Homeland Security Watch

Thursday the nation’s intelligence chiefs appeared before the House Permanent Select Committee on Intelligence.  Below is the line-up of those testifying. As of February 12 only the DNI’s testimony is linked on the Committee’s website (and below).   I cannot — yet — find other prepared testimony.

Media and partisan attention has, as usual, focused less on the substance of the prepared remarks and much more on two spontaneous comments by Messrs. Clapper and Panetta.

Given the dramatic events unfolding in Egypt it was inevitable — and really entirely reasonable — that the live testimony would focus mostly on making sense of the immediate crisis.  This opportunity might have been embraced as an opportunity for intellectual humility and honest examination of the innate limitations of intelligence analysis and operations.  But humility does not often make an appearance inside the beltway; nor on rare appearance is humility usually rewarded, quite the contrary.

James R. Clapper, Director of National Intelligence

Click immediately above for full prepared testimony. Answering a question about the Muslim Brotherhood, he characterized it as, “a very heterogeneous group, largely secular, which has eschewed violence and has decried Al Qaeda as a perversion of Islam.”  See more from ABC News and The Telegraph.

Leon E. Panetta, Director of the Central Intelligence Agency

The CIA Director offered committee members, “I got the same information you did, that there is a strong likelihood that Mubarak may step down this evening.”  When a few hours later the Egyptian President decided to spend one more night in office, Panetta’s statement and judgment became a target.  See a thoughtful take by Jena McGregor in the Washington Post.

Michael E. Leiter, Director of the National Counterterrorism Center

I cannot find the February 10 testimony to the Intelligence Committee, but you can read the February 9 testimony to the House Homeland Security Committee: Understanding the Homeland Threat Landscape.

Lieutenant General Ronald L. Burgess, Director of the Defense Intelligence Agency, Department of Defense

Robert S. Mueller, III, Director of the Federal Bureau of Investigation

Back in September Director Mueller testified to the House Homeland Security Committee on Nine Years after 9/11 Confronting the Terrorist Threat to the United States.

Caryn A. Wagner, Under Secretary for Intelligence and Analysis, Department of Homeland Security

In late September 2010 Ms. Wagner testified before the House Committee on Homeland Security Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment.

Thomas A. Ferguson, Principal Deputy Under Secretary of Defense for Intelligence, Department of Defense

Philip S. Goldberg, Assistant Secretary of State, Bureau of Intelligence and Research, Department of State

If any HLSWatch readers find the missing prepared testimony — or especially good coverage of the hearing — please provide a link in the comments.  By “good coverage” I mean attention to the threat analysis, not just supposed gaffes in answering questions.  With thanks to Librarian Stephanie (see comments) you can also access video coverage of the live hearing from CSPAN.

Retrospectively, over the last year and more the best sustained intelligence and analysis on Egypt has probably been forthcoming from the Carnegie Endowment for International Peace and especially its Bipartisan Working Group on Egypt.  Carnegie products on Egypt and the Muslim Brotherhood — developed prior to the current crisis — are available from the Carnegie Guide to Egypt’s Election.  More current analysis is available from the Carnegie Endowment’s Middle East Program.

Today’s post was written by Nick Catrantzos.  Nick is the lead author of the All Secure blog and is the security director for a large public organization.

————————————-

What’s in a lead about suspicious activity, and whence the gulf between how defenders and official lead processors react to it?

The answer says a great deal about how far our homeland security partners have advanced in gearing their efforts for preventing terrorist attacks instead of focusing top priority on prosecuting attackers. The way one answers also reveals instantly whether one is a defender or an official unburdened by direct responsibility for protecting a target of terrorist attack. Take this example and follow its course to appreciate the difference.

EVENT: A person drives up to a fenced facility whose purpose is to control electricity, water, or telecommunications serving millions of citizens. This person then takes several photographs of that facility and of the entrance to it before driving away. Staff or security cameras at the facility capture the photographer’s description and license plate number. An employee from that facility then reports these details through channels that ultimately reach the local fusion center. This center is where homeland security partners take in and presumably do something with all the information generated by their bosses’ “See something? Say something!” campaigns. What should happen next? It depends.

IF YOU ARE A DEFENDER …

An analyst or duty officer calls up the license plate number and hands the details to a law enforcement officer on duty. This officer immediately calls the registered owner of the vehicle driven by the photographer, communicates official interest and concern over the actions of the photographer, and ascertains the photographer’s intent while clearly signaling that such activity is monitored, acted upon, and taken very seriously. Result? Deterrence. Even if the photographer’s actions trace to some innocent, plausible explanation, a clear message goes out that somebody is watching and that suspicious actions trigger real time response. If a terrorist was taking pictures as part of a target selection or pre-strike surveillance operation, the dividend is greater. The same message goes out disrupting the attack and in effect causing the would-be attacker to pick a softer target.

But there is an alternative reaction which misses this deterrent effect while consuming much more time and resources.

IF YOU ARE A LEAD PROCESSOR …

You see the situation differently. You see your job not as deterring attack but as launching investigations that take attackers down and put them behind bars. So, what happens? Well, you evaluate the lead. Let’s see, there’s not too much there to justify an investigation. There are more of these leads than investigators to handle them. Besides, you probably need a supervisor to authorize an investigation. This means more processing delay. Net result? Note and file. Thank the defender for the lead. Not enough to go on, though. Maybe next time …

What signal does the latter approach transmit? To the photographer — innocent or nefarious — it says no one will stop or question you or stand in your way. To the defender, it communicates indifference and bureaucracy that disincentivizes future participation in passive or one-sided homeland security “partnerships.”

To the public at large, the handling of such events reveals just how much our organs of homeland security have in reality taken to heart the message of the Attorney General in November 2001 when he announced that, henceforth the new priority would be prevention, not prosecution. If the second approach is crowding out the first, this is not necessarily the fault of fusion centers and lead processors. It is a failure of leadership to incentivize timely responsiveness for deterrence that is hard to measure over traditional investigative case handling that lends itself better to metrics but not to the object sought. And so we chew and chew on the very leads that a quick bite and swallow would handle better, leaving our vaunted partnerships infused with a bovine incapacity to deliver the value they were created to produce.

