Homeland Security Watch

News and analysis of critical issues in homeland security

March 9, 2013

The answer to that (specific) question is no

Filed under: Legal Issues — by Philip J. Palin on March 9, 2013

March 8, 2013

Snowquester: Prevention was wise (as far as human wisdom goes)

Filed under: General Homeland Security,Preparedness and Response,Risk Assessment — by Philip J. Palin on March 8, 2013

On Wednesday the threat of snow shut down much of DC.  Very little snow penetrated the Beltway.   In the wake of the “unnecessary” shut-down has come a blizzard of second-guessing.

I perceive three broad critiques:

Bad Intelligence Analysis (in this context called weather forecasting):  From a late February blogpost by weather-geek Cliff Mass, “U.S. numerical weather prediction is lagging behind the European Center and others–a diagnosis pretty much universally accepted in my field. I listed some of the reasons: inferior computers, poor management, lack of effective leadership, inability to tap the large U.S. weather research community, and others.” (At the Cliff Mass Blog you will find thoughtful self-critical analysis of the weather profession specific to the Snowquester).

Poor Communication between Intelligence Community and Decision-makers: “We made our decisions based on, unfortunately, faulty weather predictions,” said Pedro Ribeiro, spokesman for D.C. Mayor Vincent C. Gray (D). “You can’t really blame the government officials for using the data the scientists gave them.”  More self-critique from the Weather Gang, “Communication of uncertainty is something the entire weather forecasting community should strive to improve… One of the reasons, as we get closer to the onset of the storm, that we drop some uncertainty information is that some readers want to know the bottom line, without qualification. They view scenarios and percentages as “cop-outs.” Ultimately, there has to be a sweet spot, where we can effectively communicate uncertainty concisely and effectively while also presenting a most likely forecast. We’re constantly working to find that and came up short in this last case.”

Over-dependence on Signal Intelligence (weather models) contrasted with Human Intelligence (common sense):  A reader comment posted on the Weather Gang’s blog, “Driving my car on Tuesday afternoon I listened to dire predictions of snow for Wednesday. Somehow I couldn’t equate the fifty six degree reading on my dashboard thermometer with the supposed 5-10 inches of snow set for the next day. Do weather forecasters ever engage in predictions that include going outside?  Sorry, my mistake I referred to them as weather forecasters and of course we know it’s weather guessers.”

Meanwhile about thirty miles west of the Beltway– and admittedly a thousand feet higher — the snow accumulated to over ten inches and power was out for tens of thousands.

Uncertainty can be denied, but it persists.  There is no “sweet spot”.  Humans cannot communicate clearly enough for everyone to accurately hear.  Many will not even listen.

Randomness is fundamental reality.  Perceiving patterns is possible, but precise prediction should not — cannot — be depended upon.  We have some important control along the margins, but we should not fool ourselves into overestimating  our capacity.  On a global scale a thirty mile margin is pretty impressive.

We will fail in both directions.  This time we seem over-cautious.  Some day soon we will seem neglectful.  There are consequences both ways.

The readiness to self-critique demonstrated in this instance is encouraging.  We should learn what we can.  But it is a profound error — the ultimate in tragic hubris — for any of us to expect perfection of ourselves or others.

March 7, 2013

Issues in Homeland Security Policy for the 113th Congress

Filed under: Congress and HLS — by Christopher Bellavita on March 7, 2013

Congressional Research Service (CRS) published its outline of homeland security issues facing the 113th congress.  You can find a copy of the 70 page CRS report on the Federation of American Scientists’ CRS homeland security reports page.

Here is a direct link to the report:  http://www.fas.org/sgp/crs/homesec/R42985.pdf

From the Introduction:

This report outlines an array of homeland security issues that may come before the 113th Congress. After a brief discussion of the overall homeland security budget, the report divides the specific issues into five broad categories:

• Counterterrorism and Security Management,

• Border Security and Trade,

• Immigration,

• Disaster Preparedness, Response, and Recovery, and

• Departmental Management.

Each of those areas contains a survey of topics briefly analyzed by Congressional Research Service experts. The information included only scratches the surface on most of these issues.

