Homeland Security Watch

News and analysis of critical issues in homeland security

July 29, 2010

Tara: The bodhisattva of risk management

Filed under: Risk Assessment,Strategy — by Philip J. Palin on July 29, 2010

Tara is a helpful mnemonic for transfer, avoid, reduce, accept: the principal risk management options.

Years ago oil consumers, oil producers, policy-makers, and industry regulators decided the need for oil — and our understanding of the risks — was sufficient to no longer avoid the risks associated with ultra-deep water drilling. 

But in several subsequent decisions related to the Deepwater Horizon platform, BP and its financial and management partners accepted more risk than they fully realized.  Applying the Cynefin framework (below), they almost certainly mistook profound complexity as being merely complicated.  In a few benighted instances they may even have been deluded into thinking their task was simple.  (Please see Chris Bellavita’s Tuesday post for more on the Cynefin framework.  Chris has also written a related piece in the Homeland Security Affairs Journal.)

Because of this failure to accurately assess context, BP and others — including regulators —  accepted (or, more accurately, transferred) more risk than consciously intended.  Regulators did not require lease-holders to give specific attention to catastrophic risk, did not effectively enforce the limited risk readiness included in lease provisions, and failed to ensure that risk readiness involved active participation, collaboration, and deliberation by key stakeholders. Minimal action was taken to reduce risk.  There was a paucity of sense-making, a lack of full awareness, and a dangerously myopic view of reality.

In a complex situation the Cynefin framework advocates a process of probing, sensing, and responding.  This probing is similar to Elinor Ostrom’s participation/collaboration/deliberation.  The emerging evidence suggests that even among those physically proximate on the Deepwater Horizon probing and sensing were constrained.  No wonder we were not prepared to respond.

Once the latent complexity of the situation was exposed through death, injury, and destruction, there is a question as to whether BP and others recognized the transition from complexity to chaos.  In any case, because they (we) had not fully engaged the complexity of the context, they (we) were not ready to act, sense, and respond  to the chaos.  We  were ill-prepared to manage the risk we had unthinkingly accepted.

Once BP, the Coast Guard, the White House and all of us recognized the unfolding chaos we began to behave more realistically.  As we behaved in a manner better calibrated to reality we recognized some aspects of our situation as simple, some as complicated, some as complex, and some as chaotic.  Depending on the reality of the context, many of us — perhaps even most of us — eventually behaved appropriately to the context.

But that “eventually” allowed millions of gallons of toxic oil to gush for over eighty days.  In our decisions, non-decisions, and especially in our unintentional obliviousness  we essentially transferred the risk of ultra-deepwater drilling to the ecology and economy of the Gulf of Mexico… and to those creatures — human and not — who are  especially in relationship with the Gulf.

Intellectual and operational frameworks, such as Tara and Cynefin,  are helpful.  But all of them depend on the users’ ability to engage reality.  Every framework I know depends on adapting appropriately to context.  The user must be attentive.

In Buddhism and Hinduism Tara is also a manifestation of compassion.  There are several aspects of Tara.  The Green Tara shown below is especially associated with liberation from fear and protection from material threats.  Tara is widely understood to be particularly effective in helping us avoid accidents.

Many Tibetan Buddhists begin each day reciting a mantra to Tara: Om Tara tuttare ture svaha.  There is a deeper meaning, but very roughly this can be understood as,  “O thee who saves, free me from greed, hatred and delusion, deepen my relationships with others.  May I be as thee.”

Greed, hatred, and delusion are recurring impediments to a full understanding of reality.  Failing to recognize our relationships with others will undo the most excellent management protocols.

What both forms of Tara suggest is the ongoing responsibility we have to engage with others to be attentive, to understand reality as best we can, to honor our relationships with one another and our environment, and to shape our behavior to reduce the risks of mindlessness.  

How any of us gin up the discipline and persistence for this is a personal issue. Whether it is a four-part risk management regime — or a framework inspired by Welsh wisdom, or an ancient Tibetan mantra, or a spectral vision of Peter Drucker floating above our bed — doesn’t matter as much as arising each morning ready to give attention, be in relationship, and take responsibility for our behavior.

July 28, 2010

Competitive Analysis, Comparative Advantage

Filed under: Budgets and Spending,Intelligence and Info-Sharing,Organizational Issues — by Mark Chubb on July 28, 2010

People in the intelligence community deal in some of the most sensitive and cynical information about our government and its operations against our adversaries. It’s no wonder spies are not generally known for their senses of humor. That said, it’s a quality that really ought to be more highly prized. If the recent remarks of James Clapper, President Obama’s nominee to become the fourth director of national intelligence, are any indication, we might have a winner.

In last week’s Washington Post series on burgeoning intelligence community contracting, Clapper was quoted as having said to a reporter that the only entity in the universe with visibility into all special access programs is God. During his confirmation hearing, he was quoted as having observed in response to a question about the series, “One man’s duplication is another man’s competitive analysis.” Funny stuff, really. At least as far as I am concerned.

Characterizing the proliferation of overlapping jurisdictions and the growth in outsourcing of analysis and technical capabilities as competitive analysis is either euphemistic or optimistic. Either way its worth asking how we would know what this incredible investment of national wealth and talent is worth to our national security.

On one hand, we are regularly reassured that al Qa’ida and its affiliates have failed to launch a successful attack against the United States homeland since the 9/11 attacks. This argument asks us to accept facts not in evidence (at least publicly), as it depends on the presumption that our intelligence community operatives are routinely interdicting our adversaries before they can cause us harm.

Over the past two years, however, a new threat has emerged in the form of homegrown, lone wolf Muslim radicals. In each of the last three attacks — Ft. Hood, the Christmas Day underwear bomber, and the amateurish Times Square vehicle-borne improvised explosive device — the perpetrators gained training or encouragement from overseas operatives. That none of them succeeded on a scale comparable to previous attacks is not for lack of trying.

If we were to judge solely by the President’s reactions to these attacks, we should wonder what if anything we are getting for our increased investments in the intelligence community. The President himself has characterized these attacks as evidence of failure.

I understand the media interest in the intelligence community, but what really impresses me is how our fellow countrymen are responding since 9/11. People are far more aware of threats to our security and seem far more willing to become involved when they see something’s not right. In the absence of specific, direct investments in building the capacity of citizens to contribute to homeland defense and security and actively enlisting them in efforts to identify and assess threats, it seems safe to say that these actions on the part of the public have occurred in spite of, not because of, all the money we spent expanding intelligence community capabilities.

If we were to judge by results alone, the better investment is clearly an informed and engaged public. But that’s not currently on the table and no one is offering it despite evidence that the Washington Post series’ gravest potential impact is the further erosion of public trust and confidence in government administration and oversight of covert intelligence spending.

If General Clapper becomes the next director of national intelligence, which seems pretty certain at this point, we have little reason to believe that anything significant will change in our intelligence posture. This strikes me as a lost opportunity. The comparative advantages of engaging the public in the homeland security mission are much clearer than those associated with the competitive analysis of intelligence.

July 27, 2010

Making sense of homeland security

Filed under: General Homeland Security — by Christopher Bellavita on July 27, 2010

I am fortunate this week to spend a few days talking with state, local and federal public safety and military colleagues who are working on tasks Steven Covey would call “Important, but not Urgent.”

The mainstream homeland security enterprise is flowing along its multiple tributaries, working on important and urgent matters. Throughout the country, in meetings, workshops, conferences and the like, there are serious, thoughtful and dedicated people — similar to the ones I’m working with — looking at the pieces of the enterprise, trying to make things better.

Here are some of the issues the people I’m with are considering:

  • Multiple methods for doing hazard vulnerability; trying to figure out why jurisdictions are not standardizing on one or several ways to do such an analysis; and why few jurisdictions seem to care.
  • Can the Department of Defense actually create partnerships for civil support?
  • How to reduce threats to the nation’s highway system, and why was the Highway Watch program canceled?
  • How to get serious about the threat of chemical terrorism.
  • How to make federal homeland security-related agencies (not just DHS) incubators for creative action.
  • Developing a working definition of homeland security a state can use to develop coherent multi-agency strategies and policies.
  • How to rapidly detect and respond intelligently to threats to the nation’s food supply.
  • What to do about Special Interest Aliens who enter the country illegally.
  • How agencies can get better at crisis communication.
  • Developing more effective organizational arrangements for multi-agency coordination during a significant incident.
  • Reducing the likelihood air cargo will be a tool of terror.
  • Coordinating state and local law enforcement efforts to identify and protect critical infrastructure.
  • How to standardize and deliver multi-disciplinary preparedness training and education within a state.
  • Making more effective use of National Guard assets in homeland security.
  • Integrating training for military and civilian disaster responders.
  • Building effective working relationships between public safety agencies and civil support teams.
  • Leveraging technology to increase public engagement with emergency management.
  • Developing and sustaining incident management teams.
  • Getting access to federal military reserve forces during a catastrophe.
  • The implications of the shift from nation states to market states for counterinsurgency and counter-terrorism. (Well, someone has to think about that.)

