Homeland Security Watch

News and analysis of critical issues in homeland security

June 10, 2013

I am, after all, a republican

Filed under: Legal Issues,Media,Privacy and Security,Terrorist Threats & Attacks — by Philip J. Palin on June 10, 2013

Glenn Greenwald and his colleagues at The Guardian continue to demonstrate the power of  the old school “mainstream media” to set an agenda.   Now we are hearing from Greenwald’s NSA source who explains, “I’m willing to sacrifice all… because I can’t in good conscience allow the US government to destroy privacy, internet freedom and basic liberties for people around the world with this massive surveillance machine they’re secretly building.”

And so, perhaps inevitably, a complicated issue of ethics and politics of the highest order will be personalized and reduced to melodrama.  Which, at least, gives me permission to tell my story.

The only claim I have on anything truly scholarly is a sort of silver-age knowledge of the constitution of late-republican Rome.  This involves the period from about 133 BC to the rise of Augustus (27 BC) when constitutional structures imploded and produced the Empire.  As a young man I read entirely too much Cicero and have carried the burden into old age.  It is a story of freedom thoughtlessly and selfishly sacrificed.

As a result the claims of a “unitary executive” by various players in the George W. Bush administration caused me considerable concern.  A life-long Republican (capital R) I had supported John McCain in 2000 and expected to do so again in 2008.  But in conversation with his national security team (in which homeland security was entirely subsumed) I became increasingly alarmed.

It was not so much what they intended to do.  It was how and why they were going to do it.   The world had, it seemed to them, become too dangerous for due process.  It depended on a few good men (mostly good, mostly men) to do what was needed to defend the nation against attack.   Further, the nation they sought to defend was an abstraction of power and interests that did not, listening carefully, seem to have much at all to do with the Constitution.

So in early 2008 I decided to work for the once-upon-a-time lecturer on constitutional law at the University of Chicago, who — it seemed to me at the time — combined a kind of tough Niebuhrian realism with a disciplined self-restraint that reflected both the Founders and a good slice of Cicero.

Like our NSA contractor/whistleblower/hero/traitor — Mr. Snowden — I suffered the consequences of my choice.  My wife has made the point that if we had given the campaign what we lost because we joined the campaign I might have at least been made ambassador to some obscure corner of the world.  More to the point, a lifetime of personal relationships and professional networks was largely sacrificed.  Even my Dad was disappointed.

Since his election President Obama has been very tough on terrorism or, as he prefers, “violent extremism”.  Several times he has exceeded what I perceive to be his appropriate constitutional role.  Especially in these cases the President has tended to argue that the controversial decision is an exception-that-proves-the-rule.  It may be little more than a fig leaf, but I have appreciated the nod to constitutional decorum even as I recall Augustus was a master of the technique.

Potentially more substantive, the President’s May 23 National Defense University speech called for a more extensive legal framework  that would explicitly limit his own authority and that of future executives.  But other than the classified PPD and other gracious acts of executive self-restraint will anything really change? Right now the speech is as likely to become a footnote — another fig leaf — in future explanations of the eventual collapse of our Constitution under conditions of perpetual war.

In this context I have found the revelations of NSA spying on you and me to be cause for considerable celebration.

Based on what can be known today it would seem that:

  • The spying has been undertaken in accordance with the laws and Congressional oversight — such as it is — has been consistently facilitated.
  • The spying has been undertaken only after judicial review and authorization of narrowly written warrants.
  • The spying has been structured and organized specifically to limit when and how the information is used consistent with the judicial warrants and is extended only with further judicial review.
  • The spying has been exposed by the unofficial fourth branch for public consideration.
  • The spying has caused political enemies who sometimes seem to personally despise each other to share the same or proximate podiums to not only explain the due process exercised in this case but the mysteries of meta-data as well.

What a world!

I regret living in an age when so much of what I do is tracked — and even more is trackable — by a whole host of players.  This is an issue Cicero did not need to consider. It is a temptation to which neither Julius nor Augustus Caesar could succumb.   But this is our reality.  It is not a question of being tracked.  It is an issue of how and why… and what will be done with the results.

