Homeland Security Watch

You may have seen the headlines:  Redundant Federal Programs Waste Billions (USA Today).

Or heard something similar:  Latest GAO report reveals 162 areas of redundancy across government (Federal News Radio).

Most of the broadcast news mentioned something about catfish inspectors and each military branch developing its own camouflage  uniform. Conservative or liberal — from inside or outside government — it is the kind of “news” that fails to create any new brain synapses and, probably, calcifies our current neural networks.

This lack of real thinking reflects the way information is headlined and how we typically receive the information, not what GAO is actually reporting.

The Government Accountability Office study released on Tuesday references several Department of Homeland Security practices.  In addition to a list from prior years, two more are highlighted in this most recent report:

Department of Homeland Security Research and Development: Better policies and guidance for defining, overseeing, and coordinating research and development investments and activities would help DHS address fragmentation, overlap, and potential unnecessary duplication.

Field-Based Information Sharing: To help reduce inefficiencies resulting from overlap in analytical and investigative support activities, the Departments of Justice and Homeland Security and the Office of National Drug Control Policy could improve coordination among five types of field-based information sharing entities that may collect, process, analyze, or disseminate information in support of law enforcement and counterterrorism-related efforts—Joint Terrorism Task Forces, Field Intelligence Groups, Regional Information Sharing Systems centers, state and major urban area fusion centers, and High Intensity Drug Trafficking Areas Investigative Support Centers.

I am sure any post-hoc study of  research-and-development or intelligence-gathering (even more-so intelligence creating) activities will always find a wide range of decisions and actions  hard to defend.   Any careful audit should find hundreds or thousands of hours obviously lost on following bad leads, interminable meetings, unnecessary travel, dysfunctional turf protection, and much, much more (or actually less and less).  A thorough analysis could authoritatively map how one failure led to another and another.

R&D and the intelligence process share a concern with anticipating, even creating the future.  Once we arrive at the future we can usually look back and bemoan (or self-justify) the dead-ends and circuitous paths chosen.   We may even be able to recognize how alternate — preferable? — futures were very close-at-hand, but have now receded in our wake.

Malcolm Gladwell argues that ten years and 10,000 hours are — along with other crucial inputs — prerequisites to “outlier” success.  What  would an audit at five years and 5000 hours find? What does a half-made success look like? Thomas Edison famously said, “I failed my way to success.”

In the commercial world “redundancy” is often called competition.  In biology redundancy is very closely related to diversity.  In engineering and other design applications redundancy is sometimes valued rather than maligned.

This is not to discourage DHS from looking hard at its research-and-development policies.  The improved coordination of field-based information-sharing sounds like a win-win.  But fragmentation, overlap, and duplication are not always net negatives.  Elinor Ostrom and her colleagues found that polycentric governance — featuring considerable fragmentation, overlap, and duplication — is often more effective at achieving policy goals than more centralized and “efficient” structures.

[Redundancy = Bad] is a dangerous heuristic.  Stop using it.

No free man shall be seized or imprisoned, or stripped of his rights or possessions, or outlawed or exiled, or deprived of his standing in any other way, nor will we proceed with force against him, or send others to do so, except by the lawful judgment of his equals or by the law of the land. (Clause 39, Magna Carta)

No person shall… be deprived of life, liberty, or property, without due process of law… (Fifth Amendment to the Constitution of the United States)

–+–

Recent months have seen one-time expediencies dressed-up as new principles to frame the relationship between citizen and State.  Three examples:

On the Friday after Christmas the Senate reauthorized broad executive authority for  electronic surveillance and collection. The vote was 73-to-23 and extended for five years the Foreign Intelligence Surveillance Act. The House adopted the legislation earlier in the year.  On Sunday the President the signed the extension into law. Proposed amendments, including those offered by Senator Wyden,  that would have enhanced Congressional oversight of FISA were defeated.  FISA was originally intended to provide due process for the gathering of intelligence on non-citizens and so protect the privacy of citizens.  There has been increasing concern regarding how FISA methods now unintentionally — but perhaps quite widely — sweep up citizen communications as well.

According to a December 13, 2012 Wall Street Journal report, there may be good cause for concern.   In an exclusive investigative report, Julia Angwin found that new Department of Justice guidelines, “now allow the little-known National Counterterrorism Center to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them. That is a departure from past practice, which barred the agency from storing information about ordinary Americans unless a person was a terror suspect or related to an investigation. Now, NCTC can copy entire government databases—flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and many others. The agency has new authority to keep data about innocent U.S. citizens for up to five years, and to analyze it for suspicious patterns of behavior. Previously, both were prohibited.”

Meanwhile the White House is, according to several sources including Presidential adviser John Brennan, developing a legal and procedural framework for the deadly use of drones. Addressing the use of drones during an October 18 appearance on “The Daily Show,” President Obama said,  “One of the things we’ve got to do is put a legal architecture in place, and we need Congressional help in order to do that, to make sure that not only am I reined in but any president’s reined in terms of some of the decisions that we’re making.”  According to a May report in the New York Times, “Mr. Obama has placed himself at the helm of a top secret “nominations” process to designate terrorists for kill or capture, of which the capture part has become largely theoretical. He had vowed to align the fight against Al Qaeda with American values; the chart, introducing people whose deaths he might soon be asked to order, underscored just what a moral and legal conundrum this could be.”   Among the President’s decisions, presumably, was the targeted killing of Anwar al-Awlaki, a US citizen who was killed by drone-delivered Hellfire missiles on September 30, 2011 and his sixteen year-old son, also born in the US, who was killed in another drone attack two weeks later.  Both citizens were killed in Yemen.

The predominant motivation in each instance above — and others — is the protection of the American people and nation.  There is no imminent threat of Orwellian intention or intervention.

In each of these examples legislators and the executive are attempting to develop due process that is appropriate to their understanding of the present challenge.   (The judicial branch is poised to soon rejoin consideration of the issue.)