Some of the problems and issues in the list are relatively “tame,” and can be addressed through solid research. Other problems are “wicked;” they resist precise formulation and resolutions.

How does one know which is which?

David Snowden offers, in an 8 minute video made available last week (and posted below), a useful way to think about this “sensemaking” activity. It’s one of the more conceptually expanding talks I’ve seen in awhile.

July 25, 2010

Could you or I have talked Zac Chesser out of violent extremism?

Filed under: Radicalization,Terrorist Threats & Attacks — by Philip J. Palin on July 25, 2010

A bit buried in the Metro section of the Sunday Washington Post is a piece relevant to our discussions since Thursday. It profiles a Northern Virginian arrested this week by the FBI.   No life can be reduced to a thousand words, but given the profile, is there a way that Zac — and people like Zac — could be diverted from violent extremism before the FBI needs to get involved?

Terror suspect took his desire to belong to the extreme: Converted to Islam in high school

By Tara Bahrampour

Long before 20-year-old Zachary Adam Chesser embraced the cause of jihad, he was passionate about the heavy metal music of Marilyn Manson, the anime culture of Japan and the kinetic energy of American break dancing.

Chesser spent his years at Oakton High School trying out a variety of identities, friends said, before transforming himself into the bearded, robed young man who was arrested by the FBI last week for allegedly trying to join an al-Qaeda-linked terrorist group in Somalia.

Read the rest of the story…

July 23, 2010

Terrorism: a religious dimension

Filed under: Radicalization,Strategy,Terrorist Threats & Attacks — by Philip J. Palin on July 23, 2010

This is the second of a two-part post.  Please read yesterday’s post before continuing. 


Most of the terrorists we have met in North America and Europe are not deeply religious.  Even among those terrorists  affiliated with groups expressing religious motivation, the personal linkages with religion are usually tenuous especially prior to joining the groups.

But wherever else the center of gravity,  there is often a religious dimension to terrorism.   Religion can play a supportive role to nationalist or ethnic or criminal or other aspirations. And whenever the religious dimension is effectively invoked it lends particular virulence to the pursuit of extra-religious goals. 

In his March Call to Jihad Anwar al-Awlaki, explained, “Victory is on our side because there is a difference between us and you. We are fighting for a noble cause. We are fighting for God and you are fighting for worldly gain. We are fighting for justice because we are defending ourselves and our families and you are fighting for imperialistic goals. We are fighting for truth and justice and you are fighting for oppression.”

According to US authorities these and similar arguments were effective in recruiting Umar Farouk Abdulmutallab (Underwear Bomber), Nidal Hasan (Ft. Hood Shooter), and Faisal Shazad (fizzled Times Square  bomber).  Wednesday two new arrests were made of terror suspects claiming to be inspired by al-Awlaki.  Those we have already met share a largely secular, educated, and comparatively affluent background.  But they found religious — or at least pseudo-religious — purpose.   

In the Age of Sacred Terror Daniel Benjamin and Steven Simon generalize regarding terrorists who assert a Muslim identity, “Whether the individual has a buried religious sensibility that is reasserting itself, or has no religious background and is searching for stability and identity in an unwelcoming universe… the perception of past corruption is real.  The remedy is to fight the Seducer and sacrifice his people to propitiate an affronted God.”

The sacrifice of others to propitiate God is heretical in Islam.  Allah is beyond such paltry needs, self-sufficient, and merciful.  But there is an ancient impulse that leads some of us — regardless of theology — to see in the sacrifice of an other atonement for our own failure.  Extending this logic,  to martyr ourselves should be even more pleasing to the old god buried in the collective unconscious.

For what is jihad — or for that matter, what is agape — but a self-sacrificing love by which we can become our best selves?

Last week a think-tank’s policy paper encouraged the United States to more fully engage the ideological struggle within Islam.

The competition is between a modern, predominantly pluralistic view of the world and an exclusionary, harsh, and equally modern ideology that appeals to a glorious past, places aspects of religious identity above all others, and relies on a distorted interpretation of Islam. Ironically, the ideology, as articulated by either Sunni or Shiite radicals, has little to do with traditional piety and is perceived as religiously unsound by the majority of Muslims, who have been its primary victims. The conflict between these two visions constitutes a struggle for the hearts and minds of the majority of Muslims, who abhor violence, but who—out of sympathy, apathy, or fear—will not or cannot confront the extremists in their communities. Any strategy, therefore, that does not skillfully contest the claims and actions of radical extremism cannot succeed. (Fighting the Ideological Battle)

The claims being made are not just ideological, they are also religious.  If we fail to recognize the religious dimension — no matter how inaccurate, cynically manipulated, or heretical — we will mistake how we might effectively contest these claims, and — perhaps  more important — mis-judge the potential influence of the United States regarding the entire issue.

I am a religious person.   I am not, however, wholehearted.  In attempting to negotiate between secular expectations and my religious understanding I am often left unhappy, especially with myself.   For the devout Muslim, sincerity (ikhlas in Arabic) is a similar challenge.   It is a struggle to reconcile what we believe with what we do. 

For both religious and non-religious people  the uprooted character of modernity — and the anemic relationships that derive from this character — can cause profound dissatisfaction.  Percolating below the surface of banal daily activity the dissatisfaction feeds a growing sense of alienation.  If a person is inclined to carefully consider their situation the result can be an ontological crisis  and an existential panic. Reality is suspect and life meaningless.

Religion, worthy of the name, addresses these deficiencies by pointing the way to a ground of being which, in the words of Paul Tillich, answers the ontological threat of non-being.  Once an individual is invested in this alternative reality, there are issues which can only be addressed from this ground of being. 

As set out yesterday, my stance on immigration — for better or worse — has become for me a religious issue.   No reasoned consideration of policy and strategy trade-offs will move me.  If you seek to shift my judgment and behavior in regard to immigration you must also address fundamental issues of how I am in relationship with God and neighbor.   Anything short of this will allow me to dismiss your argument and — in my most prideful and sinful moments — dismiss you.  In choosing to dismiss you I take a first-step on the path of hubris that can lead to denying our shared humanity.  This is the self-serving sin of the terrorist.

Osama bin-Laden, Anwar al-Awlaki, and others are peddling a pseudo-religion that has mischaracterized the ground of being and the sources of reconciliation to be found in our relationship with that ground of being.  They are especially adept at deploying pride to twist and warp their followers experience of the ground of being.

We will not reclaim those who have been mis-led unless we are able to engage the ontological and existential issues that have been manipulated for evil purpose.  This is a particular challenge for children of the Enlightenment.   Profound progress has emerged from three centuries of dividing reality into smaller and smaller bits: separating church from state, separation of powers within the state, distinguishing each chemical element from another, imposing taxonomies that differentiate each from all, increasing specialization in education and in most aspects of living.   But many of us — perhaps most of us — seek to be more than the sum of such sundry parts.

If the only modern answer is to separate good from bad and eliminate the bad — if  being imprisoned or invaded or  assassinated by a drone are our only therapies for mis-directed ontological crisis — we will find ourselves trapped in tragic absurdity and mutual murder. 

I am reminded of Zeno’s paradox.  The allegories and dialectics of Zeno aimed to demonstrate we all share the same ontological ground of being.  There is a desperate need to find new ways to advance Zeno’s insight.  In my own case, the most potent restraint on my proto-terrorist tendency is the paradoxical teaching of my faith: In the face of my enemy (selected by me or self-proclaimed by them) I am to see the face of Christ.

For further consideration:

The roots of violent Islamic extremism and efforts to counter it (Quilliam Foundation)

Fatwa on Suicide Bombings and Terrorism (Shaykh-ul-Islam Dr Muhammad Tahir-ul-Qadr)

Mind over Martyr: How to Deradicalize Islamist Extremists (Jessica Stern)

Deradicalization: A Review of the Literaure (Institute for Homeland Security Solutions)

The Cordoba Initiative

The Faith Club

A Common Word

July 22, 2010

Immigration: a religious dimension

Filed under: Immigration,Radicalization,Terrorist Threats & Attacks — by Philip J. Palin on July 22, 2010

This is the first of a two-part post.  Tomorrow please return to read, Terrorism: a religious dimension, which will demonstrate how the self-revelations offered below expose me as a proto-terrorist. 


