Homeland Security Watch

News and analysis of critical issues in homeland security

February 29, 2012

Mo’ Better Blues

Filed under: Organizational Issues,State and Local HLS — by Mark Chubb on February 29, 2012

The implicit social contract between government and the governed broke down decades ago for many Americans. As the electorate lost confidence in our political and appointed leaders’ empathy, integrity and wisdom, these leaders starting shifting attention from themselves to government employees.

At first, attention focused on whether government was doing things right. Increasingly, people question whether government is doing the right things. Our preoccupation has shifted from worrying that government was trying to do everything to wondering whether it can do anything. Many now question whether we even need government. And a good many more don’t care much one way or the other.

As we have traveled along this continuum from ambivalence to antipathy (and back), the public has rightly questioned both our purpose and our progress.

Many in power have framed public concerns in terms of two cardinal virtues: efficiency and accountability. And too many leaders have erroneously oversimplified this otherwise accurate prescription by translating it into the management mantra: “Do more with less.”

Anyone who has spent any time at all in public service has heard this mantra repeated often enough. Few find it soothing, even fewer find it inspiring.

The challenge for government is not doing more with less. The challenge for government has always been the same: How do we do better.

Any economist will tell you efficiency has nothing to do with less. It’s about minimizing losses, not inflicting them. An efficient economy maximizes aggregate welfare.

Welfare is far more a question of quality than it is a matter of quantity. Once you have enough, more makes less and less difference. Indeed, mounting evidence suggests more actually is less.

Because efficiency focuses on how much better off everyone is collectively, we need accountability to temper its application. Accountability without a sense of responsibility is retributive and irrational. As such, accountability demands equity, which focuses on increasing individual opportunity even if it means generating a little less welfare for all.

The challenge and opportunity for government is not in producing more for less. It is in maximizing aggregate welfare while promoting or advancing individual opportunity.

This is where things ought to get tricky, and does. Opportunity to do what?

The principal ideological and philosophical difference between those who support government and those who oppose it comes down to a difference of opinion about a single, simple expectation: Whether when given any opportunity people will look after themselves or others first.

This distinction should matter just as much to homeland security professionals as it does to politicians and ideological elites. How we operationalize “do better” depends very much on whether we assume individuals look to maximize their own opportunities or those of others.

When better assumes individuals look after themselves first, we have to worry about how far people will go to get what they want. We also have to worry what people will do to get what they need.

If we look after one another first, we have good cause to believe others will look after us. This eliminates or at least minimizes how much concern we should have about what people will do to meet their basic needs.

This still leaves us with the question of what people will do to get what they want. We cannot eliminate this concern for two reasons: 1) even someone with an altruistic orientation should reasonably strive to maximize gain, especially when the benefits are shared widely, and 2) one’s willingness to share will almost invariably vary depending on whether opportunities are expanding or contracting.

When things are good, people are in a better position to share. But to the surprise of many, they often do not.

As we’ve seen during the latest recession and long recovery, people will share even when (or perhaps especially because) it hurts. This may either be due to empathy or an expectation of future reciprocity. But whatever the reason, such benevolence can neither be overlooked nor taken for granted.

What then can we do to encourage renewed optimism in the capacity of government to promote if not do good by doing better? We can start by raising expectations rather than minimizing them. Instead of explaining what government cannot do, we should emphasize what it does better than the market.

To follow this up, we can show it’s not a question of quantity but quality that makes the difference. At a local level, this means less emphasis on response times and staffing and more on what we do to take care of people when they need help and have nowhere else to turn.

Finally, instead of arguing for employment conditions that give public workers more — more pay, more benefits, more security, we should emphasize the important part collective bargaining plays in ensuring equity and quality. Contracts bind both parties, not just management.

If we want to save the public service ethos, we need to start by sacrificing our egos.

February 28, 2012

Merge the Army National Guard and the United States Army Reserve

Filed under: Homeland Defense — by Christopher Bellavita on February 28, 2012

Several years ago I came across a description of what homeland security looked like before our War for Independence:

[Early] settlers of the Thirteen colonies faced a variety of threats including Indians, Spaniards, Frenchmen, Hollanders and pirates. Lacking the resources to support fulltime soldiers, they met their defense needs with less costly militia. Twelve of thirteen colonies passed legislation requiring each adult male from 16 to 60 “…to own a modern weapon, train regularly with his neighbors, and stand ready to repel any attack on his colony.”

That’s where the National Guard came from:

The military organization we know today as the National Guard came into existence with a direct declaration on December 13, 1636. On this date, the Massachusetts General Court in Salem, for the first time in the history of the North American continent, established that all able-bodied men between the ages of 16 and 60 were required to join the militia. The North, South, and East Regiments were established with this order. The decree excluded ministers and judges. Simply stated, citizen-soldiers who mustered for military training could be and would be called upon to fight when needed.

Laws often evolve from well-intentioned actions, yet sometimes prove themselves to be ineffective. Given such odds, how could this possibly work?

The United States Army Reserve is a comparative newcomer, “formed [on] 23 April 1908 to provide a reserve of medical officers to the Army.”

Today’s post was written by Major Shane Crofts. He argues it is time for the two forces to merge.

Major Crofts serves as the Logistics Management Officer for the Wyoming Army National Guard.  This essay reflects his opinions, and does not reflect Army National Guard or DOD policy.


My idea is to merge the Army National Guard (ARNG) and the United States Army Reserve (USAR) into one force.  In reality, this would mean integrating all USAR forces into the ARNG of the state the USAR resides.

There are so many similarities between these two Army reserve components that most outside observers don’t know the difference.  Both are trained, equipped, and organized the same way.  Each force consists of citizen-soldiers, employed full-time across all walks of life, who train periodically (typically one weekend/month and two weeks/year).

The only real difference is the authority creating the two forces.  USAR soldiers serve on Title X, under federal control at all times.  National Guard soldiers serve their Governors in Title 32 status, until mobilized for federal missions.

Army Reserve soldiers, many of them residing in the same communities as National Guard soldiers, normally don’t get mobilized for domestic missions — like disaster response — unless called upon for a national emergency by the President.  Conversely, National Guard soldiers can be immediately called upon by their respective Governors in a State Active Duty status for local emergencies.

Combining these forces would increase the number of military responders available for domestic missions by 70%.  In fact, after the initial turbulence of making the change I am suggesting, (which would be substantial), the efficiencies created by merging these forces would save taxpayer money, and greatly enhance our ability to respond to domestic emergencies, manmade or natural.

The National Guard traces its roots back to the Massachusetts militia formed in 1636.  As such, it is the oldest branch of our military.  National Guardsmen have participated in every campaign in America’s history. In addition to the distinguished overseas service of many National Guard units, guardsmen also serve a key role in Homeland Defense, and in domestic response to natural disasters and emergencies.  In this capacity National Guardsmen have been called upon to fight floods and forest fires, search for missing persons, perform counterdrug missions with local law enforcement, provide security at major events, and assist law enforcement with crowd control and riot response.

The National Guard consists of 355,000 soldiers located in more than 3,300 communities around the nation, and has more than 4,600 personnel deployed every day in support of domestic operations. As a force comprised of citizen-soldiers who live and work in the communities they serve in, Guardsmen routinely get called to support civilian authorities. This unique dual-role capability of supporting federal and state missions is the historical core competency of the NG.

The United States Army Reserve was established April 23, 1908 by Title 10 of the US code as a strategic reserve of the US Army.  As with the National Guard, the role of the USAR has been greatly enhanced since transitioning to an operational reserve after 9/11.

The USAR consists of more than 205,000 soldiers located in 1,100 Reserve Centers around the nation.  Close to 16,000 Army Reservists are deployed around the world, and almost 200,000 soldiers deployed since 9/11.

A 1993 agreement left the USAR with combat support units, and the NG with combat arms units, and a dual focus of wartime and domestic support. The core competency of the USAR is providing support units to the Army for federal mobilization, and its units include: theatre support, civil affairs, engineering, training divisions, and chemical and biological detection companies. It has more than two-thirds of the Army’s medical brigades, civil affair units, dental units, combat support hospitals; and nearly half of the Army’s Military Police, medical and supply units.  Many of these support units are considered critical dual use units identified by the National Guard Bureau as essential to every state to support state missions.  In fact, every one of National Guard Bureau’s “Essential 10” capabilities resides in the USAR.