And in dealing with the wicked problem of terrorism and the temptation of digital tracking, what we are seeing unfold is the way our Constitution — formal and informal — is supposed to work.  We have elected agents to make judgments on our behalf.  Thanks to Madison and others we have structured our Constitution so that these agents compete with each other.  Through this competition of branches and parties and people a self-restraining, privacy- protecting, freedom-preserving process is cobbled together. Thanks to the First Amendment to our Constitution we have empowered informal agents to hold our elected agents accountable.

As a result, we are given the opportunity to consider difficult issues and to decide how our agents are behaving regarding these issues and whether or not we are prepared to allow them to continue to be our agents.  For me this is the nation.  This is what is worth defending.

June 9, 2013

Onion News predicts the news two years before the news happens

Filed under: Humor — by Christopher Bellavita on June 9, 2013

From the June 7, 2013 New York Times:

In Pakistan’s tribal areas, some said they had long assumed that Internet tools like Facebook, Google and Twitter were really Western surveillance mechanisms. “We have been saying that these forums are Zionist creations to pave the way for a new world order and to keep an eye on people around the world,” said one commander, Ihsanullah Ihsan.

And from The Onion, sometime in 2011:

June 7, 2013

Friday Free Forum

Filed under: General Homeland Security — by Philip J. Palin on June 7, 2013

Wildfires in the West.  Tornadoes in the heartland.  The season’s first hurricane in the Gulf.  Many more hackers in the network.  The NSA in your phone records.  Sectarian divide in Syria.  Mass murders in Nigeria.  Knifes stay off planes. What’s on your mind related to homeland security?

June 6, 2013

Public and Private Cultures: Context, concepts, communication, action

Filed under: Private Sector,Risk Assessment,Strategy — by Philip J. Palin on June 6, 2013

I recently completed a homeland security project with a significant private-public element.  I have begun the assessment process and intend to include a personal note on the issue of “cultural tensions” between the private and public sector.

Following is the first of an expected three or fours posts where I am trying to think through my impressions.  There are empirical findings, but the data can reasonably be interpreted in a variety of ways.  We are left with analysis or interpretation or persuasion.  I would very much value your feedback.  What seems sound and what sounds wrong?  Given your own experience of private-public engagements, what are your questions or alternative answers?

Clearly this is radically reductionist.  At best this is an effort to identify some helpful heuristics.  At worst — well, heuristics are always double-edged.


Perceived Context as a Source of Cultural Differentiation

I am the son and grandson of grocers.  Over the last three decades I have not been employed by an organization I did not create or co-create.  I have worked with various public sector entities and have been compensated for this work, but I have never been employed by the public sector.

I have never been employed by a large organization of any sort.  I have been a consultant to large organizations, but my professional home has typically been an enterprise of 10-to-40 persons.  Very early in my career I was part of a  global consulting firm of a few thousand, but we were organized in mostly independent small offices and teams.  It was a much looser arrangement than I encountered among our Fortune-100 client-base.

I share this personal background because it no doubt influences the following findings.  As my Dad often says, “We are who we are because of where we were when.”  Our understanding of context influences every other understanding.

Fundamental to private sector context is failure: competitors fail, customers fail, colleagues fail.  Start-ups fail.  Market-dominating firms are killed off in a couple of CEO-cycles.  I have mostly failed.  Even when the organizations I have created have continued they have never achieved what those present at the beginning envisioned.

Private sector culture anticipates failure.  Hitting 300 is very good, especially if you are regularly up to bat, even more if you can hit when the bases are loaded.   Knowing that failure is likely you look for back-up opportunities, maintain exit plans, and cultivate an ecology of opportunity.  Many private sector enterprises use failure much as an organic farmer uses waste to fertilize the next generation of crops.