July’s Washington Post investigation of the national security and intelligence system continues to live —  least on the internet, its blogosphere suburbs, and (in October) on public television’s Frontline.

Jessica Herrera-Flanigan summarized the size of the intelligence enterprise in her July 19th post. :

• 45 organizations (with 1,271 sub-units) engaged in top-secret work.
• 1,931 companies engaged in top-secret work for the government.
• 854,000 individuals  hold top-secret security clearances.
• Over 50,000 intelligence reports published each year.
• A $75 billion (public number) intelligence budget for 2009.

What does the nation get for those numbers?  What does it lose?

Today’s post is from a colleague who is a member of what might be called the pre-9/11 intelligence community. Her essay was written before the Washington Post investigation was published.

She writes specifically about the growth of fusion centers (there are now more than 70 of them).  But she makes a larger point that something important may have been lost amidst the growth of Top Secret America and homeland security.

——

Recently, the joys that accompany homeowner responsibility found me on my way to the local Home Depot to purchase the supplies necessary to fix a leaky kitchen faucet. I arrived at the store lacking any anxiety about the shopping trip.  After all, I was bound to easily locate my required plumbing supplies at the largest home-improvement retailer in the United States… or was I?

Two hours later, the same, but now greatly decreased, joys of home ownership found me at my local hardware store, where the anxiety created by my Home Depot visit was alleviated by the knowledge and helpfulness of the familiar owner.

As I made my way back home, finally armed with the correct supplies to complete my project, I thought about the reasons I had encountered such obstacles at Home Depot. I realized the big-box concept that initially gave Home Depot its innovative value had been overcome by inconvenience and a loss of trust due to unfamiliarity. The resulting experience was less efficient and more time-consuming, thereby negating any monetary savings.

Upon further reflection, I recognized many similarities between my Home Depot visit and the problems besetting homeland security in the United States. Since the events of 9/11, the number of individuals working in the homeland security field has greatly increased. New initiatives abound, most of which consist of adding people and resources as the solution to any and all problems.

But given the current issues within this field, including the struggle for success of fusion centers, mission creep between agencies, and vast duplication of responsibilities, are the solutions working? Or has the safety of our nation fallen victim to big-boxization?

People working counterterrorism matters prior to the terrorist attacks of 9/11 were part of a much smaller cadre of personnel focused on the security of our homeland. They operated through a voluntary collaborative effort on Joint Terrorism Task Forces (JTTFs), before the days when collaboration became a forced requirement. They worked as a team, before the days when that team became a behemoth. They knew the right people to contact for the right information, before the days when all of those people were required to sit in the same location.

Revisiting my Home Depot experience, I can draw many parallels with the current problems found in homeland security and, specifically, within the fusion centers that have been established allegedly to ensure information sharing between federal, state, and local stakeholders.

Similar to the various departments within a Home Depot store, the fusion centers are staffed by people representing various agencies, levels of government, and areas of expertise. But just as the salesperson assigned to the electrical department at Home Depot could not assist me when I couldn’t locate a plumbing representative, the physical co-location of personnel within a fusion center does not produce the ease of one-stop shopping.  Instead, issues of security clearances, proprietary information, and the lack of data interoperability cause the same refrains to be echoed throughout the fusion centers as I heard in Home Depot: “Sorry, ma’am, that’s not my department.”

My inconvenience at Home Depot was further exacerbated by the sales staff’s lack of familiarity with the local community. I live in a town home community built in the 1940s and, as is often the case, the historic nature of my neighborhood is accompanied by many quirks in construction and materials. The plumbing salesperson at Home Depot (who I finally located) did not know anything about my neighborhood and its quirks.  His penchant for guessing what supplies I needed did not increase my confidence or trust in his knowledge.

When I finally abandoned my attempts to succeed in Home Depot and went to my neighborhood hardware store, I was greeted by the long-time owner who was intimately familiar with the inner workings of the construction of my townhouse. Combined with his broad-based knowledge of every item on the shelves within his store, his familiarity immediately fostered my trust that I would walk out of that store with the correct supplies.

The large number of agencies and personnel being pushed into fusion centers risks creating the same lack of familiarity exhibited by the Home Depot salesperson. Only time will tell whether this familiarity, and corresponding trust, will be established. The common physical location of personnel may not be the answer to full collaboration because, as is seen in Home Depot, the issues of stovepiping and the lack of broad knowledge still remain, no matter how many people and resources are assigned to a single location.

I know for certain that I will not be visiting Home Depot the next time I need home improvement supplies. Instead, I will return to my neighborhood hardware store in which I have full confidence. Will I soon say the same about homeland security and avoid the fusion center, as I long for a return to the days of the “mom and pop” version of counterterrorism?

People in the intelligence community deal in some of the most sensitive and cynical information about our government and its operations against our adversaries. It’s no wonder spies are not generally known for their senses of humor. That said, it’s a quality that really ought to be more highly prized. If the recent remarks of James Clapper, President Obama’s nominee to become the fourth director of national intelligence, are any indication, we might have a winner.

In last week’s Washington Post series on burgeoning intelligence community contracting, Clapper was quoted as having said to a reporter that the only entity in the universe with visibility into all special access programs is God. During his confirmation hearing, he was quoted as having observed in response to a question about the series, “One man’s duplication is another man’s competitive analysis.” Funny stuff, really. At least as far as I am concerned.

Characterizing the proliferation of overlapping jurisdictions and the growth in outsourcing of analysis and technical capabilities as competitive analysis is either euphemistic or optimistic. Either way its worth asking how we would know what this incredible investment of national wealth and talent is worth to our national security.

On one hand, we are regularly reassured that al Qa’ida and its affiliates have failed to launch a successful attack against the United States homeland since the 9/11 attacks. This argument asks us to accept facts not in evidence (at least publicly), as it depends on the presumption that our intelligence community operatives are routinely interdicting our adversaries before they can cause us harm.