There is some portion of basic bigotry in how the immigration issue can be engaged.  The us vs them, insider vs outsider sensibility that well-served our species for millenia persists.  This perspective can be inflamed by a variety of factors.

But it is another kind of us-vs-them — or I/IT — dismissal to only see bigots where there are, instead, self-critical moral agents seeking to find and abide by a set of principles, even a shared vision of justice, goodness, and truth.

James Carafano and Edwin Meese have written, “The key to an intelligent immigration policy is to remember one central truth: Immigrants who unlawfully enter and remain in the country are violating the law. An amnesty program that ignores this criminal behavior will only contribute to a general disrespect for the law. This is the wrong message to send. We want immigrants to follow the laws of the United States and take them seriously. The United States must continue to be a beacon to the world. The challenge is to create practical policies that can be fairly implemented and that make our national security a priority.” ( Please see: Rule of Law at Stake in Immigration Debate)

I am a self-defined conservative.  I am sympathetic to the logic of the argument set out by Meese and Carafano.  In this I almost certainly demonstrate an embrace of the “Strict Father” prototype proposed by George Lakoff.   There is a Moral Order. There is right and wrong.  It is crucial to clarify, as best we can, the difference between right and wrong, rewarding right and punishing wrong.  The rule of law must be preserved.  All of this describes my fundamental political predisposition.

Yet I have rejected the logic of my predisposition.

Over the last five years or so my lifelong and continuing identity with the Republican Party has been shaken as more and more of my party’s candidates take what I perceive to be an us-vs-them, I/IT, position relative to illegal immigrants.  In over thirty years of voting I had only cast two non-Republican ballots.  But in recent years I have several times voted for the Democrat mostly because I was repulsed by an otherwise qualified Republican candidate seeming to demagogue the immigration issue.

I am increasingly self-aware that this has become a classic single-issue test for me.  I will listen carefully for nuanced positions on most other political issues and will accept all sorts of policy compromises, except when I perceive (rightly or wrongly) that a candidate is going after illegal immigrants.  (I am, by the way, entirely in favor of strong employer sanctions, but this wrinkle doesn’t have much to do with being a proto-terrorist, so I will not explain further.)

How did this happen?

“For the Lord your God is God of gods and Lord of lords, the great God mighty and awesome, who is not partial and takes no bribe, who executes justice for the orphan and the widow and who loves strangers, providing them food and clothing. You shall also love the stranger, for you were strangers in the land of Egypt.” (Deuteronomy 10:17-19)

The gospel of Luke tells us of Jesus and a lawyer discussing another verse from Deuteronomy. They agree that the essential religious rule is, “To love the Lord your God with all your soul, and all your strength, and all your mind, and your neighbor as yourself.” Then the lawyer, being a lawyer, asks Jesus, “And who is my neighbor?”  Jesus answers the question with the parable of the Good Samaritan.  You can access the whole response in the Gospel of Luke, Chapter 10, verses 25-37

As I read it, whoever is in need is our neighbor. The scripture concludes with Jesus asking, “Which of these three, do you think, was a neighbor to the man who fell into the hands of the robbers?  The lawyer answered, “The one who showed mercy.” Jesus said to him, “Go and do likewise.”

As a matter of general principle, I do not perceive that religious arguments are sufficient for reaching political judgments in a secular pluralistic democratic republic.  But on this particular issue, my personal experience of faith compels me to an  attitude of love for strangers and mercy towards neighbor that — with surprising passion — trumps every other argument. On this topic, for me, the non-religious argument is hypocritical and entirely misses the point.  Immigration  is fundamentally an issue of love and mercy.

I am a white, male, privileged, graduate-educated, third generation proud American of English-Scot-French Protestant extraction.  Yet  in regard to our relationship with immigrants — especially the poorest, strangest, non-English speaking — I have become a religiously inspired zealot.

For further consideration:

Evangelicals join Obama on Immigration (New York Times)

Churches eye immigration’s upside (Politico)

Christians for Comprehensive Immigration Reform

Letter on Immigration (Most Reverend David Zubick, Bishop of Pittsburgh)

The Pew Forum on Religion and Public Life

July 21, 2010

Learning from Failure or Failing to Learn

Filed under: Risk Assessment — by Mark Chubb on July 21, 2010

column by William J. Broad in The New York Times on Tuesday makes the argument that engineering failures like the one that produced the Deepwater Horizon catastrophe inevitably lead to new insights that prevent future calamities. In other words, every cloud has a silver lining. This may be so, but the evidence is equally compelling that those responsible for Deepwater Horizon failed to learn the right lessons from past failures, and by the way it is still raining.

Deepwater Horizon is only the latest marine catastrophe resulting from our unrelenting thirst for petroleum. If engineers have their way, it seems certain that it will not be the last.

Those concerned with reliability, human error and decision-making have long studied past disasters associated with the oil and gas industry for lessons we can apply to preventing future crises. For many years, the 1988 Piper Alpha disaster in the North Sea served as a convenient metaphor for what Charles Perrow termed normal accidents (see Perrow 1999). This theory holds that accidents involving complex technologies are inevitable largely because the complex interactions among their various elements (including the environment) cannot be fully appreciated much less predicted in advance.

James Reason (1990) has pointed out that disasters do not result from a single failure, but rather a concatenation of small failures or holes in the system that eventually line up allowing errors to slip through undetected until their consequences become evident. These errors often involve a combination of active and latent failures that include design defects and operational or maintenance errors fueled by the failure to recognize something unexpected occurring before it was too late.

The complexity of highly technological systems is among the reasons human beings still play critical and intimate roles in their their design, operation and maintenance. Humans have a far greater capacity to deal with ambiguity than machines, and under both ideal and less than ideal circumstances they can often make up for the inability to predict in advance what will happen when things go wrong.

But human beings have their weaknesses too. Experiments by the noted German psychologist Dietrich Dörner (1996) have demonstrated three particular shortcomings of people making decisions under conditions of complexity:

  1. We tend to think in terms of simple cause-effect relationships,
  2. We too easily underestimate the influence of exponential changes in time-space relationships, and
  3. We overlook network effects by either diving to deeply into the details or skipping fleetingly from one thing to another.

All three of these problems afflict public policy on off-shore drilling in the deep sea. Suggesting that we can overcome these problems with better engineering is simply hubris.

Assuming this disaster occurred due to a design flaw or mechanical failure of the blowout preventer overlooks evidence that operators had detected but failed to respond to operational anomalies over the course of several weeks before a methane blowout destroyed the platform. Each day that passed without incident reinforced expectations that the detected problems were not as serious or urgent as they seemed, when in reality the platform was lurching toward disaster with increasing speed. These problems, however, pale in comparison to the way many observers and commentators are treating the aftermath.

On one hand, people are focusing too narrowly on the destruction of the platform itself and the resulting environmental catastrophe resulting from the long unimpeded flow of oil into the waters of the Gulf of Mexico. Impatience at the pace of efforts to staunch the flow of oil has now been replaced by a desire to see the well remain sealed permanently so it no longer occupies a prominent place in the public’s attention. On the other hand, those concerned with the impacts of these events seem to skip from one hardship faced by Gulf Coast residents and businesses to another without ever focusing on the root cause of their current situation.

It may be reasonable to ask what we are willing to do to restore ecosystems, protect jobs, and preserve the unique culture of Gulf Coast communities, but dealing with these problems without addressing the systemic problems arising from the dependence of our economy and way of life on petroleum will only delay the inevitable adaptations necessary to restore balance in the fragile Gulf Coast ecosystem.

Engineering as a discipline concerns itself with how we as a society apply science to solve specific problems. Unfortunately, engineers often mistake the appearance of solutions for evidence that a problem they can solve should be solved as they define it. Efforts to improve deepwater drilling technology may prove itself just such a situation.

Putting science back at the fore of policy discussions (if not the decisions themselves) does not mean giving technologists the keys to the kingdom. Likewise, worry about the inevitable effects of what we do not know or cannot predict need not be seen as a sign of weakness. Benefit-cost analysis and risk management can only help us answer questions that  present us with clear choices that involve better and worse alternatives. When we only have bad options available, as we do now when it comes to meeting short-term energy needs on the way to energy independence and greater availability of clean, renewable sources of supply, we only fool ourselves to think the costs can be managed when the externalities have such devastating long-term effects.

Whether engineers can improve the safety and reliability of drilling rigs and the associated extraction operations is a completely separate and distinct question from whether or not such activities should be occurring at all. Engineers have just as much right as anyone else to participate in such important public policy decisions, but they should not expect their opinions to hold any more sway than those of any other interested party.

