Homeland Security Watch

Above is a fuzzy capture of an illustration from page 7 of a GAO PowerPoint entitled,  “FEMA has made limited progress in efforts to develop a system to assess national preparedness efforts.”  The original can be found at http://www.gao.gov/new.items/d1151r.pdf.  The briefing was part of a GAO presentation to Congress on October 29.

Loyal readers and regular commentators have asked for this graphic to be published here for discussion.

I have had no prior engagement with the GAO report or this particular graphic.  The GAO report provides no commentary on the graphic.   To start the discussion, I will offer my interpretation of the graphic.

The more intense an incident in time and space, the more quickly and broadly a capabilities gap emerges in responding to the incident.  In a major disaster or catastrophe local response capabilities are quickly overwhelmed.  An especially intense incident will significantly diminish local response capabilities before state and federal capabilities can be applied.  Time is required for non-local capabilities to be operationalized.   The capability requirements of an intense incident — interacting with the temporal delay in surging state and federal resources — creates a capability gap.  Over time this gap can be closed by increased application of federal, state, and local resources.

I have intended to engage the graphic affirmatively. Two readers with profound experience in this domain have already signaled considerable concern with the graphic.  I do not expect my interpretation to alleviate those concerns.

Even given my affirmative interpretation, I will offer three critiques:

1.  There is no attention to private sector capability and resources. The more intense the incident the more important will be private sector capability.

2.  The graphic implies that given sufficient time public sector resources can be surged to fill the gap.  In most cases this is probably true.  But it is important to acknowledge that in some incidents the gap will persist.

3.  Especially for consideration of preparedness, the graphic reinforces a tendency to view preparedness as being prepared to respond.   Preparedness gaps will continue to grow if we continue to frame the issue primarily in being ready-to-respond.

Now I will stand aside for more fundamental critiques and/or further explanation.

On Wednesday Mark Chubb offered a considered critique of the recently released Report to Congress: Perspectives on Preparedness (large PDF). 

In particular Mark noted, “It is not too hard to imagine myriad new federal strings being attached to the dollars flowing from federal coffers to state, local, and tribal authorities.  Previous investments that sought to promote material improvements in preparedness will likely be replaced by new process-oriented requirements without achieving the desired alignment or shared sense of purpose.”

While this threat is nearly omni-present, there are several recommendations in the report which attempt to mitigate the threat. Further, here’s one of the recommendations made by the Local, State, Tribal, and Federal Preparedness Task Force that is clearly aimed at more direct material improvements in preparedness.  From page 24:

One promising new preparedness initiative involves incentivizing individuals to take action by providing tax breaks for preparedness investments. We therefore recommend that all levels of government consider establishing financial incentives to encourage individuals, families, and businesses to undertake preparedness activities. The underlying logic is simple: prepared citizens minimize the potential costs of disaster and reduce the strain on first responders during a major event. The science is similarly encouraging: behavioral economists widely recognize that minor financial incentives can succeed in motivating individuals to make life-affirming decisions where even the risks of abstract, severe consequences cannot.

 

Moderate investments of time, energy, and resources to address potential problems before they occur can achieve significant savings in the long run. More importantly, incentives create an artificial imperative in the absence of perceived threats or hazards. Incentive-based approaches may be valuable in regions prone to less frequent, but potentially catastrophic incidents. Compliance with mitigation efforts such as structural reinforcements in hurricane or earthquake zones, or defensible space in the case of wildfires, should produce tangible rewards in terms of property value, tax breaks, or insurance rebates. In fact, some States—including Virginia and Louisiana—are already complementing their existing preparedness programming with tax incentives to encourage citizens to act.

Both Virginia and Louisiana combine tax incentives with a specific communications strategy. Early in hurricane season both states sponsor annual tax holidays for purchasing season-specific supplies.  The Virginia list of tax exempt products is available from from the Commonwealth’s Department of Taxation website.

This is a simple, low-cost, and easy-to-administer approach to encouraging citizens to do what they already recognize they should be doing.  It is a nudge in the right direction.  Packaging the timing, message, and nudge is a good example of “market-oriented” behavior by the government.  The private sector amplifies the message with advertising to sell the tax-exempt products.  Win-win-win.

Tax policy is regularly used to nudge us.  Tax deductions and credits encourage home buying, energy conservation, charitable giving and much more.    Tax credits can be especially motivating.  A tax credit is a sum subtracted directly from the total tax to be paid. 

The Commonwealth of Virginia — widely considered a conservative leaning state, especially in regard to tax policy —  offers thirty tax credits.  These range from encouraging “Agricultural Best Management Practices” to “Historic Rehabilitation” to “Long-term Care Insurance” to “Land Preservation” to the construction of “Riparian Waterway Buffers.” 

There is not yet a “disaster preparedness” or better yet a “resilience enhancement” tax credit.  What would one look like?  Here’s the Virginia Department of Taxation description of the Agricultural Best Management Practices tax credit:

This credit is available to individuals and corporations that are engaged in agricultural production for market and have a soil conservation plan in place to provide significant improvement to water quality in Virginia’s streams, rivers, and bays. To be eligible for the credit, your plan must be certified in advance by your local Soil and Water Conservation District.

The credit is 25% of the first $70,000 you spend for approved agricultural best management programs. The maximum credit is $17,500 or the taxpayers’ tax liability, whichever is less. Unused credits may be carried forward for five years.

Individual filers complete Schedule CR, Part XIV, and corporate filers complete Form 500CR, Part XVI to claim this credit. Attach the certificate from the local Soil and Water Conservation District from the locality in which the credit is claimed.

Reference: Virginia Code 58.1-339.3

Reference: Virginia Code 58.1-439.5

The key element is the plan being certified by the local Conservation District.   I have long advocated the Citizen Corps program looking to the soil conservation movement as a model.   It is a fantastic success story emerging from the catastrophe of the Dust Bowl.  The soil conservation movement  features strong public-private partnerships, great local, state, and federal involvement, and significant connections with the academic sector as well.  It is participation, collaboration, and deliberation in action.

Local Citizen Corps Councils could certify disaster plans, resilience plans, tabletops, exercises, and more.  In my experience the vast majority of people value — even enjoy — participating in these processes and activities.  But we need some modestly practical nudges to actually do what we want to do.

USA Today published a story this week regarding the threat of solar storms and Electromagnetic Pulse (EMP) that highlighted an issue inherent in homeland security more broadly—how to walk the line between resilience and overreaction.

The piece summarizes the threat posed by both natural solar storms and EMP caused by high-altitude explosion of nuclear weapons.  If you are unfamiliar with either or both, the USA Today article provides accessible descriptions of both phenomena.

In the overreaction column:

Gingrich last year cited the EMP Commission report in warning, “One weapon of this kind that went off over Omaha would eliminate most of the electrical production in the United States.”

There are others with more measured analysis:

There are “some important reasons for concern,” says physicist Yousaf Butt of the Harvard-Smithsonian Center for Astrophysics in Cambridge, Mass. “But there is also a lot of fluff.”

You would really need something the size of a Soviet H-bomb to have effects that cross many states,” Butt says.

The solar storm story is less political:

On March 9, 1989, the sun spat a million-mile-wide blast of high-temperature charged solar gas straight at the Earth. The “coronal mass ejection” struck the planet three days later, triggering a geomagnetic storm that made the northern lights visible in Texas. The storm also induced currents in Quebec’s power grid that knocked out power for 6 million people in Canada and the USA for at least nine hours.

