Homeland Security Watch

In a post last week, Phil brought to our attention a White House meeting where local law enforcement officials were presented with a framework for identifying “Homegrown Violent Extremists” that included four major mobilizing patterns:

Contact with individuals tied to terrorist organizations

Indicators of ideological commitment

Travel or attempted travel in pursuit of a violent agenda

Seeking weapons or weapons related training

All very sensible, though perhaps seemingly so after the fact. Perhaps at the briefing methodology was shared for determining in advance when these or similar indicators might lead to violence.  Hopefully it was more than what Phil’s brief contained:

According to my sources the law enforcement officials were, “cautioned against adopting a checklist-like mentality incountering the HVE threat. Simplistically interpreting any single indicator as a confirmation of mobilization probably will lead to ineffective and counterproductive efforts to identify and defeat Homegrown Violent Extremists.”

That quote reminded me of the following quote from a not-so-recent blog post at Security Debrief:

Ask yourself, would an artist draw what you see them sketching? Are the photos a person is taking something you would place in your vacation or family photo album? Give yourself the “reasonableness” test. Is it reasonable that the activity is likely tourist or terrorist in nature? Trust your intuition.

The author is Erroll Southers, according to his Security Debrief Blog bio a former FBI Special Agent, President Barack Obama’s first nominee for Assistant Secretary of the Transportation Security Administration, and Assistant Chief of Homeland Security and Intelligence at the Los Angeles World Airports Police Department.

Reasonable advice from a homeland security professional, right?

Perhaps only after the fact.  Not to pick on Mr. Southers, but I’m guessing he rarely if ever visits small art galleries or has participated in “open studios” (these are usually weekends when a number of artists in particular neighborhoods open up their studios–often their homes–to the public to view and perhaps purchase their work) in any of the cities in which he has lived.  I enjoy these events and could not count on my hands the number of photographers I’ve encountered who take pictures of what is considered critical infrastructure.  Dams, electrical grids, nuclear power stations, public transportation, etc.  Not something you might place in your vacation (Hoover Dam anyone?) or family photo albums perhaps, but absolutely striking physical objects that can be rendered quite beautifully by any number of artists.

I have noticed this general extension of “see something, say something” in other venues, numerous papers, and by many a speaker. The unoriginal thinking and lack of imagination is disheartening.  How will the public become true partners in homeland security if the level of engagement largely remains at this level?  Does the whole of community only count those who have the same aesthetic views as homeland security professionals?  And will JIC (just in case) be the enduring legacy of 9/11?

Maybe not, at least if noted baseball writer George Will and others have anything to say about it:

Quentin, who finds aesthetic — and occasional monetary — value in photographs of industrial scenery at night, was equally persistent when deputies ordered him to stop taking pictures, lest they put his name on a troublesome FBI list. He was on a public sidewalk, using a large camera on a tripod, photographing an oil refinery at 1 a.m. He has a master’s degree in fine arts from the University of California at Irvine, so there.

Wednesday the White House hosted a meeting of 46 senior federal, state and local law enforcement officials.

According to the Associated Press, “The Obama administration is providing senior state and local police officials with its analysis of homegrown terrorism incidents, including common signs law enforcement can use to identify violent extremists… The analysis was conducted by the Homeland Security Department, the FBI and the National Counterterrorism Center.”

I was not at the meeting.  But following is an overview of what I am told was briefed.

An interagency team and process examined several cases of Homegrown Violent Extremists (HVEs) that emerged between 2008-2010.  I was not given the precise number of cases, but I have seen reports of  sixty-two cases being considered.  Based on this sample four major “mobilizing patterns” were identified:

Contact with individuals tied to terrorist organizations is one of two indicators that appeared most often in the case studies. This finding is consistent with earlier assessments—based on past cases of domestic and transnational terrorism—that exposure to an extremist with established ties to a terrorist group can be a useful indicator of a radicalized person moving toward violence. More than 90 percent of the subjects examined either communicated directly or had some type of contact with connected extremists as part of their mobilization to violence.

Indicators of ideological commitment also appear frequently in HVE reporting. One of these behaviors—”watching or sharing jihadist videos”—was the second of the two most prevalent indicators noted in the study. Ideological commitment behaviors were observable but at times only in a virtual environment. More than 90 percent of the cases involved HVEs who either watched or shared extremist videos or other propaganda. Just under 90 percent involved HVEs pursuing religious instruction from a person or institution associated with extremist causes.Roughly 80 percent of the cases reflected an individual’s acceptance or approval of violence or martyrdom operations or an intent to engage in them.

Travel or attempted travel in pursuit of a violent agenda was a recurring factor in the HVE cases, also supporting earlier assessments of the importance of foreign travel for violent extremists. Almost 90 percent of  subjects traveled to places with a significant extremist population or to a foreign location explicitly to pursue violence.

Seeking weapons or weapons related training was a common behavior. This more tactically focused aspect of attack planning also entailed online research to acquire technical capabilities, select targets, and plan logistics. Almost 80 percent of subjects pursued weapons training, paramilitary exercises, or the acquisition of related equipment as partof their mobilization. More than half also conducted Internet research to plan their attacks.

According to my sources the law enforcement officials were, “cautioned against adopting a checklist-like mentality incountering the HVE threat. Simplistically interpreting any single indicator as a confirmation of mobilization probably will lead to ineffective and counterproductive efforts to identify and defeat Homegrown Violent Extremists.”

About 5PM Eastern on Wednesday Eileen Sullivan filed an AP story after talking with participants: SEE IT HERE.

While the law enforcement leaders were at the White House, a House Intelligence subcommittee was hearing testimony suggesting big changes in the purpose and role of the DHS intelligence function. According to prepared testimony to me delivered by Philip Mudd,

The growth of our expectations of domestic security, and the evolution of threats away from traditional state actors toward non-state entities — drug cartels, organized crime, and terrorism are prominent examples — suggest that the DHS intelligence mission should be threat agnostic. Though the impetus for creating this new agency, in the wake of the 9/11 attacks, was clearly terrorism based, the kinds of tools now deployed, from border security to cyber protection, are equally critical in fights against emerging adversaries. The DHS enterprise is more complex than other agencies responsible for America’s security, and itsintelligence mission is correspondingly multifaceted. Its intelligence missions range from providing homeland security-specific intelligence at the federal level; integrating intelligence vertically through DHS elements; and working with state/local/private sector partners to draw their intelligence capabilities into a national picture and provide them with information.

