Homeland Security Watch

News and analysis of critical issues in homeland security

January 24, 2013

Supply chains: Density increases distance which favors specialization and concentration spawning vulnerabilities

Filed under: Infrastructure Protection,Private Sector,Risk Assessment,Strategy — by Philip J. Palin on January 24, 2013

Three recent reports offer related insights.

Building America’s Future: Transportation Infrastructure Report 2012 (4.8 mgb) tells us,

We have let more than a half-century go by without devising a strategic plan on  a national scale to update our freight and passenger transport systems. The size of our federal investment in transportation infrastructure as a share of GDP has been dwindling for decades, and most federal funds are dispersed to projects without imposing accountability and performance measures. This lack of vision, lack of funding, and lack of accountability has left every mode of transportation in the United States—highways and railroads, airports and sea ports—stuck in the last century and ill-equipped for the demands of a churning global economy.

Building Resilient Supply Chains (6.48 MB) tells us,

…concerns have remained about external threats to supply chains (such as natural disasters and demand shocks) and systemic vulnerabilities (such as oil dependence and information fragmentation). Additionally, growing concern around cyber risk, rising insurance and trade finance costs are leading supply chain experts to explore new mitigation options. Accenture research indicates that more than 80% of companies are now concerned about supply chain resilience.

Gallup Survey finds:

One in four Mississippi residents report there was at least one time in the past 12 months when they did not have enough money to buy the food they or their families needed — more than in any other state in the first half of 2012. Residents in Alabama and Delaware are also among the most likely to struggle to afford food… In 2012, the worst drought since the 1950s has affected nearly 80% of agricultural land in the United States, which may drive up the cost of food in the months ahead. While Americans are no more likely to struggle to afford food thus far in 2012 than in the past, more residents may face problems as the drought-related crop damage results in a shortage of inputs in the food supply and begins to affect retail prices.

So… sources of supply for basic commodities — including water and food — are under stress.  The infrastructure by which supplies are transported is aging and ill-maintained.  The system through which needs/demands are expressed and fulfilled is increasingly vulnerable to disruption.

For at least 10,000 years humans have developed infrastructures to facilitate the meeting of supply with demand, source with need.

Especially in the last 200 years our infrastructures have allowed us to depend on supplies from greater and greater distances.  Our supply lines – our lifelines – have gotten longer and longer.  This has been crucial to our ability to supply increasingly dense population centers.  Increasing population density is supported by our ability to facilitate supply over great distances.

This distancing of lifelines has also encouraged an increasing specialization and concentration of supply – mostly in search of comparative price advantage.  So we see the concentration of pork production in Iowa and North Carolina, fruits and vegetables in California, dairy is increasingly concentrated in a few regions,  mushrooms in Southeast Pennsylvania.

While this is at least a 150 year trend, it is important to recognize how the trend has accelerated and changed over the last half-century. As recently as the 1950s New Jersey truck farms were still the principal source of fresh fruits and vegetables for the New York metro market.

As demand density accelerated in the last half of the 20th Century, we experienced an increased distancing of lifelines.  This distancing also encourages a tendency toward specialization, concentration, and reduced diversity of sources.  Specialization, concentration, and reduced diversity are common characteristics of fragile systems.

In the last thirty years, the distancing of many supply chains has become so extreme that the ability to reasonably balance supply and demand is only possible as a result of sophisticated methods of tracking and anticipating demand well-in-advance.

For most of human history supply has been pushed by suppliers toward where they hoped there was demand.  Today, especially for food, pharma, and most consumables supply is pulled by digital demand signals. If the demand signals stop , so does supply.  This has crucial implications for disaster preparedness, response, and recovery.

It is worth recognizing that what seems “normal” today would have seemed magical as recently as thirty years ago.  We are enjoying supply chain benefits unprecedented in human history.  Are there also unprecedented risks?

January 10, 2013

What was, what is, and what will be

Filed under: Catastrophes,Preparedness and Response,Private Sector,Risk Assessment,Strategy,WMD — by Philip J. Palin on January 10, 2013

Earlier this week the World Economic Forum released its annual report: Global Risks 2013.

According to the WEF survey of 1000-plus “global experts”, over the next ten years the most serious risks by potential impact are:

  • Major systemic financial failure
  • Water supply crises
  • Chronic fiscal imbalances
  • Food shortage crises
  • Diffusion of weapons of mass destruction

Of these most consequential risks the expert survey — complemented by a series of workshops — found that water supplies and fiscal balance are already widely in crisis (What a surprise!). The risk of food shortages and systemic financial failure will increase as water and fiscal problems worsen. Increased diffusion of WMD almost seems simple in comparison.

Combined with the November release of Global Trends 2030 by our friends at the National Intelligence Council, we now have even more excuses for bad dreams.

In his preface to the report, Klaus Schwab, the founder and Executive Chairman of the WEF comments,

I think you will agree [the report] makes a compelling case for stronger cross-border collaboration among stakeholders from governments, business and civil society – a partnership with the purpose of building resilience to global risks. They also highlight the need for strengthening existing mechanisms to mitigate and manage risks, which today primarily exist at the national level. This means that while we can map and describe global risks, we cannot predict when and how they will manifest; therefore, building national resilience to global risks is of paramount importance.

The report offers suggestions related to definitions of resilience and good practice in resilience.

I was one of those contributing to the WEF survey and workshops. WEF does a great job of bringing together a broad mix of public and private policy makers, academics, and fellow-travelers. The report is helpful and I look forward to the follow-on work. The Davos Summit, January 23-27, focuses on “resilient dynamism” and will kick-off several important initiatives.

–+–

I paused while reading of the WEF report to take a call from the operations manager for a grocery chain in the New York metro area. I will do a case study on their Hurricane Sandy preparedness and response. One store on Staten Island was flooded under three feet of water. It reopened within a week. Another store within three blocks of the New Dorp Beach inundation zone — the deadly ground zero for Sandy — stayed open without interruption. There are a range of smart, heroic and almost miraculous tales.

There is also a very open, practical self-criticism in how the grocers are working to prepare for and adapt to the likelihood of something-worse-than-Sandy.

I perceive a yawning gap between the analysis and attitude encountered at the grocery chain and that revealed in the WEF report. It is a contrast often found between the theoretical and the operational.

The point is not that the operators are hubris-free and the theoreticians — including me — abide with such overabundant pride (though the thought does occur and recur). Rather, it seems to me, that this gap is where many of our vulnerabilities originate.

The WEF report (and many more) is in the future tense. These are issues we can reasonably anticipate will influence the operational environment for the next ten years or more.

Operational thinking and even planning is considerably more present tense. The possibilities of now — both opportunity and threat, strength and weakness — are at the heart of the operational worldview.

Past, present, and future are characteristics of English. Other linguistic systems focus much more on action being finished or unfinished. Any meaningful notion of homeland security will remain unfinished (and perhaps worse) until we can more effectively communicate across the operational-theoretical continuum.

–+–

Through me what was, what is, and what will be, are revealed. Through me strings sound in harmony, to song. My aim is certain, but an arrow truer than mine, has wounded my free heart! The whole world calls me the bringer of aid; medicine is my invention; my power is in healing.

Metamorphoses, Ovid: Book I:521-523, Apollo begging Daphne to yield to him. I realize that quoting a Latin poet, even in translation, will not help bridge the gap. But it is beautiful, is it not? The Latin is luscious. And doesn’t it evoke an image of homeland security begging for affection? A big part of the challenge is to respect the insight that exists across the continuum, learning how to fully engage different dialects.

December 20, 2012

Proximate solutions to insoluble problems

Filed under: Catastrophes,General Homeland Security,Private Sector,Risk Assessment,Strategy — by Philip J. Palin on December 20, 2012

I am in the bad day business.  Whether the cause is natural, accidental or intentional my role is preparing for bad days.  My specific role has become helping others prepare for very, very bad days.

It is my impression most readers of HLSWatch are in a similar business.

While personally most of my days are fine — even very fine — I know bad days will come.   I have experienced them.  I have been with others shortly after their experience of such days.

One of my favorite memories from when I was 8 or 9  is of laying upside down on the backyard slide on a bright summer day reading about Vesuvius burying Pompeii and the tsunami swamping Lisbon.  History books are mostly about somebody’s bad day.

A few years ago I was in the prevent-bad-days business.   In some ways that was a better job.  But no matter how good you are: prevention will fail.  The bad day will come. Very bad days seem to be coming more often.

Last Thursday I reported on an “emerging threats forum” that had decided the best strategy for the most serious threats is to:

  • Inform the public of the threats,
  • Explain that government is not capable of prevention or timely response regarding many threats,
  • Encourage and facilitate enhanced individual, neighborhood, school, and workplace (other) preparedness to be self-sustaining.

Arnold Bogis asked that I give more details.  I promised I would.  In the seven days since there have been several very bad days in Newtown, Aleppo, Karachi, Davao, Goma, Suva, and elsewhere.

I was surprised the emerging threats forum chose a “public engagement” strategy.  In my experience, these sort of sessions are usually dominated by men (mostly) who want to exercise control and prefer developing systems and methods subject to their control.  At a similar session the week before there had been an extended discussion regarding how to ensure the persistent appearance of control (even though being out-of-control was the implicit reality).

Maybe it was the list of emerging threats that discouraged the usual symptoms of homeland security’s own version of Obsessive Compulsive Disorder.  The facilitators chose largely novel or large-scale threats that dwarfed even the biggest ego.

Maybe it was the age of the participants.  It was a bifurcated group.   There were several “older” (apologies) folks like me and a roughly equal number of young.   The young are accustomed to not being allowed to exercise control.  The old have often discovered control can be an illusion.  Those in-between — perhaps still fighting for control — were a distinct minority (probably because that age group mostly remained in the cockpit while we were in the seminar room).

Maybe it was an increasing recognition of and respect for complexity.   The discussion gave considerable attention to linkages, signals, and unpredictability.

In any case, one of the younger people was the first to suggest there is a problem with unrealistic expectations related to government capabilities in major disasters.   Sandy was still on the mind of many and mostly there was the sense of a bullet dodged.  ”It could easily have been much, much worse,” seemed the consensus.   “This was not even a hurricane when it came ashore and look at the consequences.”  And still it was and is plenty bad.

Unrealistic expectations enable individual, family, and private sector choices that increase vulnerability.   Government responsiveness on a typical bad day sets up unrealistic expectations for response on a very, very bad day.

While there seemed to be considerable consensus that  ”unrealistic expectations” is a key strategic insight and “public engagement” could be an effective solution, the group perceived public engagement would be very difficult to achieve.  Among the problems discussed:

  • Many in government perceive public engagement as a political, not an administrative task.  Many government officials are reluctant  and uncomfortable engaging the public and nearly as uncomfortable with politicians.
  • When government does engage the public there is a tendency to over-organize the process.  It is difficult for  many officials to admit weakness to the public (One participant said, government officials tend to “talk at rather than with the public.”
  • The public is not listening and tends to deny or discount risk until it is too late.