Over the past two years, however, a new threat has emerged in the form of homegrown, lone wolf Muslim radicals. In each of the last three attacks — Ft. Hood, the Christmas Day underwear bomber, and the amateurish Times Square vehicle-borne improvised explosive device — the perpetrators gained training or encouragement from overseas operatives. That none of them succeeded on a scale comparable to previous attacks is not for lack of trying.

If we were to judge solely by the President’s reactions to these attacks, we should wonder what if anything we are getting for our increased investments in the intelligence community. The President himself has characterized these attacks as evidence of failure.

I understand the media interest in the intelligence community, but what really impresses me is how our fellow countrymen are responding since 9/11. People are far more aware of threats to our security and seem far more willing to become involved when they see something’s not right. In the absence of specific, direct investments in building the capacity of citizens to contribute to homeland defense and security and actively enlisting them in efforts to identify and assess threats, it seems safe to say that these actions on the part of the public have occurred in spite of, not because of, all the money we spent expanding intelligence community capabilities.

If we were to judge by results alone, the better investment is clearly an informed and engaged public. But that’s not currently on the table and no one is offering it despite evidence that the Washington Post series’ gravest potential impact is the further erosion of public trust and confidence in government administration and oversight of covert intelligence spending.

If General Clapper becomes the next director of national intelligence, which seems pretty certain at this point, we have little reason to believe that anything significant will change in our intelligence posture. This strikes me as a lost opportunity. The comparative advantages of engaging the public in the homeland security mission are much clearer than those associated with the competitive analysis of intelligence.

I received the following from a sometimes commentator on this blog:

The Washington Post will run a series of stories… that will contain a compendium of government agencies and contractors allegedly conducting Top Secret work.  The stories will also include an interactive database.

One agency affected by the stories issued the document republished below.

From an operational perspective, …[p]ublishing the locations of these facilities could be problematic from a safety and security concern.

From an academic perspective, how do we reconcile the desire to safeguard our country from foreign and domestic adversaries in an global environment that rewards the near real-time release of sensitive or classified information?

———————————————-

Notice to Industry Partners

Subject: Potential Disclosure of Contract Information

Early next week, the Washington Post is expected to publish articles and an interactive website that will likely contain a compendium of government agencies and contractors allegedly conducting Top Secret work. The website is expected to enable users to see the relationships between the federal government and its contractors, describe the type of work the contractors perform, and may identify many government and contractor facility locations.

Publication is expected starting July 19, 2010 with additional articles published thereafter. We request that all _____ contractors remind all cleared employees of their responsibility to protect classified information and relationships, and to abide by contractual agreements regarding non-publicity.

Employees should be reminded that they must neither confirm nor deny information contained in this, or any, media publication, and that the publication of this website does not constitute a change in any current ____ classifications. They should also be reminded that if approached and asked to discuss their work by media or unauthorized people, they should report the interactions to their appropriate security officer.

Foreign intelligence services, terrorist organizations, and criminal elements will have potential interest in this kind of information. It is important that companies review their overall counterintelligence posture to ensure that it is appropriate. Specifically, we recommend that companies affected by this publication and website assess and take steps to mitigate risk to their workforce, facility and mission, to the extent consistent with your contractual relationship with ____. These steps should include re-enforcement of security and counterintelligence protections and steps to enhance workforce awareness. CI and security events related to the publication of these articles and website should be reported through normal company channels to the ___Security office. For the time being, thresholds should be lowered to aggressively report anomalous behavior.

Should your management or public affairs offices be contacted by the media, any response must be consistent with your contract. If appropriate, you may also refer media inquiries to ___

In the opening days of his administration, President Obama wrote, “I believe that Homeland Security is indistinguishable from National Security — conceptually and functionally, they should be thought of together rather than separately.  Instead of separating these issues, we must create an integrated, effective, and efficient approach to enhance the national security of the United States.” (See: Presidential Study Directive 1)

I testified against this proposition before the House Homeland Security Committee.  I continue to have conceptual and functional reservations.  But today I will embrace the President’s belief and offer a prescription for improving integration, effectiveness, and efficiency.

For this purpose, greater energy and attention  should be given to a specific recommendation of the Quadrennial Homeland Security Review.  From page 71 of the QHSR:

Build a homeland security professional discipline: Develop the homeland security community of interest at all levels of government as part of a cadre of national security professionals. A well-documented need within the national security community is a professional development program that fosters a stable and diverse community of professionals with the proper balance of relevant skills, attributes, experiences, and comprehensive knowledge. Executive Order 13434, “National Security Professional Development,” initiated a program for developing interagency national security professionals through access to an integrated framework of training, education, and professional experience opportunities. We must work together with our national security partners in bringing that important idea to fruition. As part of that effort, we must take steps to create a homeland security community of interest across the enterprise. Three elements of professional development are education, training, and experience via developmental assignments. State, local, tribal, and territorial governments, DHS and other Federal agencies, and academic institutions have taken important steps to build programs to support these key areas and will continue to emphasize enterprise-wide approaches to enhancing homeland security professional development.

The National Security Professional Development (NSPD) program established under Executive Order 13434 (May 17, 2007) has, to date, been implemented with a bureaucratic minimalism that  has done nothing to enhance capability or capacity in either National Security or Homeland Security, much less for the Platonic form in which these security shadows become an indistinguishable whole.

Today (and for most of the last seventy years) there are various orders of a national security priesthood.  The combination of rigorous education, apprenticeship, mentoring, and field experience required for ordination is reminiscent of the Jesuits at high tide.   There is also competition — sometimes friendly, sometimes not — between the national security analogs of Jesuits, Benedictines, and Franciscans spanning the military, diplomacy, intelligence, and related.

Into this mix the so-called homeland security professions — law enforcement, fire, emergency management, public health, and more — arrive like so many fancy-dressed laity. We are Knights of Columbus who the priestly orders tolerate, encourage, or dismiss depending on personal taste or particular need.