The sensible mitigation effort in the face of EMPs, solar storms, or even cyber threats would be simple (if not cheap) steps to stockpile extra transformers and other hard-to-replace electrical grid-related equipment.

Unfortunately, the threat of an EMP attack often is used to further an agenda based on a radical expansion of missile defenses that would include the ability to intercept missiles fired from freighters off the U.S. coast.  In a Heritage Foundation Foundry blog posting regarding the same USA Today article, the author stretches credibility to make this case:

“For countries less dependent on modern technologies and electronics, including both rogue states like Iran and North Korea as well as stateless terrorist groups, EMP provides a potential way to attack the United States through asymmetric means. EMPs could be used to circumvent America’s superior conventional military power while reducing vulnerability to retaliation in kind.”

The author of this particular quotation, Heritage analyst Jena Baker McNeil, seems to misunderstand the basics of deterrence.  It is certain that the U.S. would not retaliate to an EMP attack with only an EMP attack.  So regardless of the level of dependence of the attacker on modern technologies, the nuclear retaliatory strike would be directed at destroying what the enemy regime holds most dear—the regime itself.  In other words, any nuclear strike on the United States (even a single EMP strike) by an identified state (and even an attempt at a somewhat covert EMP attack by a state would certainly be identified through a combination of nuclear forensics and intelligence) would result in an overwhelming nuclear response.

A discussion of the nuclear terrorist threat requires a separate post.  I would just like to suggest that while I worry about nuclear terrorism, and believe it is a threat requiring urgent action, the threat of terrorists obtaining not only a nuclear weapon but one capable of being combined with a SCUD (and of course obtaining the SCUD itself) is not something I believe should be keeping anyone up at night.

(H/t to Armchair Generalist for an earlier post regarding the USA Today piece.)

Further Reading:

Yousaf M. Butt, “The EMP threat: fact, fiction, and response (Part I),” The Space Review: http://www.thespacereview.com/article/1549/1

Yousaf M. Butt, “The EMP threat: fact, fiction, and response (Part II),” The Space Review: http://www.thespacereview.com/article/1553/1

I had an interesting conversation with a new colleague today. The new public information officer in our office asked me how emergency managers settled on 72-hours as the threshold value for disaster kits. Why, she wondered, was 72-hours the magic number for determining how much water, food, medicine, cash, and other supplies we should stockpile to prepare ourselves and our families for an emergency. Many emergency managers have asked a similar question in recent years, which has caused some to urge the public to prepare to fend for themselves for even longer periods without outside help.

As we discussed the basis for this guidance — in particular the lack of hard evidence or specific and explicit assumptions to support these recommendations — we concluded that the form and specificity of this suggestion probably had something to do with the fact that so many people still feel anxious even after they follow our advice. Does the emphasis on material preparedness and the connection to specific time periods reinforce public expectations about officialdom and its obligation to respond to our needs? Does it simultaneously discourage resilience while encouraging preparedness?

Today’s nationally-syndicated WBUR radio program, Here and Now, included a segment on disaster preparedness and resilience featuring Irwin Redlener, author of Americans at Risk and director of the National Center for Disaster Preparedness in the Mailman School of Public Health at Columbia University. In the interview, Redlener reiterated his assertion that America remains unprepared for a catastrophic disaster largely because of paralyzing bureaucracy and widespread incompetence. Redlener was particularly critical of the lack of a clearly articulated national preparedness goal that encourages simultaneous efforts to improve coordination between top-down and bottom-up approaches to preparedness.

When Redlener’s book was first published in 2006, memories of Hurricanes Katrina and Rita were still fresh in the minds of nearly every American and his voice was one among many calling for comprehensive reform of the federal system of preparing for, responding to, and recovering from disasters. Today, images of Haiti and news of the recent outbreak of cholera in refugee camps housing survivors who relocated from the quake devastated capitol of Port-au-Prince haunt us.

As we approach the midterm election next week, this argument resonates among many segments of an electorate that find the current economic and social situation unacceptable and desperately want someone to accept responsibility for the “slow motion disaster” many are calling the Great Recession. As I listened to the broadcast, which included discussion of the effects of the fiscal crisis on local and state emergency managers’ and public health officers’ budgets, I had to wonder whether we can responsibly draw any meaningful connections between the situation unsettling most Americans as they head to the ballot box and our nation’s state of disaster readiness.

I am not alone in questioning whether Redlener’s got it all right. This week, the FEMA Local, State, Tribal, and Federal Preparedness Task Force issued its final report, Perspective on Preparedness: Taking Stock Since 9/11. Although I doubt they had Redlener’s book specifically in mind, the task force concluded that notwithstanding a lack of clarity or consistency over time about how we define preparedness in the United States, the nation is better prepared now than we were a decade ago but still lacks a coherent and shared strategic direction.

The task force highlighted the important contributions of the federal government to preparedness in the form of policy guidance, capability assessment tools, and grant funds, but saw important opportunities to strengthen the gains made in all three areas by adding a fourth emphasis on strategic investments. In particular, the task force recommended steps to foster a culture of preparedness by creating incentives for preparedness and strengthening connections among existing networks to help the nation identify and prepare for emerging threats.

These recommendations seem sound enough on the surface. But taking up Redlener’s point of view, the goal is not the only problem. It’s also about how we develop and execute our plans to achieve it.

Reading the other task force recommendations, I can see why Redlener is so critical of the federal approach and have to wonder what he thinks about the task force’s recommendations. It is not too hard to imagine myriad new federal strings being attached to the dollars flowing from federal coffers to state, local, and tribal authorities. Previous investments that sought to promote material improvements in preparedness will likely be replaced by new process-oriented requirements without achieving the desired alignment or shared sense of purpose.

With so many fingers in the proverbial pie and so much dependence on federal support for state, local, and tribal preparedness programs, it is easy to see why Redlener is so skeptical (or perhaps cynical). Technical, political, and legal interventions offer little promise of ensuring social and cultural change if the funding priorities remain driven from the top-down.

The United Nations — an institution renowned by many in the United States as the epitome of bureaucratic incompetence — has taken a somewhat broader and in many ways more pragmatic approach than the FEMA task force. In the Hyogo Framework for Action, the International Strategy for Disaster Risk Reduction emphasizes efforts to address the underlying problems associated with disaster vulnerability: poverty, climate change , and social justice. These priorities drive a different sort of strategic investment than that proposed by the FEMA task force, one that encourages human development through education, gender equity, shared decision-making among diverse communities, and sustainable urban development.

The difference in strategic approach, although probably too subtle for some, yields, I would imagine, very different tactics in some important instances. The FEMA task force approach is more likely to produce interventions in primary schools aimed at practicing “drop, cover, and hold on drills” and teaching kids to prepare disaster kits for their homes. The UNISDR approach, on the other hand, would seem to favor improved offerings in ecology, geography, geology, and sociology that improve understanding of natural hazards and the connections between human and natural systems.

The big difference between the UNISDR and FEMA approaches lies not in the specifics of their recommendations though, but rather in their assumptions about how programs will be put into action. The UNISDR approach emphasizes efforts to reinforce economic, social, and cultural progress by fostering collaboration, education, and engagement. The FEMA approach relies on the assumption that it’s all about protecting the gains we have already made by ensuring people have access to the financial, technical, and administrative resources they need to achieve their goals.