There was not time at last week’s meeting to seriously engage these challenges.  But for what it’s worth, I will list some personal suggestions.

Government — and especially the homeland security professions — need to give more attention to hiring and using brokers, facilitators, relationship-builders and others skilled at bridging the private-public divide.   Politicians are, by the way, often very skilled in these methods.

Government needs to find existing networks of private-public and private-private connections.  These preexisting connections are much more likely to persist than anything created and managed by government.  Politicians are often expert navigators of these networks.

Within these existing networks there is a need to identify or recruit independent champions of prevention, preparedness, mitigation, response, recovery, or whatever other purpose.   Once again, politicians can be very effective champions within their preexisting networks.

Government should ask and listen about twice as much as it tells.   Politicians are usually not good at this skill.

In my experience when the foregoing preconditions are in place up to 80 percent (occasionally more) of individuals, families, and private organizations are very willing and interested to be in meaningful dialogue with the government.   The public is more likely to listen when they perceive the public sector is listening to them.  The public sector is more likely to listen to and engage with a neighborhood or business group or similar organization.

In my experience the public is surprised when told what the government cannot do in a disaster and about 10 to 20 percent will initially strongly resist what they are hearing.  But most are able to quickly recognize their own unrealistic expectations and begin to shift, especially if they get some informed help making the shift.

This is, I suggest, a model that extends beyond homeland security to a wide range of social, economic and political concerns.   Fantastic success in implementing all of my suggestions will not reduce the number of bad days, though I think consequences can often — if not always — be mitigated.

–+–

Maybe this is already clear enough, but to be sure I will add: What all these tactics and techniques are really about is making and maintaining meaningful human relationships that happen to engage disaster risk among other matters.  Other matters will usually be more important. But disaster risk is worth including among the concerns around which the relationships emerge and move.  It is kinship with each other and our shared prospects.  Get the relationships right and the rest will be much easier to engage.

December 7, 2012

New York City is where the future comes to audition

Filed under: Catastrophes,Preparedness and Response,Private Sector,State and Local HLS,Strategy — by Philip J. Palin on December 7, 2012

Thursday morning Mayor Bloomberg gave a speech on post-Sandy recovery.  It is important to New York.  Some of the principles articulated are, I suggest, important for the nation.  You can read the entire speech here. Below I have excerpted several paragraphs worth your particular consideration

–+–

We may or may not see another storm like Sandy in our lifetimes,but I don’t think it’s fair to say that we should leave it to our children to prepare for the possibility. We are a coastal city, a harbor city, surprise, surprise. And sea levels are expected to rise by another two and a half feet by the time a child born today reaches 40 years old, and that’s going to make surges even more powerful and dangerous. And intense storms are likely to increase as the ocean’s temperatures continue to rise…

You can argue about what caused the weather to change, but there is no question – you can measure the temperatures of the ocean, you can measure the amount of moisture in the air, and that just leads to the kind of aberrations that we’re seeing: snowstorms where we didn’t have them before, droughts where we didn’t have them before, hurricanes that take different paths, go in different directions and have different strengths.

We cannot solve the problems associated with climate change on our own here in New York City, but I think it’s fair to say we can lead the way. We have been, both locally and globally. New York City has always been a leader. As Ed Koch once said: ‘New York City is where the future comes to audition,’ and we have a responsibility I’ve always thought to help the rest of the world…

We don’t know whether the next emergency will be a storm, a drought, a tornado or a blizzard, but we do know that we have to be better prepared for all of them.

And we also know that every one of those events is not going to come exactly the way that we had prepared for. We need to make sure that we have people who are well-trained, well-equipped, and able to react in an emergency and to deal with whatever nature throws at us, even if we hadn’t predicted it…

We have to reexamine all of our major infrastructure in light of Sandy – and how we can adapt and modernize it in order to protect it.

So today, I have directed someone with extensive experience in both infrastructure development and community revitalization, Seth Pinsky, the President of the Economic Development Corporation, to develop concrete recovery plans for the communities Sandy hit hardest as well as a specific and comprehensive action plan to prepare our city for the climate risks we face. Deputy Mayors Cas Holloway and Bob Steel will directly oversee this work – and our entire City Hall team, especially our Office of Long Term Planning and Sustainability – will be deeply involved…

This is not work that can be done overnight, but it is work that must begin immediately where the need is greatest. So in each of the hardest-hit areas, Seth and our team will work with local leaders to develop and implement comprehensive Community Recovery and Rebuilding plans.

The plans will cover everything from public and private housing, to hospitals and schools, to transportation and parks, to businesses and nonprofits, including cultural institutions like the New York Aquarium. To succeed, the plans must include the input of the people who live and work in these communities – and they will. Members of the community will assist in shaping and implementing each community plan – and that will be just the beginning of our work.

The biggest challenge that we face is adapting our city to risks associated with climate change. And meeting that challenge will require us to take a leap into the future. But I think, as Al pointed out, the good news is, compared to any other American city, we’ve got a running head start…

For major developments in vulnerable areas, we now require a climate risk assessment. That’s why the developers of Willets Point – and those building the new recycling facility in Red Hook – are required to elevate development out of the flood plain. It’s why the park being built on Governors Island is being elevated by four feet, and I’m happy to say it sustained no major structural damage in the storm, nor did Brooklyn Bridge Park, which we designed specifically to withstand major storms – and I’m happy to say that it did…

New York City has 520 miles of shoreline – and it is some of the most beautiful, dynamic shoreline in the world, with the most beautiful views. Robert Moses built the roads along our coastline, separating us from this natural resource and we have worked very hard to try reconnect back to the most wonderful asset that we have. It’s why people have chosen to live at the coastline for centuries. And it’s why the question I have gotten most often since the storm is not about the damage Sandy caused, but about whether people can rebuild their homes in places like Breezy Point and Midland Beach.

Let me be clear: We are not going to abandon the waterfront.

We are not going to leave the Rockaways or Coney Island or Staten Island’s South Shore. But we can’t just rebuild what was there and hope for the best. We have to build smarter and stronger and more sustainably. And Seth and his team will be working with all of our City agencies, and lots of outside experts, to determine exactly what that means.

For instance: even though the City has already revised the building code to strengthen standards for flood protection, we will now do it again. The fact is: two-thirds of all the homes damaged by Sandy are outside of FEMA’s existing 100-year flood maps…

No matter how much we do to make homes and businesses more resilient, the fact of the matter is we live next to the ocean, and the ocean comes with risks that we just cannot eliminate. Over the past month, there has been a lot of discussion about sea walls. It would be nice if we could stop the tides from coming in, but King Canute couldn’t do it – and neither can we, especially if, as many scientists project, sea levels continue rising. However, there may be some coastline protections that we can build that will mitigate the impact of a storm surge – from berms and dunes, to jetties and levees.

On October 23rd, one week before Sandy hit, you should know that our Office of Long Term Planning and Sustainability initiated a formal request to the Army Corps of Engineers to evaluate additional ways that we could reduce the impact of coastal storms. A full Army Corps study will take three to five years to complete – and that does not include the required engineering analysis, which also can take years. And I’ve said we just cannot wait that long. So we will launch an expedited engineering analysis of coastal protection strategies to ensure we pursue the ones that are right for our city.

But remember: there are no panaceas or magic bullets. No matter what we do: the tides will continue to come in – and so we have to make our city more resilient in other ways, especially when it comes to our critical infrastructure.

During Hurricane Sandy, all of our major infrastructure networks failed and they have all taken just too long to come back on line. Our Long Term Planning and Sustainability Team have been working with many of these network operators to assess their vulnerabilities.

We know, for example, that a substantial proportion of the City’s critical electrical infrastructure is in the 100 year flood plain, so I have directed Seth to work with Sergej Mahnovski and our sustainability team to assess what it takes to make every essential network that supports our city capable of withstanding a Category 2 hurricane, or a record-breaking heat wave, or other natural disaster. That includes our transportation network, our power network, our gas network, our telecommunications network and our hospital network.

What will it take to ensure that even in a Category 2 hurricane, orif a record heat wave comes, what will each of these networks be required to remain operational? How much will it cost? And what standards should be set for bringing networks back quickly so that residents and businesses can have reasonable expectations about how long they may be out of service? In addition, how can we ensure continuity of operations, not just of our critical infrastructure, but of critical industries?

Many businesses – including the New York Stock Exchange – remained closed for days because not enough people could get to work. In all fairness, the New York Stock Exchange did have generators, they were perfectly capable of opening, but they can’t open without their employees. In a wireless world, we have to do a better job, not only keeping our networks up, but keeping our markets and businesses open, come hell or high water.

Many of our key infrastructure networks are run by private companies as you know, but they have contracts, franchises, and licenses to provide public services – and the public does has a right to establish clear benchmarks for their performance in a disaster. That’s why we’ve reached out to the CEOs of Con Ed, National Grid, Verizon, AT&T, Time Warner, Hess and others and asked them to work with us on this effort. All have pledged their unqualified support…

I had a long conversation last night with Lowell McAdam, who is the CEO of Verizon. Their schedule right now says that Lower Manhattan’s night going to be back up until May, and I pointed out that is just not acceptable. And together we’ve worked out a plan where the City can help them get access into buildings and other things that you wouldn’t think about so that Verizon can accelerate that. Those buildings in downtown that lost electricity and heat should be back up by the end of this month, but they can’t be occupied unless we have telephone service, and that’s going to be our number one priority for downtown.

Even today, five weeks after the storm, there are just too many people who cannot come back to work here. We don’t want them moving any place else, and they need to earn a living and we need their service. And a growing number of New Yorkers, as we all know, today are relying on wireless networks and abandoning land-line telephones. We cannot, in the future, have cell towers that have only eight hours of back-up battery power. That is just not acceptable in the world that we live today. The telephone is our lifeline, the telephone is a lifeline not just to business, but to our own physical security. It has to keep working.

We’ll take on all of these efforts, but we also have to be mindful not to fight the last war and miss the new one ahead.

–+–

The actual speech is about twice as long and worth the read.    Reading Mayor Bloomberg is much better than listening to him.

December 6, 2012

Deep into that darkness peering, long I stood there, wondering, fearing, doubting, dreaming dreams no mortal ever dared to dream before.

October 29, Lower Manhattan looking north (Getty Images)

This season’s final episode of Revolution, a new NBC dramatic series, was broadcast last week.   With 7 to 10 million viewers, the network has ordered a second season.  Here’s the premise:

We lived in an electric world. We relied on it for everything. And then the power went out. Everything stopped working. We weren’t prepared. Fear and confusion led to panic. The lucky ones made it out of the cities. The government collapsed. Militias took over, controlling the food supply and stockpiling weapons. We still don’t know why the power went out. But we’re hopeful someone will come and light the way.

