Homeland Security Watch

News and analysis of critical issues in homeland security

May 14, 2010

Solving homegrown violent extremism through fractal geometry?

Filed under: General Homeland Security,Intelligence and Info-Sharing — by Christopher Bellavita on May 14, 2010

Today’s guest blogger is Judith K. Boyd.  Boyd is a Senior Fellow at the Long Island University’s Homeland Security Management Institute.

————————————–

Nature has been using fractal geometry to solve complex problems since the beginning of time.   Perhaps it is time for homeland security professionals to tap into this mechanism to solve those nagging problems that don’t seem to be going away, such as, what causes a seemingly normal person to want to put a bomb in Times Square?

In his 1975 ground breaking book, “Fractals:  Form, Chance, and Dimension,” Dr.  Benoit Mandelbrot asserted that many forms in nature can be described mathematically as fractals, shapes that appear to be jagged and broken.

A fractal is created by taking a smooth looking shape, such as a triangle, and breaking it into pieces, over and over again.  Through the application of this simple principal, you are able to to transform that simple shape into a figure rich with complexity and texture.

The inverse of the fractal principle is that you can take something that appears to be complex and break it down into the repeating patterns that build upon each other to create the larger whole.

We can see this demonstrated graphically in the well-known woodcut, “The Great Wave off Kanagawa,” produced by the Japanese artist Hokusai in 1832.  From afar, we see an image of a large wave about to crash over a small fishing vessel.  And yet, if we look closer, we can see that the large wave is actually comprised of a repeating pattern of smaller waves.

The curves that repeat over and over are not random but rather, according to Mandelbrot, predictable shapes that can be described in mathematical terms.

How to apply this new language, especially in this age of nearly unlimited computing ability, is  yet to be fully realized.  However, it is clear there is tremendous potential for solving what have been seen, up until now, as unsolvable problems.

For example, when you plot the intervals between heartbeats and expand them, healthy heartbeats have an interval that may be measured through a distinctive fractal pattern.  Scientists such as Dr. Ary Goldberger at the Harvard Medical School have been analyzing how this signature may allow cardiologists to discover when a patient has a heart problem long before the heart attack occurs.

Another scientist, biophysicist Dr. Peter Burns in Toronto, Canada, has been studying how to develop mathematical models to detect small tumors.  Conventional technology, such as ultrasounds, do not have the capability to show the network blood vessels that grow around tumors as small as few tenths of a millimeter across in diameter. But an ultrasound does provide a very good image of the movement of blood.  Burns and his colleagues used the simple rules of fractals to create models of “normal” blood vessel activity — a well-organized network of vessels not unlike the branches of an elm tree.  This model may then be compared to an ultrasound image of a patient who might have a tumor.  Analyzing the image with fractal geometry principals reveals a pattern of blood flow not like a strong limbed tree but rather, a tangled mess of shrubbery.

This approach turns on its head the conventional wisdom that technology must get more and more precise in order to inform the doctor.  What fractal geometry allows us to do is analyze information available today in the absence of far more precise and intrusive technology.  The reason for this is because the human body, like nature, repeatedly demonstrates a tendency to naturally select those features and activities that are the most efficient and most productive.  Hence, the potential to understand what is “normal” and through comparison, identify what is not.

What else can we “see” through the application of fractal geometry?

If we view humans and societies as machines, the potential to apply these rules begins to emerge.  If the ideas of al Queda are viewed as a network that is self-sustaining, what is the relationship between mass and energy use?  How much energy does the movement require to grow and branch off?  What are the trigger points for a new branch or offshoot to develop?  According to fractal code, there are rules that identify the pre-defined trigger points that will lead to a new branch off-shoot.   Hence, what appears to be a complex network is in reality, a repeatable process.  If you understand what makes the tree grow, you will understand how the rainforest is sustained.  Taken to its logical end, we should be able to understand the sum by analyzing just a few of its parts.  It may not be coincidence that Faisal Shahzad and Najibullah Zazi had roots in working or middle-class society, some college education and no previous criminal record.

Note to all Intelligence Community recruiters:  hire more mathematicians!

————————————–

Note: If you are interested in learning more about fractals, here is a link to a 1 hour video from NOVA, called Hunting the Hidden Dimension

May 12, 2010

The Big Ask

Filed under: General Homeland Security,Intelligence and Info-Sharing,Technology for HLS — by Mark Chubb on May 12, 2010

Tomorrow afternoon, I am scheduled to participate in a panel discussion on crisis management and technology at Portland State University’s Mark O. Hatfield School of Government. The event, sponsored by the campus chapter of Pi Sigma Alpha — the political science honor society, asks what role technology can or should play in helping us respond to 21st century crises.

The organizers tell me their focus remains squarely on crisis management not technology. The question in their minds is not whether technology has a place in managing crises, but how we should define that place. How, they wonder, will we know whether or not technology is helping us? From a practitioner’s perspective, this struck me as a very good question, and one that does not get asked often enough.

From where I sit, crisis management succeeds or fails on how well leaders manage its four phases, which I define as:

  • Awareness
  • Ambiguity
  • Adaptation
  • Accountability

Awareness involves signal detection, which in turn depends upon the salience of signals to those responsible for detecting and responding to them. Technology can improve signal to noise ratios, but may dull the sense of salience as people become overwhelmed by inputs, especially if those responsible for designing or operating the system lack contextual intelligence (see Nye 2008).

Ambiguity not uncertainty is the dominant feature of complex systems and their relationships with their environments, and no more so than in when these systems are in crisis. Successful decision-making in crisis situations depends not so much on the ability to gather information or even to organize it as it does on seeing the meaning or patterns hidden within it. Humans remain far better at reconciling the relevance of inconsistent, incomplete, competing, and even conflicting information than cybersystems. Ensuring such systems support the strengths of the people responsible for making decisions rather than using them to overcome weaknesses seems to me an essential step in preventing these systems from compounding rather than correcting our problems.