The testimony, based largely on a recently completed study and set of recommendations from the Aspen Homeland Security Group , especially emphasizes the DHS comparative advantage in working with state, local, and private sector entities in the non-classified domain.

In contrast to intelligence agencies that have responsibilities for more traditional areas of national security, DHS’s mandate should allow for collection, dissemination, and analytic work that is focused on more specific homeward-focused areas. First, the intelligence mission could be directed toward areas where DHS has inherent strengths and unique value (e.g., where its personnel and data are centered) that overlap with its legislative mandate. Second, this mission direction should emphasize areas that are not served by other agencies, particularly state/local partners whose needs are not a primary focus for any other federal agency. In all these domains, public and private, DHS customers will require information with limited classification; in contrast to most other federal intelligence entities, DHS should focus on products that start at lower classification levels, especially unclassified and FOUO, and that can be disseminated by means almost unknown in the federal intelligence community (phone trees, Blackberries, etc.).

There is an obvious tension between an intelligence function that is “threat-agnostic” and one that emerges from “where its personnel and data are centered.”  This could, however, be a very healthy tension if a threat-agnostic — capabilities-based — approach to engaging the risk environment can be effectively used to decide where personnel are focused and data is gathered.

Yesterday, our friends and fellow bloggers at Wired magazine’s Threat Level recapped the debate between New Yorker writer and prolific author Malcolm Gladwell and NYU academic and social media evangelist Clay Shirky regarding the role of social media in mobilizing and promoting street protests in support of democratic movements around the world. Shirky, predictably, suggests the movements would not have achieved critical mass without social media. Gladwell takes a far more skeptical view, preferring to see in these movements evidence of the democratic impulse as the message of freedom rather than just another medium for it.

Bill Wasik argues that both perspectives have considerable merit. It’s hard to argue that social media had no influence over the scope or scale of the protests, especially their rapid extension across international borders. At the same time, suggesting that social media should receive at least some of the credit for inspiring democratic uprisings overstates their capacity to encourage virtuous behavior. In the end, Wasik seems to side with Gladwell, arguing that social media enable rather than inspire mass movements.

Given the growing zeal among emergency managers to adopt social media this argument is worth noting. Social media have changed the way emergency managers do their jobs. But the way the public responds to disasters has not changed nearly as much despite social media’s widespread use.

Too many emergency managers think of the public as apathetic and uniformed about disasters. This assumption about the public extends to nearly every aspect of their behavior before, during and after disasters. Social media have helped put paid to such notions largely because they make much more readily apparent the actions of people before, during and after disasters.

For starters, social media have made it clear that people in general crave attention and attraction. We need to be known for what we know and what we can do, and we want to share our time and talents with others whose interests affirm or complement our own. We all possess an atavistic, if not innate, need to connect with others that only becomes more acute as the ways we define ourselves becomes ever more specialized and atomized.

Ambiguity makes us anxious. Seeking and sharing information even with those we do not know helps us alleviate stress. This is true even when such sharing does little to improve our circumstances or clarify a desired course of action.

In the absence of altruism, the introduction of social media into this mix should be expected to do little more than provide people with a platform for talking about disasters. But that’s not what we have seen happening. People inevitably do things when confronted with disaster. Being right takes a backseat to doing right.

Social media have changed the emergency management landscape in large part because they enable people far removed from the direct effects of the disaster to affect its outcome. They do this by giving people immersed in an event the instant ability to connect with the resources of a global audience and share more than just their stories.

Social media have made this process easier and faster. But they are not alone responsible for its emergence.

The one thing that may have changed most with the emergence of social media is the balance between the three competing priorities in emergency management: speed, relevance and accuracy.

In the past, emergency managers carefully parsed the flow of information out of fear that incorrect or conflicting information would undermine their credibility, which in turn would compromise efforts to advance response and recovery. Social media have made it much more apparent that people require very little direction from us when it comes to helping each other cope with the after-effects of disaster. Similarly, they are much more forgiving of errors and helpful about correcting them than we tend to imagine in advance.

People clearly see an important place for emergency managers and government officials as honest brokers, which demands of them an authentic voice characterized by empathy, ethics and equity. These three attributes define accountability in the Information Age, and highlight the importance of social media in emergency management.

Waiting to get the message right is no longer an option. Responding quickly is about riding the wave not generating its momentum. And errors of commission are less likely to be judged harshly than errors of omission, especially when they display relevance, which is to say they reflect a reasonable effort to mobilize or manage collective action to make things better.

Like the street protests and insurgent democracy movements around the world, the past year’s disasters and emergencies have demonstrated the important but not central role of social media in enabling humane action. This impulse arises not from the media but rather from the message. Any fears that social media would combine with Americans’ couch-potato culture to render public responses ever more passive have proven unfounded.

The Strategic National Risk Assessment was written to support the National Preparedness Goal.  You can download an unclassified summary of the National Risk Assessment at this link. (Thank you to the person who sent me the link.)

The seven page summary includes these sections:

1. Overview
2. Strategic National Risk Assessment Scope
3. Overarching Themes to an All-Hazards Approach
4. Analytic Approach
5. Limitations
6. Impacts and Future Uses
7. Conclusion

Here is an excerpt from the Overview:

The Strategic National Risk Assessment (SNRA) was executed in support of Presidential Policy Directive 8 (PPD-8), which calls for creation of a National Preparedness Goal, a National Preparedness System, and a National Preparedness Report.

Specifically, national preparedness is to be based on core capabilities that support “strengthening the security and resilience of the United States through systematic preparation for the threats that pose the greatest risk to the security of the Nation, including acts of terrorism, cyber attacks, pandemics, and catastrophic natural disasters.”

… The assessment was used:

• To identify high risk factors that supported development of the core capabilities and capability targets in the National Preparedness Goal;
• To support the development of collaborative thinking about strategic needs across prevention, protection, mitigation, response, and recovery requirements, and;
• To promote the ability for all levels of Government to share common understanding and awareness of National threats and hazards and resulting risks so that they are ready to act and can do so independently but collaboratively.

