also increasingly turning to the Internet to recruit and communicate.   According to a Council on Foreign Relations backgrounder on “Terrorists and the Internet,” prepared by Eben Kaplan in January 2009, “terrorists increasingly are using the Internet as a means of communication both with each other and the rest of the world.” Indeed, the number of terrorist organizations using the Internet has increased from 12 in 1998 to more than 4,800 this year.

    Kaplan notes that the “most effective way in which terrorists use the Internet is” for spreading propaganda and promoting sympathetic views of terrorist organizations.  As Weimann has noted, the Internet is a perfect tool for a new breed of terrorist. It is anonymous and uncontrollable.

    In general, the trends and studies show that terrorist groups are going online and that the use of the Internet by those groups to spread propaganda and recruit potential terrorists is of concern.  The increase in the number of women online and the ease by which information can be tailored to specific demographics should be not be overlooked, especially with the access to populations of potential recruits who may not otherwise be allowed or recruited to attend terrorist training camps abroad.  Jihad Jane is likely not an anomaly but a troubling preview of the future of terrorism.

    (Look to Friday’s post to explore how the government can counteract these efforts and the challenges with fighting terrorism and propaganda online).

    March 11, 2010

    Are you smarter than a homeland security grants manager?

    Filed under: Budgets and Spending — by Christopher Bellavita on March 11, 2010

    My February issue of the always informative Homeland Security Today arrived in the mail Wednesday.  It features the 2010 State and Local Managers’ Guide to Grants. [A digital version is available at this link ]

    Michael Paddock wrote most of the grant-related articles in the magazine, providing an overview of what the headline writers called “The Homeland Security Funding Landscape.” In one of those articles, Michael summarizes 23 homeland security grant programs.  The programs account for almost 5 billion dollars of homeland security spending.

    Do you know what the grant programs are?

    To test your knowledge of how the 5 billion dollars can be spent, Homeland Security Watch happily presents the home/office edition of Match the Description to the Grant.

    Below is a brief description of the 23 grant programs, followed by the program names.  The test is based on the homeland security grant program descriptions provided by Homeland Security Today.

    (I’ll put the answers in the Comments section immediately following this post.)

    As you look through the list, please consider having compassion for the people who have to work every day with the mountains of paper, electrons, and other data each program requires.

    And compassion also for the millions of taxpayers footing the bill.


    Remember: match the grant program description with its name.

    Score yourself as follows:

    23 – 18 correct: you may be a grants manager,  someone who is a card carrying member of the homeland security industrial complex, or Michael Paddock

    17 – 10 correct: you may work for state, local, tribal, or territorial government

    10 – 5 correct: you may work for a non-DHS federal agency

    Less than 5 correct: you may be an elected official or an academic


    1)           _______         Provides funding for allowable planning and equipment acquisition to increase the preparedness capabilities of jurisdictions responsible for the safety and security of communities surrounding high-priority pre-designated critical infrastructure and key resource assets.

    2)           _______         Provides funds to owners and operators of transit systems to protect critical surface transportation infrastructure and the traveling public.

    3)           _______         Provides supplemental state homeland security grant program funding to directly eligible tribes to help strengthen the nation against risks associated with potential terrorist attacks.

    4)           _______         Support the integration of local emergency management, health and medical systems into a coordinated and sustained local response capability to a mass casualty incident.

    5)           _______         Support for target hardening activities to nonprofit organizations that are deemed at high risk of a potential terrorist attack.

    6)           _______         Provides funds to freight railroad carriers and owners and offerors of railroad cars to protect critical surface transportation infrastructure from acts of terrorism, major disasters and other emergencies.

    7)           _______         Provides funds to build capabilities at the state, local, tribal and territorial levels and to implement the goals and objectives included in state homeland security strategies.

    8)           _______         Enhanced cooperation and coordination among local, state and federal law enforcement agencies in a joint mission to secure the United States borders along routes of international borders.

    9)           _______         Coordinate community involvement in emergency preparedness, planning, mitigation, response and recovery.

    10)           _______         Provides funding to prevent terrorism by reducing fraud and improving the reliability and accuracy of personal identification documents that states and Territories issue.

    11)           _______         Provides funding to states, territories and local and tribal governments to carry out initiatives to improve interoperable emergency communications.

    12)           _______         Upgrade state and local public health jurisdictions’ preparedness in response to bioterrorism, outbreaks of infectious disease and other public health threats and emergencies.

    13)           _______         Improve emergency management and preparedness capabilities by supporting flexible, sustainable, secure and interoperable EOCs.