Nonetheless while it is, I suspect, the specific intention of no one, the space where individual liberty adjoins civil authority is being incrementally reshaped.  In the Anglo-American tradition there has long been in both theory and practice the presumptive primacy of individual initiative, what Blackstone termed “the absolute rights of man.”  The balance is shifting toward a presumed ability by the government to maintain order.

Perhaps this is the inevitable outcome of more and more diverse individuals living in dense proximity to each other.  Perhaps it is a prudent response to demonstrated risk.  Perhaps it reflects an emerging social consensus that liberty is less valued than previously.  Or we might be in the process of  redefining liberty.  These shifts might even be the accidental consequence of what Nassim Taleb has termed “naive interventionism”.  The preference, even obligation, to “do something” over doing nothing, even when the doing is non-productive or counter-productive.

Whatever the cause, the pattern can be perceived and seems to be persisting.

If you’re a Wall Street Journal subscriber, you  read the story late Wednesday night or earlier today.   If not it’s behind the Journal’s pay-wall.   I carried today’s (paper) Wall Street Journal to my morning meetings and didn’t see it until lunchtime.

But here’s how Wired magazine is summarizing the WSJ’s investigative journalism:

In a secret government agreement granted without approval or debate from lawmakers, the U.S. attorney general recently gave the National Counterterrorism Center sweeping new powers to store dossiers on U.S. citizens, even if they are not suspected of a crime, according to a news report.

Earlier this year, Attorney General Eric Holder granted the center the ability to copy entire government databases holding information on flight records, casino-employee lists, the names of Americans hosting foreign-exchange students and other data, and to store it for up to five years, even without suspicion that someone in the database has committed a crime, according to the Wall Street Journal, which broke the story.

Whereas previously the law prohibited the center from storing data compilations on U.S. citizens unless they were suspected of terrorist activity or were relevant to an ongoing terrorism investigation, the new powers give the center the ability to not only collect and store vast databases of information but also to trawl through and analyze it for suspicious patterns of behavior in order to uncover activity that could launch an investigation.

The changes granted by Holder would also allow databases containing information about U.S. citizens to be shared with foreign governments for their own analysis.

A former senior White House official told the Journal that the new changes were “breathtaking in scope.”

MORE FROM WIRED

Watchline is a weekly information sharing newsletter produced by the Fire Department of New York (FDNY). It primarily covers homeland security topics related to emergency response. The Watchline reaches more than 100 agencies from all levels of government and more than 1000 direct subscribers outside the FDNY. Here’s a copy of  Watchline’s “Hurrican Sandy Special Edition.” (You can see an easier to read version here.)

 

 

As noted in several media, the Permanent Subcommittee on Investigations of the Senate Committee on Homeland Security and Governmental Affairs has released a report highly critical of state fusion centers.  (Access has been a bit difficult on Wednesday.) Here are a few paragraphs from the Subcommittee’s news release:

A two-year bipartisan investigation by the U. S. Senate Permanent Subcommittee on Investigations has found that Department of Homeland Security efforts to engage state and local intelligence “fusion centers” has not yielded significant useful information to support federal counterterrorism intelligence efforts.

“It’s troubling that the very ‘fusion’ centers that were designed to share information in a post-9/11 world have become part of the problem. Instead of strengthening our counterterrorism efforts, they have too often wasted money and stepped on Americans’ civil liberties,” said Senator Tom Coburn, the Subcommittee’s ranking member who initiated the investigation.

The investigation determined that senior DHS officials were aware of the problems hampering effective counterterrorism work with the fusion centers, but did not always inform Congress of the issues, nor ensure the problems were fixed in a timely manner. MORE

Chairman of the full-committee Joe Lieberman has taken exception to the subcommittee report.  From a Wednesday statement:

“I strongly disagree with the report’s core assertion that ‘fusion centers have been unable to meaningfully contribute to federal counterterrorism efforts,’” Lieberman said. “This statement is not supported by the examples presented in the report and is contrary to the public record, which shows fusion centers have played a significant role in many recent terrorism cases and have helped generate hundreds of tips and leads that have led to current FBI investigations.

“The report does include valuable findings in some areas. It cites examples of inappropriate use of homeland security grant funds and accurately notes that FEMA has struggled to account for how homeland security grant funds are allocated and used, a longstanding concern of mine.

“But the report also contradicts public statements by the Director of National Intelligence and the Director of the FBI, who have acknowledged the value fusion centers provide to the intelligence community. MORE

This is a case when I expect the same data could support two very different understandings of reality.

Wednesday, John Brennan, the Assistant to the President for Homeland Security and Counterterrorism, spoke to the  Council on Foreign Relations.  His remarks focus on US operations in Yemen including the use of drones.  This is the latest in a series of extended statements by Mr. Brennan designed to explain and defend US policy regarding the lethal use of drone technology beyond Afghanistan.

Ritika Singh at LAWFARE has posted the first transcript I could find.

There is a Question and Answer session with Mr. Brennan that is considerably longer than his prepared remarks.  During this element of the program he engaged a range of issues, including Syria and cybersecurity… and bad guys.

While looking for the transcript, I stumbled across a very helpful consideration of the NYPD’s new “Domain Awareness System” at the Council on Foreign Relations website.  (If CFR can headline attention to NYPD technology projects,  I think HLSWatch can clearly address Yemen.)  Please see the CFR briefing by Matthew Waxman.

Thursday the Attorney-General signed out a 32 page document entitled: GUIDELINES FOR ACCESS, RETENTION, USE, AND DISSEMINATION BY THE NATIONAL COUNTERTERRORISM CENTER AND OTHER AGENCIES OF INFORMATION IN DATASETS CONTAINING NON-TERRORISM INFORMATION.

You can access the unclassified (thank goodness) document at the link embedded in the title.

The details deserve much more attention than I will have time to give until the weekend.  But previous limitations (see here and here) have clearly been softened.  The following paragraph from page 4 seemed to leap from the page:

These Guidelines permit NCTC to access and acquire United States person information for the purpose of determining whether the information is reasonably believed to constitute terrorism information and thus may be permanently retained, used, and disseminated. Any United States person information acquired must be reviewed for such purpose in accordance with the procedures below. Information is ’1″easonably believed to constitute terrorism information” if, based on the knowledge and experience ofcounterterrorism analysts as well as the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the information is terrorism information.”