EO 13434 and PSD-1 and the QHSR seem to say that priests and laity should learn together and collaborate toward the same purpose.   If the NSPD  program was undertaken earnestly and mindfully over the next thirty years then, perhaps, the President’s vision could be achieved.   Such is not the case today, to our detriment.

Today’s guest blogger is Judith K. Boyd.  Boyd is a Senior Fellow at the Long Island University’s Homeland Security Management Institute.

————————————–

Nature has been using fractal geometry to solve complex problems since the beginning of time.   Perhaps it is time for homeland security professionals to tap into this mechanism to solve those nagging problems that don’t seem to be going away, such as, what causes a seemingly normal person to want to put a bomb in Times Square?

In his 1975 ground breaking book, “Fractals:  Form, Chance, and Dimension,” Dr.  Benoit Mandelbrot asserted that many forms in nature can be described mathematically as fractals, shapes that appear to be jagged and broken.

A fractal is created by taking a smooth looking shape, such as a triangle, and breaking it into pieces, over and over again.  Through the application of this simple principal, you are able to to transform that simple shape into a figure rich with complexity and texture.

The inverse of the fractal principle is that you can take something that appears to be complex and break it down into the repeating patterns that build upon each other to create the larger whole.

We can see this demonstrated graphically in the well-known woodcut, “The Great Wave off Kanagawa,” produced by the Japanese artist Hokusai in 1832.  From afar, we see an image of a large wave about to crash over a small fishing vessel.  And yet, if we look closer, we can see that the large wave is actually comprised of a repeating pattern of smaller waves.

The curves that repeat over and over are not random but rather, according to Mandelbrot, predictable shapes that can be described in mathematical terms.

How to apply this new language, especially in this age of nearly unlimited computing ability, is  yet to be fully realized.  However, it is clear there is tremendous potential for solving what have been seen, up until now, as unsolvable problems.

For example, when you plot the intervals between heartbeats and expand them, healthy heartbeats have an interval that may be measured through a distinctive fractal pattern.  Scientists such as Dr. Ary Goldberger at the Harvard Medical School have been analyzing how this signature may allow cardiologists to discover when a patient has a heart problem long before the heart attack occurs.

Another scientist, biophysicist Dr. Peter Burns in Toronto, Canada, has been studying how to develop mathematical models to detect small tumors.  Conventional technology, such as ultrasounds, do not have the capability to show the network blood vessels that grow around tumors as small as few tenths of a millimeter across in diameter. But an ultrasound does provide a very good image of the movement of blood.  Burns and his colleagues used the simple rules of fractals to create models of “normal” blood vessel activity — a well-organized network of vessels not unlike the branches of an elm tree.  This model may then be compared to an ultrasound image of a patient who might have a tumor.  Analyzing the image with fractal geometry principals reveals a pattern of blood flow not like a strong limbed tree but rather, a tangled mess of shrubbery.

This approach turns on its head the conventional wisdom that technology must get more and more precise in order to inform the doctor.  What fractal geometry allows us to do is analyze information available today in the absence of far more precise and intrusive technology.  The reason for this is because the human body, like nature, repeatedly demonstrates a tendency to naturally select those features and activities that are the most efficient and most productive.  Hence, the potential to understand what is “normal” and through comparison, identify what is not.

What else can we “see” through the application of fractal geometry?

If we view humans and societies as machines, the potential to apply these rules begins to emerge.  If the ideas of al Queda are viewed as a network that is self-sustaining, what is the relationship between mass and energy use?  How much energy does the movement require to grow and branch off?  What are the trigger points for a new branch or offshoot to develop?  According to fractal code, there are rules that identify the pre-defined trigger points that will lead to a new branch off-shoot.   Hence, what appears to be a complex network is in reality, a repeatable process.  If you understand what makes the tree grow, you will understand how the rainforest is sustained.  Taken to its logical end, we should be able to understand the sum by analyzing just a few of its parts.  It may not be coincidence that Faisal Shahzad and Najibullah Zazi had roots in working or middle-class society, some college education and no previous criminal record.

Note to all Intelligence Community recruiters:  hire more mathematicians!

————————————–

Note: If you are interested in learning more about fractals, here is a link to a 1 hour video from NOVA, called Hunting the Hidden Dimension

Tomorrow afternoon, I am scheduled to participate in a panel discussion on crisis management and technology at Portland State University’s Mark O. Hatfield School of Government. The event, sponsored by the campus chapter of Pi Sigma Alpha — the political science honor society, asks what role technology can or should play in helping us respond to 21st century crises.

The organizers tell me their focus remains squarely on crisis management not technology. The question in their minds is not whether technology has a place in managing crises, but how we should define that place. How, they wonder, will we know whether or not technology is helping us? From a practitioner’s perspective, this struck me as a very good question, and one that does not get asked often enough.

From where I sit, crisis management succeeds or fails on how well leaders manage its four phases, which I define as:

• Awareness
• Ambiguity
• Adaptation
• Accountability

Awareness involves signal detection, which in turn depends upon the salience of signals to those responsible for detecting and responding to them. Technology can improve signal to noise ratios, but may dull the sense of salience as people become overwhelmed by inputs, especially if those responsible for designing or operating the system lack contextual intelligence (see Nye 2008).

Ambiguity not uncertainty is the dominant feature of complex systems and their relationships with their environments, and no more so than in when these systems are in crisis. Successful decision-making in crisis situations depends not so much on the ability to gather information or even to organize it as it does on seeing the meaning or patterns hidden within it. Humans remain far better at reconciling the relevance of inconsistent, incomplete, competing, and even conflicting information than cybersystems. Ensuring such systems support the strengths of the people responsible for making decisions rather than using them to overcome weaknesses seems to me an essential step in preventing these systems from compounding rather than correcting our problems.