More detailed information can be obtained by consulting the CRS reports referenced herein, or by contacting the relevant CRS expert.

 

On a related topic, here’s my favorite Doonesbury report on CRS (click for a larger image):

March 6, 2013

Our secular Trinity: supply chain, critical infrastructure, and cyber security

Filed under: Cybersecurity,Infrastructure Protection,Private Sector,Risk Assessment,Strategy — by Philip J. Palin on March 6, 2013

Above from the conclusion to Zorba the Greek, please don’t watch and listen until reading post, then it might make some sense.

–+–

Late Tuesday a third key component in an emerging national strategic architecture was highlighted on the White House website.  The Implementation Update for the National Strategy for Global Supply Chain Security outlines progress made (and if you read carefully between the lines, problems experienced) over the last twelve months since the Strategy itself was released.

This update — and the original National Strategy — should be read along side Presidential Policy Directive: Critical Infrastructure Security and Resilience (February 12, 2013) and the Executive Order: Improving Critical Infrastructure Cybersecurity (February 12, 2013).

Together these documents frame a new Trinitarian order: three distinct strategies of one substance, essence, and nature. Trade depends on production, transport of goods and communication of demand.   We can also say economic vitality depends on these factors.  Often  life itself depends on these mysteriously mutual movements.

The Supply Chain is a particular manifestation of the mystery that benefits from specific attention.   Most minds will not immediately apprehend the wholeness of  cyber, critical infrastructure and supply chains.   A purposeful focus can help. But the Implementation Update is explicit regarding the connections and — much more than connections — the interdependence and indivisibility of the Strategic Trinity:

Priority actions include… building resilient critical infrastructures by creating new incentives… to encourage industry stakeholders to build resilience into their supply chains, which then strengthens  the system overall; mapping the interdependencies among the supply chains of the various critical infrastructure sectors (such as energy, cyber, and transportation); and creating common resilience metrics and standards for worldwide use and implementation.

There are, however, heretics.  Personally I tend toward a Unitarian perspective.   Others insist on the primacy of Cyber or of Critical Infrastructure. Some others recognize the relationship of Cyber and Critical Infrastructure but dismiss equal attention being given to Supply Chain. There are also “Pentecostals”, especially among the private sector laity, who celebrate Supply Chain almost to the exclusion of the other aspects of the Trinity.  I might extend the analogy to principles of Judaism, Islam, and other worldviews.  I won’t. (Can I hear a loud Amen?)

If this theological analogy is not to your taste,  then read the three policy documents along side a fourth gospel: Alfred Thayer Mahan’s  The Influence of Seapower Upon History.  Admiral Mahan wrote:

In these three things—production (with the necessity of exchanging products) shipping (whereby the exchange is carried on) and colonies (which facilitate and enlarge the operations of shipping and tend to protect it by multiplying points of safety)—is to be found the key to much of the history, as well as of the policy, of nations…

The functional benefits of colonies have been superseded by the signaling capabilities of multinational corporations, global exchanges and transnational communication, but the Trinitarian structure persists. Mahan called the Sea the “great common” from which and through which “men may pass in all directions, but on which some well-worn paths show that controlling reasons have led them to choose certain lines of travel rather than others.”

Around these lines of travel, civilization is constructed, information is exchanged, and trade is conducted.   A bridge (critical infrastructure) may determine the direction of trade (supply chain), but the information and money exchanged (cyber) in the village beside the bridge may send supply in previously unexpected directions.   Today the bridge may be a digital link, the village an electronic exchange, and the product an elusive formula for the next new wonder drug.  But still the three must work together.  Corruption or collapse of one aspect will unravel the other two.

Our secular trinity is not eternal. There are ongoing sources of corruption.  There are prior examples of collapse.

I was involved in some of the activities and consultations noted in the Implementation Update.   Some personal impressions:  Many government personnel are predisposed to control.  Many in the private sector have a deep desire for clarity.  Each tendency is understandable.  Each tendency is a potentially profound source of dysfunction.   I know this is not exactly a surprise.