For your reading pleasure.

The Electronic Privacy Information Center posted a copy of a document titled “Department of Homeland Security, National Operations Center, Media Monitoring Capablity, Desktop Reference  Binder” (or MMCDRB for short).

The headline of the EPIC story: EPIC Obtains New Documents on DHS Media Monitoring, Urges Congress to Suspend Program

The reaction to the “desktop reference binder”  included such monochromatic headlines as:

Words to get your website on a government watch list – Social media monitoring!

Homeland Security has its eye on your Metro tweets, D.C. riders

The Department of Homeland Security Is Spying On Your Social Media Updates

Why is the government monitoring social media networks?

The DHS surveillance of OccupyWallStreet (Ok, different, but related.)

DHS Monitoring Of Social Media Under Scrutiny By Lawmakers

The Department Of Homeland Security Is Searching Your Facebook And Twitter For These Words

There is a lot that can be written about this manual and the complex issues illustrated by almost every section of the 40 page document.  But that’s not what I want to write about. I want to write briefly about the search terms in the manual.

———————

One can always get a good 50 minute discussion going in a graduate seminar by asking “What is Homeland Security?”

The question can be addressed through a variety of inquiring systems (meaning ways of gathering and processing information about a question):

- Deductively –  by starting from general principles

- Dialectically — focusing on the conflicts  in homeland security

- Abductively — basically hunches and guesses

- Idealistically – Including ideas from as many perspectives as possible

- Pragmatically — an open systems, do-whatever-works approach

- or Detour and Access — beating around the bush, gaining access to homeland security by detouring around messy issues

No doubt there are other inquiring systems.  Let me mention one more.

One unintended, albeit minor, consequence of the MMCDRB is to assist with an inductive answer to the what is homeland security question.

———————

Induction is about generating abstractions by aggregating specific instances.  If deductive inquiry starts with principles and moves to data. Inductive inquiry starts with data and moves to principles, or at least propositions.

Without getting into the many (serious) problems of inductive inquiry, one can take the current list of “key words and search terms” in the MMCDRB, mix up the pieces — in this case alphabetically — and get a snapshot of how broad homeland security has become in the last decade.

Try it for yourself. There’s a story, a controversy, a fear, a mission or a budget in every word.