Most crises are adaptive not technical challenges (Heifetz & Laurie 2001). Although many crises present us with problems that require technological assistance, their hallmark remains the need to see our relationship with the problem and its environment differently from the way we did before our situation became apparent. Dietrich Dörner (1997) demonstrated that most of our problems managing adaptive challenges arises not from their scope or scale so much as our inability to see them as complex webs of interdependent variables that interact in subtle but important ways. His experiments demonstrate that we are particularly ill-equipped to manage situations in which these interactions produce exponential rather than quasi-steady changes in the situation. He further concludes, that when confronted with such problems, we have an altogether too predictable tendency to direct out attention in ways that are either too narrow and fixed or too broad and fleeting to do much good. Adaptive challenges, then, require us to keep the big picture in perspective and to engage others in its management. This is not something that cybersystems necessarily help us do better, as they engage people with a representation of the problem not its essential elements.

In the end, every crisis demands an accounting of what went wrong, and, if we are truly honest and maybe a bit lucky, what went right as well. Such judgments are as inherently subjective just as their conclusions are (or should be) intensely personal. Getting people to accept responsibility, learn from their experiences, and take steps to strengthen the relationships they depend upon to resolve crises is an innately human process. Cybersystems may help us engage one another over great distances in real time and keep records of our interactions, but they do not necessarily clarify our intentions or make it any easier for us to acknowledge the hard lessons we must learn if we are to grow.

Despite my concerns, I remain optimistic that technology can help us improve the effectiveness if not the efficiency of crisis interventions. But only if we do not ask too much of it or too little of ourselves along the way.

References:

DÖRNER, D. (1996). The Logic of Failure. New York: Basic Books.

HEIFETZ, RA & LAURIE, DL (2001). The Work of Leadership. Harvard Business Review. Cambridge, Mass.

NYE, Jr., JS (2008). The Powers to Lead. New York: Oxford University Press.

May 10, 2010

Did DHS Screw Up “Again” By Letting the Times Square Bomber on a Plane?

Filed under: Aviation Security,Intelligence and Info-Sharing,Terrorist Threats & Attacks — by Christopher Bellavita on May 10, 2010

This post — written by a colleague — should have been posted on Friday, May 7th.  For a several reasons, it was not posted. However, the point the author makes is still valid.

———————————

There were plenty of articles and comments over the past few days stating that once again DHS did not fulfill its responsibilities of keeping bad people out of an otherwise sterile security environment.

As the story goes, DHS is to be blamed for allowing the Times Square bomber, Faisal Shahzad, to board the plane thus putting the flight at risk or allowing him the opportunity to make an escape to freedom. Unfortunately, in most instances DHS has become the Nation’s equivalent of an inflatable punching bag when all manner of safety and security activities go awry. Such criticism is offered by the politically disingenuous intelligencia and easily accepted by the media and uninformed masses.

Might there be another way to assess the situation?

Suppose there were compelling intelligence collection, investigative, and prosecutorial reasons to allow the suspect to continue with his plan (attempting to depart the country) up until he was about to leave a “positively controlled” environment.

During Tuesday’s press conference, AG Holder responded to the “did Shahzad almost get away” question by stating “I was aware of the tracking that was going on and was never in fear of losing him.”

Might this be another example of the intelligence collection-safeguarding society-prosecutorial discretion tension that occurs almost daily when trying to assess whether to arrest and shut down activities perceived to be related to terrorism, contrasted to the need to allow the bad actors to continue with their plans for purposes of gaining a better contextual understanding of the plot and associated conspirators?

Or, as Paul Harvey suggests, possibly there is more to the story than meets the eye: FBI Team ‘Lost’ Suspected Times Square Bomber During Crucial Hours

In either case, whether this was a well orchestrated intelligence collection operation or, as the web article above notes, the FBI did lose Shahzad in the waning hours of the manhunt, it appears DHS should be praised, not excoriated, for being an effective safeguard of last resort.

As the article notes, Shahzad was first added to the no fly list at noon on Monday (May 3rd). A decision and job not of DHS’ doing.

Once DHS officials became aware he was on the plane, based on a routine check of the flight manifest by CBP officials, procedures were followed and the system was implemented as designed.

Maybe this incident has highlighted how the DHS should be viewed in most safety and security settings: the Nation’s safeguard of last resort.

March 30, 2010

The Open Question

The open source intelligence debate took on new meaning for me on Sunday night. Shortly after 8:00 PM a loud explosion shook houses all across the east side of Portland, Oregon. What ensued afterwards provides new insights not only into how intelligence is generated, but also illustrates some of the new challenges we face in managing the collection and analysis process.

Within minutes, more than 50 calls reporting the explosion came into the local 911 center. Police and fire units responded to investigate, but found nothing to indicate an emergency. No burning or collapsed buildings, no casualties, no obvious signs of damage or disruption were evident anywhere.

Public safety officials’ prompt response to this incident, like their response to another big boom about two weeks earlier in the same area, provided little comfort though because no one could confirm what had caused the explosion. As you might expect, this opened the to door to speculation as much as it opened the door to investigation.

Within minutes subscribers to the microblogging service Twitter had invented and agreed to use the #pdxboom hashtag to track reports. Within half-an-hour, an ad hoc collaboration started on Google Maps was tracking and color-coding these reports in an effort to locate the source of the noise. And more than 20 wiseguys had even created and logged into an event marking the occasion on the social networking site Foursquare using their wireless mobile devices.

The theories spawned by these efforts ran the gamut from the serious (an earthquake boom) to the nonsensical (unicorns fighting or a house falling on a wicked witch). But the map generated by the more serious reports painted a much more compelling picture of the event. Efforts by local officials and media outlets to isolate the source by consulting the National Weather Service, the local Air National Guard fighter wing and NORAD, the U.S. Geological Survey and various utilities likewise proved fruitless.

Yet the public remained undeterred. Hundreds of people logged in over the next several hours to record their experience of the event. Before long some patterns became evident.

The next day, aided by daylight, armed with these online contributions, information from the initial 911 reports and information gathered following the previous incident, investigators located the site of the explosion along a riverbank near downtown. Fragments of a PVC pipe bomb were also recovered.