Last Thursday’s post included what then seemed a rather modest notion: “I perceive we need to assume power outages and discover how we can still water, feed, and otherwise serve those in need.”  The onslaught of email I received seems to indicate the TV show’s premise may not be as implausible as I thought.  For many the possibility of  doing much of anything without electricity is nearly unimaginable.

Another set of emailers can imagine life without electricity, but found my effort misguided (even in the words of one, “enabling bad practice by the utilities.” ) These correspondents insisted that instead we must see to it that the electric utilities “just do their job.” This job evidently involves effectively, efficiently, and at no additional cost adapting to increasing demand, legacy infrastructure, more regulation, hurricanes, ice storms, earthquakes, cyber-threats, and perhaps the greatest threat of all: property owners who love big trees. Not a job I want.

October 29, Lower Manhattan to Midtown seen from Brooklyn (AP Photo)

I know a resilient electrical grid is possible.  It’s just that given choices we made more than a century ago, it seems unlikely anytime soon.  Re-engineering for resilience will take time and lots of money.   But I want to believe in the possibility of redemption.  And fortunately, there are prophets to show us the way.

The prolifically prophetic J. Michael Barrett — usually  more Isaiah than Jeremiah — has just completed an augury that might well have included, “Come now, let us reason together…”    It is a scripture in four chapters, which began appearing on October 19 (see, I told you, prophetic) entitled: Ensuring the Resilience of the US Electrical Grid.

Chapter 1: Fixing it before it breaks

Chapter 2: Managing the chaos — and costs — of shared risk

Chapter 3: Requirements for a more resilient system

Chapter 4: Key investments and next steps

In Barrett 4: 12 (or so) we read, “Embedding resilience within the electrical grid is about three main categories of investment: 1) managing and meeting overall demand to help avoid an adverse event; 2) expanding alternatives or substitute systems before and after an event; and 3) enabling rapid reconstitution if and when a disruption does occur. Fortunately, the implementation of each type of solution often carries over benefits across to one or both of the other categories, for the tools and the knowledge that can help avoid an event can also be useful in response and recovery efforts.”

For a prophet Mike Barrett’s language is remarkably calm and balanced (unlike this post).  But between the lines a reader might discern the lemony shadow of “Rise up you who are at ease, hear my voice; you complacent ones… for the palace will be forsaken, the populous city deserted…

On what do you depend?  If you persist in this dependence do not despise its nature, but honor it with study and work. Beware distraction.  Do not be absent minded.  That on which you depend requires mindful engagement.   Absence — ab esse — is to step away from being, even outside being.  Never a good choice.

Please visit an extraordinary collection of Sandy-related photographs by Christophe Jacrot: New York in Black.  The example immediately above is too small.  In full form the spirit of Edward Hopper is re-claimed.  This is not just a city darkened, but a city more sharply seen.

November 29, 2012

Learning from Sandy

Filed under: Catastrophes,Preparedness and Response,Private Sector — by Philip J. Palin on November 29, 2012

It’s too late for a hot wash and there’s not been sufficient time for a serious after-action, but a few impressions — hypotheses, perhaps — that might productively frame follow-on information gathering and analysis.

(Below I focus mostly on a forty-mile radius from the Empire State Building.  I have not addressed electricity because I perceive we need to assume power outages and discover how we can still water, feed, and otherwise serve those in need.  I have not addressed telecommunications because, so far, this is for me mostly a dark hole. A reminder:  Sandy began seriously impacting the mid-Atlantic during the afternoon and evening of Monday, October 29.)

Water and Wastewater Systems: Most did better than I had expected, given the extended period without electric power.  In the handful of cases (well, two handfuls and a few toes) where there were  problems it mostly resulted from the loss of pumping capability. For example the Middlesex Water Company serving 450,000 in Central New Jersey lost primary power to its New Brunswick intake facility and this was not restored until late on Tuesday, November 6.  As water pressure fell contaminants entered the system requiring boiling or bleaching.   The non-operation of water treatment facilities, caused by both power outages and physical damage, and the resulting release of untreated sewage into the region’s rivers could still threaten the safety of water drawn from these sources.  The current status of waste water treatment facilities is tough to assess. (Thursday afternoon update: Today’s NYT has an extended report) Private sector sources of water were a helpful input in the immediate response period.  For example, Anheuser-Busch donated 1 million cans of water.

Food Supply: A few grocery stores — notably in Hoboken, Red Hook, the Rockaways and other barrier islands —  were totally washed out.  Of about fifty ShopRite stores in the New York metro region  27 were still closed on Thursday morning November 1, mostly due to power outages. Out of 30 Stop & Shop stores, ten were closed because of no electricity.  All have since reopened and most grocery and convenience food stores were back in business within 72 hours. Sources of food supply were mostly not impacted.  The fuel problems (see below) did not seem to have a serious impact on making grocery deliveries after the event.  Food shortages were evidently less the result of disruption in the food supply chain and much more the result of  impediments to consumer mobility. (Special Note: In Connecticut on October 29 the Governor ordered all large trucks off state highways as of 1PM.  It is not clear to me — yet — what impact that might have had on food, pharma, or other supplies.)

Pharmaceutical and Medical Goods: There have been several media reports of individual survivors of Sandy running low on prescriptions.  I have not seen or heard suggestions of systemic problems.   There was, apparently, some challenge in distributing pharmaceuticals as a result of fuel distribution problems.  On November 5 Drug Store News reported:

A key focal point in the discussions between Rx Response and government agencies has been addressing challenges in getting fuel to delivery trucks re-supplying hospitals and pharmacies, and helping to secure fuel for pharmacies and other healthcare facilities operating on generator power. Efforts are currently underway to help ensure access to fuel for both delivery fleets and healthcare facilities powered by generators.  Rx Response is also working with local law enforcement to help delivery vehicles gain access to areas impacted by Hurricane Sandy.

I have no idea why pharma distribution would have more problems with fuel than food distribution.  In any case, it is a distinction worth resolving.

Since Katrina the pharma industry has developed a proactive approach to disaster preparedness and response.   This process is coordinated through an industry-wide collaborative called RxResponse.   The entire effort is designed to help the full pharma supply chain flex when under stress from an event like Sandy.  For consumers and emergency managers an online pharmacy status update may be especially helpful.

Transportation Fuel: As was the case in the aftermath of the March 11, 2011 tsunami-and-earthquake in Japan (and elsewhere), the disruption of the fuel distribution system seriously complicated the immediate response to Sandy.  HLSWatch has already given considerable attention to this issue here, here and here.  Yesterday Joshua Schneyer and Selam Gebrekidan with Reuters filed an excellent overview that I strongly recommend reading.

Housing Repairs and Replacements:  On Monday New York Governor Cuomo reported that 305,000 housing units had been damaged or destroyed by Sandy in New York alone and this number is expected to increase.  FEMA has reported 71,770 homes damaged or destroyed in New Jersey.  This total is much larger than I anticipated.  According to FEMA, more than 450,000 New York metro-area residents have registered for assistance.  Over $888 million in emergency housing assistance has already been approved.  During the Monday event — clearly designed to set the stage for a special Congressional appropriation — Governor Cuomo estimated needing $9.67 billion just focused on housing.  Wednesday afternoon the New York Federal Reserve “Beige Book” summary included the following overview:

Residential real estate markets in the (NY Federal Reserve) District were mixed but generally firm prior to the storm, and its effects on the market remain unclear at this point. Manhattan’s rental market remained on a positive trajectory in October, with rents up roughly 5 percent from a year earlier and vacancy rates continuing to decrease. Sales markets in both Manhattan and the outer boroughs were fairly active in October, with prices steady and the inventory of available homes characterized as low… An expert on New Jersey’s housing sector notes that conditions were improving gradually prior to Sandy and expects that post-storm rebuilding will boost multi-family construction. The storm caused a noticeable slowdown in sales activity throughout the New York City metropolitan region, but this is expected to be temporary. With many homes along the New York City, Long Island and New Jersey shorelines severely damaged or destroyed, the lean housing inventory is a concern, as displaced residents seek short-term rentals. There is some concern as to how much of the shore communities will be rebuilt and how quickly, but one industry expert anticipates that residents in the severely-damaged areas will be strongly motivated to return and rebuild. Some of the biggest potential challenges are likely to be shortages of construction equipment and materials, and steeper prices for insurance.

(Might be worth reviewing the National Disaster Housing Strategy. Especially in the immediate context of Post-Sandy, it sets out a a very restrained strategic concept.  This is not necessarily a criticism.)

Some emerging impressions:

  • Supply of consumables (water, food, pharma)  was not seriously impacted.  There were problems with distribution, most dramatically with fuel.  There was widespread lack of understanding about how distribution systems work and as a result early efforts to address problems were misdirected.  Lots of mitigation opportunities were exposed.
  • The most serious human consequences seem to have emerged from an inability to express or actuate demand.  People who could not easily communicate with or travel to nearby sources of supply were those most affected by the event.  Physical separation and social isolation are amplified by disaster (hardly a new finding).
  • I’m surprised we’re not hearing more horror stories about housing.  Maybe I spent too much time in Japan, but sometimes silence is the most important part of the message.
  • Sandy was a serious event, but considerably less than a “worst case”.  She was subtropical by landfall.  She was certainly big but might have been badder.  A repeat of the Great White Hurricane of 1888 would have much more serious and sustained impacts on electricity and distribution networks with considerably greater consequences for supply chains, critical infrastructure, and the population.

Given what we experienced with Sandy what can we do now to deal more effectively with the next really bad day?

November 4, 2012

Supply and Demand in Disasters

Above: Truck rack for loading product to tanker truck

The fuel crisis in New York City, Westchester County, Long Island, northern New Jersey, and nearby is important.  Obviously it is important to the residents of these areas.  Less obviously, it is important to those of us who are involved in homeland security policy and strategy.

I have continued to aggregate fuel-related stories to the Friday post below.

In Sandy’s wake supply has not met demand.  Not unreasonably, policy makers and strategists have viewed this as a lack of supply.  Significant steps have been taken to increase supply.   Senator Schumer pushed the US Coast Guard to reopen the ports of New York and New Jersey to fuel deliveries.  Secretary Napolitano waived the Jones Act which allows foreign shipping to deliver fuel into the ports.  President Obama ordered the military to deliver fuel into the hardest hit areas.

All of these steps have increased supply to the mid-Atlantic and served to suppress price increases.   Many far removed from the New York metro area are benefiting from gasoline price reductions related to these steps to increase supply.  It has been a vigorous response.