This proposal offers substantial benefits to the Army National Guard.  Force structure brings resources, and the ARNG would stand to increase its presence in every state.  The ARNG would presumably absorb the Army Reserve’s budget ($8.1 Billion in 2011), and take control of its 6 installations and 1,100 Reserve Centers.  In addition, the ARNG would be the beneficiary of 16 operational commands, and 6 training commands, most of them commanded by two-star Generals. While current commanders will likely remain in place, these highly-sought after commands would enhance career opportunities for NG officers in the states in which they reside.

This idea will be unpopular to some people.  The US Army Reserve has struggled to maintain relevance since the elevation of the Chief of National Guard Bureau to a four-star General three years ago. A recent National Defense Authorization Act (NDAA) gave the Chief of the NGB full membership in the Joint Chiefs of Staff (JCS).  The US Army Reserve remains subordinate to the Army Chief of Staff.

The USAR has reorganized several times since 9/11 to reduce “overhead”, and has been reduced to a few two-star billets. The National Guard consists of 54 State Adjutant Generals, fully supported and resourced by 54 Governors and Congressional delegations from each state and territory.

The Office of the Chief of the Army Reserve, commanded by a 3-star General, and consisting of five General Officer positions, and eight Regional Support Commands, commanded by a two-star General would be rendered obsolete as peacetime headquarters whose functions would be assumed by the Joint Forces headquarters in the gaining states.  Reducing headquarters and peacetime “overhead” will create efficiencies, ultimately providing cost savings.

The Army also will likely oppose this concept.  National Guard soldiers are somewhat less accessible as a strategic reserve, since a Governor can theoretically reject federal mobilization of his/her NG forces.  In light of proposed budget and manpower cuts across the Army (up to 90,000 active duty soldiers proposed), the idea I am proposing in this essay should be considered.

While virtually transparent to the two organizations’ civilian “customers,” the internal transition could be painful across the board.  There will be impacts on manning, equipping, funding, facilities, and training.  Lifecycle management would be extremely important as headquarters and senior level positions are eliminated, and support personnel working in those headquarters transition to NG headquarters.

The two services wear identical uniforms, yet speak different languages, and have entirely different cultures.  The change I am proposing would need to be carefully planned and phased over 3-5 years, modeled after a corporate merger, with the idea of gaining efficiencies, but without the hostility of a takeover.

An extensive awareness campaign for all stakeholders is key, primarily focused on US Army Reserve soldiers to ensure they view the change as a positive opportunity rather than a negative reorganization.  It is also critically important to retain the historical lineage and honors of Army Reserve units.

Ideally, all USAR soldiers will be retained, and have increased career opportunities, while also greatly increasing the number and distribution of military first responders available to a Governor faced with a disaster.  In a constrained budget environment, the Department of the Army must look to create efficiencies by eliminating duplicative recruiting, training, mobilization, overhead, and facilities.  A successful merger will be measured by initial attrition and retention rates, command climate surveys, and success with recruiting goals.  Ultimately cost savings and increased readiness will be achieved.

Considering the costs associated with a large standing Army, a strong reserve component is more important than ever.  National Guardsmen and Reservists have contributed to every war our nation has ever been involved in, and are also a critical piece of the Homeland Security enterprise.  This merger is an idea that has been suggested and dismissed before.  But as we transition to a post-war environment, and face diminished resources, we should again consider the merging of the US Army Reserve and the Army National Guard.  It’s the right thing to do for national and homeland security, and it’s the right thing to do for our most important resource, our nation’s young citizen-soldiers.



February 27, 2012

Nuclear blast simulator: NUKEMAP

Filed under: Catastrophes,General Homeland Security,Radiological & Nuclear Threats,WMD — by Arnold Bogis on February 27, 2012

Recently the web saw the emergence of a new online nuclear detonation simulator: NUKEMAP.

Created by Alex Wellerstein, a historian of science at the American Institute of Physics and blogger at “Restricted Data The Nuclear Secrecy Blog,” this simulator is the best example of an admittedly small class of apps. It allows one to pick the target and yield of the device, either through drop down boxes or by entering unique values.  For the sake of simplicity, it defaults with an idealized air burst which eliminates the computational messiness of modeling the influence of unique geography and weather.

So this isn’t your National Lab/FEMA 3-D model tailored to individual cityscapes.  But it gives you a general idea about the varying effects of different sizes of nuclear weapons.

The features, in Alex’s own words:

  • Easily draggable target marker (which has an adorable little atom on it)!
  • Bright, stomach-churning colors indicating major negative effects of atomic detonations!
  • Effects described include zones of 500 rem exposure, major overpressures, and fire! Plus, the legend breaks these down into easy-to-understand descriptions of what they mean for your average person caught inside of them.
  • Lots of pre-sets for both places to drop them (I didn’t want to discriminate) and yields of historical weapons! It has never been easier to put a 50Mt H-bomb on the Eiffel Tower.
  • Automatically tries to drop the bomb on wherever Google thinks you are accessing the Internet from (based on your IP address)!
  • You can link to specific detonations and send them to your friends to enjoy forever!
  • Automatic zooming to make sure that all of a given nuke’s effects fit within the view window! (This can be disabled.)
  • More historically contextualized than your average web app!

While obviously trying to inject some levity in the most serious of subjects, among Alex’s stated goals for this project was to visually explain the difference between fission and fusion weapons effects:

I have in the past made maps of this sort for use in teaching, when I want to emphasize how “impressive” the first hydrogen bomb was when compared to the first atomic bombs. If you dropped a Fat Man-style bomb onto downtown Boston, the results wouldn’t be pretty, but the effects would be limited to the immediate area surrounding the peninsula, primarily. (In other words, I would tell the students, Harvard is probably not too bad off, fallout excepting, but MIT is completely fried.) Do the same thing with an Ivy Mike-sized bomb and you’ve set houses on fire all the way out to Concord (a visual argument, when done with appropriate build-up and theatricality, that never failed to result in a horrified gasp from the auditorium of undergrads). It becomes quite clear why many of the atomic scientists of the day considered H-bombs to be exclusively genocidal weapons.

For homeland security planners what this simulator makes vivid is how the threat has changed since the end of the Cold War. Multiple Soviet warheads in the hundred kiloton or megaton range is a totally different story than a single nuclear terrorist device around the size of the Hiroshima bomb or even lower.  While any local and state response will be immediately overwhelmed, the current threats are still national  catastrophes than can and should be planned for at a regional level.

A discussion on cybersecurity legislation

Filed under: Cybersecurity — by Arnold Bogis on February 27, 2012

Last week, the George Washington University’s Homeland Security Policy Institute (HSPI) held a “Conversation on Cybersecurity Legislation with Mike McConnell, Michael Chertoff, and Senior Congressional Staff.” Video of the event, along with background materials, can be found here: http://www.gwumc.edu/hspi/events/cyberPRF413.cfm

On one hand, the sausage-making portion of the discussion with congressional staff was interesting, if not too enlightening to one uninitiated in the dark legislative arts. On the other, former DHS Secretary Chertoff and former DNI McConnell seemed to echo some of Phil’s framing of the cyber issue in his last post.

Obviously, these two men fall into Phil’s descriptive pot “Those that may make money on increased attention to cybersecurity are in favor of the current proposal.” In fact, both gentlemen agreed that the current legislation is a start, but that more is required.  To be fair, both also have extensive knowledge of the threats and vulnerabilities involved in the cyber domain.

More interesting, to me at least, was their description of the issue of regulation vs. collaboration that serves to reinforce Phil’s frame.  To paraphrase Chertoff: “how can you expect a company that is worth $10 million to voluntarily spend $1 million on cyber security, despite the fact that the cascading vulnerabilities could cost the nation $10 billion?” While McConnell discussed the military’s initial aversion to Goldwater-Nichols reforms, now credited with producing a superior fighting force that not only collaborates because they have to, but because of the specific design of the system such cooperation is something they now want to accomplish.

Phil characterized it in his last post:

While the efficacy of the new bill is debatable, it is clear the current approach — depending almost entirely on voluntary collaboration — has not worked. The weakest links in the cybersecurity system are the least willing to show up, talk turkey, and truly collaborate in sharing information and changing behavior. What do you do when “pretty please”, earnest presentations on self-interest, and peer pressure do not work? What do you do when neglect by one “house” on the block endangers the safety of the entire block (or city)?

Sanctions are needed. But no matter how tough, sanctions will not be sufficient. Whatever sack of sanctions are available, unless the sanctions are used to craft collaboration (rather than mere compliance) cybersecurity will not be enhanced.  The threat of regulatory sanctions may encourage collaboration, but a rigid regulatory approach alone will only achieve minimal compliance, which in cyberspace will always lag behind new threats and vulnerabilities.