Going beyond 72-hours requires us to think differently about how we define preparedness as well as how we help our communities prepare for disasters. Any new emphasis on process should recognize the importance of fostering diverse participation, promoting social equity, encouraging reflection, and stimulating growth rather than preserving the status quo ante.

About 150,000 people die everyday.  Yesterday it was my mother’s turn to die.

She lived for 88 years, 2 months, and 20 days.

This is the earliest picture I have of her.

She’s a 12 year old girl, spending the day at the sea, somewhere in Wales, near the farm where she was born.

It looks like the day was gray and cloudy.

Like today.

The next picture I have comes from her World War Two days.  She was in the Women’s Royal Naval Service.  I think she was 18 in this picture.

I was born – in England — when she was 22.  She told me about the days during the war when explosions from V2 rockets made me cry.

From the late 1940s through the 1970s, home for our Army family was mostly on the northeast coast of the United States.

From the 1970s through 2007, she lived in Florida and Louisiana.  She played competitive tennis into her mid 70s.

She got old after Hurricane Katrina.

She couldn’t take care of herself anymore.  My Oregon brother said he’d take care of her.

He and I rented a small RV in New Orleans and drove 2800 miles, nonstop, to her new home at the Oregon Coast, about 5,000 miles from the beach in Wales where decades ago a 12 year old girl posed with hands on her hips, blissfully unaware of a future life impossible to predict.

Friday was the last time I saw her.

My brother said he thought she might live a few more days.

When I kissed her forehead, I felt a warmth and strength from her skin that told me the woman who taught me to love books and language and independence would live much longer than that.

Cholera Outbreak in Haiti: PAHO Press Briefing Monday, October 25, at 2:00 p.m.

WHAT: Briefing on cholera outbreak in Haiti by Dr. Jon K. Andrus, Pan American Health Organization (PAHO).

WHEN: Monday, October 25, 2010 at 2:00 p.m. (14:00 HS Washington, DC Time).

WHERE: Room B, PAHO HQ, 525 23rd St. NW, Washington, DC (Corner 23rd St. & Virginia Ave)

WHO: Dr. Jon K. Andrus, Deputy Director of PAHO.

WEBCAST: www.paho.org/webcast (you can choose English or Spanish)

LIVESTREAM: http://www.livestream.com/paho

Contamination of the Artibonite River with human waste is the probable source of the cholera outbreak in Haiti.  As of Sunday afternoon there have been at least 250 deaths.  Cholera is a quick killer and difficult to contain.   (Read more from the BBC.)

This is the first time in nearly a century that cholera has presented in Haiti.  As a result human hosts are unlikely to have much immunity and the death rate could be much higher than in areas where cholera is more common.  Cholera has been absent from the Caribbean since about 1960.

The cholera epidemic is likely to worsen in the days ahead.  Major media will be covering.  For more detailed information the Pan American Health Organization is posting updates at http://new.paho.org/hai/index.php?lang=en

(Monday Upate: This morning the BBC is reporting, “Health officials have said there are signs that the cholera outbreak in central Haiti may be stabilising. Although the death toll moved past 250 with more than 3,000 people infected, fewer cases were reported.”)

The risk of cholera has been recognized since the January earthquake in Haiti.  A CDC Pre-Decision Brief on cholera is interesting to review nearly eight months on.  See CDC brief at: http://emergency.cdc.gov/disasters/earthquakes/haiti/waterydiarrhea_pre-decision_brief.asp

Field reports and requests for assistance are focusing on oral rehydration salts, clean water, soap, and water filtration devices, IV solutions (normal saline mostly), tubing and catheters, antibiotics: doxycycline, cipro, and trimethoprim/sulfa (cotrimoxazole).  Some resources have been predeployed.

–+–

On the same day that the cholera outbreak in Haiti was first being reported an advocacy group released a study pointing to serious problems ahead for US water systems.

 The Ripple Effect: Water Risk in the Municipal Bond Market assesses the risk of water scarcity for public water and power utilities in some of the country’s most water-stressed regions.  From the report:

Water is a linchpin of the U.S. economy, but its availability is being tested like never before. More extreme droughts, surging water demand, pollution, and climate change are growing risks that threaten water supplies in many parts of the United States. In some regions, water scarcity is already crimping economic production and sparking interstate legal battles. The stresses are especially severe in regions experiencing rapid population and economic growth, including the West, Southwest and Southeast. Among the most immediate threats:

 

The City of Atlanta’s water supply could be cut by nearly 40 percent as early as 2012 due to the ruling of a federal judge;

 

Lake Mead, the vast reservoir for the Colorado River, is quickly approaching a firstever water shortage declaration that would reduce deliveries to fast-growing Arizona and Nevada;

 

Hoover Dam, which provides hydropower to major urban centers in California, Arizona, and Nevada, may stop generating electricity as soon as 2013 if water levels in Lake Mead don’t begin to recover.

More regular droughts and heat waves are likely to increase the operating costs of power generators in the Southeast, among them the Tennessee Valley Authority,which was forced to slash power generation for two weeks at three of its facilities in Alabama and Tennessee because of heightened water temperatures, costing the utility an estimated $10 million in lost power production.

The water-related risk in Haiti is acute and life-threatening.  The water-related risk being reported in the United States is more a matter of managing an emerging chronic condition.  Other than water what they share is the challenge involved in working effectively to manage even known risks.

Shortly new outcomes will be published in a continuing study of post-9/11 psycho-social impacts.  According to the study’s abstract:

Exposure to adverse life events typically predicts subsequent negative effects on mental health and well-being, such that more adversity predicts worse outcomes. However, adverse experiences may also foster subsequent resilience, with resulting advantages for mental health and well-being. In a multiyear longitudinal study of a national sample, people with a history of some lifetime adversity reported better mental health and well-being outcomes than not only people with a high history of adversity but also than people with no history of adversity… These results suggest that, in moderation, whatever does not kill us may indeed make us stronger.

The full study will be available in the next-to-be-published-online  Journal of Personality and Social Psychology.  Look for “Whatever Does Not Kill Us: Cumulative Lifetime Adversity, Vulnerability and Resilience,” by Mark Seery, E. Alison Holman, and Roxanne Cohen Silver. 

In its pre-publication announcement Seery’s University of Buffalo gives some additional background:

“We tested for quadratic relationships between lifetime adversity and a variety of longitudinal measures of mental health and well-being, including global distress, functional impairment, post-traumatic stress symptoms and life satisfaction,” Seery says.

“Consistent with prior research on the impact of adversity, linear effects emerged in our results, such that more lifetime adversity was associated with higher global distress, functional impairment and PTS symptoms, as well as lower life satisfaction.

“However,” says Seery, “our results also yielded quadratic, U-shaped patterns, demonstrating a critical qualification to the seemingly simple relationship between lifetime adversity and outcomes.

“Our findings revealed,” he says, “that a history of some lifetime adversity — relative to both no adversity or high adversity — predicted lower global distress, lower functional impairment, lower PTS symptoms and higher life satisfaction.”

The team also found that, across these same longitudinal outcome measures, people with a history of some lifetime adversity appeared less negatively affected by recent adverse events than other individuals.