It is not, however, targeted at the present problem.  Supply itself was never the problem. There are two fundamental problems:

The fuel distribution terminals have been damaged and have not had electricity. South and east of Newark Airport and just west and north of Staten Island is a handful of places where pipelines and tankers deliver gasoline (Google Map).  All of these venues lost power.  None of these venues were on the utility’s priority restoration lists.  The utility — and most policy-makers and strategists — did not know the role nor even the existence of these places.   This is where tanker trucks pull into truck racks and gasoline is pumped from storage tanks and blended into tanker trucks which then proceed to various gas stations.   There has been no electricity to operate the truck racks and that’s a fundamental problem.  There are other problems with debris removal, personnel,  damage to the storage tanks, and communications as to which gas stations have power, but these problems have not been the most serious impediments.

Two-thirds (or more) of gas stations have not had electricity to run their pumps and otherwise transact business. Many gas stations  have plenty of gasoline, but do not have electricity to pump that gas.   Why, you might ask, do gas stations not have back-up generators to pump their gas?  This is required in Florida and, maybe (?), Louisiana.  It has been successfully resisted in most other jurisdictions partly because  it would further diminish the number of independent operators and enhance the market dominance of chains.   Most gas stations would lose money on gasoline sales alone and make their (very small) profits on selling salty and sugary snacks, soda pop, beer, and cigarettes.  The capital and personnel requirements for purchasing and safely maintaining a generator for conducting sustainable commerce — not just pumping gas — are significant especially for the smaller independent operator.

There are a range of policy and strategy options to address these fundamental problems.  In the next two weeks is the right time for New Jersey, New York, Connecticut, and others to actively and inclusively consider these options.

It is also my impression — but I don’t have sufficient evidence to prove — that from Tuesday morning to Thursday afternoon/evening, these fundamentals were not being communicated to Governors Christie and Cuomo, Mayor Bloomberg, and other senior policy makers and strategists.  As a result, considerable energy, time, and effort were being expended on measures that were peripheral to the current problem and may have distracted from resolving the truck rack problem identified above.  This, too, is an issue worth considering while memories are fresh and more accurate after-action outcomes can be specified.

To be explicit:  There is absolutely no evidence of anyone being negligent or passive (quite the contrary).  There is evidence that a crisis, as usual, has exposed aspects of reality that now deserve sustained and thoughtful attention.

November 3, 2012

The Holy Trinity: Water, food, and pharma

Filed under: Catastrophes,Preparedness and Response,Private Sector — by Philip J. Palin on November 3, 2012

WATER: Twelve Jersey shore communities have boil/bleach orders.  New York public health officials have released Do-Not-Drink orders for three water systems (including Breezy Point) and boil/bleach instructions for another 23 systems.  Despite the wide-spread and persistent power failures, most municipal water systems have been able to maintain their operational integrity.  There have been water problems in lower Manhattan because it has often not been possible to pump water into high-rise residential buildings.  But… water systems survived Sandy in pretty good shape.

FOOD: The Staten Island Borough President criticized the Red Cross for a slow response when emergency food distribution did not begin until late in the 72 hours immediate response window.  Meanwhile the Newark Star-Ledger reports that “FEMA agents blanket NJ” and added “Working with the American Red Cross, the agency has distributed millions of gallons of water and millions of meals. It has also provided generators and water pumps.” There have also been several reports of neighborhoods responding spontaneously and generously to food shortages.   Pick-up sites for emergency food and water have been established.

Despite wide-spread power outages, communications failures, and transportation hurdles the grocery supply chain is recovering quickly.  Following is a detailed report by Alaric DeArment with Drug Store News:

  • Ahold USA, which operates 772 supermarkets under the Giant Food Stores, Martin’s Food Markets, Giant Food and Stop & Shop banners throughout the Northeast and Virginia, closed four stores, all in Stop & Shop’s New York-metro division, division spokeswoman Arlene Putterman told Drug Store News. One of the stores was in Long Island, N.Y., another was in Brooklyn and two were in New Jersey; the division has 184 stores total. Putterman said the stores would open periodically, starting the week of Nov. 5. Suzi Robinson, spokeswoman for Stop & Shop’s New England division, said the company had “deep experience” handing natural disasters and that all of the division’s 219 stores stayed open.
  • Supervalu closed all of the 117 Acme stores in the path of the storm on Monday, the day the storm made landfall, but had reopened all but four of them. “We want to make sure that anything we do really helps the communities that we serve,” Supervalu spokesman Mike Siemienas told DSN. “Our top priority right now is making sure that all of our stores that we can get up and running for the community are. And then we’ll work to see what community needs we may be able to assist with.”
  • Sears Holdings, which operates the Sears and Kmart chains, had 187 stores closed at the height of the storm, but as of Nov. 1, that number was down to 40, while 20 were operating on generators or had generators en route, a representative of the company told DSN. The company announced that it would give out $350 million in rewards to Shop Your Way cardholders living in affected areas, amounting to $20 per cardholder. The company was also shipping extra supplies like flashlights, batteries, generators and sump pumps to stores.
  • ShopRite had 27 stores that remained closed at press time, but all its warehouses and distribution centers were fully operational and delivering products to stores “as quickly as possible to ensure our customers’ needs are met during this difficult time,” according to the company.
  • Target had reopened all of the stores affected by press time and also announced a donation of $500,000 in money and goods for storm-relief efforts, including $425,000 to the American Red Cross, $50,000 to the Salvation Army and $25,000 in gift cards.
  • Walmart had four stores that remained closed as of Nov. 2, but had pledged $1.5 million in relief efforts. The company said it was “working closely” with the American Red Cross, Salvation Army and Feeding America and also donating truckloads of water, food and other basic items and providing charging stations at Sam’s Club stores for members of the public without electricity to charge cell phones and other devices.

PHARMACEUTICALS: Grocery stores have become major distribution points for pharma and in many markets drug stores are among the top five sources for groceries, so the reports above and below involve both pharma and food.

  • CVS/pharmacy closed “up to 800” stores ahead of the storm due to mandatory evacuation orders, and 60 remained closed at press time due to evacuations or power outages, spokesman Mike DeAngelis told DSN, and 90 were operating on generators. At the same time, 100 were operating without power, meaning they were operating in an “off-line mode” without generators. About 15 stores in New York and New Jersey experienced either a total inventory loss due to water damage or couldn’t be reached for a damage assessment, but the company has donated more than $100,000 to the American Red Cross National Disaster Relief Fund to provide support to affected communities and is distributing $50,000 worth of snacks and bottled water in New Jersey.
  • Rite Aid closed 790 stores at the height of the storm, and 188 remained closed or were operating without power as of Oct. 31. In addition, eight stores sustained “substantial damage,” and the company expected that number to increase as field leaders gained access to more locations, but the company was re-opening stores “as quickly as possible.” The Rite Aid Foundation, the company’s philanthropic arm, donated $100,000 to the American Red Cross for relief efforts.
  • Walgreens closed 750 stores ahead of the hurricane, and as of Nov. 2, about 130 remained closed in New York, New Jersey, Maryland, Virginia and Pennsylvania. The company began stocking extra items like nonperishable foods, water, batteries and flashlights, as well as arranging special transportation and lodging for employees who depend on public transit and preparing 160 portable generators for rapid deployment to stores as needed and dry ice for medicines requiring refrigeration. The company also donated $250,000 to the American Red Cross for storm-relief efforts and three semitrailers full of bottled water to a Red Cross center in New Jersey.

Elsewhere I have argued that the difference between a catastrophic and a non-catastrophic event is often a matter of supply chain resilience.   There are places where delivery of emergency supplies by Red Cross or others is absolutely necessary.  But no emergency supply system can effectively provide for a multi-million person metro area.  The persistence and adaptability of key supply chains, especially water, food, and pharmaceuticals, are foundational to effective response and recovery.

PLEASE SEE FRIDAY MORNING POST  BELOW(THREE MUSKETEERS) FOR UPDATES ON THE REGIONAL FUEL SITUATION

November 2, 2012

Power, Communications, and Fuel: What happens when the Three Musketeers disappear?

Filed under: Catastrophes,Port and Maritime Security,Preparedness and Response,Private Sector,Strategy — by Philip J. Palin on November 2, 2012

Some quick aggregation and analysis on three critical nodes.  For this summary I have focused on the current situation in the Greater New York City area.  This is not a region in which I specialize, I would welcome reader corrections.

By “current” I mean Thursday evening, November 1.  This is the oft-referenced 72 hour mark since Sandy came ashore.

Power: 43 percent of New Jersey electric customers (1.7 million),  over 1.5 million New Yorkers and close to 350,000 citizens of Connecticut are still in the dark.  Several utilities report they expect to reach the 90 percent restoration point within the next ten days (November 9-12).  See more details from the US Department of Energy. I have not found any reports of Sandy causing long-term impact on power generation.   (There was a Sandy-related safety alert at the Oyster Creek Nuclear Power Station, but this operation had already shut down for scheduled maintenance before the superstorm hit.)  According to the regional grid coordinator,  even at the height of the storm there was “enough generation available in the region to cover the loss of those generating stations that are out of service because of the storm. “Transmission capacity, especially in New Jersey, was affected. There were 22 230-kilovolt transmission lines out of service because of flooding in substations in northern New Jersey.   The storm compromised 41 transmission facilities in the multi state region most directly impacted by Sandy. But the storm’s biggest impact, as usual, was on the distribution system.  In Westchester County alone over 600 roads remain closed because of downed power lines.  Flooding has seriously impacted buried lines and substations in New York City and other coastal communities. According to reports in the Philadelphia Inquirer, “We had massive damage to our infrastructure,” said Chris Eck, a spokesman for Jersey Central Power & Light Co… The New Jersey utilities lost numerous substations to floods, in addition to losing power lines and pole-top transformers. The substations, which serve large areas of customers, must be drained, dried and cleaned before they can be reenergized. Ralph A. LaRossa, PSE&G’s president, said Thursday that cleanup crews were engaged in “hand-to-hand combat” with filth in substations, using toothbrushes and rags to remove dirt.”

Communications: The Federal Communications Commission reports that one in four cell phone towers were out of service at the height of the storm.  Verizon declared a “service emergency.” Thursday’s Wall Street Journal reported:

Eleven years after the 9/11 terrorist attacks, Verizon Communications Inc. is once again scrambling to repair severe damage to a key switching facility inside its historic headquarters building in lower Manhattan. The massive facility for interconnecting key communications lines sustained heavy damage after planes struck the Twin Towers more than a decade ago. This time the enemy was water shoved ashore by Hurricane Sandy. The building is one of the worst hit of a number of facilities that carriers were rushing to fix Wednesday… Verizon employees said Monday night’s storm surge was so powerful that it breached the protective plugs that surround cables coming into the building. As a result, water flooded the critical basement “cable vault” that takes in communications cables and directs them to switching gear upstairs, which wasn’t damaged.

AT&T, Sprint, T-Mobile and smaller wireless carriers were also reporting tower outages and system instability across Metro New York and northern New Jersey.   Wireless providers are not required to report on system status, but most expert observers seemed to agree roughly twenty-percent of the network is still non-operational across the most affected areas.  The power outage is complicating and delaying restoration efforts.