Key Words and Search Terms

1.         2600

2.         Abu Sayyaf

3.         Afghanistan

4.         Agent

5.         Agriculture

6.         Agro

7.         Agro Terror

8.         Aid

9.         Air Marshal

10.       Airplane (and derivatives)

11.       Airport

12.       Al Queda (all spellings)

13.       Al-Shabaab

14.       Alcohol Tobacco and Firearms (ATF)

15.       Ammonium nitrate

16.       AMTRAK

17.       Anthrax

18.       Antiviral

19.       AQAP (Al Qaeda Arabian Peninsula)

20.       AQIM (Al Qaeda in the Islamic Maghreb)

21.       Arellano-Felix

22.       Artistics Assassins

23.       Assassination

24.       Attack

25.       Authorities

26.       Avalanche

27.       Avian

28.       Bacteria

29.       Barrio Azteca

30.       BART

31.       Basque Separatists

32.       Beltran-Leyva

33.       Biological

34.       Biological infection (or event)

35.       Biological weapon

36.       Black out

37.       Blister agent

38.       Blizzard

39.       Body scanner

40.       Bomb (squad or threat)

41.       Border

42.       Border Patrol

43.       Botnet

44.       Breach

45.       Bridge

46.       Brown out

47.       Brush fire

48.       Brute forcing

49.       Burn

50.       Burst

51.       Bust

52.       Cain and abel

53.       Calderon

54.       Canceled

55.       Car bomb

56.       Cartel

57.       Cartel de Golfo

58.       Center for Disease Control (CDC)

59.       Central Intelligence Agency (CIA)

60.       Chemical

61.       Chemical burn

62.       Chemical fire

63.       Chemical Spill

64.       Chemical weapon

65.       China

66.       CIKR (Critical Infrastructure & Key Resources)

67.       Ciudad Juarez

68.       Closure

69.       Cloud

70.       Coast Guard (USCG)

71.       Cocaine

72.       Collapse

73.       Colombia

74.       Communications infrastructure

75.       Computer infrastructure

76.       Conficker

77.       Consular

78.       Contamination

79.       Conventional weapon

80.       Cops

81.       Crash

82.       Crest

83.       Critical infrastructure

84.       Customs and Border Protection (CBP)

85.       Cyber attack

86.       Cyber Command

87.       Cyber security

88.       Cyber terror

89.       DDOS (dedicated denial of service)

90.       Deaths

91.       Decapitated

92.       Delays

93.       Denial of service

94.       Department of Homeland Security (DHS)

95.       Dirty bomb

96.       Disaster

97.       Disaster assistance

98.       Disaster management

99.       Disaster medical assistance team (DMAT)

100.    DNDO (Domestic Nuclear Detection Office)

101.    Dock

102.    Domestic nuclear detection

103.    Domestic security

104.    Drill

105.    Drug

106.    Drug Administration (FDA)

107.    Drug cartel

108.    Drug Enforcement Agency (DEA)

109.    Drug trade

110.    Drug war

111.    E. Coli

112.    Earthquake

113.    Ebola

114.    Eco terrorism

115.    El Paso

116.    Electric

117.    Emergency

118.    Emergency Broadcast System

119.    Emergency Landing

120.    Emergency management

121.    Emergency response

122.    Enriched

123.    Environmental terrorist

124.    Epidemic

125.    Erosion

126.    ETA (Euskadi ta Askatasuna)

127.    Evacuation

128.    Execution

129.    Exercise

130.    Explosion (explosive)

131.    Exposure

132.    Extreme weather

133.    Extremism

134.    Facility

135.    Failure or outage

136.    FARC (Armed Revolutionary Forces Colombia)

137.    Federal Air Marshal Service (FAMS)

138.    Federal Aviation Administration (FAA)

139.    Federal Bureau of Investigation (FBI)

140.    Federal Emergency Management Agency (FEMA)

141.    First responder

142.    Flood

143.    Flu

144.    Food Poisoning

145.    Foot and Mouth (FMD)

146.    Forest fire

147.    Fort Hancock

148.    Fundamentalism

149.    Fusion Center

150.    Gang

151.    Gangs

152.    Gas

153.    Grid

154.    Gulf Cartel

155.    Gunfight

156.    Guzman

157.    H1N1

158.    H5N1

159.    Hacker

160.    Hail

161.    Hamas

162.    Hazardous

163.    Hazardous material incident

164.    Hazmat

165.    Help

166.    Heroin

167.    Hezbollah

168.    Home grown

169.    Homeland Defense

170.    Homeland security

171.    Hostage

172.    Human to ANIMAL

173.    Human to human

174.    Hurricane

175.    Ice

176.    IED (Improvised Explosive Device)

177.    Illegal immigrants

178.    Immigration Customs Enforcement (ICE)

179.    Improvised explosive device

180.    Incident

181.    Industrial spill

182.    Infection

183.    Influenza

184.    Infrastructure security

185.    Interstate

186.    IRA (Irish Republican Army)

187.    Iran

188.    Iraq

189.    Islamist

190.    Jihad

191.    Juarez

192.    Keylogger

193.    Kidnap

194.    La Familia

195.    Law enforcement

196.    Leak

197.    Lightening

198.    Listeria

199.    Lockdown

200.    Looting

201.    Los Zetas

202.    Magnitude

203.    Malware

204.    Mara salvatrucha

205.    Marijuana

206.    Maritime domain awareness (MDA)

207.    MARTA

208.    Matamoros

209.    Meth Lab

210.    Methamphetamine

211.    Metro

212.    Mexican army

213.    Mexicles

214.    Mexico

215.    Michoacana

216.    Militia

217.    Mitigation

218.    MS13 or MS-13

219.    Mud slide or Mudslide

220.    Mutation

221.    Mysql injection

222.    Narco banners (Spanish equivalents)

223.    Narcos

224.    Narcotics

225.    National Guard

226.    National infrastructure

227.    National laboratory

228.    National Operations Center (NOC)

229.    National preparedness

230.    National preparedness initiative

231.    National security

232.    Nationalist

233.    NBIC (National Biosurveillance Integration Center)

234.    Nerve agent

235.    New Federation

236.    Nigeria

237.    Nogales

238.    North Korea

239.    Norvo Virus

240.    Nuclear

241.    Nuclear facility

242.    Nuclear threat

243.    Nuevo Leon

244.    Organized crime

245.    Outbreak

246.    Pakistan

247.    Pandemic

248.    Phishing

249.    Phreaking

250.    Pipe bomb

251.    Pirates

252.    Plague

253.    PLF (Palestine Liberation Front)

254.    PLO (Palestine Libration Organization)

255.    Plot

256.    Plume

257.    Police

258.    Pork

259.    Port

260.    Port Authority

261.    Powder (white)

262.    Power

263.    Power lines

264.    Power outage

265.    Prevention

266.    Public Health

267.    Quarantine

268.    Radiation

269.    Radicals

270.    Radioactive

271.    Recall

272.    Recovery

273.    Recruitment

274.    Red Cross

275.    Relief

276.    Resistant

277.    Response

278.    Reynose

279.    Reyosa

280.    Ricin

281.    Riot

282.    Rootkit

283.    Salmonella

284.    San Diego

285.    Sarin

286.    Scammers

287.    Screening

288.    Secret Service (USSS)

289.    Secure Border Initiative (SBI)

290.    Security

291.    Service disruption

292.    Shelter-in-place

293.    Shootout

294.    Shots fired

295.    Sick

296.    Sinaloa

297.    Sleet

298.    Small Pox

299.    Smart

300.    Smuggling (smugglers)

301.    Snow

302.    Social media

303.    Somalia

304.    Sonora

305.    Southwest

306.    Spammer

307.    Spillover

308.    Standoff

309.    State of emergency

310.    Storm

311.    Strain

312.    Stranded/Stuck

313.    Subway

314.    Suicide attack

315.    Suicide bomber

316.    Suspicious package/device

317.    Suspicious substance

318.    SWAT

319.    Swine

320.    Symptoms

321.    Taliban

322.    Tamaulipas

323.    Tamiflu

324.    Tamil Tiger

325.    Target

326.    Task Force

327.    Telecommunications

328.    Temblor

329.    Terror

330.    Terrorism

331.    Threat

332.    Tijuana

333.    Tornado

334.    Torreon

335.    Toxic

336.    Trafficking

337.    Transportation security

338.    Transportation Security Administration (TSA)

339.    Tremor

340.    Trojan

341.    Tsunami

342.    Tsunami Warning Center

343.    TTP (Tehrik-i-Taliban Pakistan)

344.    Tuberculosis (TB)

345.    Tucson

346.    Twister

347.    Typhoon

348.    U.S. Citizenship and Immigration Services (CIS)

349.    U.S. Consulate

350.    United Nations (UN)

351.    Vaccine

352.    Violence

353.    Viral Hemorrhagic Fever

354.    Virus

355.    Warning

356.    Watch

357.    Water/air borne

358.    Wave

359.    Weapons cache

360.    Weapons grade

361.    Wildfire

362.    WMATA

363.    World Health Organization (WHO and components)

364.    Worm

365.    Yemen

366.    Yuma

The list is not final.  The manual notes, “As natural and manmade disasters occur, new search terms may be added.”