The subsequent pages provide an overview of the unclassified findings and the analytic approach used to conduct the SNRA. It should be emphasized, however, that although the initial version of the SNRA is a significant step toward the establishment of a new homeland security risk baseline, it contains data limitations and assumptions that will require additional study, review, and revision as the National Preparedness System is developed. These limitations are discussed below, and future iterations of the assessment are expected to reflect an enhanced methodology and improved data sets.

Below is a chart (taken from the Assessment) that summarizes:

… a series of national-level events with the potential to test the Nation’s preparedness….

For the purposes of the assessment, DHS identified thresholds of consequence necessary to create a national-level event. These thresholds were informed by subject matter expertise and available data. For some events, economic consequences were used as thresholds, while for others, fatalities or injuries/illnesses were deemed more appropriate as the threshold to determine a national-level incident.  In no case, however, were economic and casualty thresholds treated as equivalent to one another (i.e., dollar values were not assigned to fatalities). Event descriptions in [the table below] that do not explicitly identify a threshold signify that no minimum consequence threshold was employed. This allows the assessment to include events for which the psychological impact of an event could cause it to become a national-level event even though it may result in a low number of casualties or a small economic loss. Only events that have a distinct beginning and end and those with an explicit nexus to homeland security missions were included.

This approach excluded:

• Chronic societal concerns, such as immigration and border violations, and those that are generally not related to homeland security national preparedness, such as cancer or car accidents, and;
• Political, economic, environmental, and societal trends that may contribute to a changing risk environment but are not explicitly homeland security national-level events (e.g., demographic shifts, economic trends).

These trends will be important to include in future iterations of a national risk assessment, however.

If you have questions or comments about this initial effort to share the results of the national risk assessments, please let me know (in the comments section of this post) and I will ask around for answers.

Last Tuesday, Nick Catrantzos, suggested here that reports of the Springfield, Illinois “cyberattack” might have more to do with “Naïve or myopic cyber professionals whose over attention to expediency permits convenient remote access for their technical support colleagues with insufficient attention to the exposure that this condition creates,” than with an attack by foreigners.

He’s right, according to Friday’s Washington Post story by Ellen Nakashima:

A water-pump failure in Illinois that appeared to be the first foreign cyberattack on a public utility in the United States was in fact caused by a plant contractor traveling in Russia, according to a source familiar with a federal investigation of the incident….  The contractor, who had remote access to the computer system, was in Russia on personal business, the source added.

Score one point also for DHS officials who insisted on getting the facts correct before someone lobbies congress for a 350 trillion dollar Water Attack Security Target Enforcement program:

… officials at the Department of Homeland Security, which oversees industrial control system cybersecurity, cautioned from the outset that the report contained “no credible, corroborated data.”

The water pump in question had been experiencing problems, turning on and off and eventually failing, water district board members said. The pump has malfunctioned several times in recent years, a DHS official said.

The “international authority on cybersecurity” who (apparently) first made public the information in the Illinois State Terrorism and Intelligence Center (STIC) report responded to the new details about the attack by attacking:

This [the conflict between the STIC and DHS reports] begs the question why two government agencies disagree over whether a cyber event that damaged equipment had occurred at a water utility….

There are numerous critical infrastructure table-top exercises that assume that notifications such as the STIC report are sufficient to initiate the cyber attack response process. If DHS turns out to be correct in its assumptions, then anyone acting on the STIC warning would have been wasting precious resources addressing a problem that doesn’t exist. At issue is that we need to be quickly informed if an event has occurred so that others who have similar equipment or architectures can take steps to protect themselves in case the event spreads. However, this requires both timely notification and correct information. Right now, it seems that neither of these two conditions may exist in this case.

We now have to wait for DHS and the other government agencies to come to agreement and let us know what has happened. If the STIC report is correct, then we have wasted precious time and allowed many others in the infrastructure to remain potentially vulnerable while we wait to find out if we should do anything.

Perhaps that’s a restatement of the classic expectation of intelligence: “give us accurate, timely, and actionable information.”

Welcome to another dimension of the big data problem.

Or, as our buddy prOf might say, “Take the f*%#!&g SCADA off the internet.”

John Quincy Adams is often quoted as having said, “One useless man is a shame, two is a law firm, and three or more is a Congress.” Another unnamed sage quipped, “Congress is continually appointing fact-finding committees, when what we really need are some fact-facing committees.” This past month’s acrimonious debt debates have done nothing to disprove either theorem despite their success in passing legislation to avert the nation’s first-ever default on its public debt.

It’s easy to see the tortured process of the past month and the polarized politics propelling the participants as a product of a deeply ambivalent body politic. But that would be too convenient and untrue to boot.

As Steven Kull, director of the University of Maryland’s Program for Public Consultation explained in a recent article, surveys indicate that the public at-large is much more reasonable and responsible than its representatives in Congress. Clear majorities of self-identified Republicans supported higher taxes and fewer spending cuts than those adopted yesterday. Likewise, a substantial proportion of self-identified Democrats were more than willing to amend entitlement eligibility criteria and make broader and deeper cuts to prevent default.

Politicians that pay too much attention to the polls are often derided by their rivals, who like to allege that this tendency suggests a lack of leadership ability closely akin to a moral failing. Direct democracy has its proponents, but few of even the most ardent advocates of participatory democracy would argue that it serves as either an efficient or effective way of making complex and critical decisions like those surrounding the federal budget and deficits. But how much messier would it really be than what we have all just witnessed?

The dynamics of group decision-making intrigue me. In his 2005 bestseller The Wisdom of Crowds, James Surowiecki, addressed the strengths and weaknesses of group decision-making to three particular kinds of problems:

• Cognition problems, which require decision makers to infer unknowns from known conditions;
• Coordination problems, which require decision-makers to achieve efficient outcomes under uncertain, competitive conditions; and
• Cooperation problems, which involve getting “self-interested, distrustful people to work together, even when narrow self-interest would seem to dictate that no individual should take part.”

I think it’s self-explanatory which type of problem deficit-cutting most closely resembles. Surowiecki argued that effective group decision-making in all of these situations depends on three conditions: 1) diversity, 2) independence, and 3) (a particular kind of) decentralization. Congress fails on all three counts, and the process proposed in the legislation for goading our representatives into action does little if anything to improve this sorry situation.