Above: Flooded lobby of Verizon data center at 140 West Street

Fuel: Roughly 25-30 percent of regional fuel refining is offline.  The Colonial Pipeline is expected to resume deliveries to the New York metro market on November 2. This major source of Gulf Coast petroleum product has been shut-down since October 29.  Late November 1 the Ports of New York and New Jersey were reopened to maritime fuel deliveries.  But availability of supply is not — yet — the fundamental problem. Several  gasoline terminals are not able to receive or transfer product because of damage caused by the storm surge.  Roughly 75 percent of the New York metro’s gasoline supply is distributed from terminals in the Linden, New Jersey area. One company executive estimated the terminals at his site could take four to six weeks to repair.  In any case, many gasoline terminals do not have  electricity to pump product.  Utilities anticipate this issue may be resolved over the weekend.  Because of power outages many gasoline service stations cannot pump what they have in their storage tanks.  Mike O’Leary, vice president of Raceway Petroleum Inc., based in Piscataway N.J., said only three of its 50 stations “were able to open with power restored” to run gas pumps cash registers and credit-card transaction devices.  In Paterson, N.J., the state’s third-largest city, the Police Department was trying to negotiate emergency contracts for gas, and short of that, said it would beginning siphoning it from other city vehicles to keep police cruisers running. The EPA has issued emergency waivers through November 20 related to Reformulated Gasoline Requirements in order to maximize gasoline availability in the states impacted by Sandy.

Supply is not the problem. Identifying demand is not the problem.  The network for delivering supply to demand has mostly — though not entirely — survived.

In all three cases the distribution system has been disrupted.  In particular, transfer capability is a serious challenge for each sector. For example, fuel needs to be transferred from refineries, pipelines and barges and eventually into trucks.   The Linden terminals play this function.  The Verizon “cable vault” is analogous to the fuel terminals, as are electrical substations.

Our three heroes share a similar weakness.  Is there a D’Artagnan to rescue them?

LATE FRIDAY UPDATE:

I’ve been offline, but (mostly) good news today in terms of gasoline distribution in the NYC metro area:

According to Dow Jones:

NuStar Energy  said the truck-rack facility at its petroleum-products terminal in Linden, N.J., will be back in service by the end of day Friday.  NuStar crews were able to bring a generator from one of its Gulf Coast facilities and procured another regionally to power up the truck-rack bays in Linden. The rest of NuStar’s 4.5-million-barrel capacity storage-and-distribution terminal in Linden remains shuttered until commercial power can be restored and damage assessments completed.

According to Reuters:

In an effort to reduce the impact of crippled fuel flows in the Northeast, U.S. Secretary of Homeland Security Janet Napolitano issued a temporary blanket waiver of the Jones Act on Friday. The move allows foreign oil tankers from the Gulf of Mexico to enter Northeastern ports to provide additional fuel resources, a service usually restricted to domestic vessels. About half of the region’s gasoline and diesel comes from the Gulf Coast via the Colonial Pipeline or via tanker from overseas.

Despite some continued disruptions to supply, other critical terminals and refineries continued to reopen on Friday.

Colonial Pipeline, the 825,000 bpd conduit that ships fuel from the Gulf Coast to the East Coast, said it had restarted a large section of Line 3, its Northeast mainline that runs from Greensboro, North Carolina, to Linden, New Jersey, on Thursday. It also resumed deliveries at its key Linden junction to a connected Buckeye terminal.

“While Colonial’s pipelines and facilities were spared significant damage, many of the terminals in the Linden area will require days if not weeks to fully recover,” it said.

Kinder Morgan said on Thursday it would resume shipping from its New York and New Jersey terminals in the next day or two, after the company brought in generators to power pumps and other equipment. The terminals in Carteret and Perth Amboy in New Jersey and in Staten Island, New York, will begin to receive and move refined fuels in the next 24 to 48 hours.

Royal Dutch Shell said Thursday that all its New York borough terminals were still down. Its Shell-branded network was 84 percent open in Connecticut, 47 percent open in New Jersey, 62 percent open in New York and 83 percent open in Pennsylvania.

Motiva Enterprises said on Wednesday it reopened more of the fuel terminals it shut because of Hurricane Sandy, but four terminals in Sewaren and Newark, New Jersey, and Brooklyn and Long Island, New York, have no restart date.

Magellan Midstream Partners, one of the largest U.S. pipeline and storage terminal companies, said it now has limited operational capacity to receive inbound vessels and barges at its New Haven terminal.

Buckeye Partners said its main New York Harbor area terminal in Linden, New Jersey, was reconnected to its power supply and fully operational by noon on Friday. The company expects its two other New York area terminals in Inwood and Long Island City to return to service by November 2 midnight. The company is supplying jet fuel to the three airports in the New York City area.

EARLY SATURDAY UPDATE

According to the Energy Information Administration:

Based on today’s (November 2) emergency survey of gasoline availability, EIA estimates that two-thirds of gasoline stations in the New York metropolitan area do not have gasoline available for sale. This number includes stations that reported no gasoline available and those EIA could not reach after numerous attempts, and consequently assume that the station was closed. Of the stations sampled, one-third had gasoline available for sale, 3% were not selling gasoline because they had no power, 10% had power but no gasoline supplies, and 53% percent did not respond to attempts to contact them.

According to the Associated Press:

The Obama administration is ordering the purchase of up to 12 million gallons of unleaded fuel and up to 10 million gallons of diesel fuel for distribution in areas impacted by Superstorm Sandy to supplement private sector efforts. The Federal Emergency Management Agency said Friday that President Barack Obama has directed the Defense Logistics Agency to handle the purchase of the fuel. It will be transported by tanker trucks and distributed throughout New York, New Jersey and other communities impacted by the storm.

According to the Office of New Jersey Governor Christie:

Governor Chris Christie took action to prevent a fuel shortage and ease the problem of extended wait times and lines at gas stations by signing Executive Order 108, declaring a limited state of energy emergency with regard to the supply of motor fuel and implementing odd-even rationing for gasoline purchases in 12 New Jersey counties.  Odd-even fuel sales will take effect in the following counties at noon on November 3, 2012: Bergen, Essex, Hudson, Hunterdon, Middlesex, Morris, Monmouth, Passaic, Somerset, Sussex, Union, and Warren.

According to Bloomberg Business:

Tankers able to deliver almost 215,000 metric tons of gasoline are waiting outside New York Harbor to unload their cargoes after the worst Atlantic Coast storm in history shut terminals and halted refineries. Six vessels within a 100-mile radius of the port of New York have been waiting since at least Oct. 28, according to IHS Inc. vessel-tracking data compiled by Bloomberg News today. The tankers, also able to carry cargoes including diesel, are probably being delayed because of the storm and would normally load or unload within two days, according to Truls Dahl, a shipbroker at Astrup Fearnley A/S in Oslo.

According to a Fox Business interview with Sal Risalvato of the New Jersey Gasoline Convenience Automotive Association:

The problem with consumer access to gasoline in the greater New York area is not the result of insufficient supply.  Rather it is a lack of electricity at  the fuel distribution centers in the Elizabeth (NJ) and Newark (NJ) seaports.  According to Mr. Risalvato the electric utilities did not have these gasoline transfer hubs on their priority restoration lists until late on November 1.   Since Friday morning there has been a sustained effort to restore power to these facilities and some generator power has been put in place.  Mr. Risalvato also explain that even once electricity is restored, these facilities will not be operating at full capacity due to damage caused by storm surge.

Late Saturday afternoon Reuters provided a helpful update and overview of the situation with the fuel supply chain.

Early Saturday evening the AP filed  a report that begins to set out the key interdependencies at play.

Reuters is reporting:

The 16-million-barrel International-Matex Tank Terminals oil terminal in Bayonne, New Jersey has partially re-opened following power losses due to superstorm Sandy, its operator said on Saturday. The fuel terminal, the biggest in the New York Harbor, is still “coming back online,” said terminal manager Richard Fisette. As of Saturday, around half of the facilities at the site were back to normal operation and the major regional fuel repository was awaiting nominations, or orders to ship out fuel, from its customers, Fisette said. A pipeline serving the facility is operational and damage assessments at the site have not indicated fuel leakage from tanks or pipelines there, Fisette added. (The terminal operator has an especially informative website on the Bayonne facility available at: http://www.imtt.com/index.php?page=bayonne)

According to the Energy Information Administration as of Saturday:

Based on today’s emergency survey of gasoline availability, EIA estimates that 38% of gas stations in the New York Metropolitan area do not have gasoline available for sale. This is a sharp decrease from 67% yesterday.

SUNDAY UPDATE

Reuters has a good overview. Some of their reporting on the underlying supply situation disagrees with my own analysis.  Reuters is probably correct, the NYC region is not my expertise and fuel is on the very edge of anything that might be called expertise.  Still, it’s worth double checking.

Hess, a major gasoline retailer in the NYC metro area, released details of the supply status at all of its points-of-sale, encouraging consumers to select locations with at least 7000 gallons in stock.   This is a fascinating step:  Please see http://hessexpress.com/FuelInformation

Late Sunday the Reuters leads with a new update (otherwise not much changed from above):

The New York Harbor energy network was returning to normal on Sunday with mainline power restored nearly a week after Hurricane Sandy pummeled the eastern seaboard. Yet damage to infrastructure near Linden, New Jersey, a major northeast fuel hub, kept a major refinery and some terminals shut, lending longer life to gasoline shortages that have persisted in the region. Another looming concern was that heating oil supplies were dwindling with temperatures expected to dip to freezing in New York by Monday.

In my judgment that’s just about right.  In terms of gasoline, it will take a few days for deliveries to replenish retail locations — and increased assurance to diminish hoarding — but the strategic shift has been achieved with the restoration of power to the fuel distribution centers and the gasoline stations.  I don’t know anything about heating oil.

This concludes the thread.  If there are major new developments I will generate a new post.

Well, I lied. One more link: On Monday CNBC ran a report on the key role of the fuel terminals and raised some implications: http://video.cnbc.com/gallery/?video=3000127323&play=1

August 28, 2012

Managing the Insider Threat: a book review

Filed under: Infrastructure Protection,Private Sector — by Christopher Bellavita on August 28, 2012

Today’s post was written by Nadav Morag. Morag is a faculty member at the Naval Postgraduate School’s Center for Homeland Defense and Security.

Managing the Insider Threat: No Dark Corners — a book by Nick Catrantzos (who sometimes writes for Homeland Security Watch) — is a welcome contribution to the study of insider threats: the dangers posed by individuals who have legitimate entrée to trusted information and access to systems within institutions or infrastructures.