Prior reports from the same longitudinal effort have focused on ethnicity, gender, and other factors.   Seery cautions, “there is much work that still needs to be done to fully understand resilience and where it comes from.”

Since last Friday I have, at the request of John Comiskey, engaged in an online dialogue regarding resilience with students from Pace University.  The students had been assigned to read, among other resources, Resilience: The Grand Strategy which originated with several blog posts here at Homeland Security Watch.  They may have also read last week’s post on resilience.  You can review the dialogue in the comment section of last Friday’s post. (It is a long string with over 50 comments.)

Like Dr. Seery and his colleagues, the online discussion was focused on better understanding resilience and its origins.  We began by considering that resilience is a function of being well-informed.  When we understand our risks and the threats, vulnerabilities and consequences that constitute our risks we can — as individuals, families, neighborhoods, or other social units — take action to reduce vulnerabilities, counter threats and mitigate consequences.

But while this information strategy may be entirely true or at least entirely possible, discussants argued that the vast majority of people either ignore the information available or under-estimate the risk implications of the information.  We then examined the well-demonstrated tendency of humans to discount risk.  While it was clear that information alone will not encourage more realistic engagement with risk, we did not articulate a more effective strategy. (UPDATE: Thursday night, after this post was already cued up, a student offered a very promising strategy.)

Some, but certainly not all, of the discussants find the government and its response to various external threats at least as threatening — and perhaps more threatening — than terrorist attack, industrial accident, or natural disaster.  This perception raised the issue of our psycho-social response being an essential element of resilience.  Resilience is not just a characteristic of infrastructure and technological systems.  No matter what happens to these non-human systems it is the human system — expressed in a variety of ways, but especially through the political system — that is often the critical factor in whether we are resilient or not, whether we bounce or break, whether we bounce back better or considerably worse.

The most interesting element of the discussion (at least for me) was exploring the tension between strength and flexibilty.   It seems to me reasonably self-evident that resilience involves both of these characteristics.  We are not dealing with either/or but both/and.  It is the balance or perhaps the mix that is crucial and ambiguous and almost certainly situational.

I don’t yet  have access to the new study referenced at the top, but I have a prediction regarding it.  I bet that among those individuals who demonstrate the most resilience are those who have most successfully made meaning of adversity.  This is not a new idea.  Viktor Frankl and many others have made this case.  How we make-meaning — intellectually, mythologically, religiously, artistically, socially, whatever — is of less consequence than the making itself.

If we are concerned not just with individual resilience but something closer to social resilience — the ability of our neighborhood, community, region or nation to bounce back — then the essential role of meaning-making presents a particular challenge.  What can be quickly discerned from the online dialogue (even more effectively than from typical conversation) are the divergent and contentious sources of meaning-making even in this very small sample.

For most of human history and for most, though not all, of the humans who have experienced that history social meaning has been defined by the family, clan, tribe, or nation in which one found himself or herself.  As a result, there was a broadly shared thesis. Even for reformers and revolutionaries there was a beefy if always morphing target for their antithesis.  The functional absence of this thesis may be the greatest challenge facing us in crafting contemporary social resilience in the United States.  There are exceptions, but in most “communities” we often share little more than proximity.

If this is true — and I will celebrate persuasive arguments that I am mistaken — and  if we seek to be resilient, we must sweep away the illusion of an existing thesis around which we can organize (for resilience or almost anything).  Instead we must start at the beginning with the most fundamental elements of participation, collaboration, and deliberation.  We must stop staring at the flickering shadows on the back of the cave and begin — together, not alone — the difficult, rocky ascent to the light.

(Multiple Assertion Alerts: CODE RED)

(Comments on the prior resilience post by Pace students and others are available at: http://www.hlswatch.com/2010/10/15/resilience-absorb-and-bounce-back/#comments)

That is how a colleague, Rolf Mowatt-Larssen, characterizes the threat of terrorism. I interpret this to mean that when everyone is looking for the next strike to come from the center of the bell curve, the most devastating attack catches you by surprise at the edges.

The conventional wisdom is that we should expect, and our security services should be on guard for, an attack inspired by Al Qaeda ideology but likely originating within the U.S. utilizing explosives and/or small arms.  Besides the homegrown part, how is this different from the conventional wisdom concerning terrorism in the 1990s?

The following occurred during the last twenty years: A car bomb targeted at the World Trade Center, with the intention of toppling one tower into the other (with cyanide gas as a “backup”); Sarin gas in a subway attack; simultaneous embassy bombings; an attempted sinking of a U.S. naval warship; planes flown into buildings; anthrax delivered via the mail system.  All obviously recognized as major terrorist attacks, but events that did not fit easily within the bounds of the probable.  I might add the Oklahoma City bombing to this list as it was perpetrated by those who did not fit neatly within the expected enemies list.

What does this have to do with today’s threat environment?

Shortly after 9/11, the conventional wisdom was that Al Qaeda would only allow an attack within the U.S. that topped their greatest success.  Buttressing this argument, intelligence indicated that Al Qaeda members in Saudi Arabia had constructed a device that could be used to disperse chemicals in the New York City subway.  However, the attack was reportedly canceled by Ayman al-Zawahiri  because of plans for “something better.”

A threat from the edge.

Yet that was years ago.  Intelligence, law enforcement, and military efforts around the world have degraded Al Qaeda’s capabilities until “the group’s capabilities to implement such a large-scale attack are currently far less formidable than they were nine years ago or indeed at any time since.”  This is the judgment of Bruce Hoffman and Peter Bergen in their report “Assessing the Terrorist Threat.”  Given the types of attacks attempted over the past year that seems like a perfectly reasonable conclusion, and one shared by top intelligence and law enforcement officials.  It is also one that falls squarely in the center.

Former CIA Director Michael Hayden seems to be pushing back (at least a little) toward the edge when he writes:

“The classic al Qaeda attack, inflicting mass casualties by hitting iconic targets, is now very difficult for them to mount.”

“But we are far short of arranging a victory celebration. Al Qaeda’s capacity to mount its traditional brand of spectacular attacks has been reduced, not eliminated.”

On one hand, Al Qaeda members are under intense pressure around the world, perhaps not able to mount spectacular attacks.  On the other, how many people does it take?  The group has demonstrated the ability to compartmentalize operations and work under tight budget constraints to achieve operational goals that shocked security officials.  Is it safe to assume that the center is all we should be concerned about?

To mangle another analogy: I am not advocating taking our eyes off of the road, just suggesting that perhaps we should not forget to check our blind spots lest we be surprised again.

In July we reported and discussed the arrest of Zachary Chesser.  Today he pleaded guilty to several federal charges.  The following is from a Department of Justice media release.

–+–

Zachary Adam Chesser, 20, of Fairfax County, Va., pleaded guilty today before U.S. District Court Judge Liam O’Grady to a three-count criminal information that included charges of communicating threats against the writers of the South Park television show, soliciting violent jihadists to desensitize law enforcement, and attempting to provide material support to Al-Shabaab, a designated foreign terrorist organization… Chesser faces a maximum penalty of 30 years in prison when he is sentenced on Feb. 25, 2011. 

