Homeland Security Watch

News and analysis of critical issues in homeland security

April 10, 2015

Friday Free Forum

Filed under: General Homeland Security — by Philip J. Palin on April 10, 2015

William R. Cumming Forum

Share and Enjoy:
  • Digg
  • Reddit
  • Facebook
  • Yahoo! Buzz
  • Google Bookmarks
  • email
  • Print
  • LinkedIn

27 Comments »

Comment by Claire Rubin

April 10, 2015 @ 6:01 am

I would be interested in readers’comments on this article:
“A Community for Disaster Science”
http://www.sciencemag.org/content/348/6230/11.full.pdf

Comment by William R. Cumming

April 10, 2015 @ 8:14 am

Claire that is a very important discussion IMO. And a desperately needed one. I will be posting later today a closely related topic in a personal list [top ten] of why DHS is failing its HS mission.

Almost total ignorance of SCIENCE in DHS is number three (3) on that list.

Comment by Philip J. Palin

April 10, 2015 @ 8:32 am

Claire: The integrative approach being recommended would be a big help. In my experience, such an approach would also be welcomed by the practitioner community. The biggest practical challenge to the approach being actualized, it seems to me, is the criteria most commonly applied to academic promotion and tenure decisions, which are usually NOT friendly to integrative approaches.

Comment by William R. Cumming

April 10, 2015 @ 11:26 am

So okay here is hopefully forest not trees plaguing HS.

1. Law enforcement culture with confusion between criminal law enforcement and civil law enforcement.

2. FEDERALISM policy and issues generally in that which level
of government does what and to who or whom and for what reasons.

3. Ignorance of SCIENCE and its implications.

4. Poor leadership! Get the lawyers out of the top management of DHS!

5. The QHSRs required a bottom up approach to analyze the entirety of the programs, functions, and activities of DHS and their contributions to HS. Never done I would argue that given this failure in the first two most of DHS fails to contribute much of anything to HS!

6. With over 1000 personnel in DHS with policy analyst in their position descriptions this investment while it may well be needed has not paid off. Many of these jobs are politically vetted.

7. Those in DHS that actually collaborate and cooperate with OFAs [other federal agencies] and the private sector are insufficient to accomplish their mission to deliver HS!

8. The numerous reorganizations in DHS have largely accomplished little or nothing.

9. The Presidential Transition Act will require numerous products and deliverables. FTE should be assigned now to this effort [at least as to liason back to their home organizations. Even if President Obama is replaced by a Democrat this effort is statutorily mandated.

10. Shortly I will be providing a list of EOs issued since 9/11-01 with analysis as to their impact for the long term if any. I consider these largely unfunded mandates imposed by the WH on DHS.

As always would like comments, suggestions or the lists of others.

As always would like others

Comment by Gianna Gallo

April 10, 2015 @ 12:25 pm

This week I wanted to discuss another cyber threat, the Stuxnet software program, and the 2013 Cybersecurity Executive Order and what it means in terms of our nation’s future cybersecurity.

As technology evolves, so does cyberterrorism and cyber threats against the United States. Based off of the increase and severity in cyber attacks against vital infrastructure, this has become a major national security issue. There is critical infrastructure so essential to our country that its incapacitation, exploitation, or destruction, through an attack or disaster, could have a debilitating effect on security and economic well-being. Agriculture, healthcare, water treatment systems, energy and electric, nuclear facilities, banking and finance, national monuments, and defense industrial bases are all pieces of critical infrastructure that may be negatively effected by a cyber attack. The Stuxnet computer worm is an emerging warfare capability that currently threatens our nation’s critical infrastructure. This crippling type of cyber attack poses such a threat that the President of the United States addressed the issue in the 2013 Cybersecurity Executive Order and provided the former secretary of the Department of Homeland Security, Janet Napolitano, with two key elements that can play a role in defending against the Stuxnet worm.
Stuxnet is a malicious software program that infects computer systems that are used to control the functioning of critical infrastructure. Once inside the system, Stuxnet has the ability to degrade or destroy the software on which it operates, leaving it inoperable or severely damaged (Kerr, Rollins, & Theohary, 2010). The resulting damage to the nation’s critical infrastructure could threaten many aspects of life. “Depending on the severity of the attack, the interconnected nature of the affected critical infrastructure facilities, and government preparation and response plans, entities and individuals relying on these facilities could be without life sustaining or comforting services for a long period of time,” (Kerr, Rollins, & Theohary, 2010, p.2). To date, numerous countries are known to have been affected by the Stuxnet worm to varying degrees of disruption in their technology systems. These include Iran, India, Indonesia, Pakistan, China, Germany, and the United States (Kerr, Rollins, & Theohary, 2010). The potential impact of this type of malicious software could be far-reaching. For that reason, President Obama addressed the issue in his 2013 Cybersecurity Executive Order.
Former Secretary Napolitano claims that the two key elements in the cybersecurity initiative mentioned by President Obama are to improve information sharing between the private and public sector and to identify the best practices to prevent cyber attacks against our nation’s critical infrastructure. “What we want to focus on at this point is what can the private sector do to interrupt these attacks,” said Ms. Napolitano (PBS NewsHour, 2013). Due to the dangers associated with the Stuxnet program and other cyber threats, there are now many technological partnerships among homeland security stakeholders. Cyber security professionals along with Homeland Security stakeholders must adopt an adaptive organizational behavior and open up lines of communication amongst one another. The Cybersecurity Executive Order (2014) suggests that there are a number of best practices that should be regularly reviewed, tested, and implemented that will greatly help enterprises to prepare for and react to network events. Performance goals for the cybersecurity framework must be set and sector-specific guidance must be developed (Fischer e al., 2014). The framework must be flexible and versatile in order to protect against the ever-evolving Stuxnet software. We must continue to learn from both our successes and failures in response to such events.
Through a collaborative framework, security entities will be able to thwart terrorist organizations’ cyber attacks and efforts. Each group of homeland security stakeholders involved in cyber security represents a community of practice, working together to protect the portions of critical information technology that they own, operate, manage, or interact with. When these security entities work as partners and collaborate effectively, they are more successful. Regardless of how rapidly cyber threats develop and attacks occur, cybersecurity has still been more of a responsive activity. In order to truly provide a long-term plan for cyber incidents, we must find a way to become more proactive. Protection of cyber systems is essential to the resilience and reliability of the nation’s critical infrastructure and key resources, as well as to our nation’s security.

