Homeland Security Watch

DHS convened a major National Small Vessel Security Summit late last year, and the after action report is now available. While I first considered small boat security to be about as niche a topic as is possible (with more public affairs appeal than public policy), this report shows a heck of a lot of work went into the effort of making the event productive and relevant on a national scale.  The report was prepared by the Homeland Security Institute and, at 122 pages, is a daunting read. Especially with so few pictures. HLSWatch readers get the cliffs notes.  Main recommendations of the effort are as follows:

1.  AIS tracking technologies should not be required for vessels under 65 feet in length until the technology is perfected (read: likely never), the cost of such technology significantly reduced (read: paid by the Feds), and until law enforcement has the ability to track and respond to all vessels in the maritime domain (read: moveable goalpost). RFID technology or other OnStar-like monitoring features can be used in the meantime.

2.  The National Homeland Security Strategy needs a component that represents a National Small Vessel Security Strategy based on a layered defense. (Echoes of the WME Task Force.) This strategy should not, the report explains, focus on deterring a specific type of terrorist attack but should enhance the overall safety and security of the maritime domain. Rightly, the forum recommends that the strategy provide for guidance in coordination with international partners.

3.  Licensing, registration, or tracking of small boats used by private individuals should be accomplished by DHS with the lightest of touch. Failing to do so will be costly, ineffective, and rood (it will “alienate the small vessel operator”).

4.  State, local, tribal, and territorial maritime law enforcement entities need additional funding because, in addition to “other public safety and security missions,” this is too much.

5.  Establish a universal hotline telephone number, similar to the National Response Center 1-800 number, for the boating community to use in reporting suspicious activities and emergency situations.

6.  States could add a boat operator credential — like those required for tractor trailer or school bus drivers — to their state driver licenses. This could lead to a national boat registry for use by law enforcement agencies.

7.  The U.S. should enhance international cooperation and intelligence sharing with “our foreign counterparts,” especially Mexico, Canada, and countries of the Caribbean because these nations are the most likely departure points for a small vessel terrorist attack from overseas.

8.  More fusion centers! The report explains that conference participants felt that additional fusion centers would enable stakeholders to better share, analyze, and disseminate intelligence to with the USCG, CPB, U.S. Navy, the Harbor Master and state and local law enforcement agencies.

9.  Permanent Employment of the DNDO Act: Conference participants believe that federal, state, local, tribal, and territorial law enforcement agencies should be “provided with nuclear detection devices so they can detect radioactive signatures on small vessel and in cargo.” The rest of this language is worth reprinting:

The cost of such equipment requires federal guidance and oversight. In addition, the federal government should develop RAD/NUC detection devices with a stand-off capability in order to provide detection without directly impacting small vessel operators. The federal government should also consider placing nuclear detection devices on commercial vessels in a partnership to increase the chance of detecting a nuclear device or nuclear material before it reaches a major U.S. port or population center. Lastly, the federal government needs to strengthen counter-proliferation initiatives with our foreign counterparts to prevent shipments of WMD, their delivery systems, or related materials from reaching the U.S. maritime domain.

GAO reports on how well the DHS Container Security Initiative (CSI) has contributed to strategic planning for supply chain security and strengthened overall container scanning operations.  It raises problems with the CSI concept of operations, but there is a way to improve this — and its accruacy in targeting risky containers.

GAO praises CBP for following its earlier recommendations, but then drills into a core operational reality in the CSI program: limitations in evaluating inspections processes related to the accuracy and completeness of data collected. That data is essentially the main take for this program and its role in informing our targeting of high-risk cargo bound for the U.S. GAO goes on to suggest that if we don’t exercise better control over this aspect of CSI, the security value of the program declines pretty quickly.

Click image to view a conops of the CSI targeting process.

The net net of all this is that CBP “potentially lacks information to ensure that host government examinations can detect and identify weapons of mass destruction, which is important because containers are typically not reexamined in the United States if already examined at a CSI seaport.”

Hold on here. The purpose of CSI is to bring added security through greater transparency in the maritime shipping domain. CSI does this by adding scrutiny to cargo traveling to the U.S., before it arrives in the U.S. (at the foreign CSI port). But if the scrutiny is conducted by host government authorities, that sure dials up the risk.