 “The defendant attempted to provide material support to a foreign terrorist organization and used the Internet to incite violence.  Thankfully, his commitment to violence was outmatched by the dedicated work of the agents, prosecutors and analysts who worked tirelessly to bring this man to justice,” said Assistant Attorney General David Kris.  “Today’s guilty plea is a direct result of the partnership and cooperation between the National Security Division, the U.S. Attorney’s Office and the FBI.”

Read the full DOJ statement.

Read previous coverage and discussion by HLSWatch.

A couple of weeks ago, in a comment prompted by Arnold Bogis’ inaugural weekly post to this website, Phil Palin recounted a conversation with an unnamed colleague whom he quoted as having said, “With the best of intentions — but worst of results — our current emergency management mentality systematically breeds dependence. We are our own worst enemy.” All I can say is Pogo would be proud.

Princeton professor Robert Wuthnow probably would be as well. In his recent book, Be Very Afraid,Wuthnow critically examines the cultural roots of the American obsession with Armageddon and the always just impending threat of self-annihilation. It does not diminish his argument or its thoroughly scholarly presentation to say his summation is not so far from that of Phil’s friend. In short, Wuthnow concludes that our efforts to put people at ease are largely responsible for their inexorable anxiety about the future.

The threats we face are real enough. But the ways we try to reassure people, Wuthnow tells us, leave them wondering whether we really have matters in hand. After all, many of the threats we warn them about are of our own making.

It is fair enough to say that we are not personally responsible for creating the threats, but the governmental, technocratic tribe to which we belong does bear  responsibility both for the decisions and actions that render us vulnerable while simultaneously directing other members to find remedies for these unsavory yet entirely foreseeable situations. Schizophrenic does not even begin to describe the situation.

As F. Scott Fitzgerald so aptly noted, intelligent people may be able to hold two contradictory notions in mind at once, but surely both arguments must have some particular appeal to them for this to be the case without the anxiety becoming apparent to them if not downright unbearable. When we confront people with evidence of their mortality, make it clear that they cannot depend upon government alone to rescue them and then implore them to trust that we know what we are doing when it comes to managing the threats we face they rightly wonder whether we are the crazy ones.

Maybe we are. Focusing on pathological thinking leaves unanswered an important question: “What would it look like if we we were healthy, happy and safe? How would we know if we were in such a state?”

Phil’s post over the weekend cites a Wall Street Journal essay by University of Virginia professor Jonathan Haidt. His research focuses on the nexus between moral beliefs and political behavior. In Haidt’s most recent published book, The Happiness Hypothesis, he suggests that the virtues we practice not only reveal the values we hold but inform them as well. In other words, we are — at least in part — what we do, and these actions are usually motivated by our comfort if not our interests.

To the extent the things we are doing strike many citizens as inconsistent if not necessarily insane should come as no big surprise. The public’s behavior may be little more than an outward sign of the internal anxiety caused by watching what we are doing. If either their behavior or our reaction to them makes us uneasy too, then perhaps we should take Haidt’s WSJ diagnosis as a challenge. Are we willing to something about it?

I’ve watched for years as local public safety executives and unions have expressed their anger and frustration with the level of support they get locally (which is formidable by anyone else’s reckoning, dwarfing all but education, health and welfare spending it its magnitude) to demand federal interventions and funding support. The chiefs’ and unions’ obsessions with what they are not getting has all but overwhelmed their ability to appreciate what can be done with what they already have. As such, I wonder whether their apparent anger masks something deeper and darker: An insidious fear that people might not notice if the money was spent elsewhere or not at all.

Police chiefs, fire chiefs and other public safety executives wield considerable influence over their organizations and in the community at-large. They occupy positions typically associated with power. Stanford business professor Jeffrey Pfeffer reminds us that those who hold positions of power are not always the most able, best loved or for that matter all that empathetic. Rather they are the ones most adept at playing the game. In his book, Power, Pfeffer notes without the least hint of cynicism that those in power accept three things others find it hard to swallow: 1) they accept that life is not just, 2) they relate to the world as it is (or as they perceive it to be) rather than as others wish it to be, and 3) they don’t base their definition of themselves or the best course of action in a given situation on how others see them.

We like to believe that others think the way we do. We want to believe that they want the same things we want. But that’s clearly not the case most if not all of the time. If it were, we would not find ourselves faced with the soaring levels of distrust in government and disagreement about priorities so obviously evident across our society.

If insanity can be defined as doing the same things over and over and expecting different results, what should we be doing differently? If local public safety officials are really committed to building stronger, safer communities what actions should they be taking instead of the ones we are seeing? What role, if any, should federal officials play in promoting ideals consistent with these actions? Do standards or mandates have a place in bringing this about?

Albert J. Mauroni is an analyst with twenty five years experience in chemical, biological, nuclear, and radiological (CBRN) defense policy and program development.  He has written six books about chemical and biological warfare.

Mauroni recently wrote an article about how the US homeland security enterprise addresses the threat of chemical, biological, radiological, and nuclear terrorism.  He argues that our policy is flawed fundamentally.

Here are selected excerpts from his contrarian –  very readable and compelling — article (the full document is available here ).

————————————

Some History

Our current homeland security approach to CBRN terrorism seems to have its basis in the incidents of 9/11 and the U.S. anthrax attacks in October-November 2001. However, our history of homeland defense goes back to 1941 (at least); to understand from a policy perspective how the government ought to address domestic CBRN terrorism, we need to put it all in context.

… Initially, the federal government saw its role strictly as providing a response to the intentional use of military weapons against U.S. cities and noncombatants. First it was the fear of German and Japanese bombers and missiles hitting U.S. cities on the coast. Then it was the threat of Soviet bombers and missiles. But the congressional response was not to spend great deals of money on this threat. Over time, the state and local officials were not as concerned about the possibility of external attack as they were the power of Mother Nature. Congress, influenced by those state and local officials, decided it was more important for the federal government to respond to states and locals affected by natural disasters and accidents rather than external threats. That balance was rudely jarred after 9/11, and we have yet to re-establish a more balanced view.

What does “WMD” mean?

The term “WMD” was the word of the year in 2002, but quickly fell into abuse as a term of political rhetoric and comedic punch lines. It was originally developed in 1948 by the United Nations as an accepted arms control term to describe the nation-state use of nuclear, biological, and chemical weapons.…

The military defines WMD as nuclear, biological, or chemical weapons that can cause a “high order of destruction.” I would add to this definition that the intentional use of these weapons needs to cause mass casualties….

The presence of mass casualties is a key aspect of the WMD incident, but “mass casualties” is an undefined and nebulous phrase. In general, people use the term to describe a situation in which there is one more casualty than the number of available hospital beds in the local area…. The Department of Health and Human Services (DHHS) chose the number of 1,000 injured or dead people for the trigger for its Metropolitan Medical Response Forces.

I disagree with the FBI’s use of the Title 18 U.S. Code definition of WMD because of its deliberate lack of reference to the scale of the incident. To the Department of Justice (DoJ) lawyers, any amount of CBRN or explosives, no matter how small, constitutes a WMD. Even [inert] devices or hoaxes can have WMD aspects.

In my mind, the term “WMD” is only useful as an arms control term…..

…I’m not against consideration of high-yield explosives, directed energy lasers, or other weapons that could realistically cause mass casualties. Ricin and botolinum toxin, often used in small amounts for assassinations, are not WMD. Airplanes used to cause mass casualty events are not WMD. Pipebombs and grenades are not WMD.