Fischer, E.A., Liu, E.C., Rollins, J.W., & Theohary, C.A. (2014). The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress. Congressional Research Service: Washington, DC. Retrieved from https://www.fas.org/sgp/crs/misc/R42984.pdf

Kerr, P.K., Rollins, J., & Theohary, C.A. (2010). The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability. Congressional Research Service: Washington, DC. Retrieved from https://www.fas.org/sgp/crs/natsec/R41524.pdf

PBS NewsHour. (2013, February 15). Examining Cyber Security With Secretary Janet Napolitano [Video file]. Retrieved fromhttps://www.youtube.com/watch?v=I3X02Q8mvBY

Comment by Chris Kears

April 10, 2015 @ 2:17 pm

For this weeks post, I also wanted to discuss the severity of Stuxnet and how its adding another dimension to terrorist propaganda. Today’s ever-changing threat environment has shown that cyber-related threats are quickly ascending and terrorist/criminal extremists are starting to shift their propaganda efforts with it. According to the PBS video (2013), Janet Napolitano states that cyber-related threats are more of a government issue than a private sector issue. Cyber threats are a security issue that seek to disrupt and dismantle our nation’s critical infrastructure. If these cyber threats breach our security, then our energy, telecommunication, banking, and other key sectors will be extremely vulnerable to information and credentials being interfered with. Cyber-related threats have become today’s ‘new war,” in the sense that it targets a larger audience (our economic economy). Not having to invest in research and development that goes into initiative provides these terrorist/criminal extremists to find quicker ways to target our nation’s critical infrastructure.

The 2013 Cybersecurity Executive Order (EO) focuses on two key elements: to improve information sharing among public and private sectors entities to combat cyber attacks; and to ask DHS to identify and understand what our nation’s core critical infrastructures are (Fischer, Liu, Rollins, and Theohary, 2013). Information sharing has become a key initiative for the whole community in its effort to strengthen our nation’s all-hazard approach towards future threats. How can be strengthen information sharing? Through collaboration. EO integrates collaboration from multiple levels. Defense Industrial Base (DIB), the National Security Agency (NSA), the Department of Defense (DOD), and several other defense industry partners are collaborating through the utilization of computer monitoring activities. In May 2012, DOD implemented the DIB Cybersecurity/Information Assurance (CS/IA) Program; where DOD members provide “defense contractors with classified and unclassified cyber threat information and cybersecurity best practices, while DIB participants report cyber-incidents, coordinate on mitigation strategies, and participate in cyber intrusion damage assessments if DOD information is compromised (Fischer et al., 2013). In addition, DHS continues to provide collaboration through a voluntary cybersecurity framework, that is listed as arguable the most innovative and labor-intensive requirement in the EO. Voluntary cybersecurity framework, led by the National Institute of Standards and Technology (NIST), seek to reduce cybersecurity risks by focusing on cross-sector, voluntary consensus standards, and business best practices to identify areas that need the most improvement (Fischer et al., 2013).

Kerr, Rollins, and Theohary (2010) state that a cyber attack virus, known as Stuxnet, targets computer systems that control and operate nuclear power plants. This virus is extremely dangerous because once inside the system, Stuxnet has the ability to disrupt or destroy the software on which it operated; causing long-term damage that might be irreversible. What can the homeland security enterprise do to reduce the vulnerability of Stuxnet attacking and damaging our nation’s critical infrastructure? Kerr et al. (2010) state that “it is widely believed that terrorist organizations do not currently possess the capability or have made the necessary arrangements with technically savvy organizations to develop a Stuxnet-type worm. However, the level of attention the Stuxnet worm has received creates a possible proliferation problem and what some have termed a “cyber arms race”” (p. 2). As terrorist organizations are quickly shifting their propaganda towards cyber-related threats, it is only a matter of time until Stuxnet’s software developers reformulate their existing code; which will make it easier for terrorist organizations to develop such capabilities in the near future. Moreover, it is vital that the homeland security enterprise continues to improve their cybersecurity protocol because if a Stuxnet-type worm were to attack our nation’s critical infrastructure, our domestic and international security, safety, and essential services would be in jeopardy for a unpredictable amount of time (Kerr et al., 2010). In countering Stuxnet, the Department of Energy (DOE)has responded with research and development efforts that plan to “modernize the electric grid with new information technology and thereby create a so-called “Smart Grid” that will be more prevalent and accessible throughout the nation and may also be more secure” (Kerr et al., 2010, p. 7). In addition to DOE’s effort, more agencies need to put forth a collaborative effort to make sure that Stuxnet does not continue to grow into something that we are unable to control.