In a sense, this brings us back to the concern over balancing throughput and security. The last thing we want to do is clamp down on the maritime trade to assure 100% security if that is done at the total expense of economic flows. However, too light of a touch on the system and we wind up adding false scrutiny without adding any value.

Striking the right balance requires revisiting the way in which we look at the maritime domain. It is not only an avenue for sea-based cargo. It is one medium for five global flows: cargo, people, information, finances, and the conveyances themselves (ships in this case). Securing the U.S. by examining every piece of cargo is a sledgehammer approach that we should use if necessary, but a more surgical option would seek to knit together these five flows across the maritime domain, for example, to generate the kind of transparency and intelligence we seek with the container scanning conducted by foreign port authorities.

Treating the information about cargo as a source of risk targeting limits our ability to identify the actual threat and it favors indiscriminate scrutiny that slows throughput without adding any real security. Generating and combining information on cargo in the context of the other four flows would provide an exponentially more accurate understanding of the true risk. Granted, CSI does not operate in a vacuum, but maximizing transparency – and therefore better informed risk targeting – can be more productive with a comprehensive approach that views the domain in a different way.

Congress included $13million for the Global Trade Exchange within the spending bill sent to the Senate last night. GTX is the third phase of an effort to bring better security and system visibility to the global maritime shipping supply chains. The bill reads as follows:

$13,000,000 shall be used to procure commercially available technology in order to expand and improve the risk-based approach of the Department of Homeland Security to target and inspect cargo containers under the Secure Freight Initiative and the Global Trade Exchange.

The Department issued an RFQ (thumbnail below) for this effort last week. Criticism of the effort usually revolves around the opaque nature in which it has evolved. Private sector operators whose information would theoretically populate a central data exchange express concern over the potential imposition on their supply chains that would come without sufficient benefit to their operations.

GTX has the potential to become a game-changing new dynamic between the public and private sector. However, much remains to be revealed in terms of the anticipated concept of operations that would create the appropriate mix of incentives to support private sector involvement. It is conceivable that if such a ConOps is crafted – including data privacy assurances, a durable governance framework, and shared risk, among other things – the kind of transparency that could be brought to the global maritime trade domain may generate a great advantage for our Homeland Security efforts to identify threats and for our maritime economic operators to identify and mitigate disruptions to their supply chains.

NOTE:
Singapore is now the seventh international port to join an effort to test scanning capabilities geared toward preventing radioactive material from being smuggled via U.S.-bound shipping containers. Integrated scanning for these purposes includes radiation detection and X-ray imaging of 100 percent of maritime cargo headed to the U.S.

This effort, part of the Secure Freight Initiative run jointly by DHS, Energy, and State, is in response to a Congressional mandate included in the SAFE Port Act. Other recently announced ports that signed up include Port Qasim (Pakistan), Puerto Cortés (Honduras), and the Port of Southampton (UK).

“Maritime Security: The Port Act: Status and Implementation One Year Later” was released yesterday by the GAO. The report assess several challenges DHS faces, including the 100% screening mandate, and makes recommendations to DHS to develop strategic plans, better plan the use of its human capital, establish performance measures, among other operational improvements. Top-level highlights are available here.

Port terminals at the UK, Pakistan, and Honduras are the first of a batch of countries to sign up for DHS’s current phase of the Secure Freight Initiative (SFI). SFI screens US-bound maritime containers for nuclear or other radiological materials. It is unclear whether the agreements, protocols, equipment, and other requirements put in place to screen for nuclear threats will be put to use for other valuable security and trade purposes.

SFI is part of the DHS response to fulfilling the Security and Accountability For Every (SAFE) Port Act of 2006, which requires non-intrusive scanning for nuclear material on 100% of all maritime containers headed for the U.S. Data from these inspection systems informs the National Targeting Center in its assessment of what seems threatening enough to warrant added scrutiny. SFI almost entirely focuses on the nuclear threat. Jay Ahern, CBP Deputy Commissioner, said “…preventing a nuclear weapon or dirty bomb attack has to be one of our highest priorities. This initiative (SFI) advances a comprehensive strategy to secure the global supply chain and substantially limits the potential for terrorist threats,” said CBP Deputy Commissioner Jayson Ahern.