 

In a post last week, Phil brought to our attention a White House meeting where local law enforcement officials were presented with a framework for identifying “Homegrown Violent Extremists” that included four major mobilizing patterns:

Contact with individuals tied to terrorist organizations

Indicators of ideological commitment

Travel or attempted travel in pursuit of a violent agenda

Seeking weapons or weapons related training

All very sensible, though perhaps seemingly so after the fact. Perhaps at the briefing methodology was shared for determining in advance when these or similar indicators might lead to violence.  Hopefully it was more than what Phil’s brief contained:

According to my sources the law enforcement officials were, “cautioned against adopting a checklist-like mentality incountering the HVE threat. Simplistically interpreting any single indicator as a confirmation of mobilization probably will lead to ineffective and counterproductive efforts to identify and defeat Homegrown Violent Extremists.”

That quote reminded me of the following quote from a not-so-recent blog post at Security Debrief:

Ask yourself, would an artist draw what you see them sketching? Are the photos a person is taking something you would place in your vacation or family photo album? Give yourself the “reasonableness” test. Is it reasonable that the activity is likely tourist or terrorist in nature? Trust your intuition.

The author is Erroll Southers, according to his Security Debrief Blog bio a former FBI Special Agent, President Barack Obama’s first nominee for Assistant Secretary of the Transportation Security Administration, and Assistant Chief of Homeland Security and Intelligence at the Los Angeles World Airports Police Department.

Reasonable advice from a homeland security professional, right?

Perhaps only after the fact.  Not to pick on Mr. Southers, but I’m guessing he rarely if ever visits small art galleries or has participated in “open studios” (these are usually weekends when a number of artists in particular neighborhoods open up their studios–often their homes–to the public to view and perhaps purchase their work) in any of the cities in which he has lived.  I enjoy these events and could not count on my hands the number of photographers I’ve encountered who take pictures of what is considered critical infrastructure.  Dams, electrical grids, nuclear power stations, public transportation, etc.  Not something you might place in your vacation (Hoover Dam anyone?) or family photo albums perhaps, but absolutely striking physical objects that can be rendered quite beautifully by any number of artists.

I have noticed this general extension of “see something, say something” in other venues, numerous papers, and by many a speaker. The unoriginal thinking and lack of imagination is disheartening.  How will the public become true partners in homeland security if the level of engagement largely remains at this level?  Does the whole of community only count those who have the same aesthetic views as homeland security professionals?  And will JIC (just in case) be the enduring legacy of 9/11?

Maybe not, at least if noted baseball writer George Will and others have anything to say about it:

Quentin, who finds aesthetic — and occasional monetary — value in photographs of industrial scenery at night, was equally persistent when deputies ordered him to stop taking pictures, lest they put his name on a troublesome FBI list. He was on a public sidewalk, using a large camera on a tripod, photographing an oil refinery at 1 a.m. He has a master’s degree in fine arts from the University of California at Irvine, so there.

Wednesday the White House hosted a meeting of 46 senior federal, state and local law enforcement officials.

According to the Associated Press, “The Obama administration is providing senior state and local police officials with its analysis of homegrown terrorism incidents, including common signs law enforcement can use to identify violent extremists… The analysis was conducted by the Homeland Security Department, the FBI and the National Counterterrorism Center.”

I was not at the meeting.  But following is an overview of what I am told was briefed.

An interagency team and process examined several cases of Homegrown Violent Extremists (HVEs) that emerged between 2008-2010.  I was not given the precise number of cases, but I have seen reports of  sixty-two cases being considered.  Based on this sample four major “mobilizing patterns” were identified:

Contact with individuals tied to terrorist organizations is one of two indicators that appeared most often in the case studies. This finding is consistent with earlier assessments—based on past cases of domestic and transnational terrorism—that exposure to an extremist with established ties to a terrorist group can be a useful indicator of a radicalized person moving toward violence. More than 90 percent of the subjects examined either communicated directly or had some type of contact with connected extremists as part of their mobilization to violence.

Indicators of ideological commitment also appear frequently in HVE reporting. One of these behaviors—”watching or sharing jihadist videos”—was the second of the two most prevalent indicators noted in the study. Ideological commitment behaviors were observable but at times only in a virtual environment. More than 90 percent of the cases involved HVEs who either watched or shared extremist videos or other propaganda. Just under 90 percent involved HVEs pursuing religious instruction from a person or institution associated with extremist causes.Roughly 80 percent of the cases reflected an individual’s acceptance or approval of violence or martyrdom operations or an intent to engage in them.

Travel or attempted travel in pursuit of a violent agenda was a recurring factor in the HVE cases, also supporting earlier assessments of the importance of foreign travel for violent extremists. Almost 90 percent of  subjects traveled to places with a significant extremist population or to a foreign location explicitly to pursue violence.

Seeking weapons or weapons related training was a common behavior. This more tactically focused aspect of attack planning also entailed online research to acquire technical capabilities, select targets, and plan logistics. Almost 80 percent of subjects pursued weapons training, paramilitary exercises, or the acquisition of related equipment as partof their mobilization. More than half also conducted Internet research to plan their attacks.

According to my sources the law enforcement officials were, “cautioned against adopting a checklist-like mentality incountering the HVE threat. Simplistically interpreting any single indicator as a confirmation of mobilization probably will lead to ineffective and counterproductive efforts to identify and defeat Homegrown Violent Extremists.”

About 5PM Eastern on Wednesday Eileen Sullivan filed an AP story after talking with participants: SEE IT HERE.

While the law enforcement leaders were at the White House, a House Intelligence subcommittee was hearing testimony suggesting big changes in the purpose and role of the DHS intelligence function. According to prepared testimony to me delivered by Philip Mudd,

The growth of our expectations of domestic security, and the evolution of threats away from traditional state actors toward non-state entities — drug cartels, organized crime, and terrorism are prominent examples — suggest that the DHS intelligence mission should be threat agnostic. Though the impetus for creating this new agency, in the wake of the 9/11 attacks, was clearly terrorism based, the kinds of tools now deployed, from border security to cyber protection, are equally critical in fights against emerging adversaries. The DHS enterprise is more complex than other agencies responsible for America’s security, and itsintelligence mission is correspondingly multifaceted. Its intelligence missions range from providing homeland security-specific intelligence at the federal level; integrating intelligence vertically through DHS elements; and working with state/local/private sector partners to draw their intelligence capabilities into a national picture and provide them with information.