Most crises are adaptive not technical challenges (Heifetz & Laurie 2001). Although many crises present us with problems that require technological assistance, their hallmark remains the need to see our relationship with the problem and its environment differently from the way we did before our situation became apparent. Dietrich Dörner (1997) demonstrated that most of our problems managing adaptive challenges arises not from their scope or scale so much as our inability to see them as complex webs of interdependent variables that interact in subtle but important ways. His experiments demonstrate that we are particularly ill-equipped to manage situations in which these interactions produce exponential rather than quasi-steady changes in the situation. He further concludes, that when confronted with such problems, we have an altogether too predictable tendency to direct out attention in ways that are either too narrow and fixed or too broad and fleeting to do much good. Adaptive challenges, then, require us to keep the big picture in perspective and to engage others in its management. This is not something that cybersystems necessarily help us do better, as they engage people with a representation of the problem not its essential elements.

In the end, every crisis demands an accounting of what went wrong, and, if we are truly honest and maybe a bit lucky, what went right as well. Such judgments are as inherently subjective just as their conclusions are (or should be) intensely personal. Getting people to accept responsibility, learn from their experiences, and take steps to strengthen the relationships they depend upon to resolve crises is an innately human process. Cybersystems may help us engage one another over great distances in real time and keep records of our interactions, but they do not necessarily clarify our intentions or make it any easier for us to acknowledge the hard lessons we must learn if we are to grow.

Despite my concerns, I remain optimistic that technology can help us improve the effectiveness if not the efficiency of crisis interventions. But only if we do not ask too much of it or too little of ourselves along the way.

References:

DÖRNER, D. (1996). The Logic of Failure. New York: Basic Books.

HEIFETZ, RA & LAURIE, DL (2001). The Work of Leadership. Harvard Business Review. Cambridge, Mass.

NYE, Jr., JS (2008). The Powers to Lead. New York: Oxford University Press.

This post — written by a colleague — should have been posted on Friday, May 7th.  For a several reasons, it was not posted. However, the point the author makes is still valid.

———————————

There were plenty of articles and comments over the past few days stating that once again DHS did not fulfill its responsibilities of keeping bad people out of an otherwise sterile security environment.

As the story goes, DHS is to be blamed for allowing the Times Square bomber, Faisal Shahzad, to board the plane thus putting the flight at risk or allowing him the opportunity to make an escape to freedom. Unfortunately, in most instances DHS has become the Nation’s equivalent of an inflatable punching bag when all manner of safety and security activities go awry. Such criticism is offered by the politically disingenuous intelligencia and easily accepted by the media and uninformed masses.

Might there be another way to assess the situation?

Suppose there were compelling intelligence collection, investigative, and prosecutorial reasons to allow the suspect to continue with his plan (attempting to depart the country) up until he was about to leave a “positively controlled” environment.

During Tuesday’s press conference, AG Holder responded to the “did Shahzad almost get away” question by stating “I was aware of the tracking that was going on and was never in fear of losing him.”

Might this be another example of the intelligence collection-safeguarding society-prosecutorial discretion tension that occurs almost daily when trying to assess whether to arrest and shut down activities perceived to be related to terrorism, contrasted to the need to allow the bad actors to continue with their plans for purposes of gaining a better contextual understanding of the plot and associated conspirators?

Or, as Paul Harvey suggests, possibly there is more to the story than meets the eye: FBI Team ‘Lost’ Suspected Times Square Bomber During Crucial Hours

In either case, whether this was a well orchestrated intelligence collection operation or, as the web article above notes, the FBI did lose Shahzad in the waning hours of the manhunt, it appears DHS should be praised, not excoriated, for being an effective safeguard of last resort.

As the article notes, Shahzad was first added to the no fly list at noon on Monday (May 3rd). A decision and job not of DHS’ doing.

Once DHS officials became aware he was on the plane, based on a routine check of the flight manifest by CBP officials, procedures were followed and the system was implemented as designed.

Maybe this incident has highlighted how the DHS should be viewed in most safety and security settings: the Nation’s safeguard of last resort.

Earlier this week, I wrote - Is the Internet Creating Terrorists? – in recognition of the modern Internet’s 25th birthday.  In that piece, I asked whether the Internet has enabled terrorists to increase their recruiting efforts and what does it mean for law enforcement.  Yesterday, Christopher Bellavita wrote an interesting related piece, Could terrorists on the internet be the next dot com bubble?, exploring Marc Sageman’s book Leaderless Jihad, and its analysis of potential Internet radicalization.  Chris’ conclusion, if I may simplify,is that there may be less of a link between the Internet and radicalization than expected.  He approached the issue from a different angle than I did – reviewing, in part, the lack of a correlation between countries that access extreme websites and countries that produce foreign fighters.   He does caution that without a critical analysis of claims and evidence demonstrating that the Internet is creating terrorists, we may end up wasting resources on the wrong problem.

So, what is the federal government doing to analyze the use of the Internet as a potential terrorist recruitment, dissemination, and tool for terrorism? Obviously, with proper procedures and legal process, the government can monitor non-public sites promoting criminal behavior.  We will leave out of the discussion scenarios of what our cloak and dagger friends may be doing.

Also not discussed here are the legislative and legal procedures at the federal level for tracking an individual’s use of the Internet if criminal or security implications exist.  The intricacies of surveillance policy – bother criminal and intel-related – is a topic that alone fills many a blog.

Instead, this post focuses on what potential government action exists to address the potentially offending websites that are disseminating terrorist information and/or inciting terrorist activity.  In doing so, I admittedly am taking a simplified approach to a complicated subject but hope to at least start a dialogue on the issue.

As far as I am aware, there is no public analysis that explores the degree to which the U.S. is generally monitoring public websites and communications on open blogs, social networks, and the like, though we know such efforts are underway in some form or fashion.  Just last month, the Department of Homeland Security undertook a Privacy Impact Assessment for the “Office of Operations Coordination and Planning, 2010 Winter Olympics Social Media, Event Monitoring Initiative.” The PIA assessed a number of DHS activities in preparation for the Vancouver Olympics, including the monitoring of social media websites (including this site) to “provide situational awareness and establish a common operating picture.”