References:

Fischer, E. A., Liu, E. C., Rollins, J. W., & Theohary, C. A. (2013, November 8). The 2013 Cybersecurity Executive Order: Overview and Considerations for Congress. Retrieved from https://www.fas.org/sgp/crs/misc/R42984.pdf

Kerr, P. K., Rollins, J., & Theohary, C. A. (2010, December 9). The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability. Retrieved from https://www.fas.org/sgp/crs/natsec/R41524.pdf

PBS. (2013, February 15). Examining Cyber Security With Homeland Security Secretary Janet Napolitano. Retrieved from http://www.pbs.org/newshour/bb/science-jan-june13-cybersecurity_02-15/

Comment by William R. Cumming

April 10, 2015 @ 2:59 pm

Subject Index–Obama EOs

2009 – E.O. 13489 – E.O. 13527 (39 Executive orders issued)
2010 – E.O. 13528 – E.O. 13562 (35 Executive orders issued)
2011 – E.O. 13563 – E.O. 13596 (34 Executive orders issued)
2012 – E.O. 13597 – E.O. 13635 (39 Executive orders issued)
2013 – E.O. 13636 – E.O. 13655 (20 Executive orders issued)
2014 – E.O. 13656 – E.O. 13686 (31 Executive orders issued)
2015 – E.O. 13687 – E.O. 13687 (1 Executive orders issued)

Comment by Tom Russo

April 10, 2015 @ 4:01 pm

While facilitating online instruction for an introduction to emergency management course (actually several), the persistent reference to “disaster management,” I felt compelled to explore what exactly is the definition of a disaster. What I found consistent with my initial view that the term is over used and requires delineations. Here’s how I responded.

When was the last time you heard “Well we handled that disaster well?” If it is a disaster, few would want to be associated with the incident and a consensus would surface that the disaster was not managed well either in its preparatory phase or in its aftermath. So why is the term disaster indiscriminately used in public safety and emergency management when alternative and more precise terms exist?

For example, disaster management appears in published sources and used to refer to the planning encompassed by emergency management. Yet, the phrase disaster management is an oxymoron and emergency management speaks to a well-established discipline. Disasters are not managed at all…they overwhelm capabilities.

Consider the definition of the term disaster as used by national and international organizations. The scope of a disaster differs whether it affects an individual, an organization, community or a nation. What each have in common is that its capacities or resilience to absorb a force or consequence is compromised and those capacities overcome.

In 1985, Quarentelly defined disaster as “a crisis situation that far exceeds the capabilities. By Quarentelly’s definition there cannot be an ideal plan that prevents loss of life, property damage or disruption of governance that includes its economic system because then “it would not be a disaster!” A true disaster suffocates the ability to recover, compromising a return to normalcy and overwhelming the reserves of resilience.

The United Nations (UN) and the International Federation of Red Cross (IFRC) offer broader definitions and provide a greater level of detail. The UN defines a disaster as:

A serious disruption of the functioning of a community or a society involving widespread human, material, economic or environmental losses and impacts, which exceeds the ability of the affected community or society to cope using its own resources.

This definition conveys the notion that not only has capacity been overwhelmed but resilience is compromised as well, rendering the community or society unable to either respond or recover. The IFRC defined disaster as:

a sudden, calamitous event that seriously disrupts the functioning of a community or society and causes human, material, and economic or environmental losses that exceed the community’s or society’s ability to cope using its own resources.

The IFRC attached the notion of “calamitous” to a disaster but goes further to explain “the combination of hazards, vulnerability and inability to reduce the potential negative consequences of risk results in disaster.” The IFRC uses a formula to quantify disaster and therefore, risk and thus provides greater delineation to the characteristics of disaster.

(Vulnerability + Hazard)/Capacity = Disaster

Practitioners involved in U.S. emergency management hazard and threat assessment recognize the effort to quantify community risk. The Federal Emergency Management Agency (FEMA) in its Comprehensive Preparedness Guide 201 requires the use of Threat and Hazard Identification and Risk Assessment (THIRA) to compute risk and estimate capability requirements. The THIRA process helps communities map their risks to the core capabilities, enabling them to determine whole-community informed:

• Desired outcomes,
• Capability targets, and
• Resources required to achieve their Capability targets

The intent of THIRA is to assist communities determine those actions that could be “employed to avoid, divert, lessen, or eliminate a threat or hazard?” Whether deliberate or not, the National Preparedness webpage for FEMA is void of the term disaster but advocates for a deliberate planning process that pivots on the THIRA process for communities, organizations and non-governmental organizations. The national preparedness goal represents that of the United States and states:

A secure and resilient nation with the capabilities required across the while community to prevent, protect against, mitigate, respond to and recover from the threats and hazards that pose the greatest risk.

Emergency Management has come full circle in three decades in its quantification and definition of terms within the discipline. Students of emergency management recall the discipline’s inception as FEMA by President Carter in 1979. Current practice of emergency management, as briefly introduced through FEMA references, suggests that practitioners reserve the use of disaster for the intent defined by Quarentelly in 1985 “a crisis situation that far exceeds the capabilities.”

Comment by Michael Upham

April 10, 2015 @ 5:11 pm

Fusion Centers have recently been placed in the spotlight to determine if the funding placed into these resources is producing worthwhile results.

Rollins and Connors (2007) view the fusion centers as a positive aspect to the homeland security process. They present a positive view focusing on the improved communication between the private sector, federal government, local government, and local law enforcement to combat terrorism and criminal activity. This is done through information sharing, coordination, communication, and collaboration.
German and Stanley (2007) view the fusion centers as unnecessary, flawed process with ambiguous lines of authority. German and Stanley state some fusion centers go beyond their authority and infringe on individual civil liberties and that the lines of authority due to the various organizations operating and representing fusion centers result in an unclear chain of authority. Additionally, they feel inclusion of private sector gives fusion centers unnecessary access to personal information, which has a potential for abuse. They called for Fusion Centers to have more public transparency for center operations, state legislation to provide checks and balances, and also for controls on private sector involvement.
Schulz and Guidetti (2013) stated that Hurricane Sandy was a real eye opener for fusion centers. The ability to collect and analyze information and intelligence is not sufficient. They stated how fusion centers operated with good intentions but were not completely fulfilling their duties to disseminate information not only to law enforcement and local government, but also to the public. It is critical for fusion centers to disseminate information to all parties which can benefit from the information disseminated.
The idea of fusion centers is great on paper but has seen deficiencies in the area of disseminating the information that has been gathered, collected, analyzed, and catalogued. The major complaint of fusion centers is that the information does not flow out as fast as it flows in, which in turn causes agencies to hesitate sharing information because they have doubt the fusion centers ability to disseminate intelligence. The idea of fusion centers is an evolving field, which has not yet been perfected, but will not be perfected without trial and error, and input from all members of the homeland security stakeholder community. Fusion centers will need to develop in disseminating information and intelligence amongst local governments, law enforcement, as well as members of the community who are relevant to the information.