But… the desire for clarity can easily become reductionist, even atomist.  Imposing such radical clarification leads to a kind of analytical surrealism.   Some “lean” supply chains are absolutely anorexic.    The desire for control is justified by (sometimes self-generated) complication.  The more complicated the context, the more — it is said — that control is needed.   The more the laity seeks to deny complexity, the more the priests justify the need for their control.   Both tendencies miss the mark. (Sin in Hebrew is chattath, from the root chatta, the Greek equivalent is hamartia. All these words mean to miss the mark.)  The purpose of our secular Trinity is to hit the mark when, where, and with what is wanted.

There is at least one explanation  of the sacred Trinity relevant to our secular version.  John of Damascus characterized the Trinity as a perichoresis — literally a “dance around” — where, as in a Greek folk dance, distinct lines of dancers (e.g. men, women, and children) each display their own steps and flourishes, but are clearly engaging the same rhythm,  maintain their own identity even as each line dissolves into the others… in common becoming The Dance.

Rather than obsessive control or absolute clarity, the Trinity is a shared dance.  We need to learn to dance together.

Just getting private and public to hear the same music would be a good start.

March 5, 2013

Knives on planes again. Well, some knives.

Filed under: Aviation Security — by Christopher Bellavita on March 5, 2013

The Transportation Security Agency blog says some knives and some sporting equipment will be allowed back on planes, in late April.

According to the announcement,

…the following items [will be permitted] in carry-on bags [and presumably — for knives — in one’s pocket] beginning April 25th:

  • Small Pocket Knives – Small knives with non-locking blades smaller than 2.36 inches and less than 1/2 inch in width will be permitted
  • Small Novelty Bats and Toy Bats
  • Ski Poles
  • Hockey Sticks
  • Lacrosse Sticks
  • Billiard Cues
  • Golf Clubs (Limit Two)

The change “is part of an overall Risk-Based Security approach” whose hermetically mysterious internal analytics can distinguish between the risks associated with a 6 centimeter, half inch wide, non-locking blade; and the risks created by a 7 centimeter, three-quarter inch wide, locking blade.

Maybe there is some science behind the metric.  But if the decision process was similar to many of the early TSA decisions Kip Hawley described in his book Permanent Emergency: Inside the TSA and the Fight for the Future of American Security, there may have been more BOGSAT involved than science.

Whatever the rationale, for those who look at carrying knives as a 2nd Amendment right, a bit of pre-9/11 freedom is coming to an airport near you on April 25th.

It’s probably not a coincidence April 25th was selected to allow knives to return to flight. It is the 329th anniversary of the first patent for a thimble.

The date may also reflect the sense of humor of whoever at TSA decided small knives are an acceptable risk. On April 25th, 221 years ago, Nicolas Pelletier became the first person to be executed by guillotine — a different kind of knife.

 

Here are the TSA-provided pictures outlining the new rules (click on the image to make it bigger):

 

 

Eight homeland security stories

Filed under: General Homeland Security — by Christopher Bellavita on March 5, 2013

Here are the first sentences from eight homeland security-related stories that got my attention last week.

 

1. Watch the New and Improved Printable Gun Spew Hundreds of Bullets (by Robert Beckhusen)

Late last year, a group of 3-D printing gunsmiths developed a key component for an AR-15 rifle that anyone with a 3-D printer could download and make at home. The problem: It only lasted six shots before snapping apart. Now the group is back with a new and improved receiver that can fire more than 600 rounds….

2. US hackers attacked military websites, says China’s defence ministry (Security Law Brief)
02/28/13: The BBC reports hackers from the US have repeatedly launched attacks on two Chinese military websites, including that of the Defence Ministry, officials say. The sites were subject to about 144,000 hacking attacks each month last year, two thirds of which came from the US, according to China’s defence ministry….

3. The Best Books About Biotechnology (by Alexis Madrigal)

I’ve spent the last few weeks creating a syllabus for myself on the world — people, techniques, theory, history — of biotechnology. I’ve talked with some scholars, accepted some Amazon recommendations, and done some rummaging around in bibliographies, but I’m only getting started. I thought I’d list my recent acquisitions here in hopes that you’ll help me flesh my little self-taught course out. You know how to get a hold of me: comments here, @alexismadrigal, or amadrigal[at]theatlantic.com. (Oh, and I’m also looking for journals and blogs that I should be keeping an eye on.)….