In 2008, the Senate Committee on Homeland Security and Governmental Affairs released a report, Violent Islamist Extremism, The Internet, and the Homegrown Terrorist Threat,  which touched upon the government’s response capability.  The report stated:

Despite recognition in the [National Implementation Plan] that a comprehensive response is needed, the U.S. government has not developed nor implemented a coordinated outreach and communications strategy to address the homegrown terrorist threat, especially as that threat is amplified by the use of the Internet. According to testimony received by the Committee, no federal agency has been tasked with developing or implementing a domestic communications strategy.

Shortly after the report was released, Committee Chairman Joe Lieberman sent a letter to Google Chairman and CEO Eric Schmidt saying that the company needed to take extensive steps to remove videos from YouTube that promoted terrorism.  While YouTube is hardly a terrorist-sponsored site in and of itself,  Lieberman found that some videos posted on the sharing site “provide weapons training, speeches by Al-Qaeda leadership, and general material intended to radicalize potential recruits.”  While Google removed a number of videos that violated its own guidelines,  Lieberman continued to raise concerns with additional videos that remained on the site.

Lieberman’s actions were met with criticism from civil rights and First Amendment advocacy groups, who saw it as an attack on the First Amendment and the Constitution. Others balked at the potential for censorship of content on the Internet.

The First Amendment, at least with regards to acting on and removing materials from sites, is one of the biggest challenges facing the federal government.  Those hosting websites may loathe removing or censoring sites without some legal process served by authorities,  a process that requires a determination of a specific illegal act, or without a clear violation of their contractual agreements with site owners.   In looking at the offending act for terrorist sites, part of the challenge goes back to an issue that Homeland Security Watch discussed in great detail several weeks ago – what is terrorism and what constitutes a criminal (or national security) act?  Do lone wolf sites suffice?  Does it have to be linked to a terrorist group?  How does the government meet the threshold of a terrorist act when it involves online speech?

Of course, there may be ways to avoid the “what is terrorism” definition for potential acts by looking at other laws, especially if criminal activity is evident.  For example,  in 1996, Senator Diane Feinstein included in the Omnibus Anti-Terrorism Act a provision that required the Justice Department to produce a report analyzing the extent to which bomb-making instructions are available in the U.S. via various forms of media.  The Justice Department issued a report in April 1997 stating that laws restricting the dissemination of the media could be constitutional if narrowly-crafted.    Senators Feinstein and Orrin Hatch included an amendment on the Violent and Repeat Juvenile Offender Accountability and Rehabilitation Act that prohibited teaching or showing how to make explosives with the intent that the information will be used to  commit a federal crime.   Consequently, if a potential terrorist site shows how to make explosives and IF intent can be shown that the site’s owners planned for individuals to use that information to commit a violent crime, then legal process could be attainable.  Likewise, if specific links to fraud, money laundering, or inciting specific incidents of violence are evident, there potentially could be legal action in those cases.

Even then, however, if the sites are hosted outside the U.S., the issues become murkier and require international cooperation, perhaps with nations with different norms, standards, and definitions of criminal and national security acts than the U.S.

Complicating the situation even more — if  a site is successfully knocked off a hosting company’s server,  it is very easy to migrate and move a site to a new location.  Indeed, in testimony before Lieberman’s Committee in May 1997, Lt. Col. Joseph H. Felter, U.S. Army director of the Combating Terrorism Center at the U.S. Military Academy, testified that “[a]ttempts to shut down websites have proven as fruitless as a game of whack-a-mole.”

The government actions above, however, assume that law enforcement or security officials want a site to be removed. There may be instances where the preferred action is to leave something up as it may be valuable for intelligence or evidence gathering reasons.

Tackling terrorism online is not one that the U.S. alone is facing.  Just last month, the United Kingdom’s Association of Chief Police Officers created a unit for fighting online terrorism activity, complete with a portal for citizens to report suspected sites.  Other nations that do not provide the same free speech protections have taken similar actions for a variety of criminal security activities, including those related to hate speech.

In short, the challenges for government action against terrorist sites “generally” are many and raise serious constitutional and legal hurdles, both here and abroad.  Of course, we still most determine the extent to which terrorism-promoting sites are a problem – and that, in and of itself, may be our biggest challenge.

In Sunday’s New York Times, the Week in Review section featured an article about the open source software application known as Ushahidi. It asked the rather provocative and somewhat tongue-in-cheek question, “Could wiki technology find Osama bin Laden?”

Ushahidi — a free and open source software (FOSS) application developed in Kenya to support user-collected reports of election irregularities — has found a sudden following in the emergency management and disaster relief communities following its deployment in Haiti following the earthquake there. In a very short time after its deployment, relief agencies sharing information using Ushahidi had collected the single most authoritative single source of information on incidents, impacts, and internally-displaced persons in the disaster-ravaged country.  And they had accomplished this despite the lack of pre-written common operating procedures and almost no prior information with which to populate geographic information system (GIS) databases.

The name of the application, taken from the Swahili language most closely translates to the English words “witness” or “testimony”, as in the first-person observations and reports of those in the best position to know what’s really happening. This, in-fact, is the single-most powerful premise underlying the application’s design and its successful deployment. In the early stages of an incident, the quantity of information is a bigger problem for responders than its quality. And those closest to the source of information are in the best position to generate both quantity and quality if properly enabled. As the incident expands, the ability to discover patterns and discern meaning from data points depends more on quantity than quality.

To many emergency managers and homeland security professionals, this seems somewhat counter-intuitive. We place great stock on authoritative sources and time-tested methods. Indeed, sources and methods are so highly prized we often hold their identity so close that we compromise our own understanding of the information they provide because we cannot or will not disclose it with others who could help us put it in its proper context.

The rather simple idea behind Ushahidi would be revolutionary enough if all it did was help diverse individuals and organization quickly aggregate, verify, and assess intelligence. But the application has spawned another important innovation that may be more important than what people can do with the software, and that has to do with how they use it.