Surowiecki notes that diversity and independence matter — particularly when solving cognition problems — “because the best collective decisions are the product of disagreement and contest, not consensus or compromise.” Decentralization on the other hand mediates the influence of disagreement and conflict because “Groups benefit from members talking to and learning from each other, but too much communication, paradoxically, can actually make the group as a whole less intelligent.”

Balancing the three decision-making prerequisites is clearly a challenging endeavor, and sometimes more difficult than the problem itself. As a result, some of the best decision-making methods use mechanisms like market-pricing and intelligent voting systems to aggregate individual judgments to produce more accurate representations of the collective mind than would otherwise emerge from direct communication among participants.

These observations may or may not suggest the need for Constitutional or procedural reforms to make Congress function more efficiently and effectively when dealing with such contentious issues. But they should inform our assessment of what it takes to improve the performance of programs and activities affected by the looming budget cuts resulting from yesterday’s Grand and Smelly Compromise.

How might we engage the wisdom of crowds to improve the performance of homeland security and domestic intelligence operations? What applications of these or related concepts are already bearing fruit?

Watching Pakistan I have often been reminded of the anecdotes of Procopius regarding the late Roman-early Byzantine court of Justinian.  To share these impressions would, however, be even more pedantic than yesterday’s endorsement of Immanuel Kant.

I am glad that someone closer to Islamabad seems to see a similar pattern.   Following is an essay published earlier today by Irfan Husain in DAWN.  I have only excerpted a bit of the beginning.  The whole essay is worth your reading: A History of Bungling.

–+–

The space between an admission of gross incompetence or of complicity in a major crime is full of humiliation and pain.

This is the place Pakistan`s ISI finds itself in the wake of Osama bin Laden`s killing in Abbottabad.

The country`s premier intelligence agency is being accused by many of knowing where the Al Qaeda chief has been hiding for the last five years. His extended presence in Abbottabad, close to the country`s elite military academy, has raised troubling questions.

But when faced with a choice between official bungling and thuggery, I`d go for ineptitude every time. While looking at a crime, the first thing an investigator asks is: ` Cui bono ?`, or `Who benefits?”

In the case of Bin Laden`s long residence in Pakistan, the country`s security establishment clearly had nothing to gain by concealing his presence.

In the past, several major foreign Muslim terrorists have been captured in Pakistan with the ISI`s cooperation. The names of Aimal Kansi, Yusef Ramzi, Abu Zubaydah and Khalid Sheikh come to mind. Lesser figures have been fingered for drone strikes, deportation to Guantanamo Bay, or for interrogation by the Americans elsewhere.

It has long been Pakistan`s tacit policy that it would crack down on foreign fighters and terrorists, while maintaining an ambivalent attitude towards jihadi groups who might be of use in Afghanistan at a later date.

Bin Laden was clearly a distraction and an embarrassment. He was of no possible strategic value to Pakistan, now or later; 9/11 had made him a toxic liability, and he was too much of a hate figure around the world for the ISI to risk sheltering him. In addition, with a $25m reward on Bin Laden`s head, do we really think our spooks are so high-minded that they would resist the temptation to turn him in?

So me, I`d go for the bungling option rather than for any of the conspiracy theories doing the rounds in Washington and around the world…

MORE

I must admit that like most of you (I assume) the news that U.S. special forces had killed Osama bin Laden and recovered his body from a compound in Abbottabad, Pakistan came as a bit of a surprise. But my surprise at that fact pales in comparison to my impressions arising from the openness displayed by the administration in discussing details of the operation and its implications on future policy options.

Much of what needs to be said about the skill and courage of the President and those who conceived and carried out the mission has been said many times over in the past few days. How salient is it, however, that we can acknowledge and discuss the basis for our opinions about the performance of these individuals rather than relying solely on our predispositions to trust the opinions of others? In light of the consequences of public opinion on ongoing support for operations in Afghanistan, Iraq and elsewhere, it strikes me a particularly important that people not only can reach conclusions of their own about these actions, but also that they seem to be doing so without any particular help from the punditocracy. (This, of course, in no way deterred the talking heads from babbling, often incoherently, about the whole affair. Despite substantiation of leaks about the subject of the President’s remarks, their distracting dialectic diminished in quality as the interval between the scheduled start of President Obama’s address and his actual appearance became increasingly delayed.)

The policy environment surrounding national defense and homeland security are filled with discontinuities and uncertainty despite bin Laden’s demise. How will we end our involvement in Afghanistan? Will the government of Iraq to extend agreements for the U.S. military to continue advice and support arrangements? How will the administration and Congress resolve their pitched political differences over fiscal restraint and debt reduction without undermining our ability to meet commitments here and abroad?

Notwithstanding the release of some erroneous information that has required correction and elaboration today, the administration seems to have done itself (and us) a huge favor by making as clear as possible the basis of its assessment that al-Qaeda and its affiliates remain a threat to the U.S. and its interests. They have also made it clear that lessons about cooperation and information sharing have been learned. And perhaps most important of all, they have demonstrated the potency of patience, confidence, determination and resolve when exercised in the right proportions.

These lessons reinforce one last point: The success of this operation was not so much the product of superior technology or the investments of vast sums of money (although both undoubtedly helped ensure the careful and skillful execution of this mission), but rather the diligent and precise application of human and social skills in gathering, processing and acting on intelligence, which included precise and scrupulous attention to the most minute details.

Much more of this story remains yet to be told. But this should not hinder our understanding of the extraordinary efforts that led to this achievement nor discourage us from continuing the work required to protect our country and others affected by the threat of violent extremism.

Thursday the nation’s intelligence chiefs appeared before the House Permanent Select Committee on Intelligence.  Below is the line-up of those testifying. As of February 12 only the DNI’s testimony is linked on the Committee’s website (and below).   I cannot — yet — find other prepared testimony.

Media and partisan attention has, as usual, focused less on the substance of the prepared remarks and much more on two spontaneous comments by Messrs. Clapper and Panetta.

Given the dramatic events unfolding in Egypt it was inevitable — and really entirely reasonable — that the live testimony would focus mostly on making sense of the immediate crisis.  This opportunity might have been embraced as an opportunity for intellectual humility and honest examination of the innate limitations of intelligence analysis and operations.  But humility does not often make an appearance inside the beltway; nor on rare appearance is humility usually rewarded, quite the contrary.

