Homeland Security Watch

Game theory has long informed U.S. nuclear strategy and the strategies of many of our nuclear-armed adversaries. Armed deterrence and the theory of mutual assured destruction relies upon a fundamental assumption that any adversary amoral enough to use such fearsome weapons nevertheless remains sufficiently rational not to wish the suffering of retaliation upon itself and its people by launching a pre-emptive strike.

The Nuclear Posture Review released this week and the agreement to enter into a new nuclear arms reduction treaty with Russia reflect the realization that the rules of the nuclear arms game have changed, not just for the U.S. but for all nuclear-armed nations. The real potential of nuclear weapons to influence strategy and policy today rests not upon the awesome power they pose for adversaries to annihilate one another, but the more practical moral and political consequences of possessing them in the first place. These consequences include both the rewards of deterrence and the risks associated with the possibility nuclear weapons technology will fall into the wrong hands.

The more terrifying threat facing nuclear armed nations today is not the menace their weapons pose to one another, but the risk their nuclear programs pose if the technology or know-how they possess comes under the control of unscrupulous or unchecked states or worse, non-state actors. Unlike the Cold War anxieties that led to the arms race and proxy fights that nearly bankrupted both sides, the new game revolves around a different and much more complex set of assumptions.

Game theory relies upon the possibility of predictability not just plausibility. Imagining a threat is not enough. How do we predict the appropriate posture for an adversary that behaves in ways that do not respond to conventional incentives or conform to our expectations of rationality? How should the assumption that this adversary subscribes to an inflexible moral code that dismisses recognized notions of right and wrong influence our decisions and actions?

By the time the destructive potential of the U.S. and Russian nuclear arsenals exceeded the level each side needed to achieve mutually assured destruction, the symbolic power of these weapon systems began to rival the real power of their substance.  Today, the substantive threat posed by nuclear proliferation rests upon the symbolic value of acquiring the same toys the big boys play with not achieving the same results.

Nuclear strategy and deterrence are no longer questions of who can deliver the most firepower more accurately or with the shortest time to target. Today, we must consider the consequences of small strikes against unsecured targets that inflict limited rather than catastrophic casualties against innocent civilians or noncombatants. The costs of this new arms race are neither defined by the scale nor scope of the consequences or the comparative costs of developing the capabilities to counter an attack, but rather by the investments expected or demanded to prevent it from happening in the first place. This thinking represents the ultimate in asymmetric warfare because it reflects a different calculus driven by the value and purpose we see in human life.

The danger posed by the new generation of nuclear wannabes does not represent the sort of existential threat that served as the basis for our previous policies. Today we face an ontological threat that redefines our relationships not only with the technology and those who possess it, but also with the way we organize and think about the capabilities and threats these weapons present.

We may no longer fear the prospect that we will destroy one another or end all life on earth through a nuclear exchange. But we just might achieve the same end more slowly by making decisions and taking actions that produce misguided or misplaced investments in security as opposed to more productive and farsighted investments in human development.

The Nuclear Posture Review is a step in the direction of a more enlightened and responsible strategy, albeit a very small one. It recognizes that the only surefire way to keep nuclear technology and know how from falling into the wrong hands is to eventually get rid of them altogether.

At the same time, it recognizes that we cannot un-ring the nuclear bell or put the atomic genie back inside the bottle. Only by choosing a new game can we change the rules that really matter, the ones that lead us to make positive rather than negative investments in human security.

This new game involves new rules. If we want to ensure this does not become the zero sum game we have come to expect from our nuclear policy, we have to re-imagine and redefine the relationship between development and security. We can only claim a victory when the number of nuclear weapons in the world and those prepared to use them equals zero.

Imagine a 7.8 Richter Scale earthquake near St. Louis, MO, on the New Madrid fault line.  Assume the earthquake causes extreme damage in 8 states along the Mississippi River.  This includes over 89,000 dead, nearly half a million people injured, more than 5 million people homeless, loss of numerous bridges crossing the Mississippi, as well as destruction of major oil, gasoline, and natural gas pipelines that serve much of the Eastern Seaboard.

One might think this high consequence (low probability or high probability — take your pick) event would make a natural subject for a national level homeland security exercise.

Maybe not.

Perhaps there are some extreme homeland security events — call them catastrophes –  where the value of exercising top officials is more symbolic than sensible.