According to a study carried out by CISCO, 39 percent of IT professionals surveyed were more concerned about insider threats than about external hackers. Disgruntled employees, those recruited by outsiders or those who purposefully infiltrate an organization, pose a serious threat to companies, the economy and national infrastructures.

Catrantzos’s book fills an important niche in bringing together the various aspects of this phenomenon in a way that others have not previously done. While studies exist that focus on aspects of the phenomenon: such as the mindset and motivations of individuals who become insider threats or those that focus on technical solutions to enhance information security, prior to the publication of Managing the Insider Threat, the field lacked a comprehensive tome that addressed all aspects of the issue.

Happily, Catrantzos has rectified this problem and his work looks not only at new research into the insider threat phenomenon but also at the key players that impact the degree to which this problem can be mitigated or, failing that, managed. In addition, Catrantzos looks at best practices in the area of background investigations, detecting deception and the legal tools and pitfalls involved in coping with insider threats. Finally, the book looks at categories of insider threats, from existential ones to those that can lead to individual workplace violence or individual acts of embezzlement. The book also includes, in the appendices, some very interesting findings from a Delphi survey of managers on the insider threat issue and their respective perceptions of it.

In addition to providing a very comprehensive and inclusive overview of the different facets of the problem, Managing the Insider Threat also provides very practical recommendations for mitigating the various facets of the insider threat phenomenon. From questions for online and classroom discussion (with an answer guide) to exercises for group projects to checklists for managers trying to gauge and cope with threats, Catrantzos has created a volume that will be incredibly useful for students studying the problem, and to managers and consultants requiring a strategy and specific policies to cope with this increasingly destructive phenomenon.

Managing the Insider Threat: No Dark Corners is a book that is just as academically relevant as it is practitioner-relevant. The book is superbly organized, clearly written and provides excellent analysis, while also being very readable.

August 21, 2012

Community powered recovery

Filed under: Business of HLS,Preparedness and Response,Private Sector — by Christopher Bellavita on August 21, 2012

This post is about two sisters from Monson, Massachusets.

A tornado destroyed part of Monson in 2011.  The sisters — Caitria and Morgan O’Neill — used “two laptops and a slow Internet connection” to create what they call  community powered recovery.

They now teach other communities how to do the same thing.  They turned their experience into a business.

Caitria and Morgan O’Neill describe their idea in a TED video.

You can watch the nine minute video at the end of this post.

But first a few appropriate words from the 2012 National Preparedness Report (with my emphasis):

Efforts to improve national preparedness have incorporated the whole community…. This whole community approach to preparedness recognizes that disasters affect all segments of society.  While the Federal Government plays a critical role in coordinating national-level efforts, it is communities and individuals who lead efforts to implement preparedness initiatives throughout the Nation….

Experience has shown that community members often serve as first responders…. Faith-based and voluntary organizations, furthermore, have demonstrated remarkable speed and capacity to establish operations to care for those in need after a disaster….

Of course, preparedness is not a new concept…. What is new is the unity of effort that whole community partners are bringing to the challenge, as well as the recognition that preparedness does not just involve spending resources—it involves changing mindsets and behaviors.

Here is the TED talk

A somewhat cynical colleague watched the video and sent me the following note:

I’m delighted at the confidence, even the certainty, that the 2 sisters have that ‘someone’ will do what is necessary.  Ah the human spirit!

 

 

July 5, 2012

Derecho decouples dependencies: Who or what is responsible for the results?

Filed under: Catastrophes,Media,Preparedness and Response,Private Sector,Risk Assessment,Strategy — by Philip J. Palin on July 5, 2012

Derecho forming in Midwest and barreling to the Mid-Atlantic

The implications of last week’s derecho are a matter of some debate. Please contribute to the debate through the comment function at the close of this post.

TIME: Friday. June 29, 2012.  Minimal notice.  Emerged in Southern Great Lakes during  mid-afternoon, hit National Capital Region between 10:30PM to 11:30PM.  (By statute the National Capital Region consists of the District of Columbia, 2 Maryland counties, 4 Virginia counties, and the City of Alexandria.)

SPACE: 650 miles deep (Northern Indiana to Atlantic seaboard), 270 miles wide (roughly Norfolk VA to Philadelphia PA).

CHARACTERISTICS: Fast-moving, averaging 60 miles per hour.  Hard hitting with sustained winds ranging between 60 to 90 miles-per-hour, very strong downbursts (and even stronger microbursts, producing tornado-like outcomes), widespread lightning strikes, and hail.  Wind-gusts of over 80 miles per hour were reported along an arc extending from Baltimore (MD) in the north to Richmond (VA) in the south.

Derecho’s are difficult to predict.  Most meteorologists are surprised the June 29 squall line survived its transit of the Appalachians.   Descending toward the coastal plain the derecho was quickly strengthened by the hot, humid atmospheric instability spawned by a record-breaking hot day.  The June 29 temperature in Washington DC had reached 104 degrees.

Again and again the June 29 derecho has been described as a “no-notice hurricane.”

FREQUENCY: Uncommon.  Usually less than one per year anywhere in North America.  Typically no more than one every four years in the mid-Atlantic.

CONSEQUENCES: Twenty-six deaths,  over 5 million without electricity for up to one week, widespread telecommunications outages (including 911 system failures), water quality concerns in West Virginia, suburban Maryland and other locations, transportation system stress due to reduced fuel pumping capabilities, traffic signal failures, and increased traffic, as a result of both the storm and Independence Day holiday.  Economic impact — from both physical destruction and loss-of-trade — not yet calculable.

ANALYSIS: Following is a Washington Post editorial that was written about 72 hours after the event.  It is, I suppose, a kind of consensus analysis.  I am concerned this consensus gives insufficient attention to several strategic realities.  The Post editorial board’s original analysis is in italics.  My counter-argument is indented non-italic.

Powerful storm exposes lack of disaster preparedness

THE FREAK SUMMER STORM that laid waste to much of the mid-Atlantic on Friday night left chaos in its howling wake — and a mess of questions about the region’s capacity to cope with the unexpected.

The issue is framed as the “capacity to cope”.  In this framing and throughout the editorial’s  analysis there is a predisposition to an effective response that will quickly and fully restore the prior condition.  This response-orientation is too narrow.

In Northern Virginia, where Verizon handles most 911 calls, emergency phone service simply did not exist for much of the weekend, even as residents scrambled to absorb a surge of bona fide emergencies. Suburban Maryland’s main power provider, Pepco, once again scrambled to restore electricity to hundreds of thousands of customers who have come almost to expect wildly inconvenient outages in extreme temperatures.

What these — and many other — examples point to is the increasingly interdependent character of the technological webs on which we have built our daily lives.  On most days these interdependencies generate substantial benefits.  But on bad days the same connections can be a collection of cascading vulnerabilities.   The rush-to-blame service providers is too easy and — more importantly — obscures fundamental issues of real risk readiness.

In both cases, residents of the national capital region could only wince as they imagined what might befall them in more cataclysmic circumstances — a terrorist attack targeting not just population centers but critical infrastructure, for instance — and pondered the painfully evident lack of disaster preparedness.

I agree this was not a cataclysm.  As bad as it was (still is for many), this was far short of a catastrophe.  I agree there is good cause for the National Capital Region to anticipate a real catastrophe.

But what sort of “preparedness” is  envisioned?  Is it preparedness to put Humpty-Dumpty together again?  The nursery rhyme  has already warned us in this regard.

Malicious intent — criminal, terrorist or otherwise — brings with it a psycho-social multiplier effect that deserves our attention.  But intentional threats often pale beside natural and accidental threats.  Consider the potential implications of a New Madrid seismic event or an accidental collapse of the regional grid.

“We have emergencies,” said Sharon Bulova, chairman of Fairfax County’s Board of Supervisors. “Especially in the national capital region, we are susceptible to things happening, having public safety compromised.”

How, then, can the region be so ill-prepared?

I don’t expect to convince anyone who has been sweating out the power outage since Friday night, but the pace of restoration has seemed to me reasonably rapid.

When a hurricane or blizzard is forecast, the owners/operators of critical infrastructure have a day or more to prepare.  This event-specific preparation often involves pre-deploying and enhancing response assets.  If at all possible, additional electrical and telecommunications repair crews will be brought in from other regions outside the cone-of-uncertainty. The general population, famously, stocks up in advance and — in the case of hurricanes — may move out of the way.

On June 29, even if someone had gone to red alert as the derecho crossed the Ohio River, the realities of time and space eliminated this kind of preparation.  That’s why no-notice — or minimum notice — events are so fundamentally different than hurricanes or blizzards or — with recent advances in weather prediction — even tornadoes.

That’s the question for leaders to contemplate as the cleanup continues. And not just elected leaders, but corporate ones too: Verizon and Pepco both owe the public a much more thorough accounting and, more to the point, explanation of why it is taking so long to set things right again.

It will always take “so long to set things right again” if we persist in the illusion that we can wait to respond or that our preparedness is mostly a matter of being ready to respond.  Given the nature of our interdependent systems and their shared vulnerability to non-typical events, we are much better served to focus on prevention, mitigation, and resilience.  We also ought to be more creative in conceiving and executing recovery operations.  Failures will recur.  Catastrophic failures of distributed interdependent engineered systems are  infrequent… but practically inevitable.

Verizon, for its part, has been opaque about the 911 service crash in Northern Virginia, furnishing only vague answers to questions about why its primary and backup power sources were vulnerable and what can be done to avoid a repetition.

Then there’s Pepco. In the annals of corporate spin control, the company’s unabashed announcement Monday that it planned to restore electricity to 90 percent of its Maryland and District customers by late in the evening of July 6 — seven days after the storm — must qualify for a special mention in the Lowered Bar Category.

Or are these examples of honest uncertainty and worst-case realism? One self-described  weather nerd told me, “A derecho is a 240-plus mile front of 80-plus simultaneous F-1 tornadoes.”   Yet by Tuesday midnight telecommunications systems were — if still a bit unstable — mostly working.  Electric utilities were reporting restoration of the network’s backbone and were turning to the very time  consuming process of reconnecting individual customers.  The number of National Capital Region outages had been reduced from about 1.5 million to less than 110,000 in less than four days for an uncommon, no-notice, very hard-hitting event.  Despite extraordinary heat the public health consequences have been modest.  The celebration of Independence Day on the National Mall proceeded.  (Contrast this with the situation in West Virginia where late Wednesday 280,000 remained without power, down roughly 50 percent from the peak on Friday night.)

Should customers for whom power comes back midweek really be impressed that they suffered for just four or five days instead of for seven? And what of the 10 percent of customers whose service will still not be back by Friday night? Are they condemned to a second weekend with no air conditioning or refrigeration?

All of us might take a few moments to consider the connections — technological and human — on which we depend.  What is the nature of these dependencies?  What is the consequence of — unexpectedly — losing these connections?  Is there anything we can do — now, today — to mitigate these consequences?