The testimony, based largely on a recently completed study and set of recommendations from the Aspen Homeland Security Group , especially emphasizes the DHS comparative advantage in working with state, local, and private sector entities in the non-classified domain.

In contrast to intelligence agencies that have responsibilities for more traditional areas of national security, DHS’s mandate should allow for collection, dissemination, and analytic work that is focused on more specific homeward-focused areas. First, the intelligence mission could be directed toward areas where DHS has inherent strengths and unique value (e.g., where its personnel and data are centered) that overlap with its legislative mandate. Second, this mission direction should emphasize areas that are not served by other agencies, particularly state/local partners whose needs are not a primary focus for any other federal agency. In all these domains, public and private, DHS customers will require information with limited classification; in contrast to most other federal intelligence entities, DHS should focus on products that start at lower classification levels, especially unclassified and FOUO, and that can be disseminated by means almost unknown in the federal intelligence community (phone trees, Blackberries, etc.).

There is an obvious tension between an intelligence function that is “threat-agnostic” and one that emerges from “where its personnel and data are centered.”  This could, however, be a very healthy tension if a threat-agnostic — capabilities-based — approach to engaging the risk environment can be effectively used to decide where personnel are focused and data is gathered.

Yesterday, our friends and fellow bloggers at Wired magazine’s Threat Level recapped the debate between New Yorker writer and prolific author Malcolm Gladwell and NYU academic and social media evangelist Clay Shirky regarding the role of social media in mobilizing and promoting street protests in support of democratic movements around the world. Shirky, predictably, suggests the movements would not have achieved critical mass without social media. Gladwell takes a far more skeptical view, preferring to see in these movements evidence of the democratic impulse as the message of freedom rather than just another medium for it.

Bill Wasik argues that both perspectives have considerable merit. It’s hard to argue that social media had no influence over the scope or scale of the protests, especially their rapid extension across international borders. At the same time, suggesting that social media should receive at least some of the credit for inspiring democratic uprisings overstates their capacity to encourage virtuous behavior. In the end, Wasik seems to side with Gladwell, arguing that social media enable rather than inspire mass movements.

Given the growing zeal among emergency managers to adopt social media this argument is worth noting. Social media have changed the way emergency managers do their jobs. But the way the public responds to disasters has not changed nearly as much despite social media’s widespread use.

Too many emergency managers think of the public as apathetic and uniformed about disasters. This assumption about the public extends to nearly every aspect of their behavior before, during and after disasters. Social media have helped put paid to such notions largely because they make much more readily apparent the actions of people before, during and after disasters.

For starters, social media have made it clear that people in general crave attention and attraction. We need to be known for what we know and what we can do, and we want to share our time and talents with others whose interests affirm or complement our own. We all possess an atavistic, if not innate, need to connect with others that only becomes more acute as the ways we define ourselves becomes ever more specialized and atomized.

Ambiguity makes us anxious. Seeking and sharing information even with those we do not know helps us alleviate stress. This is true even when such sharing does little to improve our circumstances or clarify a desired course of action.

In the absence of altruism, the introduction of social media into this mix should be expected to do little more than provide people with a platform for talking about disasters. But that’s not what we have seen happening. People inevitably do things when confronted with disaster. Being right takes a backseat to doing right.

Social media have changed the emergency management landscape in large part because they enable people far removed from the direct effects of the disaster to affect its outcome. They do this by giving people immersed in an event the instant ability to connect with the resources of a global audience and share more than just their stories.

Social media have made this process easier and faster. But they are not alone responsible for its emergence.

The one thing that may have changed most with the emergence of social media is the balance between the three competing priorities in emergency management: speed, relevance and accuracy.

In the past, emergency managers carefully parsed the flow of information out of fear that incorrect or conflicting information would undermine their credibility, which in turn would compromise efforts to advance response and recovery. Social media have made it much more apparent that people require very little direction from us when it comes to helping each other cope with the after-effects of disaster. Similarly, they are much more forgiving of errors and helpful about correcting them than we tend to imagine in advance.

People clearly see an important place for emergency managers and government officials as honest brokers, which demands of them an authentic voice characterized by empathy, ethics and equity. These three attributes define accountability in the Information Age, and highlight the importance of social media in emergency management.

Waiting to get the message right is no longer an option. Responding quickly is about riding the wave not generating its momentum. And errors of commission are less likely to be judged harshly than errors of omission, especially when they display relevance, which is to say they reflect a reasonable effort to mobilize or manage collective action to make things better.

Like the street protests and insurgent democracy movements around the world, the past year’s disasters and emergencies have demonstrated the important but not central role of social media in enabling humane action. This impulse arises not from the media but rather from the message. Any fears that social media would combine with Americans’ couch-potato culture to render public responses ever more passive have proven unfounded.

The Strategic National Risk Assessment was written to support the National Preparedness Goal.  You can download an unclassified summary of the National Risk Assessment at this link. (Thank you to the person who sent me the link.)

The seven page summary includes these sections:

1. Overview
2. Strategic National Risk Assessment Scope
3. Overarching Themes to an All-Hazards Approach
4. Analytic Approach
5. Limitations
6. Impacts and Future Uses
7. Conclusion

Here is an excerpt from the Overview:

The Strategic National Risk Assessment (SNRA) was executed in support of Presidential Policy Directive 8 (PPD-8), which calls for creation of a National Preparedness Goal, a National Preparedness System, and a National Preparedness Report.

Specifically, national preparedness is to be based on core capabilities that support “strengthening the security and resilience of the United States through systematic preparation for the threats that pose the greatest risk to the security of the Nation, including acts of terrorism, cyber attacks, pandemics, and catastrophic natural disasters.”

… The assessment was used:

• To identify high risk factors that supported development of the core capabilities and capability targets in the National Preparedness Goal;
• To support the development of collaborative thinking about strategic needs across prevention, protection, mitigation, response, and recovery requirements, and;
• To promote the ability for all levels of Government to share common understanding and awareness of National threats and hazards and resulting risks so that they are ready to act and can do so independently but collaboratively.