This is because the U.S. private sector is heavily oriented toward growth.  Good growth from a minority of successful initiatives will more than cover the losses generated by failures… especially failures that are brought to an early demise.  Know when to hold them and when to fold them.  Walking away from failure at the right time — and learning from the failure — is a key characteristic of the most resilient private sector enterprises.

As an outsider looking in on the public sector I do not perceive this creative anticipation of failure plays a similar role.  Rather, avoiding failure seems a regular characteristic of public sector clients and colleagues.

This may be related to a lack of growth opportunities within the public sector.   In an essentially static resource context failure is seen as waste rather than exploration or innovation or investment.

There is at least as much diversity within the private sector and public sector as between them.  The US Coast Guard and the Navy Chaplain Corps are among the most entrepreneurial of organizations I have had the pleasure to encounter.  Education and training organizations are — weirdly — often the most bureaucratic regardless of their private or public status.  I have watched up-close as proud private sector brands have stubbornly avoided taking reasonable — much less market bending — risks.

But as a general rule, public sector organizations are loathe to fail.  In some cases it is precisely the prospect of imminent failure that generates “growth” opportunities for the public sector.  Just when the private sector would probably be walking away is when the public sector is tempted to double-down to ensure success — or at least avoid failure.  The public sector too often succumbs to this temptation.

The temptation to avoid-failure-at-all-cost is reinforced by the way public sector failure is framed (in a couple of meanings of the word) by the media and elected officials.  There is a cult of personal accountability that practices a cruel liturgy of public humiliation.

For the private sector failure can also come with considerable personal costs, but it is balanced with upside possibilities.  In the public sector the outcomes of failure are heavily weighted toward all-costs and almost no incentive. Culturally the private sector has mythologized reality as a space/time where possibilities abound, failure is temporary, and the universe is expanding.  The mythology of the public sector is much more a matter of light and dark, success or failure, and the universe is static.


Next week — maybe — the operational concepts that emerge from these alternative contexts.

June 4, 2013

Thirty questions about the 2013 National Preparedness Report

Filed under: Preparedness and Response — by Christopher Bellavita on June 4, 2013

I read the 2013 National Preparedness Report on Monday.  If DHS is going to take the time to produce this second portrait of the Nation’s preparedness, the least one can do is read it.

The Report’s not bad. If nothing else, it reminds the reader about the megacomplexity of homeland security. There is information in the report about what myriad agencies are doing under myriad constraints to prepare for myriad threats.

The usual terrorism, cyber, “all hazards,” and resilience suspects appear frequently, but so too do active shooter incidents, drought, low crop yields, greenhouse gas pollution, improving energy use, saving water, rising sea levels, vulnerable populations, unity of military effort, biohazards, biosurveillance, big data, public health cutbacks, computer forensic demands, financial crimes, food and agriculture and animal safety, transportation security, housing, culture, cyber workforce, impact of extreme weather on deteriorating infrastructure, supply chains, citizen and private sector involvement, fatality management….

There really is a lot in this 60 page (plus or minus) document.

I wonder who will read the Report. Maybe some people in DHS. Maybe a few people on congressional staffs. Maybe homeland security students.

The Report’s analytical conclusions tend to follow this pattern: “Progress has been made. Challenges remain. The Report and the data it draws from will mature in future years as we get more experience assessing preparedness.”

I think those are fair claims.

I don’t think the report will satisfy people who look for unambiguous evidence about the impact, or lack of impact, from homeland security spending. I think the document is still mostly a synthesis of other reports, self-assessments, and anecdotes. The report’s authors call this quantitative and qualitative data.

But I don’t know a better, or more current, overview of what’s going on in homeland security with respect to preparing for just about everything one could anticipate. (I did not see mention of space weather, meteors or obesity; but I might have missed something.)

If you do care about homeland security, I think reading the report will be a good use of your time.

After you’ve read it, see if you can answer these questions.

The answers are in the Report but I will post them later in the week. (You can find acronym translations on pages 63 and 64 of the Report.)