    14)           _______         Provides funds to states, territories, federally recognized Indian tribal governments and communities for hazard mitigation planning and implementation of mitigation projects prior to a disaster.

    15)           _______         Provides funds to Amtrak to protect critical surface transportation infrastructure and the traveling public from acts of terrorism, major disasters and other emergencies.

    16)           _______         Enhance catastrophic incident preparedness in selected high-risk, high consequence urban areas and their surrounding regions.

    17)           _______         Provides resources to assist state and local governments to sustain and enhance all-hazards emergency management capabilities.

    18)           _______         Improve surge capacity and enhanced community and hospital preparedness for public health emergencies.

    19)           _______         Provides grant funding to port areas for the protection of critical port infrastructure from terrorism.

    20)           _______         The primary provider of federal criminal justice funding to state and local jurisdictions.

    21)           _______         Intended to assist participating jurisdictions in developing integrated regional systems for prevention, protection, response and recovery.

    22)           _______         Helps fire departments and non-affiliated EMS organizations meet their firefighting and emergency response needs.

    23)           _______         Assist operators of fixed route intercity and charter bus services serving the nation’s highest risk metropolitan areas and obtaining the resources required to support security measures.


    a.           Intercity Passenger Rail

    b.           Assistance To Firefighters Grant Program

    c.           Transit Security Grant Program

    d.           Operation Stonegarden

    e.           Tribal Homeland Security Grant Program

    f.           Driver’s License Security Grant Program

    g.           Buffer Zone Protection Program

    h.           State Homeland Security Program

    i.           Hospital Emergency Preparedness Program

    j.           Edward Byrne Memorial Justice Assistance Grant Program

    k.           Public Health Emergency Preparedness Cooperative Agreement

    l.           Port Security Grant Program

    m.           Freight Rail Security Grant Program

    n.           Intercity Bus Security Grant Program

    o.           Citizen Corps Program

    p.           Emergency Management Performance Grant

    q.           Urban Areas Security Initiative: Nonprofit Security Grant Program

    r.           Interoperable Emergency Communications Grant Program

    s.           Emergency Operations Center Grant Program

    t.           Metropolitan Medical Response System Program

    u.           Urban Areas Security Initiative

    v.           Regional Catastrophic Preparedness Grant Program

    w.           Pre-Disaster Mitigation Grants

    March 10, 2010

    Is the Private Sector Prepared?

    Filed under: General Homeland Security — by Mark Chubb on March 10, 2010

    Last Thursday afternoon, the Senate Committee on Homeland Security and Government Affairs‘ ad hoc subcommittee on state, local, and private sector preparedness held a hearing on private sector preparedness. Three distinguished experts on homeland security and disaster preparedness appeared before committee chairman, Senator Mark L. Pryor (D-Ark.).

    The themes of each presentation struck a familiar chord with regular readers of this blog and those policy wonks familiar with the growing literature on community resilience. Nevertheless, one can only wonder whether it made the necessary and desired impression, given the absence of so many members of the committee.

    Stephen Jordan, executive director of the Business Civic Leadership Center of the U.S. Chamber of Commerce, lead off the testimony by highlighting the business community’s commitment to investments in resilience. Business, he noted, knows all too well that disaster costs keep rising, no single agency or entity can be relied upon to respond when disaster strikes, and investments in disaster preparedness and community resilience not only reduce risks but also lower costs by improving operational efficiency.

    Mr. Jordan emphasized the important role of government in supporting information sharing and coordination both among businesses and between government and the private sector (including nonprofits and civil society). He noted that efforts to map responsibilities and raise awareness of roles would make coordination more efficient and effective.

    Next up was Dr. Jack Harrald, chairman of the National Academies Disaster Roundtable, who emphasized the opportunity presented by heightened awareness of our vulnerability to catastrophic events. Dr. Harrald highlighted three policy challenges that must be addressed to improve private sector preparedness and community resilience:

    1.     Implementing policies that recognize and make allowances for local and regional priorities;

    2.     Ensuring that federal funding is adequate and coordinated (with an emphasis on coordinated); and

    3.     Creating trusted relationships based on open and frequent information sharing.

    Dr. Harrald argued that the sciences (physical and social) and new technology will play increasingly important roles in helping us achieve these goals. This assistance will help us manage the large volumes of information associated with preparedness and disasters and allow us to expand relationships and create networks as required for each event. (The CrisisCamps run by ad hoc groups of volunteers around the country following the Haiti and Chile earthquakes seem particularly salient example of this.)