German, Michael and Stanley, Jay (2007, December). What’s Wrong with Fusion Centers? American Civil Liberties Union. Retrieved from https://monmouth.desire2learn.com/d2l/le/content/191074/viewContent/1953690/View

Rollins, John and Connors, Timothy (2007, September). State Fusion Center Processes and Procedures: Best Practices and Recommendations. Policing Terrorism Report No. 2, Center for Policing Terrorism. Retrieved from https://monmouth.desire2learn.com/d2l/le/content/191074/viewContent/1953689/View

Schulz, Christian and Guidetti, Raymond (2013, May). Fusion During Crisis: Aftermath of a Perfect Storm. DomPrep Journal, Volume 9, Issue 5, p.16-20. Retrieved from https://monmouth.desire2learn.com/d2l/le/content/191074/viewContent/1953691/View

Comment by Arnold Bogis

April 10, 2015 @ 5:26 pm

Claire, Bill, and Phil:

That article reads to me like an argument for putting homeland security-related academic programs in public policy schools. The last time I worked at such a school, I have to admit that the majority of professors and other teaching/researching staff were social scientists. But I also worked along side former high ranking military and intelligence officials, scientists, and even politicians. Available for consultation in other offices at the school and other schools were law enforcement professionals, lawyers, public health experts, along with disaster responders and scholars from here and across the world.

The professors who bought into this model were in some way turning their back at the traditional academic divisions where “publish or perish” really counts. But that isn’t to say they didn’t have responsibilities to produce for the public policy school either in some quantifiable manner.

My office wasn’t too far from the current Defense Secretary along with Science Adviser. They had a more international outlook, but a public policy school could take the homeland security issue and run with it. Resilience uber alles!

Comment by Arnold Bogis

April 10, 2015 @ 5:34 pm

Ms. Gallo,

Thank you for the interesting post. I just want to add that the CRS report quite diplomatically tiptoes around one important point — while never confirmed by either government, it has been considered reliably reported by NYT’s David Sanger and others that Stuxnet originated with the U.S. and Israel and was designed to specifically target the type of Siemens industrial control system used by Iran to control their centrifuges.

So a few important related outcomes of that fact:

–Unintended consequences. It has also been reported that the code of Stuxnet included several zero day exploits. By releasing this weapon those became available to potentially adversarial hackers around the world. Along with the whole code itself, through it’s travel across the world’s computer systems (though it was designed to specifically attack Iran’s systems, so it was and is harmless in it’s original form to other systems.)

–This type of attack still requires the resources of a nation state and can’t be perpetrated by a teen in his basement. Not just the complexity of the code, but what is called the social engineering required to overcome the air gap defense. So the worst of the worst is not within reach of aspiring Matthew Brodericks around the world (but who wouldn’t want to play Global Thermonuclear War?).

Comment by Michael Upham

April 10, 2015 @ 5:45 pm

The United States is currently extremely vulnerable to both physical and cyber attacks against the nations power grid. The biggest security threat currently derives from the fact that the US power grid is run and regulated by separate private utility companies. Additionally these utility companies only have to follow the mandatory reliability standards that are set forth by the North American Electric Reliability Corporation (NERC), but are not required to comply with the voluntary recommended actions, which focus on further developing security surrounding power grids and the private utility companies. Currently, these private utility companies are more focused on profit margins than national security, which must change because if a successful attack occurred to the power grids, the effects would be more devastating to the nation than another physical attack like 9/11.

One of the biggest vulnerabilities to the lives of American citizens is a physical or cyber attack against our nations power grid. An attack like this could leave the entire country powerless, which would kill hundreds of thousands, and chaos mass chaos and disorder. However, this is vulnerability is very real and very serious, and analysts have known how vulnerable to attack our power system is for the past decade. In 2007, a group of scientists and engineers tried to convince a utility company to upgrade their security because there system was in grave danger, after the company declined, the group decided to demonstrate how real these vulnerabilities were. The group of scientists and engineers at the Department of Energy facility wanted to see if they could physically blow up and permanently disable a 27-ton power generator using the Internet. “If you can hack into that control system, you can instruct the machine to tear itself apart. And that’s what the Aurora test was. And if you’ve seen the video, it’s kind of interesting, ’cause the machine starts to shudder. You know, it’s clearly shaking. And smoke starts to come out. It destroys itself, Jim Lewis explained. Asked what the real-world consequences of this would be, Lewis said, The big generators that we depend on for electrical power are one, expensive, two, no longer made in the U.S., and three, require a lead time of three or four months to order them. So, it’s not like if we break one, we can go down to the hardware store and get a replacement. If somebody really thought about this, they could knock a generator out, they could knock a power plant out for months. And that’s the real consequence” (CBS News, 2009).