What did we learn from this incident? Well for starters, people want to be of assistance, even in a town where the police are not currently held in very high esteem due to two recent officer-involved shootings. Second, they will seek out ways to make sense of confusing experiences, which more often than not includes sharing their personal observations and perspectives in a way that gives them meaning whether or not they produce a plausible explanation. Finally, the speed with which this process of sharing information about our common experience advances will exceed anything we saw before the dawn of the Information Age.

When we speak of intelligence we often conflate its epistemic and ontological meanings. From an epistemic perspective, intelligence involves identifying what we know, filling in gaps and discovering missing elements that will help us build a coherent picture of the situation. Interpreting this picture involves another aspect of intelligence. Ontology addresses how we synthesize data by dictating the sorts of frames we apply to create a shared sense of understanding.

Neither of these approaches alone, however, answers for us the bigger and as yet unanswered and therefore open question: “What was the intention or purpose of the person who built and detonated this device?”

We often assume that analysis and synthesis will lead us to the answers we seek to teleological (thanks Phil) — as opposed to epistemic or ontological — questions. Knowing what’s on the minds of those who seek to disrupt our lives, not in some abstract ideological or theological sense, but in the very tangible sense that links their intentions and actions, might actually help us interdict such threats before they emerge. If someone figures out a way to answer this question through crowdsourcing, we could make real progress against the threats we face.

March 19, 2010

Combating the Terrorists Online

Earlier this week, I wrote - Is the Internet Creating Terrorists? – in recognition of the modern Internet’s 25th birthday.  In that piece, I asked whether the Internet has enabled terrorists to increase their recruiting efforts and what does it mean for law enforcement.  Yesterday, Christopher Bellavita wrote an interesting related piece, Could terrorists on the internet be the next dot com bubble?, exploring Marc Sageman’s book Leaderless Jihad, and its analysis of potential Internet radicalization.  Chris’ conclusion, if I may simplify,is that there may be less of a link between the Internet and radicalization than expected.  He approached the issue from a different angle than I did – reviewing, in part, the lack of a correlation between countries that access extreme websites and countries that produce foreign fighters.   He does caution that without a critical analysis of claims and evidence demonstrating that the Internet is creating terrorists, we may end up wasting resources on the wrong problem.

So, what is the federal government doing to analyze the use of the Internet as a potential terrorist recruitment, dissemination, and tool for terrorism? Obviously, with proper procedures and legal process, the government can monitor non-public sites promoting criminal behavior.  We will leave out of the discussion scenarios of what our cloak and dagger friends may be doing.

Also not discussed here are the legislative and legal procedures at the federal level for tracking an individual’s use of the Internet if criminal or security implications exist.  The intricacies of surveillance policy – bother criminal and intel-related – is a topic that alone fills many a blog.

Instead, this post focuses on what potential government action exists to address the potentially offending websites that are disseminating terrorist information and/or inciting terrorist activity.  In doing so, I admittedly am taking a simplified approach to a complicated subject but hope to at least start a dialogue on the issue.

As far as I am aware, there is no public analysis that explores the degree to which the U.S. is generally monitoring public websites and communications on open blogs, social networks, and the like, though we know such efforts are underway in some form or fashion.  Just last month, the Department of Homeland Security undertook a Privacy Impact Assessment for the “Office of Operations Coordination and Planning, 2010 Winter Olympics Social Media, Event Monitoring Initiative.” The PIA assessed a number of DHS activities in preparation for the Vancouver Olympics, including the monitoring of social media websites (including this site) to “provide situational awareness and establish a common operating picture.”

In 2008, the Senate Committee on Homeland Security and Governmental Affairs released a report, Violent Islamist Extremism, The Internet, and the Homegrown Terrorist Threat,  which touched upon the government’s response capability.  The report stated:

Despite recognition in the [National Implementation Plan] that a comprehensive response is needed, the U.S. government has not developed nor implemented a coordinated outreach and communications strategy to address the homegrown terrorist threat, especially as that threat is amplified by the use of the Internet. According to testimony received by the Committee, no federal agency has been tasked with developing or implementing a domestic communications strategy.

Shortly after the report was released, Committee Chairman Joe Lieberman sent a letter to Google Chairman and CEO Eric Schmidt saying that the company needed to take extensive steps to remove videos from YouTube that promoted terrorism.  While YouTube is hardly a terrorist-sponsored site in and of itself,  Lieberman found that some videos posted on the sharing site “provide weapons training, speeches by Al-Qaeda leadership, and general material intended to radicalize potential recruits.”  While Google removed a number of videos that violated its own guidelines,  Lieberman continued to raise concerns with additional videos that remained on the site.

Lieberman’s actions were met with criticism from civil rights and First Amendment advocacy groups, who saw it as an attack on the First Amendment and the Constitution. Others balked at the potential for censorship of content on the Internet.

The First Amendment, at least with regards to acting on and removing materials from sites, is one of the biggest challenges facing the federal government.  Those hosting websites may loathe removing or censoring sites without some legal process served by authorities,  a process that requires a determination of a specific illegal act, or without a clear violation of their contractual agreements with site owners.   In looking at the offending act for terrorist sites, part of the challenge goes back to an issue that Homeland Security Watch discussed in great detail several weeks ago – what is terrorism and what constitutes a criminal (or national security) act?  Do lone wolf sites suffice?  Does it have to be linked to a terrorist group?  How does the government meet the threshold of a terrorist act when it involves online speech?

Of course, there may be ways to avoid the “what is terrorism” definition for potential acts by looking at other laws, especially if criminal activity is evident.  For example,  in 1996, Senator Diane Feinstein included in the Omnibus Anti-Terrorism Act a provision that required the Justice Department to produce a report analyzing the extent to which bomb-making instructions are available in the U.S. via various forms of media.  The Justice Department issued a report in April 1997 stating that laws restricting the dissemination of the media could be constitutional if narrowly-crafted.    Senators Feinstein and Orrin Hatch included an amendment on the Violent and Repeat Juvenile Offender Accountability and Rehabilitation Act that prohibited teaching or showing how to make explosives with the intent that the information will be used to  commit a federal crime.   Consequently, if a potential terrorist site shows how to make explosives and IF intent can be shown that the site’s owners planned for individuals to use that information to commit a violent crime, then legal process could be attainable.  Likewise, if specific links to fraud, money laundering, or inciting specific incidents of violence are evident, there potentially could be legal action in those cases.