    The final presenter, Dr. Stephen Flynn, president of the Center for National Policy, remarked on the importance of community resilience to national security. He noted that the new battlespace is not military but the civil and economic spheres. Demonstrating resilience to our adversaries requires us not only to show that we can deliver a punch (militarily) but also that we can take one (socially and economically). The capacity to cope with disruptions and discontinuities will distinguish those who succeed in the future from those who fail.

    Dr. Flynn noted that Americans possess the two ingredients vital to such success: self-reliance and a willingness to volunteer. Public safety, he noted, is not a partisan issue, but rather a public good to which we can all contribute.

    It should come as no surprise that the presenters made a number of complementary and consistent points worth reflecting on:

    1.     Decentralized, systems approaches that focus on networks rather than individuals or even organizations work better.

    2.     Incentives for good behavior such as investments in risk reduction and preparedness are needed.

    3.     Collaboration across sectors and levels of government, especially in the areas of grant administration and financial assistance to businesses before and after disasters, depends upon federal leadership and support.

    In the question and answer period that followed, all three presenters seemed to agree that developing a resilient society depends on breaking the cycle of co-dependence in which citizens depend on agencies and officials to meet their needs after a disaster in proportion to the desire by such officials to be needed. Treating citizens not as victims but rather as resources is the first step in the process of creating more resilient communities.

    March 9, 2010

    Highlights of February’s Homeland Defense and Security Education Summit

    Filed under: General Homeland Security — by Christopher Bellavita on March 9, 2010

    The 4th Annual Homeland Defense and Security Education Summit took place on February 24-25, 2010 at Georgetown University.

    The conference theme was “Homeland Security in Transition.”

    The academic discipline of homeland security and defense continues to grow and mature. In light of the advances we are experiencing, and with the first post-9/11 administration one year in office, our focus is on validating homeland security and defense education.

    Here are some highlight of the conference, prepared by Dr. Stan Supinski:


    DHS Undersecretary for Management Elaine Duke discussed where the money in DHS is going and the needs of the workforce (more border work, especially in the north; the United States Coast Guard; and cyber were highlighted).  She also mentioned the emphases in the newly released Quadrennial Homeland Security Review – security, resiliency, and maintaining our ability to conduct cross border commerce.

    Former DHS Secretary Michael Chertoff spoke about Homeland Security as a distinctive discipline because of the inclusion of national security and law enforcement.

    He provided a list of the 8 most important things to include in an academic homeland security program.

    • Management skills, and in particular the acquisition process
    • Intelligence
    • Risk management concepts and application
    • Emergency management – with a huge emphasis on planning
    • Legal issues – a basic understanding of applicable laws and constitutional authorities
    • International relations
    • Cyber and technological issues
    • Social psychology – a focus on interagency relationship building and how to get the variety of players involved to cooperate.

    Randy Larsen of the Institute for Homeland Security led a useful plenary session that focused primarily on the WMD threat.  He highlighted the need to balance our efforts towards high probability/low consequence events versus low probability/high consequence events, and noted we must keep our federal emphasis on the latter.

    A plenary panel (with both DHS and NORTHCOM representatives) on critical infrastructure and the private sector discussed the need to emphasize both topics in our courses.  Barbara Yagerman of DHS said her office would support an effort to develop curriculum that could be shared across the community.

    Assistant Secretary of Defense for Homeland Defense and Americas’ Security Affairs Paul Stockton spoke in a plenary session about the needs of the DoD workforce and the current state of civilian-military relations. Secretary Stockton, and several of the other speakers, emphasized the need for academic homeland security programs to develop research, writing and planning skills.  Stockton also indicated that his office would support development of curricular components for planning courses

    Nadav Morag conducted a well received presentation on Homeland Security in Israel.  Dr. Morag has developed an on-line self study course on the subject and it is available to conference attendees on the Center for Homeland Defense and Security website.

    The Homeland Security and Defense Education Consortium Association executive director provided an update on the organization, including inroads made with the Department of Education and the posting of required accreditation documentation to their website.  This generated lots of positive discussion, particularly regarding the fact that core competencies will be emphasized, not prescriptions toward specific courses.

    The conference also included 32 Breakout sessions.

    The conference reminded participants they are part of a growing and important community. Virtually every homeland security education program continues to grow.   For example, the University of Maryland program now has 550 majors; Tulane, which just recently had their masters approved, already has 227.

    The Homeland Defense and Security Education Summit was sponsored by:

    • Homeland Security / Defense Education Consortium Association (HSDECA)
    • Georgetown University Center for Peace and Security Studies (CPASS)
    • Office of the Chief Learning Officer, U.S. Department of Homeland Security (DHS)
    • Naval Postgraduate School Center for Homeland Defense and Security (CHDS)
    Next Page »