—————————————————-

The Vacation Lane Blog — written by William Cumming (a frequent writer in hlswatch) — began its internet life on Saturday with commentary about the postponement of the national level exercise program.

Cumming argues in “The Sinews of Preparedness,”

… this Administration, like all before it, fails to understand that the sinews of preparedness are built with exercises, from table tops to full scale exercises, and with the personnel including appointees that will actually be called on to run the civil domestic crisis management system or be in the chain of command for civil crisis events. Failure to be prepared only makes it more likely that military dominated organizations, which tend to ad hoc despite extraordinary funding, will drive the crisis response with huge implications for the civil sector and federalism.” [my emphasis]

On its face, the author’s recommendation seems sensible: training and exercises will make for a more effective response when something real happens.

Why should anyone believe that claim?

Aristotle said, “Excellence is an art won by training and habituation. We do not act rightly because we have virtue or excellence, but we rather have those because we have acted rightly. We are what we repeatedly do. Excellence, then, is not an act but a habit.”

One need look no further for evidence about the correctness of this belief than the professional experiences of police, fire fighters, emergency medical professionals, emergency managers, and other responders.

The lessons from Aristotle, Mr. Cumming, and first responder experiences may be true for “normal” disasters — earthquakes, hurricanes, fires, floods, tornadoes, and so on.

I wonder if that truth about exercise has much value when it comes to getting “top officials” ready for catastrophes.

—————————————————-

For FEMA/DHS, a catastrophe is any incident “that results in extraordinary levels of mass casualties, damage, or disruption severely affecting the population, infrastructure, environment, economy, national morale, and/or government functions.”

Catastrophes, as a colleague has written “are the nightmare scenarios that can bring the nation to its knees.”

There do not appear to have been that many catastrophes in the past half century of our history.

The colleague I just mentioned recently completed a study of the federal part of the post 9/11 emergency planning and response system.  As a tangential part of his work, he noted there have been around 1900 presidential disaster declarations since 1953.  He found only four of the 1900 events were (definitional) catastrophes: Three Mile Island, and Hurricanes Hugo, Andrew and Katrina.

You might add a few more to his list — like 9/11/01 in New York City, Arlington, and Shanksville.  But the number of catastrophes remains small.

My colleague found that federal agencies played major “supporting” roles in all of those catastrophes. But governors — maybe a mayor or two — always retained control of what was going on in their jurisdictions.

It’s my understanding (aided by experiences with early versions of TOPOFF) that national level exercises have some play for state and local officials, but for the most part, the general intention of the exercises is to:

Support U.S. Government Officers’ preparation for managing national crises, and accountability of those who support them.

I have no idea what role training and exercising state, city, or federal officials — especially political officials — played in successful or unsuccessful catastrophic response.  I’ve looked for data that sheds light on the utility of exercising for catastrophes, but so far I’ve come up largely empty.  (There is the 2004 “Hurricane Pam” exercise example for New Orleans, of course.  But that mostly suggests preparedness requires something more than exercises.)

My understanding is the average tenure for a federal political appointee — a top official — is between 18 months and 2 years.   How does one train and exercise federal appointed and elected officials for an incident where  there are “over 89,000 dead, nearly half a million people injured, more than 5 million people homeless?”

Is there any evidence that justifies spending money on those officials for such training and exercises?

Since 2005, the federal government has spent more than 200 million dollars on national level exercises.  Have those expenditures come anywhere close to providing commensurate benefits?  If those data are not available, could the 200 million have been spent on some other homeland security-related activities, including local exercises, that might have increased the nation’s preparedness?

I suspect those are largely rhetorical questions, lost somewhere inside the conventional wisdom that worships any homeland security training and exercise as an unquestioningly good thing.

—————————————————-

One of the homeland security goals described in the Quadrennial Homeland Security Review is to:

Foster Innovative Approaches and Solutions Through Leading-Edge Science and Technology: Ensure scientifically informed analysis and decisions are coupled to innovative and effective technological solutions.

I like the sound of that goal.  It says science matters.

I like the objectives of the goal even more:

• Scientifically study threats and vulnerabilities: Pursue a rigorous scientific understanding of current and future threats to homeland security and the possible means to their prevention and mitigation.
• Develop innovative approaches and effective solutions: Encourage and enable innovative approaches

Both objectives suggest we should look to science to validate our prevention and mitigation efforts, and to lead the nation toward new ways to think about what we do under the banner of homeland security.