James R. Clapper, Director of National Intelligence

Click immediately above for full prepared testimony. Answering a question about the Muslim Brotherhood, he characterized it as, “a very heterogeneous group, largely secular, which has eschewed violence and has decried Al Qaeda as a perversion of Islam.”  See more from ABC News and The Telegraph.

Leon E. Panetta, Director of the Central Intelligence Agency

The CIA Director offered committee members, “I got the same information you did, that there is a strong likelihood that Mubarak may step down this evening.”  When a few hours later the Egyptian President decided to spend one more night in office, Panetta’s statement and judgment became a target.  See a thoughtful take by Jena McGregor in the Washington Post.

Michael E. Leiter, Director of the National Counterterrorism Center

I cannot find the February 10 testimony to the Intelligence Committee, but you can read the February 9 testimony to the House Homeland Security Committee: Understanding the Homeland Threat Landscape.

Lieutenant General Ronald L. Burgess, Director of the Defense Intelligence Agency, Department of Defense

Robert S. Mueller, III, Director of the Federal Bureau of Investigation

Back in September Director Mueller testified to the House Homeland Security Committee on Nine Years after 9/11 Confronting the Terrorist Threat to the United States.

Caryn A. Wagner, Under Secretary for Intelligence and Analysis, Department of Homeland Security

In late September 2010 Ms. Wagner testified before the House Committee on Homeland Security Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment.

Thomas A. Ferguson, Principal Deputy Under Secretary of Defense for Intelligence, Department of Defense

Philip S. Goldberg, Assistant Secretary of State, Bureau of Intelligence and Research, Department of State

If any HLSWatch readers find the missing prepared testimony — or especially good coverage of the hearing — please provide a link in the comments.  By “good coverage” I mean attention to the threat analysis, not just supposed gaffes in answering questions.  With thanks to Librarian Stephanie (see comments) you can also access video coverage of the live hearing from CSPAN.

Retrospectively, over the last year and more the best sustained intelligence and analysis on Egypt has probably been forthcoming from the Carnegie Endowment for International Peace and especially its Bipartisan Working Group on Egypt.  Carnegie products on Egypt and the Muslim Brotherhood — developed prior to the current crisis — are available from the Carnegie Guide to Egypt’s Election.  More current analysis is available from the Carnegie Endowment’s Middle East Program.

Today’s post was written by Nick Catrantzos.  Nick is the lead author of the All Secure blog and is the security director for a large public organization.

————————————-

What’s in a lead about suspicious activity, and whence the gulf between how defenders and official lead processors react to it?

The answer says a great deal about how far our homeland security partners have advanced in gearing their efforts for preventing terrorist attacks instead of focusing top priority on prosecuting attackers. The way one answers also reveals instantly whether one is a defender or an official unburdened by direct responsibility for protecting a target of terrorist attack. Take this example and follow its course to appreciate the difference.

EVENT: A person drives up to a fenced facility whose purpose is to control electricity, water, or telecommunications serving millions of citizens. This person then takes several photographs of that facility and of the entrance to it before driving away. Staff or security cameras at the facility capture the photographer’s description and license plate number. An employee from that facility then reports these details through channels that ultimately reach the local fusion center. This center is where homeland security partners take in and presumably do something with all the information generated by their bosses’ “See something? Say something!” campaigns. What should happen next? It depends.

IF YOU ARE A DEFENDER …

An analyst or duty officer calls up the license plate number and hands the details to a law enforcement officer on duty. This officer immediately calls the registered owner of the vehicle driven by the photographer, communicates official interest and concern over the actions of the photographer, and ascertains the photographer’s intent while clearly signaling that such activity is monitored, acted upon, and taken very seriously. Result? Deterrence. Even if the photographer’s actions trace to some innocent, plausible explanation, a clear message goes out that somebody is watching and that suspicious actions trigger real time response. If a terrorist was taking pictures as part of a target selection or pre-strike surveillance operation, the dividend is greater. The same message goes out disrupting the attack and in effect causing the would-be attacker to pick a softer target.

But there is an alternative reaction which misses this deterrent effect while consuming much more time and resources.

IF YOU ARE A LEAD PROCESSOR …

You see the situation differently. You see your job not as deterring attack but as launching investigations that take attackers down and put them behind bars. So, what happens? Well, you evaluate the lead. Let’s see, there’s not too much there to justify an investigation. There are more of these leads than investigators to handle them. Besides, you probably need a supervisor to authorize an investigation. This means more processing delay. Net result? Note and file. Thank the defender for the lead. Not enough to go on, though. Maybe next time …

What signal does the latter approach transmit? To the photographer — innocent or nefarious — it says no one will stop or question you or stand in your way. To the defender, it communicates indifference and bureaucracy that disincentivizes future participation in passive or one-sided homeland security “partnerships.”

To the public at large, the handling of such events reveals just how much our organs of homeland security have in reality taken to heart the message of the Attorney General in November 2001 when he announced that, henceforth the new priority would be prevention, not prosecution. If the second approach is crowding out the first, this is not necessarily the fault of fusion centers and lead processors. It is a failure of leadership to incentivize timely responsiveness for deterrence that is hard to measure over traditional investigative case handling that lends itself better to metrics but not to the object sought. And so we chew and chew on the very leads that a quick bite and swallow would handle better, leaving our vaunted partnerships infused with a bovine incapacity to deliver the value they were created to produce.

July’s Washington Post investigation of the national security and intelligence system continues to live —  least on the internet, its blogosphere suburbs, and (in October) on public television’s Frontline.

Jessica Herrera-Flanigan summarized the size of the intelligence enterprise in her July 19th post. :

• 45 organizations (with 1,271 sub-units) engaged in top-secret work.
• 1,931 companies engaged in top-secret work for the government.
• 854,000 individuals  hold top-secret security clearances.
• Over 50,000 intelligence reports published each year.
• A $75 billion (public number) intelligence budget for 2009.

What does the nation get for those numbers?  What does it lose?

Today’s post is from a colleague who is a member of what might be called the pre-9/11 intelligence community. Her essay was written before the Washington Post investigation was published.