If you are interested in cybersecurity, I would highly recommend going back and re-reading Phil’s piece with his intriguing suggestion that cybersecurity lessons can be derived from the model of the Coast Guard: http://www.hlswatch.com/2012/02/24/creating-a-cyber-coast-guard/

Then watch the HSPI event, which may shed some light on the competing legislative priorities and processes that may, hopefully, someday result in a bill: http://www.gwumc.edu/hspi/events/cyberPRF413.cfm


One new item from today and one a few days old (h/t to Bill Cumming) on the cyber front.

The Washington Post reports on the tussle between the White House and NSA over the access and monitoring for threats/privacy rights divide:

The National Security Agency has pushed repeatedly over the past year to expand its role in protecting private-sector computer networks from cyberattacks but has been rebuffed by the White House, largely because of privacy concerns, according to administration officials and internal documents.

The most contentious issue was a legislative proposal last year that would have required hundreds of companies that provide critical services such as electricity generation to allow their Internet traffic be continuously scanned using computer threat data provided by the spy agency. The companies would have been expected to turn over evidence of potential cyberattacks to the government.

NSA officials portrayed these measures as unobtrusive ways to protect the nation’s vital infrastructure from what they say are increasingly dire threats of devastating cyberattacks.

But the White House and Justice Department argued that the proposal would permit unprecedented government monitoring of routine civilian Internet activity, according to documents and officials familiar with the debate. They spoke on the condition of anonymity to describe administration deliberations; internal documents reviewed by The Washington Post backed these descriptions.

A few days ago, the Government Security News website reported on remarks by former NSA and CIA Director Michael Hayden that covered topics not usually associated with cyber issues: mitigation, response, and recovery:

So, when Hayden says the U.S. may be spending too much time thinking about cyber vulnerabilities and not enough time thinking about the actual consequences of a successful cyber attack, it probably makes sense to pay attention.

“We may be at the point of diminishing returns by trying to buy down vulnerability,” the general observed. Instead, he added, maybe it’s time to place more emphasis on coping with the consequences of a successful attack, and trying to develop networks that can “self-heal” or “self-limit” the damages inflicted upon them.

“I cannot stop them at the perimeter,” Hayden acknowledged, “so, how do I deal with the fact that they are on the inside.”

February 24, 2012

Creating a Cyber Coast Guard

Filed under: Congress and HLS,Cybersecurity,Private Sector — by Philip J. Palin on February 24, 2012

It is not yet clear if the Cybersecurity Act of 2012 will be taken up by the whole Senate — as previously announced — or disappear into committee review while under sustained attack by those opposed.

Senator John McCain, one of those opposed, has promised a competing piece of legislation:

The fundamental difference in our alternative approach is that we aim to enter into a cooperative relationship with the entire private sector through information sharing, rather than an adversarial one with prescriptive regulations. Our bill, which will be introduced when we return from the Presidents’ Day recess, will provide a common-sense path forward to improve our nation’s cybersecurity defenses.

Last Friday I outlined the perceived — in my judgment, real — tension between collaboration and compliance that any approach to effective cybersecurity will require. The real debate is over how to resolve this tension: with more dependence on voluntary cooperation or the threat of regulation. (To be clear, the proposal unveiled on February 14 by Senators Lieberman, Collins, and others does not create new regulations per se, but it does initiate a public-private process that would eventually create a regulatory regime.)

Some private sector organizations have welcomed the opportunity to frame-up the process, others are ready to do what they can to stop any movement to regulation. So far the private sector line-up on each side seems mostly to reflect revenue streams. Those that may make money on increased attention to cybersecurity are in favor of the current proposal, those that see cybersecurity mostly as a cost are opposed. (The cost-benefit discussion is, so far, not very sophisticated on either side.)

While the efficacy of the new bill is debatable, it is clear the current approach — depending almost entirely on voluntary collaboration — has not worked. The weakest links in the cybersecurity system are the least willing to show up, talk turkey, and truly collaborate in sharing information and changing behavior. What do you do when “pretty please”, earnest presentations on self-interest, and peer pressure do not work? What do you do when neglect by one “house” on the block endangers the safety of the entire block (or city)?

Sanctions are needed. But no matter how tough, sanctions will not be sufficient. Whatever sack of sanctions are available, unless the sanctions are used to craft collaboration (rather than mere compliance) cybersecurity will not be enhanced.  The threat of regulatory sanctions may encourage collaboration, but a rigid regulatory approach alone will only achieve minimal compliance, which in cyberspace will always lag behind new threats and vulnerabilities.

Whichever of the current sides win, execution will be key. The current legislation addresses execution primarily under Title III through a DHS National Center for Cybersecurity and Communications. The new entity would combine several existing offices, and would be directed by a Presidential appointee confirmed by the Senate. Here are the director’s duties enumerated in the current legislation:

(1) manage Federal efforts to secure, protect, and ensure the resiliency of the Federal information infrastructure, national information infrastructure, and national security and emergency preparedness communications infrastructure of the United States, working cooperatively with appropriate government agencies and the private sector;

(2) support private sector efforts to secure, protect, and ensure the resiliency of the national information infrastructure;

(3) prioritize the efforts of the Center to address the most significant risks and incidents that have caused or are likely to cause damage to the Federal information infrastructure, the national information infrastructure, and national security and emergency preparedness communications infrastructure of the United States;

(4) ensure, in coordination with the privacy officer designated under subsection (j), the Privacy Officer appointed under section 222, and the Director of the Office of Civil Rights and Civil Liberties appointed under section 705, that the activities of the Center comply with all policies, regulations, and laws protecting the privacy and civil liberties of United States persons; and

(5) perform such other duties as the Secretary may require relating to the security and resiliency of the Federal information infrastructure, national information infrastructure, and the national security and emergency preparedness communications infrastructure of the United States.

Title III continues for another 28 pages. Included under Authorities and Responsibilities of the Center, “serve as the focal point for, and foster collaboration between, the Federal Government, State and local governments, and private entities on matters relating to the security of the national information infrastructure.”

On page 114 of the proposed legislation a supervisor training program for the Center is set out. The current language suggests Senator Akaka and his staff have persisted in pushing his perennial concerns. It’s all good. It could be better.

The currently proposed training program  is mostly internally focused. I suggest language be added to focus on mission achievement. Consider for a moment a supervisor training curriculum focused on just one of the duties listed above, ” support private sector efforts to secure, protect, and ensure the resiliency of the national information infrastructure”

What is the nature of the private sector?

What are the private sector’s current efforts related to cyberspace?

What does “secure”, “protect”, and “ensure the resiliency” of cyberspace mean?

What is the national information infrastructure?

What does it mean to “support” the private sector? Why this verb rather than another?

That would be an interesting — valuable — curriculum.   Develop similar curricula around each of the statutory goals, include private sector participants in the curriculum… and a whole new approach to private-public collaboration might be cultivated.

This curriculum should  include a heavy dose of culture, a culture of private-public collaboration.  If the Center becomes a cyber-SEC none of us will be any safer.   Cybersecurity cannot focus on accountability after-the-fact.  The focus must be on cultivating a culture of prevention and resilience, not compliance.

For this purpose, I propose the Akaka Academy for Cybersecurity give close attention to the way the Coast Guard cultivates a collaborative relationship with owners and operators of marine vessels. Just for a taste of what I mean, consider the implications of the following written instruction from a Coast Guard flag officer… and this is not atypical, this approach is entirely consistent with  standard Coast Guard practice.

The Coast Guard’s objective is to administer vessel inspection laws and regulations so as to promote safe, well equipped vessels that are suitable for their intended service. It is not the Coast Guard’s intent to place unnecessary economic and operational burdens upon the marine industry. In determining inspection requirements and procedures, inspection personnel must recognize and give due consideration to the following factors:

  • Delays to vessels, which can be costly, need to be balanced against the risks imposed by continued operation of the vessel, with safety of life, property, and the environment always the predominant factor over economics;
  • Certain types of construction, equipment, and/or repairs are more economically advantageous to the vessel operator and can provide the same measure of safety;
  • Some repairs can be safely delayed and can be more economically accomplished at a different place and time;
  • The overall safety of a vessel and its operating conditions, such as route, hours of operations, and type of operation, should be considered in determining inspection requirements;
  • Vessels are sometimes subject to operational requirements of organizations and agencies other than the Coast Guard; and
  • A balance must be maintained between the requirements of safety and practical operation. Arbitrary decisions or actions that contribute little to the vessel’s safety and tend to discourage the construction or operation of vessels must be avoided.