What do you think about CBRNE?

I don’t like the term “CBRNE” because that’s an antiterrorism term, not a WMD term. The military police and emergency responders within the DOD antiterrorism community started using “CBRNE” in the late 1990s because of numerous terrorist incidents such as the bombing at Khobar Towers, the Oklahoma City bombing, and the Aum Shinrikyo’s Tokyo subway incident. But the antiterrorism community really doesn’t worry about the “CBRN” as much as they do the “E.” When it comes to assigning resources and time to the most credible threats, the more probable threat of explosives wins over CBRN hazards every time.

Terrorists get their material and technology where they can, from the local economy. They don’t have the time, funds, or interests to get exotic. That’s what we see, over and over again. The [National Counter Terrorism Center] noted that, in 2008, there were approximately 11,800 terrorist attacks resulting in more than 54,000 deaths, injuries, and kidnappings. Nearly all were caused by armed assaults, bombings, suicide attacks, kidnappings, and other conventional forms of assault.

DHS and CBRN

In 2003, DHS began developing its CBRN terrorism response efforts by basically copying the DOD’s CBRN defense concept. This included recommending the use of plastic sheets and duct tape for homes and businesses to provide “shelter in place” collective protection and the use of point detectors to identify lethal levels of chemical, biological, and radiological hazards.

There were two major problems with this approach. First, the threat of CBRN hazard exposure to people at home (or even businesses) was about near zero, and second, the low probability of a CBRN hazard being used on any one day during the year at any one particular site within the United States was practically zero.

It was not a sustainable strategy if one demanded eternal vigilance at all locations with the goal of eliminating all threats. And of course, the U.S. government wasn’t protecting all potential terrorist targets.

Homeland Security Planning Scenarios

The Homeland Security Planning Scenarios are ridiculously unrealistic in portraying the expected threats to the homeland. Of the fifteen scenarios, eleven are CBRN-focused, and not just typical CBRN hazards but significant quantities of military warfare agents such as anthrax, smallpox, sarin nerve agent, and mustard agent.

They are “worst-case” scenarios, which are good for leadership exercises where you want to encourage interagency communications or to identify whether policies or resources are a limiting factor, but they are lousy for making resourcing decisions.

Worst-case scenarios rely on movie-theater plots that maximize the threat only because that’s the best way to get a maximum number of senior leaders within multiple agencies at the federal level involved to play in a short, annual national exercise. The 10-kiloton nuclear scenario is particularly ridiculous….

Terrorists and WMD

I don’t believe in the popular assumption that terrorists are actively working with “rogue nations” to exploit WMD materials and technology. The evidence isn’t there. Nation states invest heavy amounts of people and funds to develop specific unconventional weapons, and if they were to give or sell them to terrorists, one of two things could happen – either the weapons would be traced back to them, or the weapons might get used someplace where the nation state regrets.

The basic approach used by terrorists and insurgents is to seek out and use low-risk, easily-acquired weapon systems. Any weapon that can be improvised using available and accessible materials is good; any weapon that can be bought on the open market and easily used is good. CBRN materials don’t fit that niche.

The generic terrorist threat is often referenced without any specific understanding of specific group motivations or activities. Al Qaeda has stated intentions to use CBRN hazards, but this has not led to the actual development of any specific capabilities. …. We’re blindly attacking the tools instead of the terrorists.

The reason why terrorists are interested in CBRN hazards is because so many senior [US] leaders keep vocalizing how afraid they are of this particular threat. Before 9/11, the interest was not as strong (and the senior leader rhetoric about “WMD threats” wasn’t, either).

While terrorists are interested in CBRN hazards, they can’t get the dangerous precursor materials, they don’t have any training in handling or dispersing these hazards, and they don’t understand the particular effects on their targets. So we see some scattered use of industrial chemicals, some production of ricin toxin from castor beans, a few grams of radioactive material stolen from a facility – not exactly mass casualty threats.

As terrorists attempt to develop more sophisticated weapons in an effort to create mass casualties, their machinations become more public and it actually becomes easier to catch them.

Chemical Weapons

Chemical terrorism has been downplayed recently, ironically because it doesn’t cause enough casualties for high-consequence scenarios. Chemical terrorism remains the most likely form of CBRN terrorism, if one looks at the relative ease of obtaining industrial chemicals from the economy and low threshold of training and equipment required.

Still, people focus on the nerve agents as the “likely” threat, not because they’re available, but because they’re the most lethal.

Actual cases show terrorists seeking available industrial chemicals rather than making nerve agents, with one exception. Aum Shinrikyo had millions of dollars, facilities, trained chemists, and years of practice to make its sarin nerve agent. Most terrorist groups lack those resources.

DHS and Chemical Weapons

I’m not a proponent of the DHS Chemical Facility Antiterrorism Standards, where the department looks to identify all chemical storage facilities and to make their owners assess the security of their chemicals. All this does is cause incentives to industry to move the chemicals somewhere else. Instead of focusing on the major producers, DHS diminishes its efforts by trying to cover tens of thousands of small facilities and anyone using a chemistry kit. It becomes a paperwork drill where no one addresses the really tough problems.

The railcar discussions are particularly amusing, in that there is so much concern about a hazmat derailment within a major city. So the answer is to divert hazardous materials around a city, right? There are two things wrong with that – the secondary rails are less well maintained, and so represent a greater safety risk. And legal issues with regulation of interstate rail transport get in the way.

Bioterrorism

Bioterrorism is the flavor of the year, thanks to a recently-released government report titled “World At Risk” by former senators Bob Graham and Jim Talent.  Hollywood and fiction novels have done their best to ensure we all believe that a contagious virus without any cure is being secretly developed in a government lab and will wipe out civilization as we know it….

One requires a large amount of biological warfare (BW) agent to successfully cause mass casualties, and these agents can’t be made in a bathtub. You can’t go to Wal-Mart stores to obtain dangerous biological assays or to Home Depot for equipment to grow biological material. Bruce Ivins was successful because he had a full laboratory suite and starter material available to him, plus decades of experience in handling anthrax.

There are at least a dozen top BW threats, but under Project Bioshield we have vaccines for only two of them. Maybe in another ten years, we’ll have a few more vaccines, but certainly not twelve. For the 270 cities in the United States with a population of more than 100,000, only thirty-odd cities have Project Biowatch detectors. It’s a very expensive project to sustain against a wide variety of potential threats. ….I already mentioned the lack of vaccines and medical countermeasures for biological agents. The challenge was, and continues to be, that Big Pharma has no incentive to get involved in researching these specialized medical countermeasures. It’s too expensive, it’s not profitable, and it could lead to lawsuits if the drugs are incorrectly used.

… [W]e’ll never get adequate coverage for the entire United States, or even a majority of the nation’s major cities, because it is too expensive to run 24/7 and to test all the samples in a lab. Even with the proposed Gen 3 biowatch detector, which doesn’t exist right now, DHS plans to roughly double its monitors to cover sixty cities. Using point detectors for national special security events makes sense. Biowatch doesn’t.

Radiological Weapons

Radiological terrorism gets people excited because, even though the nature of radiological hazards hasn’t changed in more than six decades, there’s something about radiation that spooks us. The term “dirty bombs” has a sinister sound. But of all the terrorist CBRN hazards, radiological devices (RDD) are certainly not WMD. We have never had an RDD incident to date, and yet so many people like to worry about the loose or available radiological isotopes that could be grabbed up by terrorists.