The bigger question is not whether engineers will learn anything from Deepwater Horizon, but whether we trust them to apply those lessons to create even bigger problems than the ones already confronting us.

Further reading:

Schrage, M. (2010). The Failure of Failure, Harvard Business Review Blogs, posted March 3, 2010.

Senge, P., et al. (2008). The Necessary Revolution. New York: Doubleday.

July 20, 2010


Filed under: General Homeland Security — by Christopher Bellavita on July 20, 2010

While I was reading Jessica’s post yesterday and wondering what kind of intelligence one can buy with 75 billion dollars, I received an email that included three brief videos, displayed below.

The videos are not directly related to homeland security.  But they did remind me how shockingly varied our world is.

I was told the first two displayed some of the reconstruction work in Haiti. The third is from Bangladesh.

The videos are Buckets (28 seconds), Shovels (27 seconds), and Bricks (43 seconds).

As Jessica noted yesterday: In DC, there are 33 building complexes for top-secret intelligence work under construction (or built since 9/11). I wonder how much all that cost, and what benefits are returned, and to whom.

The Hopi word Koyaanisqatsi means life out of balance. I’m not sure what the people in the videos are building, but in spite of the brick carrier’s equipoise in the third video, something is out of balance.

[Note: the videos are direct links from YouTube; two of the videos display a web address (not a link) for what euphemistically is termed an “adult site.” ]

July 19, 2010

Top Secret America – Washington Post Investigation Unveiled

Filed under: Security Contracting — by Jessica Herrera-Flanigan on July 19, 2010

The Washington Post unveiled this morning its extensive two-year  investigation, “Top Secret America,” into what it describes as the “national security buildup in the United States after the September 11, 2001, attacks.”   The investigation includes a series of articles and online database that maps out connections, companies, and localities for much of the military, homeland security, and intelligence contracting that has occurred in the past nine years.  Chris Bellavita, as some of you might recall, noted the series in a Friday blog post American Secrets and the Washington Post last week.

It is a mammoth project that has been rumored and discussed for some time, with government officials given the opportunity to review a few months ago.  The project has raised a lot of eyebrows, with  the Office of the Director of National Intelligence, according to Marc Ambinder at The Atlantic, sending out a memorandum to IC community public affairs officers a few weeks ago.  Foreign Policy also reported on Friday that the State Department’s Diplomatic Security Bureau sent out a notice last week to the 14,574 people at the State Department warning employees not to talk to the press about the investigation.

The first article in the series, A Hidden World, Growing Beyond Control, written by Dana Priest and William Arkin, was published today.  The story focuses on what the government has done on the top secret front, including evaluating budgets, personnel, and program numbers.  Here are some interesting tidbits gleamed from today’s article:

  • There are 45 organizations (with 1,271 sub-units) engaged in top-secret work.
  • There are 1,931 companies engaged in top-secret work for the government.
  • There are approximately 854,000 individuals that hold top-secret security clearances.
  • In DC, there are 33 building complexes for top-secret intelligence work under construction (or build since 9/11).
  • There are more than 50,000 intelligence reports published each year.
  • At least 20 percent of counterterrorism organizations were established or recreated post-9/11.
  • The U.S. intelligence budget for last year was $75 billion (though that is only “public” number and does not include activities that might fit in to the larger “top secret” category).

The project also includes on a map 2,164 government work locations and 6,944 company work locations.  On a different graphic, it takes the 45 government organizations and breaks down who does the most work by category (e.g. intelligence, homeland security, military, etc), as well as which agency works with the most companies.  The project also includes a company database where readers can get overview information for the companies engaged in top-secret workforce.

Again, this is a tremendous project that will likely get a lot of attention from the Administration, Congress, and the contracting community.  The debate that will ensue after the investigation will likely focus on whether the post-9/11 investment in security has made the nation more secure.

While it focuses on contractors and government, the project doesn’t explore (at least does not appear to do so) the funding that went to state and local officials for security officials. That would have been an interesting add-on, especially given the continuing debate on the Hill on a number of grants programs.

July 16, 2010

Bottom Up Review: Button Down and Focus

Filed under: General Homeland Security,Organizational Issues — by Jessica Herrera-Flanigan on July 16, 2010

Earlier this week, the Department of Homeland Security released its “Bottom Up Review (BUR),” which is intended to “align the Department’s programmatic activities and organizational structure with the mission sets and goals identified in the” Quadrennial Homeland Security Review (QHSR).

The review, which began in November 2009, focuses on three questions, according the agency:

  • How can we strengthen the Department’s performance in each of the five mission areas?
  • How should we improve Departmental operations and management?
  • How can we increase accountability for the resources entrusted to DHS?

The BUR is envisioned to be the second phase of a three-phase process, sandwiched between the QHSR and the Fiscal Year 2012 budget request and the DHS FY 2012-2016 Future Years Homeland Security Program to Congress, to be submitted next year.  DHS has made it clear that BUR is neither a strategic plan (which is probably good since there are too many plans gathering dust on the shelves of DHS) nor a budget request.

In a press roundtable this morning, Assistant Secretary of Policy David Heyman and Deputy Assistant Secretary Alan Cohn answered questions and spoke of how the BUR plays into efforts to improve the Department’s  performance.   They noted that this is the first time the Department has done such an exercise and, looking to the future, they hope to sharpen the process and focus for conducting such reviews so that the steps more fluidly provide for improving the Department’s missions and priorities.

The BUR was described as one that addresses themes, that is, the goals and objectives of what the agency should focus on to build a strong homeland security enterprise. Assistant Secretary Heyman noted that there was “not a lot of descriptions of strategic realignments” in the BUR, though there was “some discussion of managing portfolios” better.  He suggested that the report was not intended to  suggest that areas are “ripe for realignment,” but rather that there is a need for reviewing different elements distributed across the Department to determine where areas of better coordination are needed.  (Translation:  The Department, even if it is pondering realignment, cannot say so now as it has not been vetted through the Office of Management and Budget process or with Congress).

If the QHSR was designed to provide a strategic framework for the Department’s missions and goals, the BUR is intended to help provide us a roadmap on where the agency will focus its efforts going into the next fiscal year.  In short, the review is intended to tell us how the Department plans to button down and focus its many disparate efforts.  In answering the three questions above, the BUR emphasized three areas:

  1. The Department needs to grow up and get stronger so it can run itself and account for all of its programs and resources.
  2. Homeland security is not just about DHS or the federal government so the agency needs to really focus on strengthening its partner capacity and capability.
  3. It is not just about the U.S. – DHS needs to do better on the international front if it is going to succeed in its efforts.

A 70 page document, the BUR provides a number of specific areas in which the Department is/intends to focus its efforts. Here are a few that stand out:

  • Coordinator for Counterterrorism.   Expect this recently-created position to gain more stature and resources in FY2012.  The position was created to give someone the ability to coordinate all counterterrorism efforts across the Department, its directorates, components, and offices.  During the roundtable, Assistant Secretary Heyman specifically mentioned the report’s “notion of strengthening counterterrorism” across the Department as an example of how to better management portfolio.  The BUR itself discusses the evolving nature of this coordination and the need to consult with Congress on the effort.  This suggests some potential future request for realignment and resources (?) to make sure all the parts of DHS are on the same page on this effort. The big question, however, is what is meant by counterterrorism?  How will that term be defined?  Also, how will any mission re-focus or realignment (if any happens) affect those areas where an all-hazards approach is being promoted?

  • Create an integrated Departmental information sharing architecture. The description provided in the BUR is rather self-explanatory:

DHS will create an information sharing architecture to consolidate and streamline access to intelligence, law enforcement, screening, and other information across the Department. That architecture will include the capability for automated recurrent screening and vetting for individuals to whom DHS has provided a license, privilege, or status (including immigration status) so that, as new information becomes available, DHS can assess whether the individual is no longer eligible for the benefit or presents a threat. It will also include the capability to conduct scenario-based automated targeting of individuals and other entities using intelligence-driven criteria.