Even then, however, if the sites are hosted outside the U.S., the issues become murkier and require international cooperation, perhaps with nations with different norms, standards, and definitions of criminal and national security acts than the U.S.

Complicating the situation even more — if  a site is successfully knocked off a hosting company’s server,  it is very easy to migrate and move a site to a new location.  Indeed, in testimony before Lieberman’s Committee in May 1997, Lt. Col. Joseph H. Felter, U.S. Army director of the Combating Terrorism Center at the U.S. Military Academy, testified that “[a]ttempts to shut down websites have proven as fruitless as a game of whack-a-mole.”

The government actions above, however, assume that law enforcement or security officials want a site to be removed. There may be instances where the preferred action is to leave something up as it may be valuable for intelligence or evidence gathering reasons.

Tackling terrorism online is not one that the U.S. alone is facing.  Just last month, the United Kingdom’s Association of Chief Police Officers created a unit for fighting online terrorism activity, complete with a portal for citizens to report suspected sites.  Other nations that do not provide the same free speech protections have taken similar actions for a variety of criminal security activities, including those related to hate speech.

In short, the challenges for government action against terrorist sites “generally” are many and raise serious constitutional and legal hurdles, both here and abroad.  Of course, we still most determine the extent to which terrorism-promoting sites are a problem – and that, in and of itself, may be our biggest challenge.

March 17, 2010

Crowdsourcing Solutions

Filed under: General Homeland Security,Intelligence and Info-Sharing — by Mark Chubb on March 17, 2010

In Sunday’s New York Times, the Week in Review section featured an article about the open source software application known as Ushahidi. It asked the rather provocative and somewhat tongue-in-cheek question, “Could wiki technology find Osama bin Laden?”

Ushahidi — a free and open source software (FOSS) application developed in Kenya to support user-collected reports of election irregularities — has found a sudden following in the emergency management and disaster relief communities following its deployment in Haiti following the earthquake there. In a very short time after its deployment, relief agencies sharing information using Ushahidi had collected the single most authoritative single source of information on incidents, impacts, and internally-displaced persons in the disaster-ravaged country.  And they had accomplished this despite the lack of pre-written common operating procedures and almost no prior information with which to populate geographic information system (GIS) databases.

The name of the application, taken from the Swahili language most closely translates to the English words “witness” or “testimony”, as in the first-person observations and reports of those in the best position to know what’s really happening. This, in-fact, is the single-most powerful premise underlying the application’s design and its successful deployment. In the early stages of an incident, the quantity of information is a bigger problem for responders than its quality. And those closest to the source of information are in the best position to generate both quantity and quality if properly enabled. As the incident expands, the ability to discover patterns and discern meaning from data points depends more on quantity than quality.

To many emergency managers and homeland security professionals, this seems somewhat counter-intuitive. We place great stock on authoritative sources and time-tested methods. Indeed, sources and methods are so highly prized we often hold their identity so close that we compromise our own understanding of the information they provide because we cannot or will not disclose it with others who could help us put it in its proper context.

The rather simple idea behind Ushahidi would be revolutionary enough if all it did was help diverse individuals and organization quickly aggregate, verify, and assess intelligence. But the application has spawned another important innovation that may be more important than what people can do with the software, and that has to do with how they use it.

During past disasters, the spontaneous mobilization of volunteers has proven problematic for those managing response and recovery operations.  In the days after the Haiti earthquake, cadres of volunteers from the tech community mobilized in cities across the United States and around the world in what have become known as CrisisCamps. These ad hoc gatherings deploy Web 2.0 technologies en masse to aid humanitarian relief efforts. But unlike disaster tourists, these volunteers self-organize and stay well out of the way.

Using the power of networks and collaborative techniques carefully honed in their day jobs, these assemblies have proven the power of information technology to facilitate co-production both in the technological and socio-political senses. By breaking very large, complex problems into smaller, bite-sized chunks and processing them quickly — which computers do better than people — these camps have enabled people to do what they do best: manage ambiguity.

By leveraging the resources of a worldwide network of technical professionals, those responsible for response and recovery on the ground can focus their resources and energy on resolving goal, role, task, and value conflicts that impede their efforts to get help where it is needed most. By organizing and clarifying information, tools like Ushahidi and processes like the CrisisCamps enable decision-making and foster engagement. And successful transitions from response to recovery depend on both.

If responding creatively to constraints and exigencies, successfully negotiating competition for resources, and securing satisfactory commitments from resource owners and those in need are the keys to collaboration, tools like Ushahidi are demonstrating the power of crowdsourcing solutions to our most challenging and complex problems. Whether these technologies can help us apprehend Osama bin Laden remains to be seen. But I wouldn’t be surprised if they did.

February 2, 2010

Annual Threat Assessment of the US Intelligence Community

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on February 2, 2010

From a colleague:

Annual Threat Assessment of the US Intelligence Community

ODNI released today: http://www.odni.gov/testimonies/20100202_testimony.pdf

DNI says the strategic landscape has changed in the past year and hits on the major points and threats.  Cyber threat is at the top of the list; Terror is #3:

- Far-Reaching Impact of the Cyber Threat
- The Changing Threat to the Global Economy
- Terrorists Under Pressure; Terrorist Threat to Homeland Remains
- The Growing Proliferation Threat
- Afghanistan
- Pakistan: Turning Against Domestic Extremists
- India
- Mixed Outlook Middle East
- China’s Continuing Transformation
- Outlook for Russia
- Latin America Stable, but Challenged by Crime and Populism
- Continued Instability in Africa
- Mass Killings
- Potential Flashpoints in Eurasia and Balkans
- Regional Impacts of Climate Change
- Strategic Health Challenges and Threats
- Significant State and Non-State Intelligence Threats
- Growing Threat from International Organized Crime

January 26, 2010

Do you have what it takes to be an intelligence analyst?