—————————————————-

The National Exercise Program is a process technology, intended to prepare mostly federal leaders for catastrophic events.   I wonder if there is any science undergirding that exercise program technology.

The national exercise program has been described recently as “unrealistic, costly, and overscripted productions … an ‘elaborate game’’ rather than opportunities for officials to work through problems.”

I have personal anecdotes from TOPOFF 1, 2 and 3 that support the accuracy of those views , at least for the early days of the exercise program.  I’ve also heard that — like many things in homeland security — they have become better over time.

I am not arguing against a national exercise program.  I do think, however, it makes sense to ask about the “science” (in whatever sense one wishes to use that term) that supports the benefit of national level exercises.

I think it is fair to ask whether there are better uses for the money allocated to national exercises.

My internet colleague William Cumming is worried that the

Failure to be prepared only makes it more likely that military dominated organizations, which tend to ad hoc despite extraordinary funding, will drive the crisis response with huge implications for the civil sector and federalism.

If true catastrophes are as rare as the data suggests, perhaps there is logic in purposively integrating the “military dominated organizations” into civilian catastrophic planning.

If a catastrophe is an event that can bring the nation to its knees, we might want to make sure the military is ready to help out.

It’s my understanding they are on the same side as the rest of us.

———————————————————————–

[The paragraph that starts this post is from slides developed by  Dr. Rick Bissell, Department of Emergency Health Services, University of Maryland, Baltimore County]

—————-

Usually the comments start in a different section of the blog.  Bill and I corresponded over the weekend about his “The Sinews of Preparedness,” post.  Here is the exchange we had:

Me to Bill: nice title.  i disagree with your claim and am writing something for homeland security watch about it now.  nice to see your own blog.

———

Monday’s suicide bombing in Moscow’s subway system reminded us of the threat to subway and train systems.  While much of our attention has focused on aviation security in recent months, the bombing reminds us that rail systems remain an easy target for terrorists and militant groups hoping to cause damage. While the U.S. has avoided such an attack, the last fifteen years have seen several attacks carried out around the world against such systems, as well as one thwarted attack here in the U.S., including the following incidents:

• 1995: Sarin gas is released by members of Aum Shinrkyo on several lines of the Tokyo Metro that were passing through key areas of the Japanese government, killing 13 people and injuring countless others.

• 1995: Over a period of four months, several gas bottles exploded on the RER and the Metro in Paris, killing  8 and wounding more than 100 people. The attacks were attributed to the Armed Islamic Group.

• 2004: In February, a suicide bomber killed 41 people and injured more than 120 in an explosion on the Moscow metro system.   Individuals linked to the militant Nikolai Kipkeyev were found guilty.  In August, Kipkeyev died when a female suicide bomber he was escorting into a Moscow subway panicked upon seeing a police officer and detonated her bomb, killing 8 people and wounding 50 others.

• 2004: A series of coordinated bombings take place on Madrid’s Cercanias commuter train, killing 191 people and wounding 1800 others.  A direct connection to Al Qaeda is not found, though Spanish authorities determine that the attacks were done by by an Al-Qaeda-inspired terrorist cell.

• 2005: A series of coordinated suicide attacks occur on London’s mass transit system, carried out by four British Muslim men, killing 52 people and injuring more than 700.

• 2006:  Seven bombs explode on the Suburban Railway in Mumbai, killing 209 and injuring more than 700.  The bombings were believed to be carried out by Lashkar-e-Toiba and the Students Islamic Movement of India.

• 2009: Najibullah Zazi is arrested in Denver for planning suicide bombings on the New York City subway system.  On February 22, 2010 he pled guilty and admitted that he was recruited by Al-Qaeda in Pakistan to blow up the New York City subway.