  • Focus on the security and resilience of global trade and travel systems. In the past, DHS has come under criticism for not paying attention to ICE’s non-detention missions.  Interestingly, the pendulum appears to have swung away from that approach, with the BUR stating that DHS will prioritize on the security of global trade and travel systems, including developing an investigative portfolio that includes “human smuggling and trafficking, child sex tourism, counter proliferation, financial, intellectual property, weapons trafficking, and narcotics investigations.”  In addition, the report says that DHS will continue to invest in “trusted traveler and trusted shipper” programs.
  • Comprehensive Immigration Reform. DHS continues to promote its efforts on comprehensive immigration reform, though the three-legged stool (enforcement, future flow, and pathway to citizenship) appears to have been expanded into a five-legged stool that now includes:  (1) border security and interior enforcement; (2) mandated employment verification program; (3) clearing up family and employment visa backlogs; (4) recast legal migration provisions to meet the needs of the twenty-first century for both high-skill and low-skill workers; and (5) pathway to citizenship that is tough but fair in which those here illegally will register, record biometrics, pass a criminal background check, pay back taxes, pay a fine,  and learn English.
  • Increase the focus and integration of DHS’s operational cybersecurity and infrastructure resilience activities. The BUR makes clear that DHS sees it responsibilities in this area broadly and that it has the lead on Federal civilian and private sector networks and plans to continue to lead in that area.  Interestingly enough, DHS excludes “civilian national security systems” as being within its jurisdiction in several places in the report.  In light of the reports that the NSA is potentially classifying the smart grid and critical infrastructure systems as national security systems,  see Cybercitizen?, we will have to see which agency’s definition of “civilian national security systems” prevails, assuming that they are different.  Also, how does this effect the efforts of the National Communications System, located within DHS and coupled with its cybersecurity efforts, which traditionally has taken on the mission of assuring communications support to critical Government functions during emergencies, especially relating to national security efforts?
  • Explore opportunities with the private sector to “design-in” greater resilience for critical infrastructure. The BUR refocuses the DHS’s efforts on setting infrastructure design standards for critical infrastructure resilience, in an expansion of the authorities given to it under the 9/11 Recommendations Act of 2007. In addition, there is some reference of building these standards into programs like the Safety Act.   The BUR also implies that we haven’t seen the last of an expansion of standards, similar to what is in place for the chemical industry, to other critical infrastructures.  It does not explicitly state this, of course, but does say it will “examine the need to set security requirements at high-risk assets and in high-risk areas as appropriate, and to set standards for security practices in critical infrastructure sectors as necessary.”  Such effort would require a lot of cooperation from Congress. 
  • Seek restoration of the Secretary’s reorganization authority for DHS headquarters. DHS wants to be able to reorganize without Congress looking over its shoulder.  This ability was given to the Department under Section 872 of the Homeland Security Act but has been chipped away over time so that the Secretary has little authority to undertake any reorganization efforts.  The BUR states that that the Department will ask for this trend to be reversed.   In addition, DHS wants to look at how to realign its component regional configurations into a single DHS regional structure and strengthen cross-Departmental management functions by creating a Headquarters Services Division within the Management Directorate.  DHS will continue to focus on the seven initiatives that make up the core of its “One DHS” efforts, including:
    1. Enterprise Governance
    2. Balanced Workforce Strategy
    3. Transformation and Systems Consolidation
    4. St Elizabeth’s/Headquarters Consolidation
    5. Human Resources Information Technology
    6. Data Center Migration
    7. HSPD 12 Implementation

The Department will also continue to try to elevate the Assistant Secretary of Policy position to an Undersecretary position, despite significant opposition from key lawmakers on the Hill.

  • Congressional Oversight.  We haven’t heard a lot on this front for awhile, but the BUR notes the need to still streamline Congressional oversight.  The report notes that DHS has testified 200 times and provided more than 5,227 briefings in the 111th Congress.  The good news in these numbers – it seems like that DHS will have testified less this Congress than in the 110th, in which its officials appeared 370 times.  The bad news – Congress still needs to streamline its Congressional oversight efforts, both to hold the Department accountable and to help it mature further.

Again, this is just a snapshot into the BUR and the Department’s priorities. The real meat of both the QHSR and BUR that will separate this three-part effort from past strategic plans, outlines of priorities, and mission statements will come in the new year with the FY2012 budget request and the DHS FY 2012-2016 Future Years Homeland Security Program to Congress.

American Secrets and the Washington Post

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on July 16, 2010

I received the following from a sometimes commentator on this blog:

The Washington Post will run a series of stories… that will contain a compendium of government agencies and contractors allegedly conducting Top Secret work.  The stories will also include an interactive database.

One agency affected by the stories issued the document republished below.

From an operational perspective, …[p]ublishing the locations of these facilities could be problematic from a safety and security concern.

From an academic perspective, how do we reconcile the desire to safeguard our country from foreign and domestic adversaries in an global environment that rewards the near real-time release of sensitive or classified information?


Notice to Industry Partners

Subject: Potential Disclosure of Contract Information

Early next week, the Washington Post is expected to publish articles and an interactive website that will likely contain a compendium of government agencies and contractors allegedly conducting Top Secret work. The website is expected to enable users to see the relationships between the federal government and its contractors, describe the type of work the contractors perform, and may identify many government and contractor facility locations.

Publication is expected starting July 19, 2010 with additional articles published thereafter. We request that all _____ contractors remind all cleared employees of their responsibility to protect classified information and relationships, and to abide by contractual agreements regarding non-publicity.

Employees should be reminded that they must neither confirm nor deny information contained in this, or any, media publication, and that the publication of this website does not constitute a change in any current ____ classifications. They should also be reminded that if approached and asked to discuss their work by media or unauthorized people, they should report the interactions to their appropriate security officer.

Foreign intelligence services, terrorist organizations, and criminal elements will have potential interest in this kind of information. It is important that companies review their overall counterintelligence posture to ensure that it is appropriate. Specifically, we recommend that companies affected by this publication and website assess and take steps to mitigate risk to their workforce, facility and mission, to the extent consistent with your contractual relationship with ____. These steps should include re-enforcement of security and counterintelligence protections and steps to enhance workforce awareness. CI and security events related to the publication of these articles and website should be reported through normal company channels to the ___Security office. For the time being, thresholds should be lowered to aggressively report anomalous behavior.

Should your management or public affairs offices be contacted by the media, any response must be consistent with your contract. If appropriate, you may also refer media inquiries to ___

July 15, 2010

Framing the counter-terrorism (violent extremism) challenge

Filed under: Radicalization,Strategy,Terrorist Threats & Attacks — by Philip J. Palin on July 15, 2010

Earlier this week the Washington Institute for Near East Policy released a report entitled, Fighting the Ideological Battle: The Missing Link in US Strategy to Counter Violent Extremism.

The report has gotten more than its share of attention by being framed as “challenging the administration’s shift in its recently unveiled National Security Strategy…”  (Lolita C. Baldor, Associated Press and others) 

This framing has encouraged long-time administration critics to renew charges that this White House — and John Brennan, in particular — is soft on terrorism. (Andrew Bostrum, Washington Times)  Without the fuss I probably would not have seen the report, so — however tawdry and misleading — marketing has its benefits. The product is better than the marketing.

I perceive the report less a challenge than a constructive contribution to the tough task of effectively targeting how we should confront violent extremism. Most aspects of the Washington Institute report are entirely coherent with key elements of the speech Mr. Brennan gave at CSIS in August last year. (Please see a prior post: An Exegesis on the Words of John (Brennan))

To encourage you to download and read the full report, here are three contiguous paragraphs from the close of the analysis, just before the recommendations.

Unfortunately, despite the sharp rise in terrorist plots and cases of homegrown radicalization, specific policies and programs aimed squarely at countering the radical narrative remain few and far between. The Obama administration’s efforts to close the Guantanamo Bay prison, eliminate certain interrogation techniques, and change the tone of U.S. engagement with Muslim communities worldwide have met with a generally positive response abroad. According to the June 2010 Pew survey, confidence in the U.S. president increased 43 percent from 2007 to 2010. Yet such efforts do little to address the immediacy of violent extremism. Even the targeted killings of al-Qaeda leaders plotting attacks today may in the long run create new recruits hungry for revenge. It is axiomatic that the United States cannot simply kill its way out of the problem; it must find ways to take on the extremist ideology directly. To date, however, official policy as articulated in the National Security Strategy limits U.S. efforts to “combating violent extremism”— which, although necessary, is not sufficient for creating an acceptable end-state in which both the violence and the ideology that fuels it are taboo within Muslim majority nations around the world, and are no longer animating the global terrorist threat of most concern to the United States. Once individuals cross over into violence their radicalization is complete; the last step in a process has been reached. Even as law enforcement, military, and intelligence successes against al- Qaeda grow, the ideological challenge, unless actively confronted, will continue to metastasize.

The National Security Strategy states that America is “fighting a war against a far-reaching network of hatred and violence,” going on to refer exclusively to al-Qaeda and its affiliates. Recognizing that the more “kinetic” side of counterterrorism gets the lion’s share of the administration’s attention—especially with U.S. troops still deployed in Iraq and Afghanistan and terrorists trying to attack us at home—the White House needs to direct more attention to combating the ideology that animates the violent groups. The government should assign bureaucratic priority to this endeavor and raise public consciousness of the need to stem the spread of radical extremist ideology. To be sure, officials need to make very clear that they do not consider Islam itself a danger, only the distorted version of Islam perpetrated by radical extremists. But they— and, in particular, the president—must also come to terms with the fact that individuals implicated in each of the recently exposed plots in the United States were imbued with a common radical ethos.