The “comprehensive strategy to secure the global supply chain” suggests much more than just detecting smuggled nuclear material. Subsequent phases of SFI may reveal a more robust – and much needed – program to view the global supply chain more strategically. The tools being developed and put in place for the nuclear threat, including bilateral and multilateral agreements, can provide significant leverage for bringing more security to the global trade flows. Illicit trafficking – not only of nuclear material – is always a threat in some way to some legitimate party. And the transparency that a program like SFI could generate promises the potential to do much more that detect loose nucs.

The kind of vulnerability these global flows confront carry with them a global concern for their resilience and protection, as well as their economic viability. Imagine if the Secure Freight Initiative and the Advanced Trade Data System were combined with the Proliferation Security Initiative. That would align many of the efforts and interests of DHS, DOD, DOE, State, and the Department of Commerce. It would also reflect a more “comprehensive” approach to a shared concern between the U.S. and her overseas partners – many of whom are reluctant partners – in securing global trade against both terrorism and general threats to economic efficiencies that these global flows attempt to maximize.

NOTE: Thank you for accommodating my absence while I was away. HLSWatch is back up and running.

GAO released a statement this week on the SAFE Port Act. The Act covered a range of policies focused on maritime security, but may be best known for its mandate to scan 100% of all incoming maritime cargo. DHS is principally responsible for executing on the Act, but relevant component agencies include the U.S Coast Guard, Customs and Border Protection, Domestic Nuclear Detection Office, and the Transportation Security Agency.

GAO delved into this one. They “visited domestic and overseas ports; reviewed agency program documents, port security plans, and post-exercise reports; and interviewed officials from the federal, state, local, private, and international sectors.” GAO’s recommendations focus on the need to develop strategic plans, better plan the use of DHS human capital, and establish performance measures. The programs addressed in this document can be organized as follows:

CBP announced the dates of its 2007 trade symposium. To be held on November, 14th and 15th of November, topics include the following:
• Cargo Security
• Trade Issues
• ACE / ITDS
• Post-Incident Business Resumption
• Global Issues

The Trade Symposium will be held at the Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Avenue, N.W., Washington, DC. CBP set up a website dedicated to the event at which updates can be found.

I couldn’t find much more than this for the agenda:

Wednesday, November 14, 2007
• Registration/Exhibition – 10:30am
• Opening and Symposium Panels – 1:00pm – 5:30pm
• Review Exhibits 5:30pm – 6:00pm
• Open Forum with Senior Management – 6:00 pm – 8:00pm

Thursday, November 15, 2007
• Continental Breakfast – 7:30am
• Symposium Panels – 8:15am – 11:45am
• Luncheon – 11:45am – 1:15pm
• Symposium Panels – 1:30pm – 4:45pm
• Closing Remarks – 4:45pm – 5:00pm

This is a placeholder post for lack of time today. DNDO and the Coast Guard announced today the West Coast Maritime pilot.  This effort builds upon the Securing the Cities initiative and the recent feat by DHS to outfit and train all Coast Guard boarding teams with nuclear detection capabilities. 

Seattle and San Diego made the list for this pilot due to the massive flow of small boats making use of these domains, the significant military installations there, and the proximity to international borders.

The main purpose of this new pilot is to create more effective coordination among the defensive efforts at the international, national, and state/local levels by creating a framework for the deployment of detection capabilities, training, response protocols, and alarm resolution.  Following is an excerpt from today’s announcement:

The U.S. Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO) announced today the West Coast Maritime pilot program that will provide maritime radiation detection capabilities for State and local authorities in Washington’s Puget Sound and California’s San Diego areas. The three-year pilot program involves the development of a radiation detection architecture that reduces the risk of radiological and nuclear threats that could be illegally transported on recreational or small commercial vessels. The pilot will be conducted in close coordination with the U.S. Coast Guard and Customs and Border Protection.

This is just a placeholder to share the new DHS strategy document.  The International Supply Chain Security Strategy was recently shared with Congressional staff and is now available here.

 

I’ll come back to this soon for some comments.  In the meantime, enjoy the read.