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on January 26, 2010

In yesterday’s post, Jessica rhetorically asked if it’s “the case that intelligence challenges are unfixable and as a nation we need to reassess how we work around them.”

The question reminded me of a meeting I was in a few weeks ago.  For reasons that now escape me, someone showed the brief (3 minute and 10 second) Richard Wiseman video, featured below.

Immediately after the video was over, one of the meeting participants — who has been a member of the Intelligence Community for more than 2 decades — said, “That’s just what it’s like to be an intelligence analyst.”

The video is called “The Colour Changing Card Trick.”

Your task — should you decide to take the test — is to watch the video and see if you can figure out the trick.

The only rules are to watch the video once, and don’t look at any of the “here’s how it’s done” comments on the website.  At least not before you watch the video.

So if you have a few minutes, click on the video and then come back.

amazing-color-card-trick-intelligence

In 1978, Columbia University professor Richard Betts wrote an article (in World Politics) called “Analysis, War and Decision: Why Intelligence Failures Are Inevitable.”

He argued the problems we keep running into are less about the intelligence process, and more about context. He said, “Policy premises constrict perception, and administrative workloads constrain reflection. Intelligence failure is political and psychological more often than organizational.”

If Professor Betts’ thirty year old claim remains correct (or if — like me — you failed to connect the card-trick-dots), some enduring intelligence challenges may indeed be unfixable at a fundamental level.

As a nation we will need to explore options beyond remodeling organizations and composing rules.  We need to reinvent intelligence.

January 25, 2010

Severe Threats

Last week, Congress held a series of hearings on the December 25th attempted bombing.  More hearings will follow this week.   While there have been countless analysis and assessments of the hearings, here is my 17 syllable assessment:

Intelligence Failed

Technology Will Save Us

Send More Money, Please

On Friday, the United Kingdom raised its threat level from “substantial” to “severe.”  The level, made by the U.K. government upon recommendations of the Joint Terrorism Analysis Center (JTAC), “means that a future terrorist attack is ‘highly likely,’ although not necessarily imminent.” The UK threat level had been at substantial since last July, when it had been lowered after two years at the “severe” level.  The level, previous to that, had shifted between severe and critical since the July 2005 attacks on the London Underground and on a Double Decker bus.  Interesting, U.K. officials were very quick to point out that its move was not related to the December 25th underwear bomber attack, though little information and lots of speculation as to the real reason has emerged.

Also on Friday, India raised its threat level, deploying air marshals and issuing a Civil Aviation Ministry security alert to airports and airlines for the “the stepping up of security arrangements at all concerned airports and airlines following inputs received from security agencies as well as the Ministry of Home Affairs.” The alert was issued just days before tomorrow’s celebration of Republic Day, which notes the country’s adoption of a constitution (following its independence form the U.K.).

Also, on Friday, Department of Homeland Security Secretary Janet Napolitano met with members of the International Air Transport Association (IATA) in Geneva regarding aviation security standards.  IATA represents approximately 230 airlines and 90 percent of the world’s air traffic. IATA raised several issues with the Secretary including industry operational capacities, better mechanisms for sharing passenger information, more input from airlines into security measures, and better international coordination between governments imposing security on the aviation industry.

These announcements came before the weekend reporting of a new video recording from Osama bin Laden claiming responsibility for the Christmas Day attempted bombing AND reports of non-Arab female suicide bombers, carrying Western passports, possibly attacking the U.S.

Collectively, this past week of events and announcements provide insight into the various challenges faced by the U.S. and its global partners in their terrorist-fighting efforts, both here and abroad.

Here are some observations:

  • Congressional Hearings: The hearings made clear that eight and a half years after 9/11, intelligence sharing, culture, and assessments still are lacking -  Commissions, Administration reorganizations, and Congressional actions not withstanding.  Whether posed as failures or challenges, it is clear that some change is needed — what that change is remains the question. Or is it simply the case that intelligence challenges are unfixable and as a nation we need to reassess how we work around them?
  • International Efforts: Despite the “homeland” in homeland security, the actions in the U.K. and India remind us that terrorism is an international issue that links us all together.  Terrorism is not only a threat against the U.S., but one that has harmed a number of our allies.   Consequently, our efforts – both on the intelligence and counterterrorism fronts – have to be bigger than the U.S.  They also have to be bigger than the Inside-the-Beltway fighting over who “owns” terrorism as an issue within the political parties.
  • Private Sector as Partner: The IATA-Napolitano meeting demonstrates that security is not  a government-only function.  The government’s efforts affect the private sector, requiring the private sector to be a key partner in any security efforts.  Add the international angle, then this partnership becomes even more complicated and in need of constant communication.  While much of the attention relating to the December 25th bombings have focused on the airlines and aviation industry, it would behoove the government and DHS to reach out (or better publicize) its efforts with others affected by security measures.  After all, it was the traveling public that diverted the underwear bomber attack.
  • Terrorists Come in Different Sizes, Colors, and Genders: The threat of people who may not “look like Al Qaeda terrorists” is one that experts and Congress have raised on numerous occasions over the past several years.  In reality, none of us know what a terrorist looks like – we just know who has attacked us in the past.  That image is constantly evolving and changing as more attacks are thwarted and responsible individuals come to light.   What’s becoming clear is that we cannot and should not rely on “profiling,” as we will be left unprepared.
  • Bin Laden as Boogie Man: Interestingly, after Bin Laden took credit for the December 25th attack, a number of U.S. intelligence agencies stepped up to adamantly discredit the claims. Does it really matter if he was behind the attacks to the average American? Well, it may or may not but there are reasons for these strong assertions.  First, if Bin Laden wasn’t involved, then there is evidence of a continued splintering of Al Qaeda and its strength, though such splintering could arguably make our terrorist-fighting efforts even more difficult.   Second,  if Bin Laden was involved, it is just a reminder that he is still out there and has not been captured or brought to justice.  Third, Bin Laden epitomizes terrorism to many average Americans and his omnipresence in all episodes that are terrorism make him an even more iconic figure to those who would follow him.