Consciously or not we typically make one of four choices regarding risk: 1) we transfer the risk to someone else, 2) we accept the risk, 3) we reduce the risk, or 4) we avoid the risk.  The Washington Post editors seem to be trying to transfer all the risk responsibility to Verizon, Pepco, and other providers.  Certainly these owners/operators should be held to high standards.

But any attempt to transfer all risk will only hide a high level of accepted risk.  The level of risk accepted will be even higher because it is hidden.

It is delusional and dangerous if we — each and all of us — do not accept at least equal responsibility for the kinds of risk outlined above.  What can each of us do to reduce the risk associated with the consequences of the most hard-hitting events?

It’s little consolation to imagine that some things might have been worse. Pepco, despite leaving hundreds of thousands of homeowners and businesses in the lurch, did manage to prioritize restoration of service to hospitals, nursing homes and, critically, Metro. Dominion Virginia Power was also able to restore electricity relatively quickly to hospitals in Northern Virginia as well as to the main jail in Fairfax County.

Damn with faint praise?  Might this just be an indication of planning, preparedness, and a mitigation strategy in action?

The storm gave rise to massive inconveniences and discomforts across the Washington area. Usefully, it also exposed the region’s absence of reliable fail-safes, spotty preparedness and sluggish response times in the face of emergencies. Now it’s up to leaders to identify and act on those shortcomings.

Yes.  We should treat this as a near-miss and learn every lesson possible.

But inconvenience and discomfort are the least of my concerns.  Someday a no-notice, potentially catastrophic disaster will keep power off for more than a week. Telecommunications will be similarly disrupted.  Fuel will be in short-supply.  Delivery of water, food, and pharma will be uncertain.  Our response may be further complicated by concern over biological, radiological, or some other potential contamination: natural, accidental, or intentional.

Leaders do have an important role to play.  Part of that role is attending carefully to improving response capabilities.  But even more important — and too often ignored — is identifying opportunities to prevent, mitigate, and improve resilience.

And it is not only a matter for political and corporate leaders.   Organizing our economy and much of our lives around various interdependent distributed networks involves both risks and rewards.  We tend to take the rewards for granted and deny the risks.  This is irresponsible.  It is unrealistic.  It is a recipe for catastrophe.

May 16, 2012

See No Evil? Then Just Do It

Filed under: Organizational Issues,Private Sector — by Mark Chubb on May 16, 2012

It’s been awhile since I have managed to post something. The last wholehearted attempt I made was a reflection on May Day observances that I never finished. For some reason or another I could never come to a conclusion to that piece that really satisfied me. At least not in the sense that I was getting to the heart of what I was watching on the news and in the streets, especially here in Seattle. As a result, it sits mouldering in my queue still waiting for rewrite or deletion.

Somehow, though, a few of the themes I struggled with just a couple of weeks ago came into sharper focus for me this week in the form of two articles I read. The first described the effects of growing income inequality on individual mortality. Put simply, those who earn the least can not only expect to live shorter lives, but they can also expect their longevity to diminish as the length or the depth of the gap widens between their earnings and those at the top. The article cites other studies’ speculation as to the causes of income inequality-related mortality while noting that the academic research cited has reached no firm conclusion about specific causes, especially over the short-term. At the same time, the study provides compelling evidence of the cumulative effect of income inequality on health.

The second article suggested that crime really does pay. Or rather that unethical behavior or at the very least less-than-ethical behavior has its rewards. The Harvard Business Review item noted a recent study that displayed significant gaps between the earnings of those men who self-reported improvements in ethical awareness and subsequent ethical conduct as a result of exposure to ethical principles and practices in their post-graduate management curricula. (Sorry, no word on how the women did. Let’s just hope it was considerably better than the boys.) Sadly, but probably not too surprisingly, those who earned the most reported little awareness of or influence from exposure to ethics while earning their MBAs.

These two items got me reflecting anew on a third item that aired on May 1. NPR’s Planet Money Team produced a truly exceptional segment entitled Psychology of Fraud: Why Good People Do Bad Things. This piece examined the story of Toby Groves, a convicted mortgage fraudster who convinced colleagues to conspire with him to create a ghost mortgage, a very real loan for an utterly fictitious property, to cover mismanagement of his business.

In the simplest terms, Toby and his colleagues justified their actions by framing the problem in two very simple but compelling ways. First, instead of seeing their actions as unethical, which they openly acknowledged they were, they reframed the decision as one of business necessity. They supported this framing in a second but equally compelling way by seeing their actions as a personal favor for a trusted friend and valued colleague. In other words, they saw Toby as someone they liked and enjoyed working with who now needed a small favor from them as opposed to the illegal and craven actions of a desperate man at his wits’ end. In short, their decisions to be helpful were aided by the notion that Toby Groves was a business associate, his business was at risk due to financial decisions they all make, and the actions he requested of them (which he openly acknowledged could get them all in heaps of trouble) required little effort on their part and were actions in which they were routinely engaged as part of their normal and legitimate business practices. Clearly, the road to hell — and prison — is paved with good intentions.

If the NPR story had any shortcomings, it was in the lack of resolution I felt from the reforms they suggested might arise to combat the problem of inappropriate cognitive framing of ethical dilemmas in the business environment. How, I wondered, might it help the situation to remind people on the forms they are signing that lying or misrepresentation are unethical or illegal? Don’t they know this already? And who reads the fine print anyway? Sure, it might help to change auditors frequently to keep them from becoming too cosy with those they oversee. But don’t we want auditors to be both rational and fair? Does this not suggest a need for some sort of empathy? How much then is too much?

Clearly, the dilemmas we face are becoming more complex just as they problems that give rise to them become more complicated and even convoluted. The credit crunch that led to the lingering economic stagnation we still endure, the ideological and political excesses of violent extremists here and abroad, and the inability to reconcile political differences for the common good not only reflect certain states of mind but also provoke powerful emotions in us that arise largely from our own cognitive biases. The challenge then is not to oversimplify any of these issues but to see them for what they are: Situations that require us to apply many different frames to achieve not only the proper resolution but sufficient perspective to interpret correctly what sits before our eyes.

We can look upon the health effects of income inequality as the sad but unintended consequences of an otherwise salutary economic system or an injustice that demands redress. We can reward unethical conduct in the workplace and accept unequal rewards for those who look after themselves before others or we can hold one another to account for what each of us thinks, says and does. If it’s true that the road to hell is paved with good intentions, then it’s also worth noting that there’s more than one way to skin a cat and we should try them all rather than looking for the easy way out.

May 4, 2012

A tale of two cities… two sectors… two mindsets… stronger together

Filed under: Preparedness and Response,Private Sector — by Philip J. Palin on May 4, 2012

A few weeks ago I attended a regional summit of emergency managers, firefighters, law enforcement and related public officials for a major city and its metro region. My task was to invite these jurisdictions and their agencies to participate in an exercise program that would feature a catastrophic event in another large city a few hundred miles away.

In case of such a horrific event,  the creative assistance of those at the summit would be needed. The exercise would especially focus on the movement of supplies toward the impact zone.

First question, “Why should we share our supplies?”

My response, “Thanks for the chance to clairfy, I’m not talking about sharing your emergency inventory or anything owned by your agencies. The focus would be on facilitating a surge of private sector supply chains, private sector goods — water, food, and pharma, for example — that either originate in this area or need to move through this area.”

“I understood you the first time,” the questioner stated. “Why should we do that? If there’s a real catastrophe in (insert city name) we’ll probably need everything we can get here.”

While I offered some answers and justifications, my responses were not persuasive. Several agreed with the need to keep what they had. Others probably disagreed, but they were quiet. If there is ever a real need, I fully expect the first urban area will move mountains to help the second urban area. But for a whole host of reasons, they were not at all interested in thinking through the problems and process in advance.

Last week I was in another meeting in a different urban area, this time with private sector leaders from power, communications, water, food, pharma, banking, trucking, medical care and other key sectors. The issue was more or less the same: it is a very bad day in the big city. Your local capability is offline, even flattened. Will you work with us and participate in some exercises to think through the problem of re-supply?

The response was enthusiastic. “It’s a very interesting problem,” one offered. “Thinking through this worst-case will help us with other everyday issues,” another said. After a wide-ranging conversation one of the private sector leaders at the table stated, “This is in our self-interest. It is also in the common interest. We should have done this a long time ago.”

In each case there are back-stories, details that help explain the very different reactions. This is not an issue of good versus bad. But it is a story of two very different mind-sets.

After a few years –a lifetime? — of such contrasting experiences, I have a heuristic, a rule of thumb: Humankind is divided between those who are inclined to control and those who are inclined to create. There is a continuum with nearly everyone suspended somewhere between these two extremes (among other axes).  Where do you fall?

Those who seek to control tend to be more pessimistic. Those who seek to create tend to be more optimistic.

Pessimism may have roots in the past, but is expressed prospectively.  Optimism is mostly a matter of how the future is expected to unfold.  Each is an orientation that can skew observation and as a result be self-fulfilling.  At the extremes, both pessimism and optimism are probably forms of psychological self-protection.  Some recent research seems to suggest genetic predispositions are also in play.

The two mind-sets can be complementary, but more often clash and compete. The “control-freak” is an idiot. The “innovator” is a fool.

Any meaningful homeland security strategy must find a way to blend and benefit from both mind-sets and apply them in the here-and-now. Doing so systematically is something that requires much more attention than we currently invest.

–+–

Late Thursday afternoon I received a copy of the National Preparedness Report, the first annual as required by PPD-8.  It deserves a closer read and more complete analysis.   But even on a first read, it is easy to perceive the struggle between control or create.  In raw form  the tension of these worldviews warps the strength of each.  When the tension is synthesized, the resilience of the whole system is enhanced.

–+–

IT WAS THE BEST OF TIMES, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity, it was the season of Light, it was the season of Darkness, it was the spring of hope, it was the winter of despair, we had everything before us, we had nothing before us, we were all going direct to Heaven, we were all going direct the other way…

“… I see a beautiful city and a brilliant people rising from this abyss, and, in their struggles to be truly free, in their triumphs and defeats, through long long to come, I see the evil of this time and of the previous time of which this is the natural birth, gradually making expiation for itself and wearing out.” (A Tale of Two Cities by Charles Dickens)

February 24, 2012

Creating a Cyber Coast Guard

Filed under: Congress and HLS,Cybersecurity,Private Sector — by Philip J. Palin on February 24, 2012

It is not yet clear if the Cybersecurity Act of 2012 will be taken up by the whole Senate — as previously announced — or disappear into committee review while under sustained attack by those opposed.

Senator John McCain, one of those opposed, has promised a competing piece of legislation:

The fundamental difference in our alternative approach is that we aim to enter into a cooperative relationship with the entire private sector through information sharing, rather than an adversarial one with prescriptive regulations. Our bill, which will be introduced when we return from the Presidents’ Day recess, will provide a common-sense path forward to improve our nation’s cybersecurity defenses.