DHS – through the Domestic Nuclear Detection Office – is starting to test and evaluate equipment focused on the blind spots around the shipment of containerized cargo.  While this effort satisfies Section 121(i) of the SAFE Port Act of 2006, it also reflects proposals made by the Homeland Security Advisory Council in 2005 when it’s Task Force on Preventing Weapons of Mass Effect explained the importance of adopting a layered prevention strategy.  Intermodal chokepoints served as key examples for the Task Force’s argument.  Specifically, the gaps in scanning and other preventive measures needed to be in place when a target item (i.e. cargo container) transferred one conveyance (boat) to another (rail).  The Task Force considered this next layer a “critical deficiency” that required the Department’s attention.The DNDO announced yesterday that: 

The U.S. Department of Homeland Security (DHS) will soon begin conducting multiple projects in the Port of Tacoma, Wash., to evaluate technology and concepts of operations for radiation detection that will scan cargo at various points in transfer from ship to rail.  By establishing a Rail Test Center (RTC) at the port, DHS will identify and evaluate radiological and nuclear detection solutions for intermodal rail port facilities that can be used across the country.

A major recommendation and recurring theme from the Nuclear Defense Working Group at the Center for the Study of the Presidency held that detection efforts were strongest when targets were in motion or under scrutiny already (i.e. cargo was only screened when checked, registered, or loaded, and usually at only one of those points).  Containers and other targets at rest were a glaring weakness, according to the NDWG, in need of innovative solutions that did not include scattering expensive scanners over every square inch of an airport or seaport.  The same DNDO announcement reminded me of that recommendation with this detail:

Projects being considered for further evaluation at the RTC include scanning cargo on the dock, during transport to the rail yard, entering the rail yard, in the container storage stack, during train assembly, and as the train leaves the port.

These are promising efforts, albeit nascent ones.  These are also only one part of the broader effort to reduce the threat of smuggled nucs.  Let’s hope the non-proliferation and Nunn-Lugar-type programs get the same attention.  More on that can be found at Jeffrey’s ArmsControlWonk.com.

Spencer Hsu and Renae Merle write in today’s Washington Post that the U.S. Coast Guard responded to Congressional frustration over the failure of a consortium of contractors to deliver on the $24 billion modernization program called Deepwater.  Among other disappointing developments under Deepwater, a clear necessity for providing the USCG part of what it needs to carry out a growing list of HLS missions, the new cutters built by consortium leads LockheedMartin and Northrop Grumman don’t float.  $100 million a piece, they’ll never be used. 

Failures prompted the House Transportation and Infrastructure Committee leadership yesterday to call for the Justice Department to open a civil and criminal investigation into Deepwater.  As a result of this restructuring of Deepwater, Coast Guard must reissue a 43-month extension of the contract. About $2.3 billion has been committed to the program so far, and the second phase is reported by Hsu and Merle to be worth $2.5-$3 billion.

Perhaps we should’ve seen it coming.  Last August, the DHS IG issued his warning about the program’s execution.  IG Skinner cited “limited oversight as well as unclear contract requirements,” which prevented DHS/USCG from “ensur[ing] that the contractor is making the best decisions toward accomplishing Deepwater IT goals.”  Hmm.  Do we blame the requirements, the agency, or the contractor?  The Washington Post’s Steve Kelman wrote an insightful analysis explaining diff’rent strokes for different IGs by suggesting an ideological posture that may decide how this question is ultimately answered.

And it looks like it may be answered soon enough: Tomorrow’s hearing (4/18) before the House Transportation and Infrastructure Committee at 2:00 p.m. in 2167 Rayburn is entitled “Compliance with Requirements of the Coast Guard’s Deepwater Contract.”  For a witness list, click here.

– Special Note –

Please keep the families and friends of the victims of yesterday’s shootings at Virginia Tech in your thoughts. VT student bloggers commenting on the shooting were highlighted here.  More on this issue is available.  -CZ

DHS released a document today that provides an overview of the FY 2007 infrastructure grant programs at DHS, covering five distinct programs for port security, transit security, truck security, bus security, and buffer zone protection. As was the case with last week’s urban area grants, the port and transit grants allocations are broken up into distinct risk tiers, within which “Tier 1″ high-risk areas will receive approx. 83% of the transit security funding and 60% of the port security funding. Looking at the document, it appears that nearly every Tier 1 transit system or port will receive a significant increase in funding, with the exception of the Louisiana ports. The San Francisco Bay Area ports are up for an especially large increase, from $1.2 million in FY06 to $11.2 million in FY07, a decision that reverses what was a drastic cut in 2006.