She writes specifically about the growth of fusion centers (there are now more than 70 of them).  But she makes a larger point that something important may have been lost amidst the growth of Top Secret America and homeland security.

——

Recently, the joys that accompany homeowner responsibility found me on my way to the local Home Depot to purchase the supplies necessary to fix a leaky kitchen faucet. I arrived at the store lacking any anxiety about the shopping trip.  After all, I was bound to easily locate my required plumbing supplies at the largest home-improvement retailer in the United States… or was I?

Two hours later, the same, but now greatly decreased, joys of home ownership found me at my local hardware store, where the anxiety created by my Home Depot visit was alleviated by the knowledge and helpfulness of the familiar owner.

As I made my way back home, finally armed with the correct supplies to complete my project, I thought about the reasons I had encountered such obstacles at Home Depot. I realized the big-box concept that initially gave Home Depot its innovative value had been overcome by inconvenience and a loss of trust due to unfamiliarity. The resulting experience was less efficient and more time-consuming, thereby negating any monetary savings.

Upon further reflection, I recognized many similarities between my Home Depot visit and the problems besetting homeland security in the United States. Since the events of 9/11, the number of individuals working in the homeland security field has greatly increased. New initiatives abound, most of which consist of adding people and resources as the solution to any and all problems.

But given the current issues within this field, including the struggle for success of fusion centers, mission creep between agencies, and vast duplication of responsibilities, are the solutions working? Or has the safety of our nation fallen victim to big-boxization?

People working counterterrorism matters prior to the terrorist attacks of 9/11 were part of a much smaller cadre of personnel focused on the security of our homeland. They operated through a voluntary collaborative effort on Joint Terrorism Task Forces (JTTFs), before the days when collaboration became a forced requirement. They worked as a team, before the days when that team became a behemoth. They knew the right people to contact for the right information, before the days when all of those people were required to sit in the same location.

Revisiting my Home Depot experience, I can draw many parallels with the current problems found in homeland security and, specifically, within the fusion centers that have been established allegedly to ensure information sharing between federal, state, and local stakeholders.

Similar to the various departments within a Home Depot store, the fusion centers are staffed by people representing various agencies, levels of government, and areas of expertise. But just as the salesperson assigned to the electrical department at Home Depot could not assist me when I couldn’t locate a plumbing representative, the physical co-location of personnel within a fusion center does not produce the ease of one-stop shopping.  Instead, issues of security clearances, proprietary information, and the lack of data interoperability cause the same refrains to be echoed throughout the fusion centers as I heard in Home Depot: “Sorry, ma’am, that’s not my department.”

My inconvenience at Home Depot was further exacerbated by the sales staff’s lack of familiarity with the local community. I live in a town home community built in the 1940s and, as is often the case, the historic nature of my neighborhood is accompanied by many quirks in construction and materials. The plumbing salesperson at Home Depot (who I finally located) did not know anything about my neighborhood and its quirks.  His penchant for guessing what supplies I needed did not increase my confidence or trust in his knowledge.

When I finally abandoned my attempts to succeed in Home Depot and went to my neighborhood hardware store, I was greeted by the long-time owner who was intimately familiar with the inner workings of the construction of my townhouse. Combined with his broad-based knowledge of every item on the shelves within his store, his familiarity immediately fostered my trust that I would walk out of that store with the correct supplies.

The large number of agencies and personnel being pushed into fusion centers risks creating the same lack of familiarity exhibited by the Home Depot salesperson. Only time will tell whether this familiarity, and corresponding trust, will be established. The common physical location of personnel may not be the answer to full collaboration because, as is seen in Home Depot, the issues of stovepiping and the lack of broad knowledge still remain, no matter how many people and resources are assigned to a single location.

I know for certain that I will not be visiting Home Depot the next time I need home improvement supplies. Instead, I will return to my neighborhood hardware store in which I have full confidence. Will I soon say the same about homeland security and avoid the fusion center, as I long for a return to the days of the “mom and pop” version of counterterrorism?

People in the intelligence community deal in some of the most sensitive and cynical information about our government and its operations against our adversaries. It’s no wonder spies are not generally known for their senses of humor. That said, it’s a quality that really ought to be more highly prized. If the recent remarks of James Clapper, President Obama’s nominee to become the fourth director of national intelligence, are any indication, we might have a winner.

In last week’s Washington Post series on burgeoning intelligence community contracting, Clapper was quoted as having said to a reporter that the only entity in the universe with visibility into all special access programs is God. During his confirmation hearing, he was quoted as having observed in response to a question about the series, “One man’s duplication is another man’s competitive analysis.” Funny stuff, really. At least as far as I am concerned.

Characterizing the proliferation of overlapping jurisdictions and the growth in outsourcing of analysis and technical capabilities as competitive analysis is either euphemistic or optimistic. Either way its worth asking how we would know what this incredible investment of national wealth and talent is worth to our national security.

On one hand, we are regularly reassured that al Qa’ida and its affiliates have failed to launch a successful attack against the United States homeland since the 9/11 attacks. This argument asks us to accept facts not in evidence (at least publicly), as it depends on the presumption that our intelligence community operatives are routinely interdicting our adversaries before they can cause us harm.

Over the past two years, however, a new threat has emerged in the form of homegrown, lone wolf Muslim radicals. In each of the last three attacks — Ft. Hood, the Christmas Day underwear bomber, and the amateurish Times Square vehicle-borne improvised explosive device — the perpetrators gained training or encouragement from overseas operatives. That none of them succeeded on a scale comparable to previous attacks is not for lack of trying.

If we were to judge solely by the President’s reactions to these attacks, we should wonder what if anything we are getting for our increased investments in the intelligence community. The President himself has characterized these attacks as evidence of failure.

I understand the media interest in the intelligence community, but what really impresses me is how our fellow countrymen are responding since 9/11. People are far more aware of threats to our security and seem far more willing to become involved when they see something’s not right. In the absence of specific, direct investments in building the capacity of citizens to contribute to homeland defense and security and actively enlisting them in efforts to identify and assess threats, it seems safe to say that these actions on the part of the public have occurred in spite of, not because of, all the money we spent expanding intelligence community capabilities.