4. Climate Change and the Arab Spring (by Will Rogers)

On [February 28], … Caitlin Werrell and Francesco Femia of the Center for Climate & Security …[released] a new study on “Climate Change and the Arab Spring” that “outlines the complex pressures exerted by the effects of climate change on the convulsions which swept through the Middle East in 2010 and 2011, exploring the long-term trends in precipitation, agriculture, food prices, and migration which contributed to the social instability and violence which has transformed the region, and offering solutions for progress.”…

5. NJ Plans Mediation of Disputes Between Consumers and Insurance Companies (by recoverydiva)

One of the impediments to recovery often is due to disputes between homeowners or business owners and insurance companies. We saw that after Hurricane Katrina and we saw it more recently in Christchurch, NZ. This article explains a pending action by Gov Christie of N.J: N.J. to launch mediation program for Hurricane Sandy insurance disputes

6. Phishing Has Gotten Very Good (by Bruce Schneier)

[Ok, more than a few sentences]

This isn’t phishing; it’s not even spear phishing. It’s laser-guided precision phishing:

One of the leaked diplomatic cables referred to one attack via email on US officials who were on a trip in Copenhagen to debate issues surrounding climate change.
“The message had the subject line ‘China and Climate Change’ and was spoofed to appear as if it were from a legitimate international economics columnist at the National Journal.”
The cable continued: “In addition, the body of the email contained comments designed to appeal to the recipients as it was specifically aligned with their job function.”
[…]
One example which demonstrates the group’s approach [to phishing] is that of Coca-Cola, which towards the end was revealed in media reports to have been the victim of a hack.
And not just any hack, it was a hack which industry experts said may have derailed an acquisition effort to the tune of $2.4bn (£1.5bn).
The US giant was looking into taking over China Huiyuan Juice Group, China’s largest soft drinks company — but a hack, believed to be by the Comment Group, left Coca-Cola exposed.
How was it done? Bloomberg reported that one executive — deputy president of Coca-Cola’s Pacific Group, Paul Etchells — opened an email he thought was from the company’s chief executive.
In it, a link which when clicked downloaded malware onto Mr Etchells’ machine. Once inside, hackers were able to snoop about the company’s activity for over a month.

Also, a new technique:

“It is known as waterholing,” he explained. “Which basically involves trying to second guess where the employees of the business might actually go on the web.
“If you can compromise a website they’re likely to go to, hide some malware on there, then whether someone goes to that site, that malware will then install on that person’s system.”
These sites could be anything from the website of an employee’s child’s school – or even a page showing league tables for the corporate five-a-side football team.

[Schneier] wrote [the following] over a decade ago: “Only amateurs attack machines; professionals target people.” And the professionals are getting better and better.

This is the problem. Against a sufficiently skilled, funded, and motivated adversary, no network is secure. Period. Attack is much easier than defense, and the reason we’ve been doing so well for so long is that most attackers are content to attack the most insecure networks and leave the rest alone….

7. Why Sequestration Could Be Good For Airport Passenger Screening (by Justin Hienz)

… the length and speed of security lines at airports are a function of the TSA’s inefficient security methodology, not its budget and staff. Reduced federal funds will magnify this inefficiency, but to claim longer lines are purely a result of budget cuts is a cop-out. Sequestration is actually an opportunity for the TSA to abandon its insistence on screening all airline passengers, which demands extraordinary resources and manpower, and instead adopt a more efficient and effective approach. If it does, budget cuts might be the best thing that ever happened to airport screening….

8. Feds Say Man Deserved Arrest Because Jacket Said ‘Occupy Everything’ (by David Kravets)

A Florida man deserved to be arrested inside the Supreme Court building last year for wearing a jacket painted with “Occupy Everything,” and is lucky he was only apprehended on unlawful entry charges, the Department of Justice says.

The President Barack Obama administration made that assertion in a legal filing in response to a lawsuit brought by Fitzgerald Scott, who is seeking $1 million in damages for his January 2012 arrest inside the Supreme Court building. He also wants his arrest record expunged.