I know of no better example of effective private-public collaboration than that of the U.S. Coast Guard with the industry it helps regulate, serve, and sometimes save.  It is a cultural model well-suited to the cyber domain.

February 23, 2012

Jeh Johnson on the belligerent citizen

Filed under: Legal Issues,Radicalization,Terrorist Threats & Attacks — by Philip J. Palin on February 23, 2012

The DOD General Counsel spoke at Yale on Wednesday evening.   According to CNN:

The targeted killing of those suspected of engaging in terrorist activities against the United States, including American citizens, is justified and legal, according to the Defense Department’s chief lawyer.

Pentagon general counsel Jeh Johnson is the first government lawyer to officially weigh in on the legal justification for killing a U.S. citizen since American born Yemeni cleric Anwar al-Awlaki was killed by a CIA missile fired from an unmanned aerial vehicle last September.

In comments Wednesday night during a speech at Yale University, Johnson made no mention by name of al-Awlaki or the classified CIA drone program.

“Belligerents who also happen to be U.S. citizens do not enjoy immunity where non-citizen belligerents are valid military objectives,” Johnson said.

Benjamin Wittes at the Lawfare blog provides a transcript of Mr. Johnson’s prepared remarks.


Seeing Syria

Filed under: International HLS,Radicalization,Terrorist Threats & Attacks — by Philip J. Palin on February 23, 2012

Screenshot of inteview with a reporter in Homs who has since been killed

Today both the New York Times and USA Today give above-the-fold attention to Syria:

Ghastly Images Flow From Shattered Syrian City (New York Times)

Activists ensure that the world sees Syria’s bloodbath (USA Today)

Each newspaper is also running related stories.

This week, for the first time, I perceive American media is beginning to give the situation in Syria the attention it deserves.  If and how this might influence American public opinion and policy is yet to be seen.

Beginning last May I have made regular references to Syria in this blog.  At first I was restrained.  This is a homeland security blog, after all. Since September I have been less and less restrained.  For the last few weeks I have been preachy and insistent.  Some have complained.

Last week Arnold Bogis asked the obvious question, “What would you have the U.S. do?” (See last two comments in the linked chain for his question and my answer.) A short version of my answer:  We should at least pay attention.  We dare not fail-to-notice the murder of thousands.

Finally our media has begun to notice.  As a result, I will again adopt a more restrained approach to referencing Syria at HLSWatch.

Arnold did not follow-up on my answer, but he could have — quite fairly — asked again, “But what would you have us do?”

I do not have an adequate response.  Some self-righteous bluster would, probably, make me feel better.   But that would help no one else, certainly not those being bombarded in Homs.

It is helpful that more will now see what is happening.  I hope wiser, perhaps braver men and women will find an effective way to really help.

February 22, 2012


Filed under: Budgets and Spending,State and Local HLS — by Mark Chubb on February 22, 2012

I’ll make this post a short one. (I’d rather be in Christchurch, where today they marked the first anniversary of the devastating February 22 aftershock that claimed 185 lives.) The attention drawn by last week’s post, if not here at least on my personal website, has created quite a stir, at least where I work.

It seems any effort to critically evaluate our current situation is viewed as disloyalty. Tonight, representatives of organized labor appeared in public to make it very clear they do not like being called out for their affiliations. They like even less having their methods of operation, if not motives, called into question.

Homeland security does not need cheerleaders or band leaders or nannies. It needs people willing to ask difficult questions even when the answers prove troubling.

I am convinced that the systems we rely on to maintain secure communities are crumbling. Choices that once seemed easy are now almost impossible even for intelligent men and women of goodwill. Rather than discussing whether we repair a bridge before the next catastrophe, we are forced to invest in the response capability to handle its collapse. Instead of investing in quality public education, we argue about mandatory prison sentences for repeat offenders and lowering the age at which we impose capital punishment.

In many ways, this is the byproduct of a self-fulfilling prophecy that began taking shape when we started to question the very premise of public service in the late 1970s. Today, we have what we should have feared most: Civil servants paralyzed by ambivalence not apathy. When forced to choose between their welfare and that of others, the choice for many is altogether too simple, especially after years of being told to keep their opinions to themselves.

They may not want to make decisions, but they certainly have opinions. Often many different ones about the same subject. And they are all too happy expound them with militant fervor to anyone who will listen and many who would care not to.

Never mind their opinions conflict with one another or with fundamental laws of nature or the universe. But watch out if you dare to disagree with what they have to say!

February 21, 2012

Who are the Mujahideen e-Khalq?

Filed under: International HLS — by Christopher Bellavita on February 21, 2012

What do Tom Ridge, Andrew Card, Howard Dean, Alan Dershowitz, Louis J. Freeh, Rudolph Giuliani, Porter Goss, Michael B. Mukasey, Edward Rendell, and Hugh Shelton have in common?

In January 2012, they were among 21 senior US leaders who signed a letter to Secretary Clinton asking the State Department to rule that the Mujahideen e-Khalq (also known as MEK)

is not a terrorist organization and there is no rational factual or legal basis to maintain it on the FTO [Foreign Terrorist Organization list] —where it was placed in 1997 as a political accommodation to the regime in Iran, NOT because it ever engaged in any terrorist activity or had an intent to do so against the US.

A friend brought my attention to the Mujahideen e-Khalq’s situation, to a place in Iraq called Camp Ashraf where they are being held, and to another location in Iraq called Camp Liberty where they are supposed to be moved.

I had never heard of MEK or their plight. But I do know my friend is not prone to hyperbole.  He chooses his words and his political positions carefully.  I paid attention when he wrote me:

For more than a year, I [had some responsibilities associated with] this group [MEK]; a potential tragedy unfolding at the hands of the US.

So, what’s the story? Who are the Mujahideen e-Khalq, and is there any reason why the homeland security community should care about them?


Global Security describes the MEK this way:

Mujahedeen-e-Khalq (MEK) is the largest and most militant group opposed to the Islamic Republic of Iran. Also known as the People’s Mujahedeen Organization of Iran, MEK is led by husband and wife Massoud and Maryam Rajavi. MEK was added to the U.S. State Department’s list of foreign terrorist groups in 1997.

MEK was founded in the 1960s by a group of college-educated Iranian leftists opposed to the country’s pro-Western ruler, Shah Mohammad Reza Pahlavi. Although the group took part in the 1979 Islamic revolution that replaced the shah with a Shiite Islamist regime, MEK’s ideology, a blend of Marxism and Islamism, put it at odds with the post-revolutionary government. In 1981, the group was driven from its bases on the Iran-Iraq border and resettled in Paris, where it began supporting Iraq in its eight-year war against Khomeini’s Iran. In 1986, MEK moved its headquarters to Iraq where it received its primary support to attack the regime in Iran. During the 2003 Iraq war, U.S. forces cracked down on MEK’s bases in Iraq, and in June 2003 French authorities raided an MEK compound outside Paris and arrested 160 people, including Maryam Rajavi.

Several years ago, the Council on Foreign Relations wrote this about MEK:

During the Iraq war, U.S. forces cracked down on the MEK. About 3,400 people were disarmed at Camp Ashraf, surrendering two thousand tanks, armored personnel carriers, and heavy artillery pieces, according to the 2006 report. Those living at Camp Ashraf are designated as “protected persons” under Article 27 of the Fourth Geneva Convention which prevents extradition or forced repatriation to Iran as long as the United States maintains a presence in Iraq. [emphasis added] The Unites States has no plans to charge and prosecute people living in this camp. The “protected persons” designation applies solely to those living at Camp Ashraf, not other members of the group, nor does it affect the MEK’s listing on the State Department terrorist list.


Not everyone is buying the idea that the MEK are the oppressed and forgotten little guys.  Last August, Christina Wilkie of the Huffington Post, wrote a detailed description of MEK and the lobbying effort of its supporters under the less-than-flattering headline: “Former U.S. Officials Make Millions Advocating For Terrorist Organization.”

One minor part of the article describes how former Pennsylvania Governor Ed Rendell considered declining an invitation to speak at an MEK conference because “I don’t know hardly anything about this subject …[and] I don’t think I’m qualified to come.” He eventually decided to participate in the conference attended by other national leaders.  The outcome?