Counterradicalization in all its forms is an essential complement to counterterrorism. The latter we do relatively well, the failure to connect the dots prior to the attempted bombing of Flight 253 notwithstanding; the former we barely do at all. The result: a group of middle class Muslim Americans from northern Virginia videotape a militant message, leaves for jihad at the advice of a Taliban recruiter, and is arrested in the home of a known militant in Pakistan. “We are not terrorists,” one of them said as he entered a Pakistani courtroom, “We are jihadists, and jihad is not terrorism.” All elements of national power should be used to counter this proposition and its myriad implications, so that the very notion that Muslims have a religious duty to commit acts of terror is challenged and debunked. There are no guarantees that if the United States had been fully engaged in this effort for the past ten years, the young Virginia men would not have boarded that flight to Pakistan. But unless we accelerate and expand our efforts now, we can be assured that others will follow in their footsteps.

The recommendations which follow are entirely sensible.  With more time than I have  it would be possible to find administration documents, speeches, and such saying almost the same.  The Gospel of Mark and the Gospel of John are much more differentiated than the Washington Institute’s report is from the National Security Strategy.

I can, however, imagine at least one  senior administration official taking serious exception to one of the report’s specific recommendations: “Designate a single address for the coordination of U.S. public diplomacy, strategic communication, and counterradicalization strategy within the White House. Empowering someone close to the president to orchestrate the overall effort to combat radicalization both at home and abroad is critical to maintaining strategic focus over the longer term.”

I’m pretty sure  John Brennan considers that his address. He is in the midst of a significant refurbishment.  I don’t think he intends to move any time soon.


Much of the fussing over the report focused on whether the term “Islamic terrorist” or “Jihadist” should be used in referring to some violent extremists. This week the blog On Faith has aggregated a diverse set of opinions around the question, “What to call terrorists?”  You can access the site at: http://newsweek.washingtonpost.com/onfaith/2010/07/what_to_call_terrorists/all.html

July 14, 2010

Hard Questions, No Easy Answers

Filed under: General Homeland Security — by Mark Chubb on July 14, 2010

This week I have been following updates from the Natural Hazards Center‘s annual workshop at the University of Colorado in Boulder. The workshop brings together an interesting mix of academics and practitioners to discuss a wide range of topics related to emergency management. Several of the sessions at this year’s workshop focus on public involvement, social capital, social media, recovery and resilience.

One of the more interesting comments emerging from the stream of updates coming out of the workshop’s dedicated Twitter feed during these sessions has been repeated calls from participants, presumably in the audience at the various sessions, asking for something more practical and less academic that they can put to use when they return home. The comment came up so often over the weekend that I started wondering whether I was witnessing some sort of anti-intellectual backlash in bursts of 140 characters or less. (I have been relegated to following the proceedings on Twitter because neither I nor my agency can afford to pay my way to attend.)

For many years, the emergency management and homeland security fields were plagued by a lack of theories upon which to base our interventions or upon which to evaluate our progress. This has begun to change as the fields have attracted the interests of a diverse array of disciplines seeking to bring their expertise to bear on our peculiar set of problems.

You would think that such interest would be greeted with enthusiasm and gratitude. Not so it seems. Why, you ask?

Any time new researchers come into a field such as ours, they start by scrutinizing and testing the cherished assumptions that constitute the collective’s conventional wisdom. More often than not the established worldview withers in the face of empirical evidence, which tends to present more complex and nuanced picture of an interconnected world than practitioners find useful.

Few areas of homeland security and emergency management have taken a bigger beating than the notion that ordinary citizens cannot handle the truth or be relied upon to act reasonably in emergent situations. Disaster sociologists have collected abundant evidence that people have a peculiar relationship to emergent evidence and behave in ways that are very sensitive to context. To others any individual’s actions might appear irrational. But from the perspective of the person taking action, their behavior often reflects a highly adaptive and often altruistic response to novel and rapidly-changing information accompanied by considerable ambiguity.

One of the most pressing questions confronting practitioners and researchers alike these days asks why so many people insist on staying put in places vulnerable to catastrophic events. The question itself should give us pause to consider our own assumptions. For starters, we might wonder what cause we have to consider this question answerable in the first place. Is it not reasonable to expect that the answers are as numerous as the people who call the place home? We could ask ourselves what grounds we have to even ask where people can or should live, much less how they should live once they choose to inhabit a vulnerable place. But this rarely happens. On occasion we manage to ask ourselves whether people dumb enough to put themselves at such risk deserve our help, but we never seem willing to answer that one and charge to their aid anyway. (Does that make us irrational?) The bigger question our response raises is whether the answers or lack of answers to the first and subsequent questions has (or should have) any bearing on recovery.

As someone with a foot planted firmly in each camp — theory and practice, academia and public safety — I am sympathetic to the calls for praxis. But I am more interested in phronesis (practical knowledge) than sophia (received wisdom). Any bridge between theory and practice must start with a systems perspective and proceed though thoughtful reflection on what works as well as what does not. As we reflect on conditions six months after the earthquake that killed an estimated 225,000 Haitians, we would do well to ask ourselves just these questions. What theories then should guide our assessments?

Rick Weil, a disaster sociologist at Louisiana State University and a Natural Hazards Center workshop presenter, offers some interesting insights from his research on the effects of social capital on survivors’ experiences of Hurricane Katrina (herehere, here and here) that might guide our search for answers. Expressions of community had the most powerful effects — for better and worse — on how people coped with the disaster and how they responded afterwards. Those individuals most deeply embedded in social networks were generally the best prepared, and the most likely to engage community rebuilding efforts afterwards. But they paid a heavy short-term price for this, as they experienced considerably more stress than less engaged individuals in similar situations (see also Wagner 2009). They also recovered faster and more fully afterwards than those less connected to one another and the place they called home (see also Solnit 2009).

Government for its part provides only part of the answer. Government failure was endemic in Haiti before the disaster, and the situation has clearly not improved despite development aid and expert assistance. But if government involvement was to ramp up dramatically, one might reasonably worry whether it threatened to undermine or displace other expressions of social capital thus eroding community cohesion and reducing resilience. The professionalization of emergency management and homeland security in the United States could present just such a moral hazard here at home.

The older I get and the more time I spend pondering what I have seen and learned, the more interesting I find questions than answers. Figuring out which questions are worth asking is harder than finding so-called right answers. Looking at Haiti now and hoping to find answers is a fool’s errand. On the other hand, observing the trials and triumphs of ordinary Haitians might well provide us with the opportunity to learn which questions to ask ourselves if we truly wish to avoid taking our own hard knocks in the future.

July 13, 2010

Patriotic Stories from the Onion (America’s finest news source)

Filed under: Humor — by Christopher Bellavita on July 13, 2010

My July 1, 2010 issue of the Onion arrived Monday.  Surprisingly, the Onion actually prints a more-or-less weekly newspaper, and it is made out of paper.

I do not recommend the paper to children or anyone who thinks it’s a good idea to name a government program “Perfect Citizen.”

This week’s “the Onion” was “The Patriotism Issue.”

Here are some headlines and excerpts from top stories.

(According to the Onion, this news is “only visible to real Americans.”  And you know who you are.)

Area Man Passionate Defender Of What He Imagines Constitution To Be

Spurred by an administration he believes to be guilty of numerous transgressions, self-described American patriot Kyle Mortensen, 47, is a vehement defender of ideas he seems to think are enshrined in the U.S. Constitution and principles that brave men have fought and died for solely in his head.

“Our very way of life is under siege,” said Mortensen, whose understanding of the Constitution derives not from a close reading of the document but from talk-show pundits, books by television personalities, and the limitless expanse of his own colorful imagination. “It’s time for true Americans to stand up and protect the values that make us who we are.”….

New Poll Finds 86 Percent Of Americans Don’t Want To Have A Country Anymore

A Gallup/Harris Interactive poll released Monday indicates that nearly nine out of 10 Americans are “tired of having a country.”

Among the 86 percent of poll respondents who were in favor of discontinuing the nation, the most frequently cited reasons were a lack of significant results from the current democratic process (36 percent), dissatisfaction with customer service (28 percent), and exhaustion (22 percent).

“I don’t want to get bogged down in the country anymore,” Wilmington, DE accountant Karie Ashworth said. “I’m not up in arms or anything, I’m just saying it’d be a lot easier for everyone if we just gave it up.”