To prevent these treats and vulnerabilities against the US power grid system, private corporations must be required to not only follow the NERC recommended actions, but these corporations must develop and implement their own cyber and physical security teams. These teams must constantly seek to develop, innovate, and incorporate the most creative tactics and techniques to prevent attack. These corporations are focusing on profit margins, but do not realize that these threats and vulnerabilities are real, and if they are attacked, they will have no more money. The current motivation and pace of change by these utility corporations is far to slow. This is beginning to resemble the 9/11 situation, “where we identify a problem, we identify a threat, we know it exists, we know it’s real, and we don’t move quickly enough to fix the problem” (CBS News, 2009).

Sources

http://www.cbsnews.com/news/cyber-war-sabotaging-the-system-06-11-2009/

http://democrats.energycommerce.house.gov/sites/default/files/documents/Report-Electric-Grid-Vulnerability-2013-5-21.pdf

http://www.cnbc.com/id/101306145

Comment by Drew Buffalino

April 10, 2015 @ 8:36 pm

One fact that Bongar et al discusses about the psychology of a terrorist is that the overwhelming majority of terrorists are not psychotic. The authors state, “…terrorists in most instances are neither crazy nor irrational—though their acts may be evil in the extreme. Many authorities have also found that there is neither a specific terrorist psychological profile nor a singular psychopathological condition.” (Bongar et al, 2007, p. 3-4). They further state that when interviewing known terrorist family, friends, neighbors and classmates they found, “The terrorists did not differ from the comparison group of nonterrorists in any substantial way; in particular, the terrorists did not show higher rates of any kind of psychopathology.” (Bongar et al, 2007, p. 15). Many of the decisions made by a terrorist are rational decisions based on the presumed situation the individual believes him or herself to be in. These perceived situation generate anger in the individual. Generally, terrorism is born out of two types of anger, the first being anger that is an emotional reaction to insult, and the second being anger that is an emotional reaction to pain, especially the pain of frustration (Bongar et al, 2007). When a person or group feels as though they are being oppressed, attacked, insulted or put into a position by those in power in which they feel they have no control of their own destiny, it generates anger and frustration. This anger/frustration makes the individual feel as though they are being backed into a corner and their natural, logical, reaction is to fight back against the person they perceive is causing them this emotion.
For example, in the Middle East where the belt of Muslim states lie there exists government who hold military and policing powers, but maintain little public support (Bongar et al, 2007). Any type of political threat to the state is not tolerated. The governments quickly torture, imprison, or sentence to death any individual or group against those who hold position of political influence (Bongar et al, 2007). In conflicts between the governments and the people in this region the United States and other Westerns countries have supported the governments and the political leaders tend to side with Western culture. By supporting the regimes that are seen as oppressive to the people, the Western countries are seen as enemies by the citizens being oppressed and this forms hate and anger towards Western culture. The anger and frustration caused by this situation is then furthered by the multipliers of the psychology of “cause”, “comrades”, and a sense of “crisis” (Bongar et al, 2007).
The psychology of cause is the cognitive thought that occurs when one decides how to live their life. An individual who is not sure of him or herself may find direction and purpose by joining a jihad and dying for a reason. By doing so the individual lives into the further through the political group or religions’ continuance. The authors state, “The meaning of the individual’s life is the future of the cause, embodied in the group that goes on into the future after the individual is dead.” (Bongar et al, 2007, p. 19). Individuals join the cause for these groups routed in anger because of the frustration of their supposed oppression and by doing so work to achieve a task that is greater then themselves. After having associated themselves with the group the psychology of comrades is developed. Letting the group down now becomes worse than dying, because the individuals are joined by a cause collectively (Bongar, et al, 2007).
In the case of Islamic terrorist, groups like al-Queda believe the Western culture is having too much influence on their ways of life, by countries like the United States backing these perceived to be oppressive governments in the Middle East. By backing them they allow the governments to stay in power and inflict more unwanted influence on the people. Muslims in the area seeing this happen overreact to believe a crisis is upon their culture and their religion. They think that if the West continues to inflict influence their religion will disappear, so they radicalize to regain the fundamentals of their faith. By doing so they also want to attack the group they observe is causing the frustration, mainly, the United States. Bongar et al declares, “In the case of the 9/11 terrorists it seems to be fear that fundamentalist Muslim culture is in danger of being overwhelmed by Western culture.” (2007, p. 21). The alleged invasiveness of Western culture lead fundamentalist Muslims to the rational thought that they must fight to survive, thus adopting the strategy of terrorism and violence to fight and put an end to their apparent crisis.

References

Bongar, B. et al. (2007) Psychology of Terrorism. New York: Oxford Press

Comment by Ally M

April 10, 2015 @ 9:00 pm

For this week’s discussion I would like to take a closer look at one of the effects that disasters can have on the American citizens. In the preparation against all hazards the United States, the psychological injury is often over looked. Terrorism is specifically a psychological assault intended to intimidate and instill fear within citizen populations and governments. Understanding these psychological consequences is critical to the nation’s efforts to develop intervention strategies to be able to limit the different types of psychological effects of terrorist attacks. Traumatic events, disasters, and terrorism can have psychological consequences. Examples of psychological consequences can range from mild anxiety, change in one’s behavior, to the onset of a diagnosable psychiatric illness. Over time an individual may be able to overcome these psychological disasters but there are those who may not. The number of people who experience psychological effects varies with how severe the event is and the proximity of exposure.

Post-traumatic stress disorder (PTSD) is a severe mental disorder that forms due to ones exposure to a psychologically distressing event. It is mainly seen in the men and woman who have courageously served our country. In the world we live in today traumatic events can occur anywhere at any time. This is a real psychological threat to the wellbeing of this nation. There should be no question as to whether post-traumatic stress disorder is real. The people who experience its effects are those who have seen unthinkable things. Symptoms of PTSD include but are not limited to depression and flashbacks. It can affect individuals differently. The symptoms of PTSD can occur directly after the traumatic event or gradually over time after the event. This means that it is very hard who will be affected and when.