“It’s been a great learning experience for me,” he told the crowd [at the conference]. “As a result of what I’ve learned [from the MEK supporters], on Monday I will send a letter to President Obama and to Secretary Clinton telling them [first], that the United States is morally bound to do everything we can to ensure the safety of the residents of Camp Ashraf. And two, if Director Freeh and General Shelton and General Conway and Governor Dean and the rest of these great panelists say that MEK is a force for good and the best hope we have for a third option in Iran, then, good Lord, take them off the terrorist list! Take them off the terrorist list!”

As Rendell’s applause died down, he added that he had never heard of Camp Ashraf until the group invited him to speak.

A few days after Christina Wilkie’s article appeared, Allen Gerson criticized her analysis.

What is an organization deemed by the US State Department to be dedicated to terrorism… supposed to do when it believes the charge is spurious? Clearly, the consequences of such a determination are enormous …. So naturally, such an organization will try to do whatever it can to exercise its legitimate rights to correct the record, refute erroneous charges and seek de-listing.

This burden to act is especially acute if an organization placed on the FTO list happens to have thousands of its members situated in a foreign country where they stand to be forcibly removed to a truly terrorist regime where the fate of those “repatriated” will likely be death by firing squad or the hangman’s noose. And, where the US State Department FTO listing is manipulated as justification for random acts of violence against members of that particular organization coupled with continued threats of forced deportation, the compulsion to use all legitimate means to remove the unwarranted terrorist label is overwhelming.

This is precisely the situation the Mujahedin-e Khalq (MEK) finds itself in today. The surprise is that it would be vilified for its efforts in a recent article in the Huffington Post by Christina Wilkie

Mr Gersen is described as “the Chairman of AG International Law in Washington D.C. He is presently involved with other attorneys in representing the PMOI/MEK in its efforts to be removed from the State Department List of Foreign Terrorist Organizations.”

It would be odious to describe this as a “she said, he said” argument, particulary with lives at stake.  How is one to decide what to think about this issue?


In January of this year, former Pennsylvania governor and DHS Secretary Tom Ridge, published an impassioned plea in favor of the MEK: (Although I have to say the writing style was very different from the way Governor Ridge sounded in his 2009 memoir, The Test of Our Times.)

The Obama administration should support the democratic aspirations of the people of Iran and their most effective opposition movement, the Mujahedin-e-Khalq (MEK).

Regrettably, and without justification, the State Department continues to maintain that MEK … on its list of “Foreign Terrorist Organizations” even though it meets none of the criteria.

Secretary Ridge then reviews the history of the MEK’s designation as a Foreign Terrorist Organization since 1997, concluding

The unjust designation was maintained by subsequent administrations in an effort to persuade Iran to abandon their nuclear program.

Sadly, we now see the results of that failed policy: Iran is no closer to moderation, having recently plotted to assassinate, in full view of the world, the Saudi ambassador on U.S. soil; The IAEA [International Atomic Energy Agency] warns that Iran’s nuclear ambitions are actually closer to fulfillment, and the failure to de-list MEK, absent any legal or factual basis, continues to stymie prospects for democratic change in Iran.

This folly has given Iran and its proxies a license to kill thousands of MEK members, including a massacre on April 8 of last year that killed or wounded hundreds of unarmed members of the MEK living in Camp Ashraf, Iraq—each and every one of whom was given written guarantees of protection by the U.S. government.

Now that U.S. troops have left Iraq, Iran is determined to extend its influence in the region and has justified its brutality by categorizing them as “terrorists.”

Whatever way Tehran’s propagandists characterize MEK’s political prospects, culture, or history, it is clear to me that the defenseless Iranian dissidents at Camp Ashraf are committed to non-violent regime change and a democratic, nuclear-free Iranian future.

[On the other hand, on February 9, 2012, NBC News reported

Deadly attacks on Iranian nuclear scientists are being carried out by an Iranian dissident group that is financed, trained and armed by Israel’s secret service, U.S. officials tell NBC News, confirming charges leveled by Iran’s leaders.

The report claims the Iranian dissident group is the Mujahideen e-Khalq — aka MEK]

Back to Governor Ridge’s essay:

Courts throughout the United Kingdom, the European Union and the United States have concluded that there is no legal justification [to] maintain MEK on the foreign terrorist list.

Every one of the residents of Camp Ashraf was interviewed by the FBI and by U.S. military services and there has never been a scintilla of evidence anyone in that camp was motivated by, interested in, or capable of conducting acts of terrorism against this country. Remember, they surrendered all means of self-defense in exchange for America’s promise to provide their safety and security.

[For more on this part of the issue, see the December 2011 talk Brigadier General David Phillips gave in February in support of MEK.  My friend said :

BG Phillips is no goober or anyone’s fool.  General Petreaus … hand-picked him to be on his staff as part of the “Surge” campaign in Iraq and then called him back again to be on his staff in Afghanistan.]

Back to Governor Ridge’s essay:

Some 100 members of Congress, in a bipartisan initiative, have called for MEK to be de-listed. The unfounded MEK designation only serves as a license to kill for both the Iraqi forces and the kangaroo courts in Iran, who regularly arrest, torture, and kill people on the basis of MEK affiliation.

It shames the State Department designation process that has wrongly maintained the blacklist for misguided political reasons. Consider this: the MEK is on the list — the Taliban is not….

As an emboldened Iran moves ever-closer to nuclear breakout, MEK’s unfounded designation is a lynchpin in the critical test of wills between Iran and the West — a test the Obama administration can ill afford to fail….

Unshackling the MEK from an unjust blacklist and living up to U.S. guarantees to protect the Iranian opposition at Camp Ashraf will send the mullahs’ terrorist regime in Tehran exactly the message it needs to hear: The mullahs do not run foreign policy in the United States and America keeps its promises.

The former leaders of the Department of Homeland Security, the Federal Burea of Investigation, The Joint Chiefs of Staff, the Central Intelligence Agency — among others — say a great injustice is being done to the Mujahideen e-Khalq.

In this issue I know nothing about I have to either decide these public servants are willing to rent their voices to a cause they do not believe in exchange for 20,000 dollar speaking fees, or they are correct about what is happening to the Mujahideen e-Khalq.

That is not a difficult decision for me to make.

I ask my friend whether he thinks this is a homeland security issue:

I think it does boil down to a HLS issue. They are most certainly a group of individuals that but for the FTO moniker, would already have been placed or accepted by countries anywhere around the world, i.e. the threat of harm for returning to their home Iran is so great they cannot be forced to go back. So presumably, the US is afraid to remove them from the FTO list or accept any of them b/c they pose a threat to our security.

Mix in the current situation with the Iranian regime and it really is a mess.

Add presidential politics to this.

Edward Luce predicts in Sunday’s Financial Times that during tomorrow’s Republican presidential candidates debate, there will be a commercial “calling on Mr. Obama to remove the MEK – the Mujahideen e-Khalq, the armed Iranian opposition group – from the US list of foreign terrorist organizations.”


February 20, 2012

George Washington: A few words, Sir!

Filed under: General Homeland Security — by Philip J. Palin on February 20, 2012

Today we recognize President Washington’s birth (February 22 is his actual birthday). Following are a few quotes of our first president loosely relevant to homeland security.

Few people know the predicament we are in, on a thousand accounts; fewer still will believe, if any disaster happens to these lines, from what cause it flows.

We are apt to run from one extreme into another. To anticipate & prevent disasterous contingencies would be the part of wisdom & patriotism.

Of all the animosities which have existed among mankind, those which are caused by difference of sentiments in religion appear to be the most inveterate and distressing, and ought most to be deprecated.

Happy, thrice happy shall they be pronounced hereafter, who have contributed any thing, who have performed the meanest office in erecting this stupendous fabrick of Freedom and Empire on the broad basis of Independency; who have assisted in protecting the rights of humane nature and establishing an Asylum for the poor and oppressed of all nations and religions.

Avoid the necessity of those overgrown military establishments, which, under any form of government, are inauspicious to liberty, and which are to be regarded as particularly hostile to Republican Liberty.

When one side only of a story is heard and often repeated, the human mind becomes impressed with it insensibly.

It may be laid down, as a primary position, and the basis of our system, that every citizen who enjoys the protection of a free government, owes not only a proportion of his property, but even of his personal services to the defence of it.

February 18, 2012

Syria on Saturday

Filed under: International HLS,Radicalization,Strategy,Terrorist Threats & Attacks — by Philip J. Palin on February 18, 2012

Earlier today several thousand residents of Damascus participated in a funeral procession as an act of defiance aimed at the Assad regime. As of 0600 (Eastern) there are several breaking news stories of mourners being killed. According to the Associated Press:

Syrian troops have fired on mourners taking part in a massive funeral procession in the capital… Several people were wounded by gunfire in the Damascus neighborhood of Mazzeh. Tear gas was also fired on the Saturday procession mourning three people killed by security forces following protests in the area a day earlier. An eyewitness who spoke on condition of anonymity for fear of reprisals said the procession numbered around 15,000.