If we were to judge by results alone, the better investment is clearly an informed and engaged public. But that’s not currently on the table and no one is offering it despite evidence that the Washington Post series’ gravest potential impact is the further erosion of public trust and confidence in government administration and oversight of covert intelligence spending.

If General Clapper becomes the next director of national intelligence, which seems pretty certain at this point, we have little reason to believe that anything significant will change in our intelligence posture. This strikes me as a lost opportunity. The comparative advantages of engaging the public in the homeland security mission are much clearer than those associated with the competitive analysis of intelligence.

I received the following from a sometimes commentator on this blog:

The Washington Post will run a series of stories… that will contain a compendium of government agencies and contractors allegedly conducting Top Secret work.  The stories will also include an interactive database.

One agency affected by the stories issued the document republished below.

From an operational perspective, …[p]ublishing the locations of these facilities could be problematic from a safety and security concern.

From an academic perspective, how do we reconcile the desire to safeguard our country from foreign and domestic adversaries in an global environment that rewards the near real-time release of sensitive or classified information?

———————————————-

Notice to Industry Partners

Subject: Potential Disclosure of Contract Information

Early next week, the Washington Post is expected to publish articles and an interactive website that will likely contain a compendium of government agencies and contractors allegedly conducting Top Secret work. The website is expected to enable users to see the relationships between the federal government and its contractors, describe the type of work the contractors perform, and may identify many government and contractor facility locations.

Publication is expected starting July 19, 2010 with additional articles published thereafter. We request that all _____ contractors remind all cleared employees of their responsibility to protect classified information and relationships, and to abide by contractual agreements regarding non-publicity.

Employees should be reminded that they must neither confirm nor deny information contained in this, or any, media publication, and that the publication of this website does not constitute a change in any current ____ classifications. They should also be reminded that if approached and asked to discuss their work by media or unauthorized people, they should report the interactions to their appropriate security officer.

Foreign intelligence services, terrorist organizations, and criminal elements will have potential interest in this kind of information. It is important that companies review their overall counterintelligence posture to ensure that it is appropriate. Specifically, we recommend that companies affected by this publication and website assess and take steps to mitigate risk to their workforce, facility and mission, to the extent consistent with your contractual relationship with ____. These steps should include re-enforcement of security and counterintelligence protections and steps to enhance workforce awareness. CI and security events related to the publication of these articles and website should be reported through normal company channels to the ___Security office. For the time being, thresholds should be lowered to aggressively report anomalous behavior.

Should your management or public affairs offices be contacted by the media, any response must be consistent with your contract. If appropriate, you may also refer media inquiries to ___

In the opening days of his administration, President Obama wrote, “I believe that Homeland Security is indistinguishable from National Security — conceptually and functionally, they should be thought of together rather than separately.  Instead of separating these issues, we must create an integrated, effective, and efficient approach to enhance the national security of the United States.” (See: Presidential Study Directive 1)

I testified against this proposition before the House Homeland Security Committee.  I continue to have conceptual and functional reservations.  But today I will embrace the President’s belief and offer a prescription for improving integration, effectiveness, and efficiency.

For this purpose, greater energy and attention  should be given to a specific recommendation of the Quadrennial Homeland Security Review.  From page 71 of the QHSR:

Build a homeland security professional discipline: Develop the homeland security community of interest at all levels of government as part of a cadre of national security professionals. A well-documented need within the national security community is a professional development program that fosters a stable and diverse community of professionals with the proper balance of relevant skills, attributes, experiences, and comprehensive knowledge. Executive Order 13434, “National Security Professional Development,” initiated a program for developing interagency national security professionals through access to an integrated framework of training, education, and professional experience opportunities. We must work together with our national security partners in bringing that important idea to fruition. As part of that effort, we must take steps to create a homeland security community of interest across the enterprise. Three elements of professional development are education, training, and experience via developmental assignments. State, local, tribal, and territorial governments, DHS and other Federal agencies, and academic institutions have taken important steps to build programs to support these key areas and will continue to emphasize enterprise-wide approaches to enhancing homeland security professional development.

The National Security Professional Development (NSPD) program established under Executive Order 13434 (May 17, 2007) has, to date, been implemented with a bureaucratic minimalism that  has done nothing to enhance capability or capacity in either National Security or Homeland Security, much less for the Platonic form in which these security shadows become an indistinguishable whole.

Today (and for most of the last seventy years) there are various orders of a national security priesthood.  The combination of rigorous education, apprenticeship, mentoring, and field experience required for ordination is reminiscent of the Jesuits at high tide.   There is also competition — sometimes friendly, sometimes not — between the national security analogs of Jesuits, Benedictines, and Franciscans spanning the military, diplomacy, intelligence, and related.

Into this mix the so-called homeland security professions — law enforcement, fire, emergency management, public health, and more — arrive like so many fancy-dressed laity. We are Knights of Columbus who the priestly orders tolerate, encourage, or dismiss depending on personal taste or particular need.

EO 13434 and PSD-1 and the QHSR seem to say that priests and laity should learn together and collaborate toward the same purpose.   If the NSPD  program was undertaken earnestly and mindfully over the next thirty years then, perhaps, the President’s vision could be achieved.   Such is not the case today, to our detriment.

Today’s guest blogger is Judith K. Boyd.  Boyd is a Senior Fellow at the Long Island University’s Homeland Security Management Institute.

————————————–

Nature has been using fractal geometry to solve complex problems since the beginning of time.   Perhaps it is time for homeland security professionals to tap into this mechanism to solve those nagging problems that don’t seem to be going away, such as, what causes a seemingly normal person to want to put a bomb in Times Square?

In his 1975 ground breaking book, “Fractals:  Form, Chance, and Dimension,” Dr.  Benoit Mandelbrot asserted that many forms in nature can be described mathematically as fractals, shapes that appear to be jagged and broken.

A fractal is created by taking a smooth looking shape, such as a triangle, and breaking it into pieces, over and over again.  Through the application of this simple principal, you are able to to transform that simple shape into a figure rich with complexity and texture.

The inverse of the fractal principle is that you can take something that appears to be complex and break it down into the repeating patterns that build upon each other to create the larger whole.

We can see this demonstrated graphically in the well-known woodcut, “The Great Wave off Kanagawa,” produced by the Japanese artist Hokusai in 1832.  From afar, we see an image of a large wave about to crash over a small fishing vessel.  And yet, if we look closer, we can see that the large wave is actually comprised of a repeating pattern of smaller waves.