So who is responsible for coordinating the U.S. rail and subway security systems here in the U.S.?  The Transportation Security Administration (TSA).  Not only must TSA focus on aviation security (without an Administrator in place), it must also focus on mass transit and passenger rail security.  According to the TSA’s website, it does so by seeking to:

advance mass transit and passenger rail security through a comprehensive strategic approach that enhances capabilities to detect, deter, and prevent terrorist attacks and respond to and recover from attacks and security incidents, should they occur. TSA’s strategic priorities for mass transit and passenger rail security are:

* Focus efforts to mitigate high consequence risk to transit assets and systems, particularly underwater and underground infrastructure;

* Expand employment of random, unpredictable deterrence; and

* Build security force multipliers with training, drills and exercises, and public awareness

According to the FY 2011 DHS Budget Request, TSA is undertaking the following activities to secure mass transit, passenger rail, and bus:

• shareholder collaboration with key stakeholders through its Regional Transit Security Working Group, which identifies regional priorities and resolves security needs.  Much of TSA’s regional work is focused on Tier 1 Transit Security Grant Program cities, including New York City, Boston, D.C., Philadelphia, Chicago, Los Angeles, and San Francisco.
• working with the American Public Transportation Association to develop consensus-based security standards for mass transit.
• engaging in its “layered security operational test bed” to test operational and technological solutions for mass transit and passenger rail facilities.

In FY 2011, TSA requested $97.6 million to support its Surface Transportation Inspection Program and explosive detection canine program, a $29.4 million increase from FY 2010.

In terms of funding support for local mass transit areas, the Transportation Security Grant Program has requested $300 million for FY 2011. This money is allocated on a risk-based approach to eligible mass transit and bus systems, as well as to Amtrak, to enhance security measures on critical transit infrastructure.  Guidelines for the distribution of these funds are given in the DHS Appropriations bills, as well as in the Implementing Recommendations of the 9/11 Commission Act of 2007.

So how well is TSA doing on its efforts to better secure rail and and subway systems?  In a report entitled Transportation Security: Key Actions Have Been Taken to Enhance Mass Transit and Passenger Rail Security, but Opportunities Exist to Strengthen Federal Strategy and Programs released last June, the Government Accountability Office commended TSA for taking key steps to strengthen the systems.  At the same time, it noted that TSA faced a number of challenges hindering its success. Specifically, GAO found that TSA had not fully combined its assessments of threat, vulnerability, and consequence to conduct its risk assessments.  The GAO also noted that TSA faced a number of coordination challenges- both with industry and other agencies at the state, local, and federal levels.  Information sharing of security information remained a challenge, as did concerns regarding “potential costs and the feasibility of implementing pending employee security training requirements.”

The need to strengthen the federal relationships with transit agency officials across the country is one that also appeared in another June 2009 GAO report entitled, Transit Security Grant Program: DHS Allocates Grants Based on Risk, but Its Risk Methodology, Management Controls, and Grant Oversight Can Be Strengthened. In the report, the GAO noted that management and resource issues have resulted in delays in approving projects and distributing funds. According to the report, as of February 2009, transit agencies having spent only $21 million of the $755 million that had been awarded between 2006 and 2008.  To correct the shortcomings, GAO recommended that DHS strengthen its methodology for determining risk by developing a “cost-effective method for incorporating vulnerability information into future iterations of the” Transportation Security Grant Program.

It is safe to say that like much of TSA’s efforts on aviation security, its mass transit and passenger rail efforts remain a work in progress – showing some movement forward and continually evolving but in need of improvement.  Unfortunately, like our efforts in aviation security, many efforts remain reactionary in nature.  After the bombing in Moscow, a number of transit agencies across the nation beefed up their security, assigning more police, increasing K-9 teams, and conducting random station sweeps.  During those efforts, vulnerabilities were uncovered. For example, in New York City, the Associated Press reported that more than 4,000 security cameras in its subways were not working and that the Metropolitan Transportation Authority had cut the number of police patrols throughout its systems.

While the U.S. has been fortunate to not have seen a successful attack carried out on a domestic mass transit and passenger rail system, its efforts to secure such systems should be prioritized and expanded.  In particular, an increased focus on risk-based grants, information sharing of key intelligence with relevant stakeholders, and identifying and deploying preventive technologies are key to strengthening our mass transit and passenger rail systems.

A zombie is a “re-animated human corpse that feeds on living human flesh.”

Mostly they serve as fodder for popular entertainment.  But an attack by real zombies would be anything but entertaining.

Four Canadian mathematicians who wrote  “When Zombies Attack!: Mathematical Modeling of an Outbreak of Zombie Infection” warn,

“… if zombies arise, we must act quickly and decisively to eradicate them before they eradicate us.”