Thursday the United Nations General Assembly voted to condemn human rights violations by Syrian authorities. The resolution was passed with 137 nations in favor, 12 against, and 17 abstentions.

According to a UN statement:

The Assembly called on Syria to abide by its obligations under international law, and demanded that the Government, in line with the 2 November 2011 Action Plan of the League of Arab States, and its decisions of 22 January and 12 February 2012, without delay, stop all violence and protect its people, release all those detained during the unrest, withdraw all armed forces from cities and towns, guarantee peaceful demonstrations and allow unhindered access for Arab League monitors and international media.

The language of the resolution closely mirrored that of a text vetoed by China and the Russian Federation in the Security Council two weeks earlier…

By other terms of the text adopted today, the Assembly expressed its full support for the Arab League’s decision to facilitate a Syrian-led political transition to a democratic, pluralistic political system, including through a “serious political dialogue between the [Syrian Government] and the whole spectrum of the Syrian opposition”. Reaffirming its strong commitment to Syria’s sovereignty, independence, unity and territorial integrity, it further reaffirmed that all Member States “should refrain in their international relations from the threat or use of force against the territorial integrity or political independence of any State”.

Perhaps in response to the United Nations action, on Friday Syrian forces seemed to step up their action. According to The Daily Star (Lebanon):

Syrian troops intensively shelled rebel-held neighborhoods in the restive central city of Homs Friday and killed at least five people, activists said… Activist groups said tens of thousands of protesters poured into the streets after Friday prayers from Daraa in the south to Aleppo and Idlib in the north and Deir el-Zour in the east to areas around the capital Damascus. The Local Coordination Committees said security forces opened fire on some protests.

According to the Sydney Morning Herald (Australia), “Syria has become a magnet for foreign fighters, with al-Qaeda aligned jihadists streaming across the border from Iraq and rebel soldiers from the Libyan city of Misrata crossing in from Turkey…”

In testimony on Thursday to the Senate Armed Services Committee, Director of National Intelligence, James Clapper, said, “We believe that Al Qaeda in Iraq is extending its reach into Syria.”

During a British-French summit held in Paris on Friday there was considerable nostalgia for the entente cordiale that contributed so much to toppling Qaddafi. But Prime Minister Cameron and President Sarkozy were also clear on preconditions to any military intervention in Syria. According to The Guardian, “Cameron said the situation in Syria was “appalling” and said the government was “butchering and murdering its own people”. He said that Syria was different to Libya in three ways: in Libya the west had a UN resolution, the Arab League was calling for action, and the opposition represented the whole country, he said.”

From The Telegraph’s report on the Paris summit:

They did not rule out joint military action in Syria but said the current circumstances were not right. “The main obstacles are not to do with such and such country’s attitude at the UN,” Mr Sarkozy said. “The fact is we cannot bring about a revolution without the Syrian people. We cannot bring this about if the Syrian opposition does not unite and organise to help us help them.”

There is increasing international discussion of a “protected zone” in Northwest Syria to incubate a more unified opposition. Many are pointing to Idlib province immediately adjacent to Turkey. The Free Syrian Army has had more freedom of movement in Idlib than in most other venues.

But Turkey — essential to the survival of any such enclave — has made it clear it prefers what it calls a “Mediterranean corridor.” According to the Sabah newspaper (Turkey):

Foreign Affairs Minister Davutolu has already relayed his concerns to U.S. Secretary of State Hillary Clinton. Ankara is in favor of a humanitarian aid corridor being established via the Mediterranean and suggests that instead of designating a route through Turkey, the British base in Cyprus be used for this purpose.

In this morning’s edition of Hurriyet (Turkey) Illan Tanir writes,

One of the biggest obstacles preventing the international community from giving a decisive outside push to overthrow Bashar al-Assad is its inability to see a viable, unified alternative for the post-Assad period… The U.S. in particular has played a significant role in attempting to unify the Syrian opposition, by conditioning their recognition of the SNC as the legitimate government of Syria on providing more assurances towards minority groups. The U.S. has been engaged in facilitating talks to unify the Syrian opposition since before the SNC’s formation, and it was the main organizer of the talks between the SNC and KNC last month. The U.S. appears to be the only power with interest in pulling this off in a non-sectarian manner, as especially Qatar and Saudi Arabia, in one way or another, have interests in supporting Sunni Islamist groups.

On February 24 Tunisia will host a meeting of the “Friends of Syria”. Much will depend on how effective these friends are in convincing the various Syrian enemies of Assad to be friends with each other.

February 17, 2012

Cybersecurity Act: Collaboration v. Compliance?

Filed under: Congress and HLS,Cybersecurity,Private Sector — by Philip J. Palin on February 17, 2012

On Valentine’s Day the Senate Homeland Security and Governmental Affairs Committee released a proposed Cybersecurity Act of 2012.  The Committee’s Chairman, Joseph Lieberman (I-CT) and ranking member, Susan Collin’s (R-ME) are co-sponsors.

The roll-out has been impressive.  Check out the Committee’s website for gobs of additional background.  All-star testimony was taken on Thursday.

My HLSWatch colleague, Jessica Herrera-Flanigan has authored a persuasive piece for Roll Call pushing for quick adoption.  Rapid approval by the Senate is a big part of the legislative strategy.

Every cyber-specialist, like Jessica, I have communicated with supports the legislation.  Those on the Hill who have come out against are – so far – objecting mostly to procedural or cost concerns. (The best political update I could find on Friday morning is from Ellen Nakashima at the Washington Post.)

Yesterday I used a cross-continent flight to read the 205 pages of statutory prose.  Politico called it a “door-stop of a bill.”

Taken at face-value the language could hardly be more benign.

The clear intent is to prevent when possible – and mitigate when prevention is not possible – “the risk of national or regional catastrophic damage within the United States caused by damage or unauthorized access to information infrastructure…”

To achieve this and similar goals the legislation frames and facilitates a rather intricate process of private-public consultations, information exchange, risk analyses, certification, audits, education, research, and exercises.

In a whole host of ways the language implicitly – but quite obviously – acknowledges that cyber security is not possible without extraordinary – just for emphasis: extra-ordinary – cooperation between government and the private sector and between various elements of the private sector.

As a result, the proposed legislation goes to amazing lengths to encourage information exchange on cyber threats, vulnerabilities, and more.  For example, here are three sections of Title VII Information Sharing (page 163):

(d) EXEMPTION FROM PUBLIC DISCLOSURE.—An cybersecurity threat indicator disclosed by a non-Federal entity to a cybersecurity exchange under subsection (a) shall be— (1) exempt from disclosure under section 552(b)(3) of title 5, United States Code, or any comparable State law; and (2) treated as voluntarily shared information under section 552 of title 5, United States Code, or any comparable State law.

(e) EXEMPTION FROM EX PARTE LIMITATIONS.— Any cybersecurity threat indicator disclosed by a non-Federal entity to a cybersecurity exchange under subsection (a) shall not be subject to the rules of any governmental entity or judicial doctrine regarding ex parte communications with a decision making official.

(f) EXEMPTION FROM WAIVER OF PRIVILEGE.—Any cybersecurity threat indicator disclosed by a non-Federal entity to a cybersecurity exchange under subsection (a) may not be construed to be a waiver of any applicable privilege or protection provided under Federal, State, tribal, or territorial law, including any trade secret protection.

Please, please, please let us know when you are in danger, we promise not to hold you accountable. The federal government is made into a worried parent trying to protect a troubled teenager.

No one tells me the cyberthreat is overdone.   Most tell me it is already worse than is generally known. Threats, vulnerabilities, and consequences are expected to grow.

Everyone seems ready to agree – at least behind closed-doors – the legislation is well-intended and designed to tee-up a meaningful process of private-public consultations, not pre-ordain the results of that consultation.  If anything, many cybersecurity mavens find the proposed language entirely too tentative and toothless.

But one Chief Information Officer I talked with calls the bill a “Trojan horse, superficially attractive and deeply dangerous.”  According to this person the legislation is fundamentally flawed because it moves the focus of discussion from collaboration to compliance.  “As soon as compliance is the agenda,” he says, “the lawyers take over. We will hardly ever see a technologist again.  That’s not what we need.  They are going to replace a messy, difficult, but realistic process of collaboration with an orderly and mostly meaningless process of certification and compliance.  Risk management is hard.  Compliance is easy.  In one case you invest in real outcomes, in the other you create a legally defensible illusion.”