Within these programs, Tier 2, 3, or 4 transit systems and ports will have to compete for their allocations from smaller fixed pools of funds. This could lead to cities that were likely on the borderline between Tier 1 and Tier 2 having lower levels of grant funding in 2007, e.g. Seattle’s transit system and the Ports of Baltimore and Charleston.

DHS deserves strong kudos for releasing this document in January, relatively early in fiscal year 2007. By comparison, in FY 2006 this document was not released until the very last week of the fiscal year, a delay that was detrimental to the ability of these transportation systems to manage security activities. Hopefully this is a sign of an better-managed grants process at DHS.

I’ll add a link to the transcript of the press conference announcing these grants when it becomes available.

Update (1/10): The transcript of the press conference is available here. And detailed guidance documents on the port security and transit security grant programs are available here.

Yesterday TSA released the final regulations for the Transportation Worker Identification Credential (TWIC) program, following 7-8 months of consultation and negotiation with the impacted stakeholders. The complete final rule is available at this link. The New York Times summarizes the regs, and stories by the AP and Washington Technology notes the high fees associated with the mandatory program.

Now that the regs have been finalized, DHS is expected to begin enrolling people in TWIC in March of this year. And a great deal of work is still needed to develop and install TWIC card readers, an issue that was somewhat sidestepped during the rulemaking process.

The Congressional Research Service published a new report last week looking at the Coast Guard’s Deepwater acquisition program:

RL33753: Coast Guard Deepwater Program: Background, Oversight Issues, and Options for Congress, December 18, 2006

It’s a useful overview of the Deepwater program, which has been subject to a growing amount of media and watchdog scrutiny in recent weeks.

The full HLS Watch collection of CRS reports is available here.

The Port Authority of New York and New Jersey issued a press release today summarizing the recommendations of a port security taskforce that they’ve convened over the past year. The key recommendations:

• The adoption of federal legislation sanctioning minimum mandatory cargo security standards that use innovative technology and business practices to monitor every cargo shipment.
• The presidential appointment of a National Port and Cargo Security Director, reporting to the Director of Homeland Security, who has ultimate responsibility and accountability for coordinating port and cargo security activities throughout the various federal agencies as well as the international community.
• Establishment of a nationwide “Port Security User Fee,” not later than January 1, 2008, dedicated exclusively to U.S. ports based on size, cargo volume and risk. This fee would be used to offset capital and operating costs incurred by port facility owners/operators associated with security installations and operations.
• Establish response and recovery plans that are unique to the regional environment of each U.S. port, allowing individual ports to return to “normal business” as efficiently as possible after a disaster. Mandate and conduct annual exercises that test the quality of each port’s response and recovery plans.
• Adopt federal legislation that requires every regulated maritime facility and Coast Guard Captain of the Port to implement a comprehensive risk-management plan that will form the basis for resource allocation decision making, similar to the protocols for other state, urban area and mass transit funding.

It’s unclear whether these recommendations are part of a larger task force report; if so, I don’t see it yet on the PANYNJ website. But I’ll post an updated link if one appears.

Update (1/4/07): Here’s the full task force report.

The last chapter of the Dubai Ports World (DPW) brouhaha unfolded earlier today, with DPW announcing the sale of their American port assets to an investment arm of the insurance company AIG. While there were undoubtedly concerns with the initial deal that the federal government struck with DPW in the initial CFIUS review of their purchase of P&O Ports (see my initial concerns here), these issues were manageable, and the political melee in February and March following this announcement inappropriately vilified the company. And since that time, DPW has proven its mettle as a world leader in port and supply chain security, becoming the first company in the world certified to meet the ISO 28000 supply chain security standards and just this week earning praise from a Democratic Congressional delegation examining their operations in the Dominican Republic. While this story had a silver lining – a new political focus on port security that led to the passage of the SAFE Port Act – it was also ultimately unfair to DPW, a reality that can’t be reversed, but one that hopefully will lead to more sober responses the next time that a story like this appears on the political radar.