The nation needs to become better prepared to handle the psychological results of a disaster. In order to prepare properly the nation needs basic resources, intervention programs, surveillance for psychological consequences, screenings, treatment for effects, and training for service providers. At this point in time this nation cannot handle an increase demand for psychological services. There needs to be a well-defined and coordinated system put into place. The public health, mental health, medical and emergency services need to be able to work together to handle the consequences of disasters while also protecting themselves. Since we are a part of the Homeland security community it is important to find out the effects of trauma exposure that is a direct result of terrorism or a mass casualty, more than five casualties, event. Those who are more prone to traumatic events are most vulnerable to the possible psychological effects. There needs to be a solution to train the mind to prevent such effects. This is critical for the emergency responders and members of the Homeland Security community to be able to do their jobs effectively. It is good to know that the majority of people exposed to traumatic events to not show signs of PTSD. It is these people that need to be researched to find out why in order to be able to enhance resilience throughout the nation.

All terrorist attacks cause more than just physical harm. For example the biological attack in the subway system in Tokyo, Japan, back in 1995 created more psychological harm than physical harm. Almost all of the people who went to the hospital displayed signs of psychological reactions, including severe anxiety or shock. It is suggested that a significant percentage of the people who were examined had never actually been exposed to the gas. Upon the patients arrival to the emergency room the combination of shock, emotional distress, and other fear-related symptoms made it hard to distinguish those who had a low level of nerve agent exposure compared to those who believed they were exposed. The ratios between psychological and physical affects can be enormous (Bongar, Brown, Beutler, Breckenridge, Zimbardo, 2007). This event had a great impact on the entire Japanese society. It did not just affect the people who were on the trains and in the stations but all of Japan. The long-term psychological effects were considered to be high. More than six years after the attack a survey was issued by the Japanese National Police Agency. The results stated that 20% of victims still suffered from posttraumatic stress disorder and that 43% of the victims still had flashbacks of the attack (United States Department of Homeland Security, 2007).

Bongar, B., Brown, L. M., Beutler, L. E., Breckenridge, J. N., & Zimbardo, P. G. (2007). Psychology of Terrorism. New York: Oxford Press.

United States Department of Homeland Security. (2007). Underlying Reasons for Success and Failure of Terrorist Attacks: Selected Case Studies. Washington, DC: U.S. Government Printing Office. Retrieved from https://bluehawk.monmouth.edu:2572/?view&did=481694

Comment by Justyna Gromadzka

April 10, 2015 @ 9:37 pm

For this week’s forum I would like to discuss the surveillance technologies that help to secure transportation systems. Public transportation systems are utilized by millions of people every day during their commute. These systems came a long way security wise in the last decade or so. For instance, the NYC subway system utilizes numerous technologies and approaches in order to keep their passengers safe. From monitoring passengers to screening for possible explosives in stations and trains. The effort to prevent attacks is dependent on and can not succeed without the proper technologies.

The use of basic security cameras allows us to monitor in real-time what is happening throughout the transportation system. A shortfall with this technology is that it usually requires a human to observe the footage and pick out abnormalities. The Intelligent Closed Circuit TV systems use powerful computers to analyze video feeds to assist these human operators in detecting persons of interest (Bigdeli et. al, 2007). The cameras can recognize the face of a suspected terrorist in a large crowd or spot an object left behind. Such technology assists the operators by alerting them to certain scenes that otherwise might have been missed.

In the initial field trial numerous scenarios were staged on the platforms of a railway station such as crossing yellow lines, attempting to break vending machines, and other abnormal commuter behavior. When such a situation is detected the computer alerts the operator and provides a 3D visual presentation of the area. This technology allows us to analyze a great amount of video feed from multiple cameras very efficiently and much faster then any human. This software can be used to guide law enforcement to certain areas or people in a subway station.

With technologies being used to “watch” everyone during their commute the issue of privacy arises. We are all given the right to privacy, however, sometimes a compromise needs to be made in order to protect society as a whole. Someone who takes the subway every day might not want to be filmed but they also want to have a safe travel experience. Most citizens have accepted that in order for us to be safe we must sacrifice some of our civil liberties. If officials were not able to use such surveillance technologies they could only respond to events since preventing them would be nearly impossible.

Reference:
Bigdeli, Abbas. , Lovell, Brian, , Sanderson, Conrad, , Shan, Ting, , & Chen,Shaokang, (2007). Vision Processing in Intelligent CCTV for Mass Transport Security.

Comment by Philip J. Palin

April 11, 2015 @ 4:31 am

Arnold, Claire, Bill, and Tom:

A couple of anecdotal reactions:

Yesterday I was on the phone with an electric utility executive. In the context of a discussion about resilience, I asked him what structural or strategic issue worried him most. “The current chasm between the scientific community and the practitioner community,” he answered. Follow-up suggested he found agendas and incentives misaligned for scientific research to be meaningfully integrated into practitioner planning and operations. Last evening I mentioned this to a scientist friend who replied, “Yeah, two galaxies speeding away from each other.”

Two — almost three — years ago I made a run at trying to meaningfully insert a homeland security emphasis into a graduate school of public administration. I had some important internal allies. But we failed (really barely started), mostly over the issue of private sector involvement. Go talk to the business school was the basic message. There are problems at the business school too. One institution does not the universe make… but many of our galaxies seem to be spinning away from each other… especially in the academic quadrant of the cosmos.

So… I still think it is a good idea. Like many good ideas, though, there needs to be some rigorous political, financial, and related thinking to move from idea to action.

Comment by William R. Cumming

April 11, 2015 @ 7:31 am

Thanks to all for excellent comments. And Tom agree with you and Q!