The curves that repeat over and over are not random but rather, according to Mandelbrot, predictable shapes that can be described in mathematical terms.

How to apply this new language, especially in this age of nearly unlimited computing ability, is  yet to be fully realized.  However, it is clear there is tremendous potential for solving what have been seen, up until now, as unsolvable problems.

For example, when you plot the intervals between heartbeats and expand them, healthy heartbeats have an interval that may be measured through a distinctive fractal pattern.  Scientists such as Dr. Ary Goldberger at the Harvard Medical School have been analyzing how this signature may allow cardiologists to discover when a patient has a heart problem long before the heart attack occurs.

Another scientist, biophysicist Dr. Peter Burns in Toronto, Canada, has been studying how to develop mathematical models to detect small tumors.  Conventional technology, such as ultrasounds, do not have the capability to show the network blood vessels that grow around tumors as small as few tenths of a millimeter across in diameter. But an ultrasound does provide a very good image of the movement of blood.  Burns and his colleagues used the simple rules of fractals to create models of “normal” blood vessel activity — a well-organized network of vessels not unlike the branches of an elm tree.  This model may then be compared to an ultrasound image of a patient who might have a tumor.  Analyzing the image with fractal geometry principals reveals a pattern of blood flow not like a strong limbed tree but rather, a tangled mess of shrubbery.

This approach turns on its head the conventional wisdom that technology must get more and more precise in order to inform the doctor.  What fractal geometry allows us to do is analyze information available today in the absence of far more precise and intrusive technology.  The reason for this is because the human body, like nature, repeatedly demonstrates a tendency to naturally select those features and activities that are the most efficient and most productive.  Hence, the potential to understand what is “normal” and through comparison, identify what is not.

What else can we “see” through the application of fractal geometry?

If we view humans and societies as machines, the potential to apply these rules begins to emerge.  If the ideas of al Queda are viewed as a network that is self-sustaining, what is the relationship between mass and energy use?  How much energy does the movement require to grow and branch off?  What are the trigger points for a new branch or offshoot to develop?  According to fractal code, there are rules that identify the pre-defined trigger points that will lead to a new branch off-shoot.   Hence, what appears to be a complex network is in reality, a repeatable process.  If you understand what makes the tree grow, you will understand how the rainforest is sustained.  Taken to its logical end, we should be able to understand the sum by analyzing just a few of its parts.  It may not be coincidence that Faisal Shahzad and Najibullah Zazi had roots in working or middle-class society, some college education and no previous criminal record.

Note to all Intelligence Community recruiters:  hire more mathematicians!

————————————–

Note: If you are interested in learning more about fractals, here is a link to a 1 hour video from NOVA, called Hunting the Hidden Dimension

Tomorrow afternoon, I am scheduled to participate in a panel discussion on crisis management and technology at Portland State University’s Mark O. Hatfield School of Government. The event, sponsored by the campus chapter of Pi Sigma Alpha — the political science honor society, asks what role technology can or should play in helping us respond to 21st century crises.

The organizers tell me their focus remains squarely on crisis management not technology. The question in their minds is not whether technology has a place in managing crises, but how we should define that place. How, they wonder, will we know whether or not technology is helping us? From a practitioner’s perspective, this struck me as a very good question, and one that does not get asked often enough.

From where I sit, crisis management succeeds or fails on how well leaders manage its four phases, which I define as:

• Awareness
• Ambiguity
• Adaptation
• Accountability

Awareness involves signal detection, which in turn depends upon the salience of signals to those responsible for detecting and responding to them. Technology can improve signal to noise ratios, but may dull the sense of salience as people become overwhelmed by inputs, especially if those responsible for designing or operating the system lack contextual intelligence (see Nye 2008).

Ambiguity not uncertainty is the dominant feature of complex systems and their relationships with their environments, and no more so than in when these systems are in crisis. Successful decision-making in crisis situations depends not so much on the ability to gather information or even to organize it as it does on seeing the meaning or patterns hidden within it. Humans remain far better at reconciling the relevance of inconsistent, incomplete, competing, and even conflicting information than cybersystems. Ensuring such systems support the strengths of the people responsible for making decisions rather than using them to overcome weaknesses seems to me an essential step in preventing these systems from compounding rather than correcting our problems.

Most crises are adaptive not technical challenges (Heifetz & Laurie 2001). Although many crises present us with problems that require technological assistance, their hallmark remains the need to see our relationship with the problem and its environment differently from the way we did before our situation became apparent. Dietrich Dörner (1997) demonstrated that most of our problems managing adaptive challenges arises not from their scope or scale so much as our inability to see them as complex webs of interdependent variables that interact in subtle but important ways. His experiments demonstrate that we are particularly ill-equipped to manage situations in which these interactions produce exponential rather than quasi-steady changes in the situation. He further concludes, that when confronted with such problems, we have an altogether too predictable tendency to direct out attention in ways that are either too narrow and fixed or too broad and fleeting to do much good. Adaptive challenges, then, require us to keep the big picture in perspective and to engage others in its management. This is not something that cybersystems necessarily help us do better, as they engage people with a representation of the problem not its essential elements.

In the end, every crisis demands an accounting of what went wrong, and, if we are truly honest and maybe a bit lucky, what went right as well. Such judgments are as inherently subjective just as their conclusions are (or should be) intensely personal. Getting people to accept responsibility, learn from their experiences, and take steps to strengthen the relationships they depend upon to resolve crises is an innately human process. Cybersystems may help us engage one another over great distances in real time and keep records of our interactions, but they do not necessarily clarify our intentions or make it any easier for us to acknowledge the hard lessons we must learn if we are to grow.

Despite my concerns, I remain optimistic that technology can help us improve the effectiveness if not the efficiency of crisis interventions. But only if we do not ask too much of it or too little of ourselves along the way.

References:

DÖRNER, D. (1996). The Logic of Failure. New York: Basic Books.

HEIFETZ, RA & LAURIE, DL (2001). The Work of Leadership. Harvard Business Review. Cambridge, Mass.

NYE, Jr., JS (2008). The Powers to Lead. New York: Oxford University Press.