The subsequent pages provide an overview of the unclassified findings and the analytic approach used to conduct the SNRA. It should be emphasized, however, that although the initial version of the SNRA is a significant step toward the establishment of a new homeland security risk baseline, it contains data limitations and assumptions that will require additional study, review, and revision as the National Preparedness System is developed. These limitations are discussed below, and future iterations of the assessment are expected to reflect an enhanced methodology and improved data sets.

Below is a chart (taken from the Assessment) that summarizes:

… a series of national-level events with the potential to test the Nation’s preparedness….

For the purposes of the assessment, DHS identified thresholds of consequence necessary to create a national-level event. These thresholds were informed by subject matter expertise and available data. For some events, economic consequences were used as thresholds, while for others, fatalities or injuries/illnesses were deemed more appropriate as the threshold to determine a national-level incident.  In no case, however, were economic and casualty thresholds treated as equivalent to one another (i.e., dollar values were not assigned to fatalities). Event descriptions in [the table below] that do not explicitly identify a threshold signify that no minimum consequence threshold was employed. This allows the assessment to include events for which the psychological impact of an event could cause it to become a national-level event even though it may result in a low number of casualties or a small economic loss. Only events that have a distinct beginning and end and those with an explicit nexus to homeland security missions were included.

This approach excluded:

• Chronic societal concerns, such as immigration and border violations, and those that are generally not related to homeland security national preparedness, such as cancer or car accidents, and;
• Political, economic, environmental, and societal trends that may contribute to a changing risk environment but are not explicitly homeland security national-level events (e.g., demographic shifts, economic trends).

These trends will be important to include in future iterations of a national risk assessment, however.

If you have questions or comments about this initial effort to share the results of the national risk assessments, please let me know (in the comments section of this post) and I will ask around for answers.

Last Tuesday, Nick Catrantzos, suggested here that reports of the Springfield, Illinois “cyberattack” might have more to do with “Naïve or myopic cyber professionals whose over attention to expediency permits convenient remote access for their technical support colleagues with insufficient attention to the exposure that this condition creates,” than with an attack by foreigners.

He’s right, according to Friday’s Washington Post story by Ellen Nakashima:

A water-pump failure in Illinois that appeared to be the first foreign cyberattack on a public utility in the United States was in fact caused by a plant contractor traveling in Russia, according to a source familiar with a federal investigation of the incident….  The contractor, who had remote access to the computer system, was in Russia on personal business, the source added.

Score one point also for DHS officials who insisted on getting the facts correct before someone lobbies congress for a 350 trillion dollar Water Attack Security Target Enforcement program:

… officials at the Department of Homeland Security, which oversees industrial control system cybersecurity, cautioned from the outset that the report contained “no credible, corroborated data.”

The water pump in question had been experiencing problems, turning on and off and eventually failing, water district board members said. The pump has malfunctioned several times in recent years, a DHS official said.

The “international authority on cybersecurity” who (apparently) first made public the information in the Illinois State Terrorism and Intelligence Center (STIC) report responded to the new details about the attack by attacking:

This [the conflict between the STIC and DHS reports] begs the question why two government agencies disagree over whether a cyber event that damaged equipment had occurred at a water utility….

There are numerous critical infrastructure table-top exercises that assume that notifications such as the STIC report are sufficient to initiate the cyber attack response process. If DHS turns out to be correct in its assumptions, then anyone acting on the STIC warning would have been wasting precious resources addressing a problem that doesn’t exist. At issue is that we need to be quickly informed if an event has occurred so that others who have similar equipment or architectures can take steps to protect themselves in case the event spreads. However, this requires both timely notification and correct information. Right now, it seems that neither of these two conditions may exist in this case.

We now have to wait for DHS and the other government agencies to come to agreement and let us know what has happened. If the STIC report is correct, then we have wasted precious time and allowed many others in the infrastructure to remain potentially vulnerable while we wait to find out if we should do anything.

Perhaps that’s a restatement of the classic expectation of intelligence: “give us accurate, timely, and actionable information.”

Welcome to another dimension of the big data problem.

Or, as our buddy prOf might say, “Take the f*%#!&g SCADA off the internet.”

 

 

 

John Quincy Adams is often quoted as having said, “One useless man is a shame, two is a law firm, and three or more is a Congress.” Another unnamed sage quipped, “Congress is continually appointing fact-finding committees, when what we really need are some fact-facing committees.” This past month’s acrimonious debt debates have done nothing to disprove either theorem despite their success in passing legislation to avert the nation’s first-ever default on its public debt.

It’s easy to see the tortured process of the past month and the polarized politics propelling the participants as a product of a deeply ambivalent body politic. But that would be too convenient and untrue to boot.

As Steven Kull, director of the University of Maryland’s Program for Public Consultation explained in a recent article, surveys indicate that the public at-large is much more reasonable and responsible than its representatives in Congress. Clear majorities of self-identified Republicans supported higher taxes and fewer spending cuts than those adopted yesterday. Likewise, a substantial proportion of self-identified Democrats were more than willing to amend entitlement eligibility criteria and make broader and deeper cuts to prevent default.

Politicians that pay too much attention to the polls are often derided by their rivals, who like to allege that this tendency suggests a lack of leadership ability closely akin to a moral failing. Direct democracy has its proponents, but few of even the most ardent advocates of participatory democracy would argue that it serves as either an efficient or effective way of making complex and critical decisions like those surrounding the federal budget and deficits. But how much messier would it really be than what we have all just witnessed?

The dynamics of group decision-making intrigue me. In his 2005 bestseller The Wisdom of Crowds, James Surowiecki, addressed the strengths and weaknesses of group decision-making to three particular kinds of problems:

• Cognition problems, which require decision makers to infer unknowns from known conditions;
• Coordination problems, which require decision-makers to achieve efficient outcomes under uncertain, competitive conditions; and
• Cooperation problems, which involve getting “self-interested, distrustful people to work together, even when narrow self-interest would seem to dictate that no individual should take part.”