When I outlined the CIO’s critique to a self-defined “Hill Rat” (and lawyer) who has been involved in cybersecurity, he responded, “The lawyers are already too involved.  That’s been a problem.  It’s been easy for government relations people to show up.   We need CIOs, CTOs, CFOs, COOs, and CEOs.  One way to read the legislation is as a small but very sharp blade to cut through the veil of lawyers behind which too many of our cyber-assets are obscured.  No one wants to regulate, but we need to get real about the risk.”

As the Congressional staffer continued he went even further, “You know what?  This is really an anti-regulation bill. Unless we do something like this and get much better at the drill than today, a major system is going to be taken down and people will die.  Russian mafia, Iranian Quds, Chinese class project – who knows who?  Then just imagine the rush to regulation.”

Maybe I am overly influenced by two men who were each speaking with evident candor and concern.   But I come away thinking they are probably both right.

The issue is not so much current Congressional intent as longer-term execution.  Whenever legislation is adopted, how can we keep the focus on substantive collaboration?  Next Friday I will offer a suggestion.

February 16, 2012

Friend Big Brother? Let Homeland Follow your Tweets?

Filed under: General Homeland Security — by Jessica Herrera-Flanigan on February 16, 2012

This morning the Committee on Homeland Security’s Subcommittee on Counterterrorism and Intelligence will hold a hearing entitled “DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy.”   The hearing comes on the heels of several revelations about the government’s increasing surveillance of such sites as Facebook, Twitter, and blogs (including Homeland Security Watch).

DHS has been engaged in monitoring social media sites since at least 2010 to provide situational awareness and strengthen its common operating picture.   The effort is run through the  Office of Operations Coordination and Planning (OPS), National Operations Center (NOC), and is entitled “Publicly Available Social Media Monitoring and Situational Awareness (Initiative).” Last month, the DHS Privacy Office issued a Privacy Impact Assessment for the initiative, which can be found here.

DHS apparently uses social media monitoring to assist it with responses to major disasters (e.g. Haiti earthquake) and major events (e.g. border security around the 2010 Winter Olympics).  It also uses its Initiative to monitor comments about the agency and the government, including comments that were critical of DHS and the government more broadly.

The FBI also has jumped on the social media monitoring bandwagon, issuing a Request for Information, which has a due date of February 20th for “conducting market research to determine the capabilities of the IT industry to provide a social media application.”  Among the tasks it wants help with are search capabilities, automated filtering, mapping, and the like which would help analysts analyze social media to provide warning and detection capabilities, as well as geospatially locate bad actors.   They would also help analysts predict activities, so as to provide proper response capability.

Other agencies who have dabbled in the social media monitoring space include the Federal Reserve, the Departments of Defense and State, and the Director of National Intelligence.  We can expect other agencies to come forward with an interest in entering this realm (or acknowledging their existing plans).

There are good reasons for government agencies to want to monitor social media.  First of all, it can assist law enforcement and homeland security entities with crisis management, especially in determining where assistance is needed. For example, with D.C.’s earthquake last year,  cell service was sketchy as networks were overwhelmed.  Twitter and Facebook messages on what people were seeing and experiencing thrived.  There is a predictive value in using social media monitoring tools to gather information that analysts can then take to predict future events.   Lastly, in the reputation management space, agencies can, what some privacy groups fear, use monitoring to track what people are saying about them.  Why would an agency want to do so?  Misinformation abounds on the Internet and in social media (I think I read that on a blog somewhere).  Agencies having the capability to counter that misinformation is critical.

Also, an important fact to remember in the social media monitoring space, is that, at least from what has been made public, agencies are monitoring those spaces that are “open” to the public  and others.   How is that different than government officials attending public rallies or events to hear what is being said?  If agencies are crossing into monitoring tweets or Facebook pages that are protected, that raises a different set of legal and Constitutional issues.  But my understanding is that is not the case — the material is open source.

Why its understandable that individuals would be fearful of agencies gathering intelligence on how they exercise their free speech rights, the age of social media has also changed the rules of engagement in some ways.  While we should protect privacy, we should not unnecessarily hamper our government’s ability to look at information that our voyeuristic neighbor could just as easily obtain through a few clicks and searches.




February 15, 2012

Love Is Not Enough

Filed under: Budgets and Spending,State and Local HLS — by Mark Chubb on February 15, 2012

You may have noticed that I have become a bit less regular about posting in my usual Wednesday slot of late. This reflects the combined effect of having too few cogent ideas about what to say and too little spare time to reflect on expanding the list.

The shortage of time arises largely from the demands of my day job as a local fire chief. If you ask the firefighters who work for me, they would probably tell you that the lack of cogent ideas is also closely connected to the job. As they like to tell me, CHAOS stands for Chief Has Arrived On Scene.

I’d like to think I am just as capable of coming up with something insightful and useful to say as I ever was. But that may be less true than I would like to admit.

Lately, the nasty issues swirling around me in my day job have come attached to people with equally nasty attitudes. People in local government are feeling very fearful and stressed about the future of their jobs. Although I would like to reassure them that things will turn out alright, they wouldn’t believe me even if it was true. And it may not be.

The little fire district I work for grew up too quickly. Now a fully-paid, career fire and rescue service employing almost 70 people, it was a volunteer outfit composed of civic-minded citizens for much of its existence. The real change began in the 1980s and 1990s when property values started to climb and development intensified. A municipal incorporation formalized governance of a part of the district, but much of it remains unincorporated even today. As the district took on paid employees, they gradually displaced the volunteers. Union representation of these employees means constant vigilance for evidence of skimming work, which means volunteers will probably never return.

Instead, the represented employees seem most likely to either work themselves out of a job or drive their employer to insolvency. It should be clear enough without much effort or thought that the first option is not terribly likely. The alternative may be on the horizon, but efforts to delay the inevitable reckoning have worked so well so far that few people believe it is actually possible.

A careful examination of how this has come to pass is pretty informative. First, firefighters have been incredibly effective at making themselves look busy, if not useful. An ever decreasing fraction of their work involves fighting or preventing fires. Factors beyond their control or ken have seen to it that this work is less necessary now than ever. Emergency medical calls and a host of other responses have filled the void left by decreasing fire activity, and now occupy 70 to 80 percent of fire service workload. The skills required to perform many of these new roles take hundreds of hours to acquire and maintain even when they are rarely used or tested.

This has made firefighters seem indispensable, which brings me to my second observation. When I was a kid, firefighters were respected, but not really revered. There was rarely a long line of applicants competing for jobs in the fire department. The work was dirty, hard, poorly paid and involved impossibly long hours. (and this remains the case in many other countries.) That changed quickly here starting in the 1970s. Today, firefighters in my community like many others earn salaries far above the median household income. And we work for a reasonably well-off community, so that’s saying something. You don’t have to look hard for evidence of how well-paid our firefighters are. The parking lot tells quite a tale, as my wife’s unemployed city planner friends have remarked on more than one occasion.

Unlike the volunteers they replaced, few of the firefighters in my agency live in the community they protect. A few live more than 100 miles away. The 48-hour work schedule accommodates this, and few demands beyond attending calls, training and performing routine maintenance means such long shifts present few hazards. Despite their unusual work schedules, firefighters in my agency get ample time-off. Our average employee works just a little more than 42 hours per week after vacation, holidays and other time adjustments.

By making themselves available to handle almost anything anyone might think to throw at them, firefighters have managed to do what no other public servants have yet accomplished: While much of the public loathes government, citizens love firefighters and rarely think of them as government employees. In fact, many people have no idea that the people protecting them are paid, much less paid well. Many people seem genuinely surprised when they learn that the firefighters work around the clock.

How could this have escaped their attention? Easily it turns out.

This brings me to my last observation: Firefighters show up. Always.

With all due respect to my friends the police, this is not true even of other emergency services. We have become so accustomed to waiting for service and not getting what we really want when it does arrive that we are genuinely surprised and generally delighted when someone responds at all.

Because firefighters have taken it upon themselves to be indispensable, they almost always look busy. Even when they aren’t particularly effective.

