Homeland Security Watch

News and analysis of critical issues in homeland security

February 8, 2011

A chew-without-swallowing terrorism defense

Filed under: Intelligence and Info-Sharing,Investigation & Enforcement — by Christopher Bellavita on February 8, 2011

Today’s post was written by Nick Catrantzos.  Nick is the lead author of the All Secure blog and is the security director for a large public organization.


What’s in a lead about suspicious activity, and whence the gulf between how defenders and official lead processors react to it?

The answer says a great deal about how far our homeland security partners have advanced in gearing their efforts for preventing terrorist attacks instead of focusing top priority on prosecuting attackers. The way one answers also reveals instantly whether one is a defender or an official unburdened by direct responsibility for protecting a target of terrorist attack. Take this example and follow its course to appreciate the difference.

EVENT: A person drives up to a fenced facility whose purpose is to control electricity, water, or telecommunications serving millions of citizens. This person then takes several photographs of that facility and of the entrance to it before driving away. Staff or security cameras at the facility capture the photographer’s description and license plate number. An employee from that facility then reports these details through channels that ultimately reach the local fusion center. This center is where homeland security partners take in and presumably do something with all the information generated by their bosses’ “See something? Say something!” campaigns. What should happen next? It depends.


An analyst or duty officer calls up the license plate number and hands the details to a law enforcement officer on duty. This officer immediately calls the registered owner of the vehicle driven by the photographer, communicates official interest and concern over the actions of the photographer, and ascertains the photographer’s intent while clearly signaling that such activity is monitored, acted upon, and taken very seriously. Result? Deterrence. Even if the photographer’s actions trace to some innocent, plausible explanation, a clear message goes out that somebody is watching and that suspicious actions trigger real time response. If a terrorist was taking pictures as part of a target selection or pre-strike surveillance operation, the dividend is greater. The same message goes out disrupting the attack and in effect causing the would-be attacker to pick a softer target.

But there is an alternative reaction which misses this deterrent effect while consuming much more time and resources.


You see the situation differently. You see your job not as deterring attack but as launching investigations that take attackers down and put them behind bars. So, what happens? Well, you evaluate the lead. Let’s see, there’s not too much there to justify an investigation. There are more of these leads than investigators to handle them. Besides, you probably need a supervisor to authorize an investigation. This means more processing delay. Net result? Note and file. Thank the defender for the lead. Not enough to go on, though. Maybe next time …

What signal does the latter approach transmit? To the photographer — innocent or nefarious — it says no one will stop or question you or stand in your way. To the defender, it communicates indifference and bureaucracy that disincentivizes future participation in passive or one-sided homeland security “partnerships.”

To the public at large, the handling of such events reveals just how much our organs of homeland security have in reality taken to heart the message of the Attorney General in November 2001 when he announced that, henceforth the new priority would be prevention, not prosecution. If the second approach is crowding out the first, this is not necessarily the fault of fusion centers and lead processors. It is a failure of leadership to incentivize timely responsiveness for deterrence that is hard to measure over traditional investigative case handling that lends itself better to metrics but not to the object sought. And so we chew and chew on the very leads that a quick bite and swallow would handle better, leaving our vaunted partnerships infused with a bovine incapacity to deliver the value they were created to produce.

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn


Pingback by Tweets that mention Homeland Security Watch » A chew-without-swallowing terrorism defense -- Topsy.com

February 8, 2011 @ 3:51 am

[…] This post was mentioned on Twitter by Bob Connors, Bellavita. Bellavita said: Homeland Security Watch » A chew-without-swallowing terrorism defense http://bit.ly/fcuTOd […]

Comment by William R. Cumming

February 8, 2011 @ 8:23 am

Great post! The problem is stated on the record very well. There are tradeoffs either way. The question I have is who or what group should be evaluating those tradeoffs.

Of course having some knowledge of security I would say that the site described is inadquately fenced and protected! I won’t explain why!

Comment by John G. Comiskey

February 8, 2011 @ 11:18 am

There are many versions of how and why fusion centers emerged from some pre-9/11 entities and the avalanche of post-9/11 initiatives.

Value Proposition:

There is some agreement that it is a good idea for public and private agencies, at all levels, to forge relationships to detect, deter, mitigate terrorism and other bad things especially crime. The relationships are mostly genuine, but still, everyone is not always on the same page: agencies have both common and parochial interests and sorting out how much and when each member shares is yet to be determined.

Speculative history has it that Winston Churchill had information that the City of Coventry would be bombed and withheld that information so as to not give up his hand to the Nazis that the UK had broken the vaunted Enigma encryption. Assuming this to be true, is prevention scalable, i.e. might the government allow a terrorist or criminal operation to continue to catch and prosecute the bigger fish.

The NYPD was recently accused of fumbling the Najibullah Zazi case. Members of the NYPD Intelligence Unit, unwittingly tipped of Zazi, an al-Qaida associate, via another, that the police were interested in him. The NY-Joint Terrorist Task Force, of which the NYPD is a member, learned of the tip-off and took the suspects into custody. Whether or not leaving the suspects at large would have brought in bigger fish or solidified a criminal prosecution is unknown. In either case, Zazi’s planned attack on NYC was prevented.

The homeland security does ask the community to say something when they see something. The reality is that vetting each lead is not without our means. Apply a risk-management approach the community, albeit sometimes on an ad-hoc basis, does check leads.

The homeland security community makes mistakes because they operate in real-time and security is imprecise. Post-mortem reports rarely acknowledge this (the 9/11 Commission Did).

Comment by William R. Cumming

February 8, 2011 @ 11:28 am

If memory serves the Fusion Center concept refined and made statutory by the 9/11 Commission Implementation Act of 2007 (August 2007)!

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>