During past disasters, the spontaneous mobilization of volunteers has proven problematic for those managing response and recovery operations.  In the days after the Haiti earthquake, cadres of volunteers from the tech community mobilized in cities across the United States and around the world in what have become known as CrisisCamps. These ad hoc gatherings deploy Web 2.0 technologies en masse to aid humanitarian relief efforts. But unlike disaster tourists, these volunteers self-organize and stay well out of the way.

Using the power of networks and collaborative techniques carefully honed in their day jobs, these assemblies have proven the power of information technology to facilitate co-production both in the technological and socio-political senses. By breaking very large, complex problems into smaller, bite-sized chunks and processing them quickly — which computers do better than people — these camps have enabled people to do what they do best: manage ambiguity.

By leveraging the resources of a worldwide network of technical professionals, those responsible for response and recovery on the ground can focus their resources and energy on resolving goal, role, task, and value conflicts that impede their efforts to get help where it is needed most. By organizing and clarifying information, tools like Ushahidi and processes like the CrisisCamps enable decision-making and foster engagement. And successful transitions from response to recovery depend on both.

If responding creatively to constraints and exigencies, successfully negotiating competition for resources, and securing satisfactory commitments from resource owners and those in need are the keys to collaboration, tools like Ushahidi are demonstrating the power of crowdsourcing solutions to our most challenging and complex problems. Whether these technologies can help us apprehend Osama bin Laden remains to be seen. But I wouldn’t be surprised if they did.

From a colleague:

Annual Threat Assessment of the US Intelligence Community

ODNI released today: http://www.odni.gov/testimonies/20100202_testimony.pdf

DNI says the strategic landscape has changed in the past year and hits on the major points and threats.  Cyber threat is at the top of the list; Terror is #3:

- Far-Reaching Impact of the Cyber Threat
- The Changing Threat to the Global Economy
- Terrorists Under Pressure; Terrorist Threat to Homeland Remains
- The Growing Proliferation Threat
- Afghanistan
- Pakistan: Turning Against Domestic Extremists
- India
- Mixed Outlook Middle East
- China’s Continuing Transformation
- Outlook for Russia
- Latin America Stable, but Challenged by Crime and Populism
- Continued Instability in Africa
- Mass Killings
- Potential Flashpoints in Eurasia and Balkans
- Regional Impacts of Climate Change
- Strategic Health Challenges and Threats
- Significant State and Non-State Intelligence Threats
- Growing Threat from International Organized Crime

In yesterday’s post, Jessica rhetorically asked if it’s “the case that intelligence challenges are unfixable and as a nation we need to reassess how we work around them.”

The question reminded me of a meeting I was in a few weeks ago.  For reasons that now escape me, someone showed the brief (3 minute and 10 second) Richard Wiseman video, featured below.

Immediately after the video was over, one of the meeting participants — who has been a member of the Intelligence Community for more than 2 decades — said, “That’s just what it’s like to be an intelligence analyst.”

The video is called “The Colour Changing Card Trick.”

Your task — should you decide to take the test — is to watch the video and see if you can figure out the trick.

The only rules are to watch the video once, and don’t look at any of the “here’s how it’s done” comments on the website.  At least not before you watch the video.

So if you have a few minutes, click on the video and then come back.

In 1978, Columbia University professor Richard Betts wrote an article (in World Politics) called “Analysis, War and Decision: Why Intelligence Failures Are Inevitable.”

He argued the problems we keep running into are less about the intelligence process, and more about context. He said, “Policy premises constrict perception, and administrative workloads constrain reflection. Intelligence failure is political and psychological more often than organizational.”

If Professor Betts’ thirty year old claim remains correct (or if — like me — you failed to connect the card-trick-dots), some enduring intelligence challenges may indeed be unfixable at a fundamental level.

As a nation we will need to explore options beyond remodeling organizations and composing rules.  We need to reinvent intelligence.

Last week, Congress held a series of hearings on the December 25th attempted bombing.  More hearings will follow this week.   While there have been countless analysis and assessments of the hearings, here is my 17 syllable assessment:

Intelligence Failed

Technology Will Save Us

Send More Money, Please

On Friday, the United Kingdom raised its threat level from “substantial” to “severe.”  The level, made by the U.K. government upon recommendations of the Joint Terrorism Analysis Center (JTAC), “means that a future terrorist attack is ‘highly likely,’ although not necessarily imminent.” The UK threat level had been at substantial since last July, when it had been lowered after two years at the “severe” level.  The level, previous to that, had shifted between severe and critical since the July 2005 attacks on the London Underground and on a Double Decker bus.  Interesting, U.K. officials were very quick to point out that its move was not related to the December 25th underwear bomber attack, though little information and lots of speculation as to the real reason has emerged.

Also on Friday, India raised its threat level, deploying air marshals and issuing a Civil Aviation Ministry security alert to airports and airlines for the “the stepping up of security arrangements at all concerned airports and airlines following inputs received from security agencies as well as the Ministry of Home Affairs.” The alert was issued just days before tomorrow’s celebration of Republic Day, which notes the country’s adoption of a constitution (following its independence form the U.K.).

Also, on Friday, Department of Homeland Security Secretary Janet Napolitano met with members of the International Air Transport Association (IATA) in Geneva regarding aviation security standards.  IATA represents approximately 230 airlines and 90 percent of the world’s air traffic. IATA raised several issues with the Secretary including industry operational capacities, better mechanisms for sharing passenger information, more input from airlines into security measures, and better international coordination between governments imposing security on the aviation industry.

These announcements came before the weekend reporting of a new video recording from Osama bin Laden claiming responsibility for the Christmas Day attempted bombing AND reports of non-Arab female suicide bombers, carrying Western passports, possibly attacking the U.S.

Collectively, this past week of events and announcements provide insight into the various challenges faced by the U.S. and its global partners in their terrorist-fighting efforts, both here and abroad.

Here are some observations:

• Congressional Hearings: The hearings made clear that eight and a half years after 9/11, intelligence sharing, culture, and assessments still are lacking -  Commissions, Administration reorganizations, and Congressional actions not withstanding.  Whether posed as failures or challenges, it is clear that some change is needed — what that change is remains the question. Or is it simply the case that intelligence challenges are unfixable and as a nation we need to reassess how we work around them?