Truth is, we aren’t much more effective at putting out fires than we were right after they replaced the horses with motorized fire engines. Even now, if a fire gets a good enough head-start in any building, we will always play catch-up, which means waiting for the fire to consume enough fuel and get small enough again that we can put it out with the water and personnel available. Sometimes, I think the more overmatched we are, the more overwhelmed we look, the more impressed people are with our performance.

Fires don’t much care whether we have a good attitude or a bad one. When firefighting was all we did, I knew a lot of firefighters you wouldn’t want to take out in public. With the advent of emergency medical service, we have had to emphasize the soft-side. Firefighters these days are experts at displaying empathy. As such, they endear themselves to almost everyone they encounter. In the small number of instances where this does not happen, the other party often comes across worse, so firefighters can get a free pass even when they might not deserve one.

All of this may seem pretty cynical. And it probably is. People may love firefighters, but this economy has meant giving up a lot of other things we love. If firefighters become too expensive, they too shall pass. And their lack of strong connections in the communities they serve will be what decides their fate.

This should concern homeland security professionals if only because they too have come to depend on firefighters’ willingness to take on added jobs. If not firefighters, then to whom shall we turn to protect our communities?

February 14, 2012

The Never-Ending Story of BioScarity Concerns

Filed under: Biosecurity — by Alan Wolfe on February 14, 2012

There have been so many terms developed over the course of the last twenty years to describe the confluence of biotechnology, warfare, and terrorism. It used to be enough to call it “biological defense” against biological warfare agents. Then we had to worry about “bioterrorism,” since we’ve had a total of two actual bioterror cases in the United States over the past 30 years. So then we started talking about “biosecurity” concerns, which seemed pertinent due to the immense chicken and pig processing factories in the United States, where their owners had to worry about losing their livelihood due to a possible invasion of a foreign animal-transmitted virus. Because of all the DHHS and DHS grants, BL-2 and BL-3 laboratories started springing up across the nation, calling for concerns about “biosurety” procedures.  As Professor Barry Kellman observes, we need to be worried about “bioviolence,” don’t we?

So I want to invent a new word, too.

I think we need to be concerned about “BioScarity” tactics, a phenomena seen when uninformed journalists and political pundits deliberately try to scare the public through technical discussions about biological diseases and the possibility that terrorists might “harvest” one to use against the public.

Yes, we have to be concerned that terrorists are sending their minions with Petri dishes into the deepest parts of Africa for the sole purpose of capturing rare and exotic species of disease, because it is just so hard to make an impact on society if you can’t cause a mass extinction event. At least, that’s what I’ve gathered from Huffington Post reporter Lynne Peeples in her article,  “Bioterrorism Funding Withers As Death Germs Thrive in Labs, Nature.”

Wow. What an attention grabber.

It’s hard to consider how the U.S. government has spent (on average) more than five billion dollars each year since 2003 on this specific topic, which is more than the Department of Defense spends on protecting its service members from all military chemical and biological warfare agents (which is currently around $1.5 billion/yr).

And nothing should stop your wandering eyes more than the term “death germs” – it’s as if every one of the thousands of biological organisms being studied out there are just waiting to break out and cause a world-wide contagion. That is, unless you considered how the annual influenza bug kills less than one percent of those infected.

You know, details like that.

Peeples makes her case for the article’s title in one aspect, which is kind of hidden. She believes that state and local public health funds have “plummeted” since 9/11, and since they are the “first line of defense,” this is a Bad Thing.

I suppose that an economic recession, combined with budget decisions by federal and state agencies to reduce the amount of money coming into their coffers, and the more relevant threat of pandemic influenza as compared to the theoretical threat of bioterrorism, has had nothing to do with this trend.

But I digress.

I’m attacking the journalist who unwittingly became the pawns of the bioterror profiteers – those people most interested in ensuring that we, the public, remain terrified of the potential of something that hasn’t happened but twice in the last 30 years. Take this paragraph in the article:

This means a terrorist may need few tools, little training, minimal money and no published blueprint to harvest a superbug and then unleash it in food, water, air or via insect vectors such as fleas or mosquitos. “As a normal person, you can collect anthrax in Texas soil or ebola in Africa by hunting down a monkey,” says Ramon Flick, chief scientific officer at BioProtection Systems Corp., which develops anti-viral vaccines. “It’s so easy to get a potential bioterror agent in your hands.”

Yes, it really is so easy.

That explains all the failed attempts by disgruntled individuals and terrorist splinter groups to develop ricin from castor beans and all of the “white powder” alarms that occur in the thousands all over the world. It’s all because “it’s so easy to get a potential bioterror agent.”

And what would a contemporary article on “death germs” be without referencing the recent attempt by Dutch scientists to examine how avian flu might mutate to a transmissible virus that could impact humans?

She waffles on the issue – it’s just so hard to judge. On the one hand, the public health benefits of understanding how avian flu might mutate are important. On the other hand, George Koblentz of George Mason University notes, “we still shouldn’t be going around making new versions” of deadly viruses without fully considering the possible implications. Modern day life is just so complicated.

I honestly wonder about the quotes attributed to the “biosecurity experts” in this article, whether they are really that naïve to believe that more funding for public health and a global biosurveillance center will somehow allow us to avoid a “biological Chernobyl” caused either by Mother Nature or terrorists.

I don’t believe in any way that there were any intelligence indications of a “second event” after 9/11 that would involve biologics, as D.A. Henderson is quoted to say. If Ellen Gurksy believes that there is an “insidious erosion” of biodefense funding, then I kind of wonder about the continued federal funding for all of the public health and biodefense programs at DHHS, which haven’t decreased since 2003.  I think that if your mindset is like Scott Lillibridge, that we have to be “ready for anything,” then we’ll bankrupt the federal budget for threats that don’t exist yet, while ignoring all of the many other public health hazards that kill tens and hundreds of thousands of Americans every year.

I’ll just end this by noting, you can’t expect medical experts alone to advise us on how the U.S. government should protect the public from the potential threat of emerging infectious diseases and biological terrorism.

They’re really not good at developing realistic proposals that can be integrated into the practices and efforts of the larger homeland security enterprise. Their myopic focus on a singular threat without regard to threat source, funding constraints, regulations and authorities, doesn’t help us move forward.

We need a more objective and less sensationalistic view to address this real concern.


February 13, 2012

First blush look at the DHS budget

Filed under: Budgets and Spending,DHS News — by Philip J. Palin on February 13, 2012

An online version of the full 200 plus page President’s budget proposal is available from the White House.  The Department of Homeland Security budget proposal starts on page 117.   The total DHS budget amount is nearly the same as last year.  There are, however, some important internal shifts.

Homeland Security Funding Highlights per White House and OMB (direct quote from budget proposal):

Provides $39.5 billion,a decrease of 0.5 percent or $191 million,below the 2012 enacted level.The Budget continues strong investments in core homeland security functions such as the prevention of terrorist attacks,border security,aviation security, disaster preparedness, and cybersecurity.

Savings are created through cuts in administrative costs and the elimination of duplicative programs.The Budget also supports disaster relief through a cap adjustment, consistent with the Budget Control Act.

Makes $853 million in cuts to administrative categories including travel, overtime,and fleet management,and eliminates duplicative and low-priority programs.

Maintains frontline homeland security operations, supporting 21,186 Customs and Border Protection officers and 21,370 Border Patrol agents to facilitate legitimate travel and the movement of goods while strengthening border security.

Supports the recovery of States and communities that have been devastated by disasters and emergencies with $6.1 billion for FEMA’s Disaster Relief Fund, which includes $5.5 billion in disaster relief cap adjustments pursuant to the designation established in the Budget Control Act.

Strengthens Government cybersecurity by providing $769 million to improve security of Federal civilian information technology networks while enhancing outreach to State and local governments and critical infrastructure sectors.

Promotes innovation and economic growth by providing $650 million to fund important research and development advances in cybersecurity, explosives detection, and chemical/biological response systems.

Eliminates duplicative, stand-alone FEMA grant programs, consolidating them into a new National Preparedness Grant Program to better develop, sustain,and leverage core capabilities across the country while supporting national preparedness and response.

Aligns resources with risk in immigration detention by focusing on criminal aliens, repeat immigration law violators, recent border entrants, immigration fugitives,and other priorities,and expanding resources for electronic monitoring and intensive supervision.

Initiates acquisition of a new polar ice breaker and continues recapitalization of Coast Guard assets, including $658 million to construct the sixth National Security Cutter.

End of quote


Earlier today, practically simultaneous with the release of the President’s budget,  DHS distributed to many previous grant recipients guidance that will administratively advance the consolidation of FEMA grants referenced above.

Next Page »