January 13, 2010

Houston, We Have a Problem

Filed under: Aviation Security,Intelligence and Info-Sharing,Terrorist Threats & Attacks — by Mark Chubb on January 13, 2010

story in Monday’s New York Times once again highlighted the growing problem facing the United States in its efforts to combat terrorism: We’re swimming in sensors and drowning in data. Terrorism and its extremist adherents have no better ally in their efforts to harm us than our innate tendency to mistake problems of being for problems of knowing, and in doing so to tie ourselves in knots.

As inconceivable as the motivations and actions of terrorists may seem to us, their behavior does not pose an unimaginable much less unknowable threat. Although we may not know when, where, or how they intend to strike, we can be pretty sure they will.

Our inability to wrap our heads around the “why” of terrorism leads us to oversimplifications and misapprehensions about the nature of the terrorist threat on one hand and a tendency to over-reach in our efforts to know who they are and what they are up to on the other. This leads us to frame the problem of terrorism primarily as an effort to identify and interdict unknown enemies.

Our preoccupation with finding out whom we should target leads us to collect more information than we need, and, consequently, far more than we can intelligently manage. As such, it becomes not only increasingly difficult, but also increasingly impractical to assemble a coherent picture of the threats facing us.

With the possible combinations so numerous, we see few options besides throwing everything we have at the problem of sifting and sorting the data every way we can. But that’s the problem: We cannot sort or sift fast enough. Picking up the pace does no good. No matter how fast we work, we still make little or no progress.

Thankfully, looking for answers does not always require us to look for evidence. Sometimes all the evidence we need is already available, and all we really need to ask ourselves is “what does it all mean.”

Fortunately, this situation often arises when the stakes are high, making it a familiar setting for any experienced homeland security professional. Thos with experience know that gathering more information will not change the nature of a high-stakes problem nor will it make the solution any clearer. Indeed, just the opposite may be the case.

The popular Ron Howard movie Apollo 13 recounts the successful effort to save the crew of the crippled spacecraft after an unexpected explosion compromised the life support system aborting the original mission. In the movie (but apparently not in real-life), as the stakes became clear, flight director Gene Kranz played by actor Ed Harris, tells the engineers assembled to work out a strategy for saving the ship and its crew. “Failure is not an option.”

These words echo the sentiments expressed by President Obama during his scathing critiques of what he characterized as the intelligence failures that allowed the Nigerian Farouk Umar Abdulmutallab, who is accused of attempting to destroy Northwest Airlines flight 253, to board the Detroit-bound aircraft in Amsterdam despite apparent foreknowledge of his links to extremists. As the President noted, intelligence agencies had the information, but they did not know what it meant and did not act on what they did know before Abdulmutallab boarded the flight.

In a scene from Apollo 13, a group of engineers assembles in a meeting room and a box of assorted items representing the materials available to the astronauts aboard the crippled spacecraft is emptied before them. Their charge was to figure out how to combine these resources in a new way to achieve the goal of keeping the crew alive and returning them to earth safely.

This sort of situation as it applies to terrorism has confronted the west before. Other countries confront this reality today. Few can afford to act as the United States has in imposing new regulations and technical security requirements on its people and its trading partners. Instead, they adapted their behavior to the reality of the threat confronting them.

When IRA bombers threatened riders on London’s Underground, the operators of the system relocated vendors to improve sight lines and removed rubbish bins to make it harder to conceal an incendiary or explosive device. Passengers too became an integral part of the security arrangements.

Whether we can afford to invest in better technology or not, we should ask ourselves whether what we have to invest will prove worth the cost when we look back at the value obtained. If NW 253 teaches us anything, it is that the investments we have already made in airport security and intelligence gathering and analysis have not made the target that much harder.

Looking at the security landscape before us, we might discover that we are far better off than we realize. The same things that prevented the terrorists aboard United Airlines flight 93 from succeeding on 9/11 saved lives again on Christmas Day. When everything is said and done, relying on the resourcefulness and courage of average Americans is not such a bad thing to do when failure is not an option.

January 12, 2010

Connecting Puzzles, Dots, and Intelligence

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on January 12, 2010

Today’s guest contributor is Lt. Vinicio Mata, Sunnyvale Department of Public Safety.  Sunnyvale is one of the few cities in the country to have a single, unified Department of Public Safety.  That means public safety personnel in the department are cross trained — and depending on the incident — can respond as police officers, emergency medical technicians, or firefighters.

In March, Lt. Mata will receive a master’s degree in homeland security from the Naval Postgraduate School.

————————————————————–

The “inability to connect the dots” has become a rallying cry for pundits who want to criticize the intelligence gathering, analysis and dissemination performed by various agencies.

The connecting the dots analogy is an inaccurate way to explain alleged failures in the intelligence world.

Intelligence analysis is not like following numbered dots sequentially from 1-100 and creating a picture. That implies that we know there are numbers, that they are sequential, and that we know the range of those numbers.

Analyzing intelligence is not as simple as connecting the dots.  It is more like putting a puzzle together.

Imagine you are given such a task.  But with these limitation:

You have a partial idea of what the picture should be.  But you don’t know how many pieces the puzzle is supposed to be.

From your experience and by looking at the size of the pieces, you estimate that it is a 1500 to 2000 piece puzzle. The pieces are inside a box.

The majority of the pieces that belong to the picture you are making are missing. These pieces are in the box mixed with pieces from many other puzzles that are in no way related to the picture you have been tasked to put together.

These other pieces look like the ones you need.  But they don’t fit.

In order to determine whether you are holding the right piece, every one of the pieces needs to be looked at, compared against the partial picture you have, and compared against the pieces you have already deemed relevant.

From the relevant pieces, you are expected to put a picture together that is clear enough to be actionable.

The puzzle analogy is a much more accurate way to think about what intelligence analysts have to do.  The information they have to analyze is often incomplete, seemingly unrelated, and not sequential.

Connecting dots is a children’s game.  Transforming data and information into intelligence and making sure it gets to the right people at the right time is a skill, painstakingly acquired.