That is why I always insist that no level of government, and no private sector organization, has adequately planned if that did not due the actual hard work of creating the PLANNING BASIS of their emergency response plans. PLANNING BASIS means the 24/7/365 existing capabilities for their organizations without outside augmentation or mobilization of personnel [including level of training], available equipment and condition, funding, etc. Thus most of the preparedness plans produced to-date are deficient IMO no matter what the event however defined.

And CPG 101/201 largely written to have FEMA avoid having to rate State and Local Plans. With 90,000 units of local government that number should be reduced to under 30,000 under a standard definition based solely on the need for EMERGENCY PREPAREDNESS. Both the UK and Japan have done this.

And for multijurisdictional geographic areas need for even more effort. Washington, DC and inside beltway almost totally unprepared despite expenditures of at least $10B since 9/11/2001.

Comment by Dina Russo

April 11, 2015 @ 10:22 am

This week I decided to discuss cyber threats and the the threat to our SCADA systems. I believe that while our national focus needs to be on all cyber threats and crime, I think that our focus needs to be primarily on the threat to our critical infrastructure systems solely based on the importance of them. As the Department of Defense states, “Critical infrastructure is the backbone of our nation’s economy, security and health. We know it as the power we use in our homes, the water we drink, the transportation that moves us, and the communication systems we rely on to stay in touch with friends and family. Critical infrastructure are the assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof” (DoD 2013). Critical infrastructure, such as SCADA systems, are a huge vulnerability in our homeland security. These are entities that control our water, electric, gas, and waste. Items that we take for granted, such as lights in our house and water coming out of our faucet, are controlled by SCADA systems.

In 2010 the well-known Stuxnet attack occurred. In this attack an Iranian nuclear centrifuge was compromised using nothing more than a targeted computer virus. While this brought to light the serious vulnerabilities in our SCADA systems, we still have thousands of vulnerabilities that can be exploited. Two security researchers found over 60,000 systems online that they could access and take full control over including chemical, energy, and transportation systems. These researchers also “… found holes in popular and high-end ICS and supervisory control and data acquisition (SCADA) systems used to control everything from home solar panel installations to critical national infrastructure” (Computerworld). This is a very real threat that we need to focus on more. These systems control our daily life. If a terrorist wants to cause the most impact and ignite fear and chaos it seems pretty simple to do so. Once they have control over these systems they can cut off our sources of energy and way of life. Without running water and different utilities our cities will surely be chaotic. With this chaos come more vulnerability for a physical attack. Without our systems of communication running, such as internet or TV, the United States will be disconnected from each other and the government will need to work around this in order to communicate to make decisions. There needs to be a bigger focus on the vulnerabilities in SCADA systems and more focus on patching current vulnerabilities and foreseeing new ones.

In order to do this there needs to be a larger risk analysis and implementation of security systems, as well as patching any vulnerabilities as they occur and constantly testing the system. For example, all connections to the SCADA network need to be identified. If there is any that are unnecessary they need to be disconnected. It is important to work off of as little connections as possible so there is better control of the connections that they do have. Also, there needs to be a hardening of SCADA networks in order to disable remote maintenance that may occur. Additionally, while back doors do occur in these systems, there needs to be a high level of authentication to make sure only the people that are supposed to be accessing the system are the ones accessing it. Finally, there needs to be an incident response team in case the systems are breached. If this ever does occur there needs to be a group of people that have fully evaluated these threats and know how to respond in the most timely manner possible.

Hayden, M. (2011). The Future of Things “Cyber”. Strategic Studies Quarterly. Retrieved from https://monmouth.desire2learn.com/d2l/le/content/191074/viewContent/1953699/View

http://www.remotemagazine.com/main/articles/protecting-critical-infrastructure-understanding-the-threat-to-scada-networks/

http://www.computerworld.com/article/2475789/cybercrime-hacking/hackers-exploit-scada-holes-to-take-full-control-of-critical-infrastructure.html

http://www.dhs.gov/what-critical-infrastructure

http://energy.gov/sites/prod/files/oeprod/DocumentsandMedia/21_Steps_-_SCADA.pdf

Ferwerda, J., Choucri, N., & Madnick, S. (2010). Institutional Foundations for Cyber Security: Current Responses and New Challenges. Massachusetts Institute of Technology. Retrieved from https://monmouth.desire2learn.com/d2l/le/content/191074/viewContent/1953700/View

Comment by William R. Cumming

April 11, 2015 @ 7:20 pm

Attention Tom Russo: Extract from PKEMRA 2006

‘‘(3) the term ‘catastrophic incident’ means any natural
disaster, act of terrorism, or other man-made disaster that
results in extraordinary levels of casualties or damage or
disruption severely affecting the population (including mass
evacuations), infrastructure, environment, economy, national
morale, or government functions in an area;”

Comment by William R. Cumming

April 12, 2015 @ 7:19 am

IMO the most important Presidential Executive Order issued during the Obama Presidency impacting HS is:

National security and emergency preparedness communications functions; assignment: EO 13618

Yet I cannot find any discussion of it on this blog or any other and no links to any academic articles or grey literature articles that discuss it.

Perhaps the most important aspect of this Executive Order is that like its predecessor it authorizes funding from the approved budgets of all departments and agencies impacted and Congress has also inserted language in federal budgeting law that reinforces this authorization.

It is perhaps the MOST significant example, again IMO, of how the federal establishment can in fact and in law collaborate and cooperate on HS and EP policy formulation, development, and implementation.

Comments?