I think it’s self-explanatory which type of problem deficit-cutting most closely resembles. Surowiecki argued that effective group decision-making in all of these situations depends on three conditions: 1) diversity, 2) independence, and 3) (a particular kind of) decentralization. Congress fails on all three counts, and the process proposed in the legislation for goading our representatives into action does little if anything to improve this sorry situation.

Surowiecki notes that diversity and independence matter — particularly when solving cognition problems — “because the best collective decisions are the product of disagreement and contest, not consensus or compromise.” Decentralization on the other hand mediates the influence of disagreement and conflict because “Groups benefit from members talking to and learning from each other, but too much communication, paradoxically, can actually make the group as a whole less intelligent.”

Balancing the three decision-making prerequisites is clearly a challenging endeavor, and sometimes more difficult than the problem itself. As a result, some of the best decision-making methods use mechanisms like market-pricing and intelligent voting systems to aggregate individual judgments to produce more accurate representations of the collective mind than would otherwise emerge from direct communication among participants.

These observations may or may not suggest the need for Constitutional or procedural reforms to make Congress function more efficiently and effectively when dealing with such contentious issues. But they should inform our assessment of what it takes to improve the performance of programs and activities affected by the looming budget cuts resulting from yesterday’s Grand and Smelly Compromise.

How might we engage the wisdom of crowds to improve the performance of homeland security and domestic intelligence operations? What applications of these or related concepts are already bearing fruit?

Watching Pakistan I have often been reminded of the anecdotes of Procopius regarding the late Roman-early Byzantine court of Justinian.  To share these impressions would, however, be even more pedantic than yesterday’s endorsement of Immanuel Kant.

I am glad that someone closer to Islamabad seems to see a similar pattern.   Following is an essay published earlier today by Irfan Husain in DAWN.  I have only excerpted a bit of the beginning.  The whole essay is worth your reading: A History of Bungling.

–+–

The space between an admission of gross incompetence or of complicity in a major crime is full of humiliation and pain.

This is the place Pakistan`s ISI finds itself in the wake of Osama bin Laden`s killing in Abbottabad.

The country`s premier intelligence agency is being accused by many of knowing where the Al Qaeda chief has been hiding for the last five years. His extended presence in Abbottabad, close to the country`s elite military academy, has raised troubling questions.

But when faced with a choice between official bungling and thuggery, I`d go for ineptitude every time. While looking at a crime, the first thing an investigator asks is: ` Cui bono ?`, or `Who benefits?”

In the case of Bin Laden`s long residence in Pakistan, the country`s security establishment clearly had nothing to gain by concealing his presence.

In the past, several major foreign Muslim terrorists have been captured in Pakistan with the ISI`s cooperation. The names of Aimal Kansi, Yusef Ramzi, Abu Zubaydah and Khalid Sheikh come to mind. Lesser figures have been fingered for drone strikes, deportation to Guantanamo Bay, or for interrogation by the Americans elsewhere.

It has long been Pakistan`s tacit policy that it would crack down on foreign fighters and terrorists, while maintaining an ambivalent attitude towards jihadi groups who might be of use in Afghanistan at a later date.

Bin Laden was clearly a distraction and an embarrassment. He was of no possible strategic value to Pakistan, now or later; 9/11 had made him a toxic liability, and he was too much of a hate figure around the world for the ISI to risk sheltering him. In addition, with a $25m reward on Bin Laden`s head, do we really think our spooks are so high-minded that they would resist the temptation to turn him in?

So me, I`d go for the bungling option rather than for any of the conspiracy theories doing the rounds in Washington and around the world…

MORE

I must admit that like most of you (I assume) the news that U.S. special forces had killed Osama bin Laden and recovered his body from a compound in Abbottabad, Pakistan came as a bit of a surprise. But my surprise at that fact pales in comparison to my impressions arising from the openness displayed by the administration in discussing details of the operation and its implications on future policy options.

Much of what needs to be said about the skill and courage of the President and those who conceived and carried out the mission has been said many times over in the past few days. How salient is it, however, that we can acknowledge and discuss the basis for our opinions about the performance of these individuals rather than relying solely on our predispositions to trust the opinions of others? In light of the consequences of public opinion on ongoing support for operations in Afghanistan, Iraq and elsewhere, it strikes me a particularly important that people not only can reach conclusions of their own about these actions, but also that they seem to be doing so without any particular help from the punditocracy. (This, of course, in no way deterred the talking heads from babbling, often incoherently, about the whole affair. Despite substantiation of leaks about the subject of the President’s remarks, their distracting dialectic diminished in quality as the interval between the scheduled start of President Obama’s address and his actual appearance became increasingly delayed.)

The policy environment surrounding national defense and homeland security are filled with discontinuities and uncertainty despite bin Laden’s demise. How will we end our involvement in Afghanistan? Will the government of Iraq to extend agreements for the U.S. military to continue advice and support arrangements? How will the administration and Congress resolve their pitched political differences over fiscal restraint and debt reduction without undermining our ability to meet commitments here and abroad?

Notwithstanding the release of some erroneous information that has required correction and elaboration today, the administration seems to have done itself (and us) a huge favor by making as clear as possible the basis of its assessment that al-Qaeda and its affiliates remain a threat to the U.S. and its interests. They have also made it clear that lessons about cooperation and information sharing have been learned. And perhaps most important of all, they have demonstrated the potency of patience, confidence, determination and resolve when exercised in the right proportions.

These lessons reinforce one last point: The success of this operation was not so much the product of superior technology or the investments of vast sums of money (although both undoubtedly helped ensure the careful and skillful execution of this mission), but rather the diligent and precise application of human and social skills in gathering, processing and acting on intelligence, which included precise and scrupulous attention to the most minute details.

Much more of this story remains yet to be told. But this should not hinder our understanding of the extraordinary efforts that led to this achievement nor discourage us from continuing the work required to protect our country and others affected by the threat of violent extremism.