1. Why was the Report written?

a. Required by PPD 8

b. To provide a national perspective on preparedness trends

c. To inform program priorities

d. To help allocate resources

e. To communicate concerns to stakeholders

f. All of the above

g. DHS budget will not be released until the annual preparedness report is completed

2. How many core capabilities are identified in the National Preparedness Goal

a. 15

b. 31

c. 51

d. 65

3. Number of times the National Preparedness Goal is described specifically in the Report

a. 5

b. 3

c. 1

d. 0

4. The majority of state and local respondents in a preparedness survey expect the federal government to be largely responsible for all the below, except for (select as many as you’d like):

a. Economic recovery,

b. Fatality management,

c. Cybersecurity,

d. Forensics,

e. Housing,

f. Planning

5. According to a 2012 survey of state Chief Information Security Officers, what percent were confident in their state’s ability to protect against external cyber threats?

a. 12%

b. 24%

c. 48%

d. 72%

6. According to the Preparedness Report, what is the percentage of Americans who have “physical, sensory, intellectual, or cognitive disabilities”?

a. 18%

b. 25%

c. 46%

d. Undetermined

7. Which of the following is not among the 4 capabilities states rated as areas where they were the least prepared

a. Economic recovery

b. Housing

c. Planning

d. Natural and cultural resources

8. Which of the following are “newly identified national areas for improvement”? (select all that apply)

a. Fatality management

b. Enhancing resilience of infrastructure systems

c. Forensics and attribution

d. Maturing the role of public private partnerships

e. Supply chain integrity and security

9. According to the 2012 state assessment of current capability, which of the 31 capabilities received the highest average capability score?

a. Public information and warning

b. Community resilience

c. Operational coordination

d. On scene security and protection

10. Which of the 31 capabilities received the lowest average score in the state assessment?

a. Interdiction and disruption

b. Mass care services

c. Cybersecurity

d. Critical transportation

11. As of 2012, agencies had to belong to the Emergency Management Assistance Compact if they wanted to receive a DHS preparedness grant

a. True

b. False

12. Applicants for Hospital Preparedness Program grants and Public Health Emergency Preparedness grants have to submit four separate grant applications to four different agencies before they are eligible to receive one of the grants.

a. True

b. False

13. FEMA’s 2012 household preparedness survey found an increase in the number of people who believe that a natural disaster was likely to occur in their community. That belief triggered a “substantial increase” in individual preparedness behaviors, such as building a disaster supply kit and making a household emergency plan.

a. Both statements are true.

b. The first statement is true; the second one is false.

c. The first statement is false; the second one is true.

d. Both statements are false.

14. In 2012, federal agencies had to include climate change adaption plans in their sustainability plans.

a. True

b. False

c. False; there is no such thing as a federal agency sustainment plan

15. Which of the following acronyms is not related to the public information and warning capability (select all that apply)


b. WEA,

c. EAS,


e. FCC

16. Which of the following acronyms do not appear in the 2013 Preparedness Report (you may select more than one)


b. RRAP,





17. Which country was not involved (according to the Preparedness Report) with helping the US improve “operational coordination in law enforcement, cargo screening, and passenger screening”.

a. Australia

b. Mexico

c. South Korea

d. Canada

e. Switzerland

f. Republic of Congo

g. Indonesia

h. European Union (a country for the purposes of this question)

18. Average time DHS said it took to conduct searches of biometric watch list data from US ports of entry and US consulates

a. One week

b. One day

c. About three hours

d. Less than a minute

e. Under 10 seconds

19. According to the Preparedness Report, the approximate number of terabytes of data processed by regional computer forensics laboratories in 2011 was

a. 400 gigabytes, less than half a terabyte

b. 4 terabytes

c. 400 terabytes

d. 4000 terabytes

e. One yottabyte

20. DHS established a maturity model that identifies the four stages through which the national fusion center network will progress “as it moves toward full capability and operational integration as a unified system.” As of February 2013, the national network was at what stage of the maturity model:

a. Stage 1 – Fundamental

b. Stage 2 – Emerging

c. Stage 3 – Enhanced

d. Stage 4 – Mature

21. As of 2011, approximately what percentage of the 1500 requests for financial transaction data from the Department of the Treasury’s Financial Crimes Enforcement Network was “directly related to terrorism”?