Of those who were against maintaining an American nation, 77 percent said they believe that having a country is “counter to the best interests of Americans.” Twelve percent said “the time and effort citizens spend on the country could be better spent elsewhere,” and 8 percent said they just didn’t care.

Roughly 3 percent said we ceased to have a country years ago, and explained that they had been stockpiling weapons to protect their independent compounds….

Communists Now Least Threatening Group In U.S.

According to a report released Tuesday …, Communists rank last on a list of 238 threats to national security. “Communists may now safely be ignored,” [the] Secretary of Defense … said. “The Red Menace has been surpassed by militia groups, religious extremists, ecoterrorists, cybercriminals, Hollywood producers, and angry drivers.” Other groups deemed more threatening than Communists include rap-metal bands (#96), escaped zoo animals (#202), and Belgians (#237).

Nation Secretly Hoping 9/11 Becomes A Day Off Soon

After spending another anniversary of the 2001 terrorist attacks at work, many across the country have begun to secretly hope that the date will soon become a federally mandated day off. “We’ll have it off in 25 years anyway, so why not just start now?” said a Des Moines–area citizen who wished to remain anonymous….

Special ‘Framers’ Cut’ Of Constitution To Feature Five Deleted Amendments

The National Archives and Records Administration announced plans Monday to release a special “framers’ cut” of the Constitution featuring five bonus amendments deleted from the original. According to NARA head John Carlin, the new document includes “more than the 35 lines of never-before-seen provisions sure to thrill history buffs.”….

Little League Coaches’ World War II-Themed Speeches Leave Players Confused, Frightened

Though coaches for both the United States and Japanese Little League teams attempted to inspire their young squads before Sunday’s championship game by evoking the memories of those who fought and died for their respective countries in World War II, the coaches’ descriptive tales of conflict, suffering, and mass death left players almost incapable of taking the field….

U.S. Economy Grinds To Halt As Nation Realizes Money Just A Symbolic, Mutually Shared Illusion

The U.S. economy ceased to function this week after unexpected existential remarks by Federal Reserve chairman Ben Bernanke shocked Americans into realizing that money is, in fact, just a meaningless and intangible social construct.

What began as a routine report before the Senate Finance Committee Tuesday ended with Bernanke passionately disavowing the entire concept of currency, and negating in an instant the very foundation of the world’s largest economy….

8-Year-Old Accidentally Exercises Second Amendment Rights

Gun owners nationwide are applauding the patriotic, though accidental, exercise of Second Amendment rights by 8-year-old Timothy Cummings Tuesday.

“Timothy is a symbol of American heroism,” said NRA executive vice president Wayne LaPierre from Cummings’ bedside at Norfolk General Hospital, where the boy is in serious but stable condition from a self-inflicted gunshot wound. “While praying for his recovery, we should all thank God that his inalienable right to keep and bear arms has not been infringed.”…

40-Foot American Flag Pin Welded To Statue Of Liberty

But seriously, “Perfect Citizen?”

July 9, 2010


Filed under: Cybersecurity — by Jessica Herrera-Flanigan on July 9, 2010

Siobhan Gorman of the Wall Street Journal reported yesterday that the National Security Agency (NSA) is developing a cybersecurity program entitled “Perfect Citizen” that would “rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system.” The purpose of the program would be to “detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants.”

Raytheon allegedly won a $100 million contract for the first phase of the project, which is part of the Comprehensive National Cybersecurity Initiative (CNCI) rolled out in January 2008 by President George W. Bush in the classified National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/ HSPD-23).  President Obama announced in May 2009 as part of the current Administration’s Cyberspace Policy Review that elements of the CNCI would continue as part of an increased effort to build our nation’s cybersecurity strengths.

NSA confirmed late Thursday/early this morning that Perfect Citizen is, indeed, a real program but took issue with the Wall Street Journal’s portrayal. In a statement the agency said “Perfect Citizen is purely a vulnerabilities-assessment and capabilities-development contract. This is a research and engineering effort. There is no monitoring activity involved, and no sensors are employed in this endeavor ….Specifically, it does not involve the monitoring of communications or placement of sensors on utility company systems.”  The NSA went on to say that”this contract provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks, which is a critical part of NSA’s mission of defending the nation.”

Since Gorman’s story on Perfect Citizen yesterday, there has been a flurry of Internet activity asking several questions, all of which mirror the larger issues facing the federal government as it tries to tackle cybersecurity.  Those questions are:

  1. How much should the federal government be intervening in the private sector’s efforts to protect critical infrastructure assets that are not owned by the United States?
  2. If there should be intervention, how do we address privacy concerns and fears of Big Brother intervention?
  3. Is the NSA (or any of the three letter classified agencies) the proper place for housing such a program?

The questions are intertwined but are not new — the government has struggled with them since the mid-90s when President Bill Clinton announced the first large-scale public efforts to develop public-private partnerships to address critical infrastructure and cybersecurity.   How the Obama Administration chooses to address these three questions going forward will help define the future of cybersecurity for citizens, stakeholders, contractors, the federal government, and our international partners.

How much should the federal government be intervening in the private sector’s efforts to protect critical infrastructure assets that are not owned by the United States?

Interestingly,this is objective # 12 of 12 in the CNCI, according to documents released by President Obama last year.  According to the White House National Security Council’s website describing the program, that objective is as follows:

Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains. The U.S. Government depends on a variety of privately owned and operated critical infrastructures to carry out the public’s business. In turn, these critical infrastructures rely on the efficient operation of information systems and networks that are vulnerable to malicious cyber threats. This Initiative builds on the existing and ongoing partnership between the Federal Government and the public and private sector owners and operators of Critical Infrastructure and Key Resources (CIKR). The Department of Homeland Security and its private-sector partners have developed a plan of shared action with an aggressive series of milestones and activities. It includes both short-term and long-term recommendations, specifically incorporating and leveraging previous accomplishments and activities that are already underway. It addresses security and information assurance efforts across the cyber infrastructure to increase resiliency and operational capabilities throughout the CIKR sectors. It includes a focus on public-private sharing of information regarding cyber threats and incidents in both government and CIKR.

This objective, as stated, meshes with findings of the President’s Commission on Critical Infrastructure Protection, created by President Clinton in 1996, in its report Critical Foundations, Protecting America’s Infrastructures.  In its 1997 report, the Commission found:

The quickest and most effective way to achieve a much higher level of protection from cyber threats is a strategy of cooperation and information sharing based on partnerships among the infrastructure owners and operators and appropriate government agencies.

To facilitate this new relationship between government and industry, new mechanisms will be needed, including sector “clearing houses” to provide the focus for industry cooperation and information sharing; a council of industry CEOs, representatives of state and local government, and Cabinet secretaries to provide policy advice and implementation commitment; a real-time capability for attack warning; and a top-level policy making office in the White House.

Another area where government must lead is in research and development. Some of the basic technology and tools needed to provide improved infrastructure protection already exist, but need to be widely employed. However, there is a need for additional technology with which to protect our essential systems. We have, therefore, recommended a program of research and development focused on those needed capabilities.

It is eerie how little the rhetoric, problems, and solutions on cybersecurity has changed in 13 years, especially given the leaps and bounds we have seen on the technology front – from broadband to smartgrids to wireless to social networks.  The 1997 report would be one of a handful to emerge from the government, all touting the same action items.  In addition, several federal entities – many with acronyms as names – emerged over the years, from the Critical Infrastructure Assurance Office (CIAO) at the Department of Commerce to the National Infrastructure Protection Center (NIPC) at the FBI to the National Cyber Security Division (NCSD) at the Department of Homeland Security.

We also saw directives offered by both Presidents Clinton and Bush to further explain the complex relationship between the government and the private sector in protecting critical infrastructures.  PDD 63, released in May 1998, established national policy on necessary measures to eliminate significant vulnerabilities to physical and cyber attacks on U.S. critical infrastructures, including U.S. cyber systems.  HSPD-7, released in December 2003, superseded PDD-63, and focused on establishing a national policy for Federal departments and agencies to identify and prioritize U.S. critical infrastructure and key resources and to protect them from terrorist attacks.

Since Perfect Citizen is focused on the energy sector, it is worth noting that the 1997 Critical Infrastructure report did specifically address the vulnerabilities and threats of the energy sector in one of its chapters.  Its concluding findings were:

  1. The authorities and responsibilities for energy infrastructure assurance in the federal
    government need to be clarified.
  2. The respective responsibilities of government and private sector for infrastructure assurance are not clearly understood.
  3. Improved sharing of threat information and “indications and warning” (I&W) information is needed. Improved sharing of industry experience is needed (e.g., a fully populated cyber intrusion database).
  4. More training and awareness in infrastructure assurance is needed, focusing on risk management, vulnerabilities, performance testing, and cyber security.
  5. Infrastructure assurance technology advancements could add significantly to the overall protection of industry assets.
  6. Adopting uniform physical and cyber security guidelines, standards or best practices would enhance protection.