January 8, 2010

“The intelligence was posted, but the right analyst never found it among the terabytes”

Filed under: Intelligence and Info-Sharing — by Christopher Bellavita on January 8, 2010

Excellent quote about the consequences of complexity at the end of  Karen DeYoung’s Washington Post story on January 7th:  After attempted airline bombing, effectiveness of intelligence reforms questioned

The 2005 quote is from Russell E. Travers, who is a deputy director of the National Counterterrorism Center:

“If an organization posts something to its webpage, it can claim to have shared information,” …. “Whether the right people know the information/analysis is there, and actually make use of it, is entirely another matter.

“Indeed, we’ll almost certainly be dealing with precisely this problem in the post mortems of our next intelligence failure [again, this was written in 2005]; the relevant intelligence will have been posted, but the right analysts never found it among the terabytes of available information.[my emphasis]

How much is a terabyte?

One Terabyte = 50,000 trees made into paper and printed

Ten Terabytes = Printed collection of the U. S. Library of Congress

library-of-congress

January 7, 2010

White House Review of the December 25, 2009 Attempted Terrorist Attack

Filed under: Aviation Security,Intelligence and Info-Sharing — by Christopher Bellavita on January 7, 2010

[from the best librarian in homeland security]

The White house has released its summary of the review on the December 25, 2009 Attempted Terrorist Attack

http://www.whitehouse.gov/sites/default/files/summary_of_wh_review_12-25-09.pdf

and the related directive

http://www.whitehouse.gov/sites/default/files/potus_directive_corrective_actions_1-7-10.pdf

The press release says:

“The review of our security and intelligence systems following the attempted terrorist attack on Christmas Day has been completed.  The President spoke two days ago about “the urgency of getting this right,” and the identification of failures in this review, along with the immediate ordering of reforms and corrective steps both today and in the days since this incident, are a recognition of that urgency.  This review is also a recognition that while there is no place for partisanship and the old Washington blame game in dealing with Al Qaeda and the threat they represent, keeping American safe depends on honest and direct accountability.”

http://www.whitehouse.gov/blog/2010/01/07/release-security-review-conducted-after-failed-christmas-terrorist-attack-0

And here is a link to the president’s remarks about “strengthening intelligence and aviation security.”

January 6, 2010

The Spies Who Came in from the Cold

Filed under: Congress and HLS,Intelligence and Info-Sharing — by Mark Chubb on January 6, 2010

Monday’s New York Times featured an article by William J. Broad on renewed collaboration between U.S. intelligence agencies and climate change scientists. Efforts to exchange arctic surveillance photos and other data for improved understanding of the national security impacts of climate change seem eminently sensible.  (See also the CIA press release on the opening of the Center for Climate Change and National Security.)

Why then do some overseers in Congress, like Wyoming Republican Sen. John Barrasso object to the idea? Well, for starters, they got their way on this question for the past eight years while President George W. Bush and former Wyoming Congressman, Halliburton CEO, and Vice President Dick Cheney were in office. The recently restarted program known as Medea – Measurements of Earth Data for Environmental Analysis – was suspended on their watch.

Economic, social, and political instability in oil-rich Muslim nations is among the biggest potential national security challenges presented by global climate change. At the same time, growing concern about the impacts of ice melt and habitat loss on northern climes and their fragile ecosystems has influenced the debate on drilling and exploration in the Arctic National Wildlife Refuge and other remote regions.

The circumstances attending such instability strike most of us as particularly bad news. But that is not the case for those with a vested interest in America’s energy addiction. Enabling instability suits them just fine. Driving up the price of energy makes exploration in previously unthinkable places more attractive and indeed competitive. Defense contractors benefit from our sense of insecurity and our desire to arm our enemies’ enemies.

The U.S. government, on the other hand, gains very little from these exchanges. We face a world in which the effects of climate change drive up the costs of combating terrorism while fueling the cause of extremists seeking to recruit and convert new radicals.

But as Broad’s article makes clear, not all of the consequences of climate change, at least in the arctic region, should strike opponents of this renewed collaboration as negative. Barring international agreements or other new regulations, melting sea ice will facilitate navigation and open access to previously untapped fish stocks and mineral reserves.

According to sources quoted in the article, the fiscal impacts of this program are negligible. U.S. spy agencies maintain extensive sensor networks that produce a very detailed picture of conditions in the arctic region where the effects of climate change have already become quite apparent. The scientists with whom intelligence agencies work receive degraded imagery and must hold appropriate security clearances. In exchange, they aid the country in achieving a better understanding of the world in which we and our children will live.

For once, by bringing our spies in from the cold, it seems we might just be fighting the next war instead of the last one. The next question we must ask ourselves is what we will do with the new information produced by this partnership and the insights it yields.

More information on national security and climate change is available from these sources:

CNA Analysis & Solutions

Council on Foreign Relations

Pew Center on Global Climate Change

U.S. Senate Committee on Environment and Public Works

December 30, 2009

“The operation was a failure, but the patient lived.”

Filed under: Aviation Security,Events,General Homeland Security,Intelligence and Info-Sharing,Strategy — by Christopher Bellavita on December 30, 2009

“Politically correct” means constraining the way one behaves or uses language because one is afraid to violate powerful orthodoxies.

President Obama has officially declared that “a systemic failure has occurred,” and he considers it to be “…totally unacceptable.”

Obviously, when a system fails in a technologically advanced society, the only politically correct thing to do is fix it.

One fixes system failures by identifying the offending elements and replacing them with elements that are not going to fail.

It is irrational to do anything other than that.

But what if this was not (except with hindsight) a preventable systemic failure?  What if it is in the nature of complex systems to “self organize” and every now and then  just fail?

On this point, see “Complexity, contingency, and criticality,” by Bak and Pakzuski (originators of the sandpile avalanche metaphor — i.e., “for a wide variety of phenomena, there are no deep underlying causes, just an accumulation of tiny accidents.”).

Less technical treatments of the idea can be found in Charles Perrow’s , “Normal Accidents: Living with High-Risk Technologies;Mark Buchanan’s Ubiquity: Why Catastrophes Happen;” or Joshua Cooper Ramo’s, The Age of the Unthinkable: Why the New World Disorder Constantly Surprises Us And What We Can Do About It.”