What’s more, the authorities said the former Marine’s claim that he was protected by the First Amendment bolsters the government’s position … because the Supreme Court building’s public interior is a First Amendment-free zone [sic] ….

March 3, 2013

Over your cities grass will grow

Filed under: General Homeland Security — by Philip J. Palin on March 3, 2013

Opening today at the Galerie Thaddaeus Ropac in Pantin, a suburb of Paris, is a group exhibit entitled: Disaster/The End of Days.

From the curator’s catalogue:

The word disaster comes from “disastro” (dis- and astrum, “bad star” or “star out of position,” thought to cause harm). It expresses the notion of catastrophe, decline and destruction, a wholly negative event. The theme of disaster has a rich iconography and set of interpretations, and continues to fascinate contemporary artists. This exhibition looks at current perceptions of disaster through a dialogue between artists from a variety of cultural and social backgrounds, working in media from painting to photography, video and installation.

Ezra Pound claimed that artists are the antennae of the race.   Long-incarcerated at St. Elizabeth’s Hospital (now site of the supposedly or potentially permanent Department of Homeland Security headquarters), the poet also complained “the bullet headed many” do not pay attention to meaning transmitted by the antennae.  Contemporary artists are seldom optimistic.

One of the artists featured at today’s Paris opening is Anselm Kiefer.  The video clip is from a documentary on Kiefer.  MORE.

March 1, 2013

Secretary Napolitano on “What is homeland security?”

Filed under: General Homeland Security — by Christopher Bellavita on March 1, 2013

From “The State of Homeland Security Address with Secretary Janet Napolitano,” on February 26, 2013, at Brookings. [My emphasis, below]

[MS. KAMARCK]: Okay. And finally, at a recent hearing on your Department, researchers at the Congressional Research Services pointed out that 30 other agencies in addition to DHS have homeland security in their missions. And they were critical that there was no consistent federal definition of homeland security. Does this matter?

SECRETARY NAPOLITANO: Well, it would probably be, you know, nice, but it doesn’t really matter in practice. That’s the first I’ve ever even heard that, and I’ve been Secretary four plus years. So it’s certainly not affecting my day-to-day work. (Laughter)

SECRETARY NAPOLITANO: But here’s the thing. Under Homeland Security Presidential Directive 5, HSPD 5, I mean, there’s really a clear outlining of when you have a big complicated event, what is the role of DHS. And BP is a good example of this, which is to coordinate and lead multiple agencies who are responding, and there it was the EPA, and Energy, and Interior just to name a few. 

And we actually for months after the spill at a Cabinet-level, secretaries and the administrators would get twice-daily or once daily on the phone, weekends, it didn’t matter, going through what everyone was doing, what the response was, what some of the big issues were. And that really helped coordinate the response.

And I think, you know, in the aftermath looking back, again you always learn lessons. There’s always things you would do better or differently. But in the context of the largest oil spill of its type, I think really worked well to help mitigate the damage. And we did that after Sandy as well.

So in practice, what we mean by homeland security is what I said. It’s agility. It is the ability to prevent as well as protect. It’s the ability to continue to innovate. That’s what we consider to be homeland security.

And lastly, it is a sense that it is not the responsibility of one government department. It’s not the responsibility solely of the federal government. You have the states that have a critical responsibility. Governor O’Malley is here. Cities have a responsibility. And every single person has a responsibility in the security realm for the safety of themselves, but also of each other.

So trying to in DHS 3.0 inculcate that and just make it — this is one of the things we do, like putting on a seat belt, will be important for us.

 

If you have the time, it’s worth watching the Secretary answer this question (at the 50:40 mark on the video, available on the Brookings site). You can see how she constructs her definition of homeland security as she speaks.

I also liked the look on her face at the 51 minute mark when she thinks about the question and says “That’s the first I’ve ever even heard [about the lack of a consistent federal definition of homeland security], and I’ve been Secretary four plus years. So it’s certainly not affecting my day-to-day work.”

I found Secretary Napolitano’s response to be an interesting example of the gap between the practice and the theory of homeland security.

(Hat Tip to Zach Rausnitz at FierceHomelandSecurity)

« Previous Page