I’m very critical about the approach to addressing radiological terrorism. It’s no surprise that the easiest way to reduce our risk in this area is to secure all the radiological material that industry uses and to place it in one location that could be guarded. Instead, because of NIMBY politics, the decision was made to close down a $9 billion nuclear material repository and to maintain the status quo of storing nuclear material in “temporary” storage near more than 120 nuclear facilities across the nation.

The Nuke Threat

[L]et’s look at the real 800-pound gorilla in the room. Some people fear that al Qaeda is going to somehow obtain a nuke from Pakistan, disable the safety mechanisms, and transport it to a U.S. city. Some fear that al Qaeda will build a crude nuclear bomb, using technical expertise and material through the global economy. The scenario of a 10-kiloton nuclear blast is what causes people to “lose sleep,” allegedly. And yet, if you examine the facts, it’s not likely at all that this is a credible scenario.

[N]ations with nuclear technology or materials need to consider whether the bomb will be traced back to them, and where the bomb might be used. It might not be in the United States, it might be in a neighboring country.

The number of people who would need to be engaged to get/build a bomb and move it to the United States, let alone engineer a successful detonation, would make this a complex operation that would be visible to law enforcement and the intelligence community.

We have no compelling evidence that any nation has provided a terrorist group with chemical or biological weapons – why on earth would they provide a terrorist group with nuclear weapons? It doesn’t make sense.

The “high-altitude EMP blast” scenario is particularly outlandish, suggesting that a terrorist organization would be able to move a ballistic missile to the coast of the United States and set off a megaton nuke 200 miles over the country just to collapse the electronic infrastructure and turn America into a pre-industrial society. There are better odds that an asteroid the size of Texas might collide with a major city within the United States.

Bottom line, we’re already petrified that al Qaeda is going to nuke America, even lacking any evidence that it has one or could get a nuclear weapon. So why does al Qaeda need a nuclear bomb? It already has accomplished its purpose of terrifying the country. And yet, we see the unfolding of this massive “Global Nuclear Detection Architecture” that’s designed to ensure our politicians can sleep well at night. We could cite the statistics – the hundreds of ports, the thousands of miles of border, the “second line of defense” – and ask is this the most effective way to address the challenge of a terrorist rad/nuke incident?

The scope of the global architecture keeps growing. In addition to the major air and sea ports and border crossings, the DHS Domestic Nuclear Detection Office has proposed going after all the smaller air and sea ports that cater to private vessels. And then there’s the idea of populating the major cities and interstate roads between cities with radiological monitors. Is this a sustainable plan? Is it really effective, considering the limits of radiological detection technology? I would argue, no. The false alarms and cost of maintaining such a nation-wide system are prohibitive, considering the very low probability of occurrence and other options available to the national security community.

But what if?

Let’s assume that, worst case, a nuclear bomb is smuggled into a major U.S. city. Let’s not pick New York City, that’s been debated enough. But say a nuke goes off in Atlanta or Chicago or Seattle. Let’s assume that the terrorists had a functional bomb that yielded a 10-kiloton blast, not a crude device that resulted in a 1-2 kiloton fissile. Certainly thousands of Americans would die and a city would be irrevocably damaged. But would the United States stop, falter, collapse as a nation? No. A single nuclear terrorist event is not an existential threat to such a massive country. It can be managed, and given all the effort already in place to prevent such an incident, it’s not what ought to be keeping us up at night.

If the current US approach to CBRN homeland security policy is wrong, what should we be doing instead?

[We] need serious reviews of the policies that are in place and to use [a] … “risk-based” management approach to ensure that we are spending our funds wisely.

We continue to view WMD or CBRN hazards as the threat – that’s a myopic focus. We need to look at the process by which terrorists develop their tools and understand that it is by defeating the terrorists that we can stop the CBRN threat. When you take a realistic look at the threat and what terrorists can actually do – outside of a television show like 24 – it’s not a difficult thing. We can do this more smartly.

[We] need to [stop] the loose use of the term “WMD.” It only confuses the discussion and presents an unachievable goal that obstructs serious discussion.

We need to clearly separate the concepts of how militaries defend against NBC weapons and how emergency responders address terrorist CBRN hazards.

We should not act as if a terrorist group has the capability to do as much damage as a nation with an active WMD program.

The Homeland Security Planning Scenarios have to be changed to reflect realistic and probable threats, not “worse-case” scenarios. By using the scenarios as the basis for national-level exercises, we risk the danger of overestimating the actual need for unique and specialized resources that may never be employed within our lifetimes.

We should not lose sight of the fact that the majority of incidents requiring federal response to state and local emergency responders will be for natural disasters and industrial accidents rather than WMD.

It actually is a question of “if, not when” we ever see a CBRN terrorist incident that results in mass casualties. We need a sustainable, effective approach, which requires us to stop overhyping the threat. It’s not September 12, 2001, anymore. We need to realistically assess the challenge and all possible threats – natural and man-made – and calmly, rationally, develop a plan that doesn’t bankrupt the annual operating budget.

None of us have enough money to provide perfect protection for everyone throughout the year, and there are better things to spend money on….

————————————

The complete article, Homeland Insecurity: Thinking About CBRN Terrorism, is available at this link.

In the 1983 movie WarGames, a teenager/hacker named David Lightman breaks into a military computer and challenges the WOPR  (War Operation Planning Response) supercomputer to a game of  Global Thermonuclear War.   The result? A nuclear war simulation that nearly starts World War III as WOPR convinces the military that Soviet nuclear missiles are inbound and that the USSR is staging an attack on the U.S.   In an attempt to get WOPR to stop playing the “game,” the computer is directed to play tic-tac-toe against itself.  The computer learns from this exercise the concept of futility as its tic-tac-toe games end in draws.  The computer then stops its game, noting to its human observers, “A strange game. The only winning move is not to play. How about a nice game of chess?”

Watching the movie this weekend on Netflix reminded me of our nation’s efforts to achieve cybersecurity.  Reports this past week made me wonder if, perhaps, those efforts are much like a game of tic-tac-toe or Global Thermonuclear War.  Last week, the Government Accountability Office issued a report that raised concerns about the Obama Adminsitration’s implementation of recommendations included in the White House’s 2009 cybersecurity review. The GAO noted that of the 24 recommendations laid out by the review, only two have been fully implemented – the appointments of Howard Schmidt and a privacy/civil liberties official.

The GAO found that some progress had been made on 22 of the 24 recommendations but concluded that

[o]ur extensive research and experience at federal agencies have shown that, without clearly and explicitly assigned roles and responsibilities and documented plans, agencies increase the risk that implementing such actions will not fully succeed. Consequently, until roles and responsibilities are made clear, and the schedule and planning shortfalls identified above are adequately addressed, there is increased risk the recommendations will not be successfully completed, which would unnecessarily place the country’s cyber infrastructure at risk.

Defining roles and responsibilities is not an easy feat.  Since 1996, when President Clinton first took a comprehensive approach to critical infrastructure protection and cybersecurity by putting it on the government’s radar, there has been a struggle on who should be responsible for cybersecurity. That effort was recreated/repeated when President Bush issued a national strategy in 2003 and then, again, in 2008, created the Comprehensive National Cybersecurity Initiative (CNCI).  Thus, the 2009 review referenced by the GAO was not the first effort in what seems to be a continual game of tic tac toe.