The scholars — Philip Munz, Ioan Hudea, Joe Imad, and Robert J. Smith — are from  Carlton University and the University of Ottawa.  They developed what is surprisingly “the first mathematical analysis of an outbreak of zombie infection.” The article will be published as Chapter 4 in the soon to be released book  “Infectious Disease Modeling Research Progress.”

While obviously not realistic, their analysis “demonstrates… how modeling can respond to a wide variety of challenges in biology.”

The link between their work and biological attacks, pandemics, and related public health threats to the United States is an obvious one.

Why zombies matter to homeland security

The authors describe their basic model for zombie infection, discuss equilibria and stability issues, and then suggest conditions under which eradication of the zombie infection can occur. Based on their analysis, they conclude “only quick, aggressive attacks can stave off the doomsday scenario: the collapse of society as zombies overtake us all.”

The chapter starts by discussing the origins of zombies in the Afro-Caribbean spiritual belief system of “Vodou.”  But the idea of the zombie dates back at least to the Middle Ages, and has appeared in the cultures of China, Japan, the Pacific, India, Persia, Arabia, and the Americas.

As the reader familiar with the concept may recall, zombies have no will of their own. Their heart and lungs and all their body functions operate at minimal levels, at least according to the traditional view.

Modern zombies are very different from voodoo and folklore zombies. Contemporary zombies are mindless monsters who do not feel pain and who have an immense appetite for flesh.  They have a particular hunger for human brains (as the disturbing video at this link illustrates).

A zombie’s objective is to kill, eat or infect people. When a susceptible person is bitten by a zombie, it leaves an open wound contaminated by saliva, thus infecting the susceptible individual.

Informed speculation suggests the saliva disrupts oxygen flow to the brain.  The lack of oxygen seems to be the specific mechanism that turns otherwise normal people into zombies.

Consequently in the few cases of zombie-ism that have been adjudicated by courts, authorities have concluded that because the zombies suffer from brain damage, they cannot be held accountable for the havoc they cause.

This clearly has hampered — but not eliminated — the search for effective prevention and mitigation strategies.  Here is where the Canadian team makes its, probably inadvertent, but still foundational contribution to Homeland Security

Summary of the argument

In Section 2 of their paper, the authors outline the basic model describing how — like a deadly virus — zombies grow and increase (please see Figure 1, where S are those who are susceptible to attack, Z are the zombies, and R are those who have been “removed” but who can return to the arena after an encounter with Z). The authors correctly note their model is “slightly more complicated than the basic SIR [susceptible, infected, and removed] models that usually characterize infectious diseases.”

The authors discouragingly find that from the perspective of their basic model, “In a short outbreak, zombies will likely infect everyone.”

The remainder of the article discusses strategies available for dealing with a zombie attack:

• Section 3 (The basic model, with time latency),
• Section 4 (The model, plus quarantine),
• Section 5 (The model incorporating a cure for zombie-ism), and
• Section 6 (Rapid and aggressively escalated destruction of zombies)

The interested reader can view the full analysis of each variation by downloading the original paper here.  I found the math to be slightly impenetrable (see the figure below for an example). But the authors’ conclusions are starkly clear:

“An outbreak of zombies infecting humans is likely to be disastrous, unless extremely aggressive tactics are employed against the undead. While aggressive quarantine may eradicate the infection, this is unlikely to happen in practice. A cure would only result in some humans surviving the outbreak, although they will still coexist with zombies. Only sufficiently frequent attacks, with increasing force, will result in eradication, assuming the available resources can be mustered in time.”

The authors acknowledge the key difference between their model and traditional views of infectious disease is in their model “the dead can come back to life.”

They admit their scenario is unrealistic if taken literally, “but possible real-life applications [of their model] may include allegiance to political parties,… diseases with a dormant infection,” and — one might add — a zombie-like commitment to certain beliefs, attitudes, policies, and organizational arrangements.

The article ends by summarizing the strategic implications of the analysis:

“A zombie outbreak is likely to lead to the collapse of civilization, unless it is dealt with quickly. While aggressive quarantine may contain the epidemic, or a cure may lead to coexistence of humans and zombies, the most affective way to contain the rise of the undead is to hit hard and hit often. As seen in the movies, it is imperative that zombies are dealt with quickly, or else we are all in a great deal of trouble.”