Interesting, the government had already been looking at energy sector vulnerabilities before the Commission was even formed.  In the late 80s, the House Energy & Commerce and Senate Government Affairs Committees held hearings and requested an assessment from the then-existing Office of Technology Assessment on the vulnerabilities of the grid. OTA released a report in 1990 entitled  “Physical Vulnerability of Electric Systems to Natural Disasters and Sabotage.”  The report describes the various agencies involved in protecting electric systems, from the National Security Council to the Federal Emergency Management Agency to the Department of Defense to the FBI, and includes the conclusion that “[t]he appropriate level of government intervention is a matter of value judgment and opinion. The level of threat, both sabotage and natural disaster, cannot be quantified, and the costs of a major outage are highly dependent on the exact nature of the outage.”

So what can be concluded from these efforts?  Maybe the OTA report is right – government intervention/involvement in private sector efforts in this area is really a value judgment call where we will see the right mix when we see it.  There is no easy answer though it is clear that it has to be a joint effort if we are going to protect our critical infrastructures such as the electric grid, nuclear plants, and oil pipelines.  Attention should be focused on specific solutions that can harden our systems and advance our efforts beyond policy, partnerships, and threatened mandates.

If there should be intervention, how do we address privacy concerns and fears of Big Brother intervention?

Privacy concerns relating to how the federal government works with the private sector on monitoring critical systems are also not new.  Each time the government creates a cybersecurity program, concerns are raised – some rightly, some not – on what are we doing on the privacy front.

In the late 90s/early 2000s, the FBI came under fire for its unfortunately named program “Carnivore,” which was designed to monitor email and electronic communications through the use of customized packet sniffers.  The name was quickly changed to DCS1000 (despite some   calls for it to be renamed “Fluffy Bunny”) but the program never quite survived the privacy uproar that followed it.

Currently, the Einstein (1,2, 3) programs that make up part of the CNCI effort remain under fire from privacy and civil liberties advocates because they involve deep packet inspections and scanning of communications for malicious code before they attack government systems.  Einstein 1 and 2 have been examined in great detail and have Privacy Impact Assessments available.  Einstein 3, which has yet to be rolled out fully, has created the most controversy as it would allegedly preempt strikes before they happen by sharing information with the NSA (a simplistic description that I’m sure has many techies rolling their eyes).

The concern for many privacy and civil liberties advocates on this front are two-fold. First, there is a general concern that NSA’s involvement in what many deem a civilian effort, especially in light of NSA’s surveillance and intelligence gathering missions, would go beyond protecting to  actively intruding on citizen’s privacy and activities.  Second, to the degree there is discussion about extending Einstein and other programs into the private sector, there is concern about government involvement in such efforts, especially in light of concerns over NSA involvement and use of its “Tutelage” technology developed for screening cybersecurity networks. 

We can expect the same concerns raised by Einstein 3 to be raised with Perfect Citizen.  The fact that private sector systems are the focal point of the effort, something that most of the CNCI has avoided by focusing government systems, may raise further questions as experts try to parse out what really is going on with Perfect Citizen.  Since it is a classified program, much of the discussion will focus on speculation and rumors, making the privacy concerns more difficult to discern.  NSA’s involvement will only magnify those concerns.  It is hard to address concerns for problems that are only speculative and so dependent on “trust” but with little way to “verify” for privacy advocates.

Is the NSA (or any of the three letter classified agencies) the proper place for housing such a program?

Before answering this question, it is worth exploring whether the privacy issues raised in question 2 would go away if NSA was not involved in Perfect Citizen.   My assessment is that they would not as DHS has had a number of programs come under privacy scrutiny and much of the proposed activity would need to be classified to achieve its goals and be successful.  The protection of industry information would also have to be adequately addressed.

So putting those concerns aside,  should DHS or NSA be leading this effort?  It is hard to understand exactly what role NSA is playing in this effort or why, according to media reports, it is doing outreach to utilities.  Especially confusing is the fact that if you look at Objective #12 under the CNCI (see above), DHS has the lead on the effort to extend government efforts to the private sector and has done extensive work, along with the Department of Energy and the Federal Energy Regulatory Commission, on the various subsectors within the energy sector on protecting their systems.

Also unclear is how the NSA’s lead (if it is indeed leading) on Perfect Citizen meshes with the Office of Management and Budget’s Memorandum released earlier this week, on July 6th, entitled Clarifying Cybersecurity Responsibilities and Activities of the Executive Office of the President and the Department of Homeland Security (DHS).

That memorandum clearly states:

Under various national security and homeland security Presidential directives, and pursuant to its statutory authorities, DHS oversees critical infrastructure protection, operates the United States Computer Emergency Readiness Team (US-CERT), oversees implementation of the Trusted Internet Connection initiative, and takes other actions to help secure both the Federal civilian government systems and the private sector.

Maybe future revelations about Perfect Citizen will reveal DHS’s role in the program and make clearer how NSA is engaging with the energy sector on what the agency is calling a “research and development” program.  Given the complexities involved with cybersecurity, if NSA has technology that is useful that has been developed on “the other side,” shouldn’t it be working with DHS and other civilian agencies to test it and determine its applicability in civilian government and private sector systems?

If it does not have the technology but is contracting with outside entities to develop it purely for civilian purposes, then that would seemingly contradict the understood paradigm on who does what in cybersecurity for the government and with public-private outreach.  Based on what has been made public so far, it is unclear which scenario is actually taking place.

In any event, it would be helpful for the Administration to clarify roles and responsibilities and how it seems the interplay between NSA and DHS on cybersecurity, much in the same way it did on the interplay between the White House and DHS in this week’s OMB memo, as the tension between DHS-NSA efforts will likely not disappear anytime soon.

July 8, 2010

Holistic national security: Transforming belief into reality

In the opening days of his administration, President Obama wrote, “I believe that Homeland Security is indistinguishable from National Security — conceptually and functionally, they should be thought of together rather than separately.  Instead of separating these issues, we must create an integrated, effective, and efficient approach to enhance the national security of the United States.” (See: Presidential Study Directive 1)

I testified against this proposition before the House Homeland Security Committee.  I continue to have conceptual and functional reservations.  But today I will embrace the President’s belief and offer a prescription for improving integration, effectiveness, and efficiency.

For this purpose, greater energy and attention  should be given to a specific recommendation of the Quadrennial Homeland Security Review.  From page 71 of the QHSR:

Build a homeland security professional discipline: Develop the homeland security community of interest at all levels of government as part of a cadre of national security professionals. A well-documented need within the national security community is a professional development program that fosters a stable and diverse community of professionals with the proper balance of relevant skills, attributes, experiences, and comprehensive knowledge. Executive Order 13434, “National Security Professional Development,” initiated a program for developing interagency national security professionals through access to an integrated framework of training, education, and professional experience opportunities. We must work together with our national security partners in bringing that important idea to fruition. As part of that effort, we must take steps to create a homeland security community of interest across the enterprise. Three elements of professional development are education, training, and experience via developmental assignments. State, local, tribal, and territorial governments, DHS and other Federal agencies, and academic institutions have taken important steps to build programs to support these key areas and will continue to emphasize enterprise-wide approaches to enhancing homeland security professional development.

The National Security Professional Development (NSPD) program established under Executive Order 13434 (May 17, 2007) has, to date, been implemented with a bureaucratic minimalism that  has done nothing to enhance capability or capacity in either National Security or Homeland Security, much less for the Platonic form in which these security shadows become an indistinguishable whole.

Today (and for most of the last seventy years) there are various orders of a national security priesthood.  The combination of rigorous education, apprenticeship, mentoring, and field experience required for ordination is reminiscent of the Jesuits at high tide.   There is also competition — sometimes friendly, sometimes not — between the national security analogs of Jesuits, Benedictines, and Franciscans spanning the military, diplomacy, intelligence, and related.

Into this mix the so-called homeland security professions — law enforcement, fire, emergency management, public health, and more — arrive like so many fancy-dressed laity. We are Knights of Columbus who the priestly orders tolerate, encourage, or dismiss depending on personal taste or particular need.

EO 13434 and PSD-1 and the QHSR seem to say that priests and laity should learn together and collaborate toward the same purpose.   If the NSPD  program was undertaken earnestly and mindfully over the next thirty years then, perhaps, the President’s vision could be achieved.   Such is not the case today, to our detriment.

Next Page »