Comment by William R. Cumming

April 12, 2015 @ 7:30 am

EO 13618 Extract:

Executive Order 13618 of July 6, 2012

Assignment of National Security and Emergency Preparedness
Communications Functions

By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Policy. The Federal Government must have the ability to communicate at all times and under all circumstances to carry out its most critical
and time sensitive missions. Survivable, resilient, enduring, and effective
communications, both domestic and international, are essential to enable the executive branch to communicate within itself and with: the legislative
and judicial branches; State, local, territorial, and tribal governments; private sector entities; and the public, allies, and other nations. Such communications
must be possible under all circumstances to ensure national security, effectively manage emergencies, and improve national resilience. The views of all levels of government, the private and nonprofit sectors, and the public must inform the development of national security and emergency preparedness (NS/EP) communications policies, programs, and capabilities.

Comment by William R. Cumming

April 12, 2015 @ 7:34 am

Note Bene: The term NATIONAL SECURITY is undefined in E.O. 13618 and is undefined elsewhere in the United States Code, including the NATIONAL SECURITY ACT OF 1947, AS AMENDED!

Comment by William R. Cumming

April 12, 2015 @ 7:59 am

IMO FEMA historically and for the most part ignored written Presidential assignments whether classified or unclassified. IMO DHS has continued this tradition labeling many such assignments as UNFUNDED MANDATES.

FEMA historically was a federal agency that did not read, write or understand written documents, issued by Congress or whomever. Perhaps that disease is also endemic in DHS. Best example for DHS and FEMA is PKEMRA 2006.

Since at least one presidential candidate does not believe in the importance of a written record ORAL HISTORY is the future of governance.

So please help me to understand what organization, what staffing, what finding, and what progress DHS has accomplished in implementing E.O. 13618?

Would you be surprised that NO CONGRESSIONAL HEARING HAS EVER BEEN HELD ON IMPLEMENTATION OF THIS EXECUTIVE ORDER OR ANY PF ITS PREDECESSORS?

Would you be surprised that this NS/EP effort started with a JFK Presidential memorandum?

Comment by Tom Russo

April 12, 2015 @ 10:53 am

WRC…thanks for Extract from PKEMRA 2006

What I see here is the term ‘catastrophic incident’ defined in PKEMRA 2006 as describing consequences versus that of planning and preparedness. So we do not have disaster mitigation…it is just mitigation…activities to thwart the consequences of hazards!

I’ll tag onto my “What is a disaster?” piece.

Comment by William R. Cumming

April 13, 2015 @ 6:30 am

Thanks Tom and others for later excellent comments. Some may find some of my posts and comments too technical. Unfortunately IMO I am using this forum to provide the basics for what HS and EM participants at any level of governance need in their KIT. The phases of PREPAREDNESS, RESPONSE AND RECOVERY, MITIGATION AND PREVENTION are covered but some phases [if that is what they are?] barely.

Fortunately, some of the PHASES are well covered in academic or grey literature studies or literature [RAND e.g.] and some not.

I tend to rely on the RECOVERY DIVA’s blog and writings for the RECOVERY phase.

And of course I do like the term RESILIENCE as relating to all phases however labeled.

Comment by William R. Cumming

April 13, 2015 @ 6:40 am

I would like to have links or discussion of the respective roles of CANADA and MEXICO IN US HS and EM.

Two tidbits! Both CANADA and MEXICO have offered official assistance to the USA in some large-scale domestic events and had the offers rejected almost uniformly. The US has offered MEXICO assistance times [e.g. 1984 Mexico City earthquake] and rejected that assistance.

With 90% of the population of CANADA RESIDING WITHIN 100 MILES OF THE US BORDER IMO there should be integrated planning. There is a border agreement recognized by Congress for the Pacific Northwest as a compact. Links and discussion of the effectiveness of this agreement in academic or grey literature would be of interest.

And BTW I have posted on another blog my sense that 100 years down the road the USA will either consist of 70 states or 20. Time will tell.

Comment by William R. Cumming

April 13, 2015 @ 7:03 am

As we as a polity wend our twisted way to the next Presidential election I will continue to write about HS and EM efforts that have been correctly done through Congressional action and Presidential coordination and delegation [often by Executive Order] and full inter-agency coordination.

I continue to find the MANAGEMENT side of the OFFICE OF MANAGEMENT AND BUDGET OF CONCERN FOR ITS UNDER-PERFORMANCE especially on HS and EM.

I am also predicting that one of the two former Directors of OMB, John Kasich or Rob Porter may well end up on the Republican ticket for VP.

After working my way through President Obama’s Executive Orders that represent the way it should be done [few and far between] in order to make some light on how and when the federal government occasionally works pretty well I will do the same for OMB guidance largely published in 2 or 3 CFR.

The last full compilation of currently effective Executive
Orders [with all amendments] was published at the very end of President Reagan’s Presidency in 1989 by NARA. This handy reference should be updated and required to be updated by a statutory amendment to the PRESIDENTIAL TRANSITION ACT.

It should also be noted that legal analysis of Executive Orders and their import is in some disarray. Perhaps President Obama’s immigration efforts now under judicial review will provide some clarity. The lodestone SCOTUS Executive Order decision of course is YOUNGSTOWN SHEET & TUBE v. SAWYER wherein all 9 justices opined on President Truman’s effort to seize the steel mills during the KOREAN WAR and SCOTUS in its majority and concurring opinions rejected that effort.

The US Court of Appeals for the District of Columbia also rejected an effort by President Clinton to bar “strikebreakers” from federal contractors replacing unionized workers.

AS ALWAYS IMPORTANT TO NOTE THAT PRESIDENTIAL EXECUTIVE ORDERS MOST OFTEN ARE USED TO DELEGATE STATUTORY AUTHORITY VESTED IN THE PRESIDENT AND OFTEN USED TO GIVE WH POLICY GUIDANCE. ALL EXECUTIVE ORDERS CAN BE MODIFIED OR EVEN RESCINDED BY SUCCESSOR PRESIDENTS.

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>