Last Friday I outlined the perceived — in my judgment, real — tension between collaboration and compliance that any approach to effective cybersecurity will require. The real debate is over how to resolve this tension: with more dependence on voluntary cooperation or the threat of regulation. (To be clear, the proposal unveiled on February 14 by Senators Lieberman, Collins, and others does not create new regulations per se, but it does initiate a public-private process that would eventually create a regulatory regime.)

Some private sector organizations have welcomed the opportunity to frame-up the process, others are ready to do what they can to stop any movement to regulation. So far the private sector line-up on each side seems mostly to reflect revenue streams. Those that may make money on increased attention to cybersecurity are in favor of the current proposal, those that see cybersecurity mostly as a cost are opposed. (The cost-benefit discussion is, so far, not very sophisticated on either side.)

While the efficacy of the new bill is debatable, it is clear the current approach — depending almost entirely on voluntary collaboration — has not worked. The weakest links in the cybersecurity system are the least willing to show up, talk turkey, and truly collaborate in sharing information and changing behavior. What do you do when “pretty please”, earnest presentations on self-interest, and peer pressure do not work? What do you do when neglect by one “house” on the block endangers the safety of the entire block (or city)?

Sanctions are needed. But no matter how tough, sanctions will not be sufficient. Whatever sack of sanctions are available, unless the sanctions are used to craft collaboration (rather than mere compliance) cybersecurity will not be enhanced.  The threat of regulatory sanctions may encourage collaboration, but a rigid regulatory approach alone will only achieve minimal compliance, which in cyberspace will always lag behind new threats and vulnerabilities.

Whichever of the current sides win, execution will be key. The current legislation addresses execution primarily under Title III through a DHS National Center for Cybersecurity and Communications. The new entity would combine several existing offices, and would be directed by a Presidential appointee confirmed by the Senate. Here are the director’s duties enumerated in the current legislation:

(1) manage Federal efforts to secure, protect, and ensure the resiliency of the Federal information infrastructure, national information infrastructure, and national security and emergency preparedness communications infrastructure of the United States, working cooperatively with appropriate government agencies and the private sector;

(2) support private sector efforts to secure, protect, and ensure the resiliency of the national information infrastructure;

(3) prioritize the efforts of the Center to address the most significant risks and incidents that have caused or are likely to cause damage to the Federal information infrastructure, the national information infrastructure, and national security and emergency preparedness communications infrastructure of the United States;

(4) ensure, in coordination with the privacy officer designated under subsection (j), the Privacy Officer appointed under section 222, and the Director of the Office of Civil Rights and Civil Liberties appointed under section 705, that the activities of the Center comply with all policies, regulations, and laws protecting the privacy and civil liberties of United States persons; and

(5) perform such other duties as the Secretary may require relating to the security and resiliency of the Federal information infrastructure, national information infrastructure, and the national security and emergency preparedness communications infrastructure of the United States.

Title III continues for another 28 pages. Included under Authorities and Responsibilities of the Center, “serve as the focal point for, and foster collaboration between, the Federal Government, State and local governments, and private entities on matters relating to the security of the national information infrastructure.”

On page 114 of the proposed legislation a supervisor training program for the Center is set out. The current language suggests Senator Akaka and his staff have persisted in pushing his perennial concerns. It’s all good. It could be better.

The currently proposed training program  is mostly internally focused. I suggest language be added to focus on mission achievement. Consider for a moment a supervisor training curriculum focused on just one of the duties listed above, ” support private sector efforts to secure, protect, and ensure the resiliency of the national information infrastructure”

What is the nature of the private sector?

What are the private sector’s current efforts related to cyberspace?

What does “secure”, “protect”, and “ensure the resiliency” of cyberspace mean?

What is the national information infrastructure?

What does it mean to “support” the private sector? Why this verb rather than another?

That would be an interesting — valuable — curriculum.   Develop similar curricula around each of the statutory goals, include private sector participants in the curriculum… and a whole new approach to private-public collaboration might be cultivated.

This curriculum should  include a heavy dose of culture, a culture of private-public collaboration.  If the Center becomes a cyber-SEC none of us will be any safer.   Cybersecurity cannot focus on accountability after-the-fact.  The focus must be on cultivating a culture of prevention and resilience, not compliance.

For this purpose, I propose the Akaka Academy for Cybersecurity give close attention to the way the Coast Guard cultivates a collaborative relationship with owners and operators of marine vessels. Just for a taste of what I mean, consider the implications of the following written instruction from a Coast Guard flag officer… and this is not atypical, this approach is entirely consistent with  standard Coast Guard practice.

The Coast Guard’s objective is to administer vessel inspection laws and regulations so as to promote safe, well equipped vessels that are suitable for their intended service. It is not the Coast Guard’s intent to place unnecessary economic and operational burdens upon the marine industry. In determining inspection requirements and procedures, inspection personnel must recognize and give due consideration to the following factors:

  • Delays to vessels, which can be costly, need to be balanced against the risks imposed by continued operation of the vessel, with safety of life, property, and the environment always the predominant factor over economics;
  • Certain types of construction, equipment, and/or repairs are more economically advantageous to the vessel operator and can provide the same measure of safety;
  • Some repairs can be safely delayed and can be more economically accomplished at a different place and time;
  • The overall safety of a vessel and its operating conditions, such as route, hours of operations, and type of operation, should be considered in determining inspection requirements;
  • Vessels are sometimes subject to operational requirements of organizations and agencies other than the Coast Guard; and
  • A balance must be maintained between the requirements of safety and practical operation. Arbitrary decisions or actions that contribute little to the vessel’s safety and tend to discourage the construction or operation of vessels must be avoided.

I know of no better example of effective private-public collaboration than that of the U.S. Coast Guard with the industry it helps regulate, serve, and sometimes save.  It is a cultural model well-suited to the cyber domain.

February 17, 2012

Cybersecurity Act: Collaboration v. Compliance?

Filed under: Congress and HLS,Cybersecurity,Private Sector — by Philip J. Palin on February 17, 2012

On Valentine’s Day the Senate Homeland Security and Governmental Affairs Committee released a proposed Cybersecurity Act of 2012.  The Committee’s Chairman, Joseph Lieberman (I-CT) and ranking member, Susan Collin’s (R-ME) are co-sponsors.

The roll-out has been impressive.  Check out the Committee’s website for gobs of additional background.  All-star testimony was taken on Thursday.

My HLSWatch colleague, Jessica Herrera-Flanigan has authored a persuasive piece for Roll Call pushing for quick adoption.  Rapid approval by the Senate is a big part of the legislative strategy.

Every cyber-specialist, like Jessica, I have communicated with supports the legislation.  Those on the Hill who have come out against are – so far – objecting mostly to procedural or cost concerns. (The best political update I could find on Friday morning is from Ellen Nakashima at the Washington Post.)

Yesterday I used a cross-continent flight to read the 205 pages of statutory prose.  Politico called it a “door-stop of a bill.”

Taken at face-value the language could hardly be more benign.

The clear intent is to prevent when possible – and mitigate when prevention is not possible – “the risk of national or regional catastrophic damage within the United States caused by damage or unauthorized access to information infrastructure…”

To achieve this and similar goals the legislation frames and facilitates a rather intricate process of private-public consultations, information exchange, risk analyses, certification, audits, education, research, and exercises.

In a whole host of ways the language implicitly – but quite obviously – acknowledges that cyber security is not possible without extraordinary – just for emphasis: extra-ordinary – cooperation between government and the private sector and between various elements of the private sector.

As a result, the proposed legislation goes to amazing lengths to encourage information exchange on cyber threats, vulnerabilities, and more.  For example, here are three sections of Title VII Information Sharing (page 163):

(d) EXEMPTION FROM PUBLIC DISCLOSURE.—An cybersecurity threat indicator disclosed by a non-Federal entity to a cybersecurity exchange under subsection (a) shall be— (1) exempt from disclosure under section 552(b)(3) of title 5, United States Code, or any comparable State law; and (2) treated as voluntarily shared information under section 552 of title 5, United States Code, or any comparable State law.

(e) EXEMPTION FROM EX PARTE LIMITATIONS.— Any cybersecurity threat indicator disclosed by a non-Federal entity to a cybersecurity exchange under subsection (a) shall not be subject to the rules of any governmental entity or judicial doctrine regarding ex parte communications with a decision making official.

(f) EXEMPTION FROM WAIVER OF PRIVILEGE.—Any cybersecurity threat indicator disclosed by a non-Federal entity to a cybersecurity exchange under subsection (a) may not be construed to be a waiver of any applicable privilege or protection provided under Federal, State, tribal, or territorial law, including any trade secret protection.

Please, please, please let us know when you are in danger, we promise not to hold you accountable. The federal government is made into a worried parent trying to protect a troubled teenager.

No one tells me the cyberthreat is overdone.   Most tell me it is already worse than is generally known. Threats, vulnerabilities, and consequences are expected to grow.

Everyone seems ready to agree – at least behind closed-doors – the legislation is well-intended and designed to tee-up a meaningful process of private-public consultations, not pre-ordain the results of that consultation.  If anything, many cybersecurity mavens find the proposed language entirely too tentative and toothless.

But one Chief Information Officer I talked with calls the bill a “Trojan horse, superficially attractive and deeply dangerous.”  According to this person the legislation is fundamentally flawed because it moves the focus of discussion from collaboration to compliance.  “As soon as compliance is the agenda,” he says, “the lawyers take over. We will hardly ever see a technologist again.  That’s not what we need.  They are going to replace a messy, difficult, but realistic process of collaboration with an orderly and mostly meaningless process of certification and compliance.  Risk management is hard.  Compliance is easy.  In one case you invest in real outcomes, in the other you create a legally defensible illusion.”

When I outlined the CIO’s critique to a self-defined “Hill Rat” (and lawyer) who has been involved in cybersecurity, he responded, “The lawyers are already too involved.  That’s been a problem.  It’s been easy for government relations people to show up.   We need CIOs, CTOs, CFOs, COOs, and CEOs.  One way to read the legislation is as a small but very sharp blade to cut through the veil of lawyers behind which too many of our cyber-assets are obscured.  No one wants to regulate, but we need to get real about the risk.”

As the Congressional staffer continued he went even further, “You know what?  This is really an anti-regulation bill. Unless we do something like this and get much better at the drill than today, a major system is going to be taken down and people will die.  Russian mafia, Iranian Quds, Chinese class project – who knows who?  Then just imagine the rush to regulation.”

Maybe I am overly influenced by two men who were each speaking with evident candor and concern.   But I come away thinking they are probably both right.

The issue is not so much current Congressional intent as longer-term execution.  Whenever legislation is adopted, how can we keep the focus on substantive collaboration?  Next Friday I will offer a suggestion.

« Previous PageNext Page »