a. Zero

b. 25%

c. 50%

d. 90%

22. The State, Local, Tribal and Territorial Government Coordinating Council studied critical infrastructure programs in 31 states. Approximately what percentage of the programs were able to measure the effectiveness of their critical infrastructure protection activities?

a. Zero

b. 25%

c. 50%

d. 90%

23. Approximately how many Citizen Corps Councils are in the US?

a. 56

b. 112

c. 1200

d. 2170

24. The most common natural disaster in the US is

a. Tornados

b. Wild land Fires

c. Floods

d. Crime

e. Earthquakes

25. The method most frequently used by states and local jurisdictions to enforce mandatory evacuation orders is:

a. Arrest

b. Fines

c. Removal by force

d. Mandatory evacuation orders are rarely enforced

26. Which of the following is not a part of the DoD CBRN response enterprise?

a. Command and control CBRN response elements

b. National Guard WMD civil support teams

c. National Guard CBRNE enhanced response force packages

d. Homeland response forces

e. They are all a part of the DoD CBRN response enterprise

f. There is no such thing as a DoD CBRN response enterprise

27. According to the Preparedness Report, most counties in the United States have established capabilities to provide response-level interoperable communications within one hour of an incident.

a. True

b. False

28. The Federal Highway Administration estimate of the percentage of the nation’s bridges that are either structurally deficient or functionally obsolete is

a. 1%

b. 15%

c. 25%

d. More than 50%

29. According to the Preparedness Report, “Interstate mutual aid plays a limited role in augmenting the capabilities of states and territories.”

a. True

b. False

30. Each year, the Nation makes additional advances toward realizing the National Preparedness Goal and implementing the National Preparedness System through improved guidance and new partnerships involving all levels of government; private and nonprofit sectors; faith-based organizations; communities; and individuals.

a. True

b. False






June 1, 2013

Unthinking habit is among our top threats

Filed under: Preparedness and Response,Risk Assessment — by Philip J. Palin on June 1, 2013

On Friday evening another series of tornadoes touched down near Oklahoma City.  They descended on the metropolitan area during the rush hour in the midst of heavy rains that complicated tornado identification and caused significant flooding.

The worst threat emerged between about 6:30 and 7:00PM Central Time.  According to CNN:

The Oklahoma Highway Patrol says a mother and child were killed as tornadoes moved through Oklahoma City. Highway Patrol Trooper Betsy Randolph says troopers found the bodies near a vehicle along Interstate 40 west of the city.
Parts of Interstates 35 and 40, which cut through Oklahoma City and Moore, were “a parking lot,” the weather service said, warning that those caught in the heavy rush hour traffic “are in danger.”

“We’ve got a nightmare situation going on right now,” Betsy Randolph, a state Highway Patrol spokeswoman, told CNN.

“They are essentially sitting ducks on the interstate.”

Overturned big rigs and cars littered portions of the roadway, and thousands more were believed to be stuck in the traffic.

“My biggest concern right now is the traffic that is out on the highway right now,” Oklahoma Gov. Mary Fallin said.

She said she has called out the National Guard, the Oklahoma Highway Patrol and the state Office of Emergency Management to “try to get the traffic moving” and get people to shelter.

As of Saturday morning I am mostly reading and hearing echoes of this Friday evening report.  More details are needed.  But there is a strong suggestion that even among the storm-sophisticated citizens of central Oklahoma there was a readiness to risk a “regular commute” in the midst of a tornado watch/warning and observable heavy rain.

The decision to stay or go is at the core of an effective emergency response.  For the vast majority of threats the better decision is to stay.  But a wide range of habits — from fire drills, to hurricane evacuations, to the daily commute — push us to go… sometimes directly into harms way.

LATE BREAKING: Please access the comments and many thanks to Mr. Rob Dale for very helpful additional information.

« Previous Page