• International Efforts: Despite the “homeland” in homeland security, the actions in the U.K. and India remind us that terrorism is an international issue that links us all together.  Terrorism is not only a threat against the U.S., but one that has harmed a number of our allies.   Consequently, our efforts – both on the intelligence and counterterrorism fronts – have to be bigger than the U.S.  They also have to be bigger than the Inside-the-Beltway fighting over who “owns” terrorism as an issue within the political parties.

• Private Sector as Partner: The IATA-Napolitano meeting demonstrates that security is not  a government-only function.  The government’s efforts affect the private sector, requiring the private sector to be a key partner in any security efforts.  Add the international angle, then this partnership becomes even more complicated and in need of constant communication.  While much of the attention relating to the December 25th bombings have focused on the airlines and aviation industry, it would behoove the government and DHS to reach out (or better publicize) its efforts with others affected by security measures.  After all, it was the traveling public that diverted the underwear bomber attack.

• Terrorists Come in Different Sizes, Colors, and Genders: The threat of people who may not “look like Al Qaeda terrorists” is one that experts and Congress have raised on numerous occasions over the past several years.  In reality, none of us know what a terrorist looks like – we just know who has attacked us in the past.  That image is constantly evolving and changing as more attacks are thwarted and responsible individuals come to light.   What’s becoming clear is that we cannot and should not rely on “profiling,” as we will be left unprepared.

• Bin Laden as Boogie Man: Interestingly, after Bin Laden took credit for the December 25th attack, a number of U.S. intelligence agencies stepped up to adamantly discredit the claims. Does it really matter if he was behind the attacks to the average American? Well, it may or may not but there are reasons for these strong assertions.  First, if Bin Laden wasn’t involved, then there is evidence of a continued splintering of Al Qaeda and its strength, though such splintering could arguably make our terrorist-fighting efforts even more difficult.   Second,  if Bin Laden was involved, it is just a reminder that he is still out there and has not been captured or brought to justice.  Third, Bin Laden epitomizes terrorism to many average Americans and his omnipresence in all episodes that are terrorism make him an even more iconic figure to those who would follow him.

A story in Monday’s New York Times once again highlighted the growing problem facing the United States in its efforts to combat terrorism: We’re swimming in sensors and drowning in data. Terrorism and its extremist adherents have no better ally in their efforts to harm us than our innate tendency to mistake problems of being for problems of knowing, and in doing so to tie ourselves in knots.

As inconceivable as the motivations and actions of terrorists may seem to us, their behavior does not pose an unimaginable much less unknowable threat. Although we may not know when, where, or how they intend to strike, we can be pretty sure they will.

Our inability to wrap our heads around the “why” of terrorism leads us to oversimplifications and misapprehensions about the nature of the terrorist threat on one hand and a tendency to over-reach in our efforts to know who they are and what they are up to on the other. This leads us to frame the problem of terrorism primarily as an effort to identify and interdict unknown enemies.

Our preoccupation with finding out whom we should target leads us to collect more information than we need, and, consequently, far more than we can intelligently manage. As such, it becomes not only increasingly difficult, but also increasingly impractical to assemble a coherent picture of the threats facing us.

With the possible combinations so numerous, we see few options besides throwing everything we have at the problem of sifting and sorting the data every way we can. But that’s the problem: We cannot sort or sift fast enough. Picking up the pace does no good. No matter how fast we work, we still make little or no progress.

Thankfully, looking for answers does not always require us to look for evidence. Sometimes all the evidence we need is already available, and all we really need to ask ourselves is “what does it all mean.”

Fortunately, this situation often arises when the stakes are high, making it a familiar setting for any experienced homeland security professional. Thos with experience know that gathering more information will not change the nature of a high-stakes problem nor will it make the solution any clearer. Indeed, just the opposite may be the case.

The popular Ron Howard movie Apollo 13 recounts the successful effort to save the crew of the crippled spacecraft after an unexpected explosion compromised the life support system aborting the original mission. In the movie (but apparently not in real-life), as the stakes became clear, flight director Gene Kranz played by actor Ed Harris, tells the engineers assembled to work out a strategy for saving the ship and its crew. “Failure is not an option.”

These words echo the sentiments expressed by President Obama during his scathing critiques of what he characterized as the intelligence failures that allowed the Nigerian Farouk Umar Abdulmutallab, who is accused of attempting to destroy Northwest Airlines flight 253, to board the Detroit-bound aircraft in Amsterdam despite apparent foreknowledge of his links to extremists. As the President noted, intelligence agencies had the information, but they did not know what it meant and did not act on what they did know before Abdulmutallab boarded the flight.

In a scene from Apollo 13, a group of engineers assembles in a meeting room and a box of assorted items representing the materials available to the astronauts aboard the crippled spacecraft is emptied before them. Their charge was to figure out how to combine these resources in a new way to achieve the goal of keeping the crew alive and returning them to earth safely.

This sort of situation as it applies to terrorism has confronted the west before. Other countries confront this reality today. Few can afford to act as the United States has in imposing new regulations and technical security requirements on its people and its trading partners. Instead, they adapted their behavior to the reality of the threat confronting them.

When IRA bombers threatened riders on London’s Underground, the operators of the system relocated vendors to improve sight lines and removed rubbish bins to make it harder to conceal an incendiary or explosive device. Passengers too became an integral part of the security arrangements.

Whether we can afford to invest in better technology or not, we should ask ourselves whether what we have to invest will prove worth the cost when we look back at the value obtained. If NW 253 teaches us anything, it is that the investments we have already made in airport security and intelligence gathering and analysis have not made the target that much harder.

Looking at the security landscape before us, we might discover that we are far better off than we realize. The same things that prevented the terrorists aboard United Airlines flight 93 from succeeding on 9/11 saved lives again on Christmas Day. When everything is said and done, relying on the resourcefulness and courage of average Americans is not such a bad thing to do when failure is not an option.