If you have time for only one of these, I’d recommend Buchanan’s book, Ubiquity.  Here is an excerpt from Edward Skidelsky’s review of Ubiquity:

Applied to history, this theory suggests that … [significant events] demand no explanation beyond a narration of the precise chain of events that compose them. In the sand pile, it is impossible to specify the cause of a huge avalanche other than by tracing its exact progress right back to the original grain that triggered it all off. There are no “laws of avalanches” distinct from the laws governing the movement of the individual grains. And any grain … can, if it falls at the right time and place, start an avalanche. The only way to understand the history of the sand pile is to recount it; old-fashioned narrative history turns out to be the most scientific of all.

The vision of history that emerges from Ubiquity is tragic. It is the vision of the Iliad. History stands permanently poised on the brink of catastrophe; the abduction of one woman can lead to the destruction of cities. Instability is an inalienable feature of human life. We flatter ourselves that we have overcome it through the development of rules and institutions, not realising that those very rules and institutions are equally subject to its depredations…. [my emphasis]

———————–

From the  perspective of “self organized criticality,” what has been termed “system failure” is not always a problem that can be fixed.  Sometimes it’s a terrain feature one has to adapt to.

It may be politically correct to use the “fix it and move on” language.  But defaulting to such correctness may constrain useful thinking about alternatives.

[Mark Chubb's very thoughtful piece earlier today illustrates such alternative thinking.]

Resilience is premised on the idea that sometimes bad stuff happens.  And when it does, you get back up.

One does not encourage resilience by placing blind faith in the perfectibility of complex systems — particularly systems whose complexity is generated by people and technology.  One’s faith is better placed in the knowledge that complex systems will fail, so what happens when they do?

Questions like that outline a path toward resilience.

———————–

Here’s an image of the TSA system emerging orthodoxy says “failed:”

tsa-layers-of-security-vertical

Maybe political correctness demands there should be more or better pieces, or sub-pieces, or links, or procedures added to the complexity of the 20 layers and the unfathomable environment that surrounds those layers.

But you will note that “Passengers” are part of the current system.

As Mark notes, Flight 253 did land safely. Abdulmutallab failed.

Some element in the homeland security enterprise ought to get credit for the success.  The passengers did not sit quietly and wait for the bomber to try again amidst the smoke and smell.  They acted.

It is trite to say, but homeland security, including aviation security, is not simply the government’s job.  It is everyone’s responsibility — not in theory, but in fact.

It is politically incorrect to think otherwise.




Binary Explosives

It looks like I spoke too soon by posting my Top 10 for 2009 last week.  Just when you think it’s safe to get back in the skies somebody tries to blow up an airplane with an underwear bomb. (I will avoid the small but obvious temptation to employ sophomoric, prepubescent potty humor here.)

In an effort to underscore the seriousness with which the threat is taken, President Obama yesterday cited “human and systemic failures,” which he termed “totally unacceptable” for allowing Umar Farouk Abdulmutallab to board a Northwest Airlines flight from Amsterdam to Detroit. His failed attempt to initiate an explosive device as the flight approached its destination occurred despite apparent warnings that al Qaeda radicals in Yemen were preparing a Nigerian operative for an attack and a nearly simultaneous warning from the young man’s father that his devout son had fallen off the grid and might be a risk to the United States.

The revelation that the United States government, possibly even two stations in the same intelligence service, had in its possession the information with which to identify and interdict a terrorist target before he could act has been taken as the intelligence equivalent to the binary explosive device that Mr. Abdulmutallab sought unsuccessfully to detonate. Like the alleged terrorist, the intelligence community’s technology failed to operate as intended.

Neither event should come as much of a surprise. Perpetrating a terrorist attack on an airliner remains a very complex undertaking, which has no doubt become more complicated due to the measures taken by the United States and its allies since 9/11. Assembling and actuating an improvised explosive device remains a complex and risky undertaking for those handling it, especially when it must be designed and deployed in a fashion that renders it both difficult to detect and under the deliberate control of an operative. A device of the type employed in this instance is difficult, if not impractical to test beforehand.

Soon after the attack, we learned that Mr. Abdulmutallab had come to the attention of officials at the U.S. embassy in Abuja, Nigeria after his father expressed concern his son had been radicalized. This understandably rare approach from a distressed parent raised appropriate alarm bells, but was not in and of itself sufficient cause to consider Mr. Abdulmutallab a full-fledged terrorist.

This morning we learned more about the information that might have led President Obama to characterize intelligence failures in such stark terms.  News reports indicate that intelligence services monitoring communications in Yemen intercepted an exchange indicating that an unidentified Nigerian operative was prepared for deployment. In hindsight, it seems clear that these two pieces of information are related. But combining them, like actuating the explosives Mr. Abdulmutallab carried, is harder to do than it seems.

In addition to the President’s statement yesterday, we learned a bit more about the alleged bomber himself from what appear to be his own posts to an Islamic chat room on the internet. While these musings help paint a picture of a lonely, troubled young man struggling with his identity, purpose, and relationships, these writings do not suggest anything more serious than the sorts of emotional difficulties that face many young men as they reach adulthood. Taken in the context of his activities at the time, rather than our knowledge of the present circumstances, they seem rather constructive even reasonable attempts to seek stability and direction.

That Mr. Abdulmutallab found stability and purpose, despite education and advantage, in associating with terrorists understandably troubles us. But it also suggests we should not look for easy answers lest we fall prey to the same sort of misfortune Mr. Abdulmutallab himself now faces (or would have, for that matter, had he succeeded in his designs).

By definition, a systemic failure occurs when multiple, independent structural deficiencies conspire to permit the occurrence of an unwanted or unintended consequence, which would otherwise have been avoided had any single deficiency not existed. While we examine the multiple missed opportunities that allowed Mr. Abdulmutallab to come so close to bringing down Northwest flight 253, we should not overlook the fact that his attempt ultimately failed.

In our efforts to outdo ourselves and improve the performance of the aviation security and intelligence processes associated with this incident, we must remain mindful that success has its own perils. Like Mr. Abdulmutallab we may either become entangled in our own plot or have to destroy ourselves to succeed in any meaningful way.

« Previous PageNext Page »