Part of the problem is that cybersecurity is present in so many different areas, requiring (seemingly) various agencies to be engaged.  When the Department of Homeland Security was created, many of the government’s cyber efforts were merged into the new agency, though many agencies chose not to transfer over elements that would have made the new Department’s cyber efforts stronger.  The result?  DHS, while improving, continues to struggle with its efforts to lead on the cybersecurity front,  especially as it does not have explicit authority to tell other agencies what to do on the cyber front, especially with regards to private sector engagement.

I’ve written several times about the struggle between DHS and the Department of Defense for leadership of the nation’s cybersecurity efforts.  Last week, Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced that the two agencies signed a memorandum of agreement to better protect against threats to military and civilian computer networks and systems.  The agreement calls for DoD cyber analysts to work with DHS to support the National Cybersecurity and Communications Integration Center.  In addition, a DHS senior staffer will be detailed to NSA.  While promising, the skeptic in me hopes that we do not see a repeat of the National Infrastructure Protection Center “sharing” experience of the 1990s where the FBI and the Secret Service joined efforts on cybercrime and infrastructure protection, only to see the Secret Service to abandon the NIPC over operational differences.

So is our cybersecurity effort futile?  Unlike Global Thermonuclear War, it is not the case that “the only winning move is not to play” on the cybersecurity front unless, of course,  one advocates an impossible-to-achieve Luddite-approach to unplugging our society from computers.   If we can realize that total elimination of cyberthreats is impossible and that our efforts should be to focus on how to mitigate potential threats and risks as much as feasible and imaginable, then we may continue to make progress on the cybersecurity front.   I’ve noted before that the Obama Administration appears to have the right people in place.  With expectation management and a commitment to not repeat past mistakes, we may just see an end to the cybersecurity tic-tac-toe.

The new coalition government’s National Security Strategy is now available to the public.  You can download the pdf at http://www.number10.gov.uk/news/topstorynews/2010/10/national-security-strategy-55815

According to The Guardian, “Theresa May, the home secretary, warned today that cyber warfare is a “growing threat” to Britain, alongside international terrorism. May outlined the top-priority threats facing the country as a significant rise in resources devoted to cyber warfare, intelligence-gathering and special forces is due to be confirmed in a national security strategy document…”

The Telegraph reports, “The other major threats are a large scale accident or natural hazard such as pandemic flu and an international military crisis which could draw in the UK and its allies.”

Many have critiqued the new British Strategy as having been more a cost-cutting exercise than a truly strategic review.

The UK has been emphasizing resilience for much longer — and with much more sophistication — than we have in the United States.  This emphasis continues.  From page 25 of the new strategy:

But we cannot prevent every risk as they are inherently unpredictable.  To ensure we are able to recover quickly when risks turn into actual damage to our interests, we have to promote resilience, both locally and nationally. Ensuring that the public is fully informed of the risks we face is a critical part of this approach.   To support national and local resilience, we will continue to publish a National Risk Register which sets out the more immediate risks of civil emergencies occurring in the UK.

More information on the UK’s National Risk Register and related efforts is available from the Cabinet Office.

Jonathon Haidt has written an interesting piece for this last weekend’s Wall Street Journal.  Now that your weekend fun is over, I encourage you to read what I will call, “A Particularly American Idea of Karma.” (Haidt and the Journal’s editors gave it a different title that I am concerned will discourage you from accessing.)

Haidt’s take on Karma is directly related to several comments posted to this blog over the last couple of years (check out related comments made to my Friday post)  and to what we understand may be at the foundation of resilient communities.

My lodestar for what works and does not work in resilience is Elinor Ostrom, who shared the 2010 Nobel Prize for Economics.   She has a new book out that is worth reading (see link at close of this post). The book is a serious bit of science. She offers a breezy summary in a February interview with Fran Korten of Yes! magazine.

Fran: It’s interesting that your research is about people learning to cooperate. And your Workshop at the university is also organized on principles of cooperation.

Elinor: I have a new book coming out in May entitled Working Together, written with Amy Poteete and Marco Janssen. It is on collective actions in the commons. What we’re talking about is how people work together. We’ve used an immense array of different methods to look at this question—case studies, including my own dissertation and Amy’s work, modeling, experiments, large-scale statistical work. We show how people use multiple methods to work together.

…

Fran: But what about the “free-rider” problem where some people abide by the rules and some people don’t? Won’t the whole thing fall apart?

Elinor: Well if the people don’t communicate and get some shared norms and rules, that’s right, you’ll have that problem. But if they get together and say, “Hey folks, this is a project that we’re all going to have to contribute to. Now, let’s figure it out,” they can make it work. For example, if it’s a community garden, they might say, “Do we agree every Saturday morning we’re all going to go down to the community garden, and we’re going to take roll and we’re going to put the roll up on a bulletin board?” A lot of communities have figured out subtle ways of making everyone contribute, because if they don’t, those people are noticeable.

Fran: So public shaming and public honoring are one key to managing the commons?

Elinor: Shaming and honoring are very important. We don’t have as much of an understanding of that. There are scholars who understand that, but that’s not been part of our accepted way of thinking about collective action.

I have some personal concerns — spiritually and ethically — with what Haidt and Ostrom are saying.  But I want to listen very carefully.  Hope you will join me in listening and thinking through the implications for resilience and more broadly for homeland security.

For further consideration:

Working Together  by Elinor Ostrom, Marco Janssen, and Amy Poteete

Unthinkable by Amanda Ripley (check out her blog post on the Chilean mine rescue)

Fundamentals of Resilience in Brief from a 2009 HLSWatch Post

The President took some hits for a comment Bob Woodward included in his most recent first draft of history. On page 363 of Obama’s Wars we read:

During my Oval Office interview with the President, Obama volunteers some extended thoughts about terrorism.

“I said very early on, as a Senator and continue to believe, as a presidential candidate and now as president, that we can absorb a terrorist attack. We will do everything we can to prevent it. but even a 9/11, even the biggest attack ever, that ever took place on our soil, we absorbed it, and we are stronger. This is a strong, powerful country that we live in, and our people are incredibly resilient.”

Then he addressed his big concern. “A potential game changer would be a nuclear weapon in the hands of terrorists, blowing up a major American city. Or a weapon of mass destruction in a major American city. and so when I go down on the list of things I have to worry about all the time, that is at the top, because that’s one area where you can’t afford any mistakes. And so right away, coming in, we said, how are we going to start ramping up and putting that at the center of a lot of our national security discussion? Making sure that that occurrence, even if remote, never happens.”

The partisan tit-for-tat regarding this comment was mostly about casting and cleaning red herrings.  With that behind us (I hope), what is the President telling us about his view of resilience?

The unstated implication — and principal source of the fishy critiques — is that there will be another successful terrorist attack on the United States.  We have already seen the Ft. Hood shootings and the fizzled Times Square bombing.  Other attacks are undoubtedly being planned.  The Taliban-in-Pakistan has specifically threatened an “amazing” attack on Washington D.C. 

It is realistic rather than fatalistic to recognize there will be another successful attack. Responding to several surveys over the years the vast majority of Americans (usually more than 80 percent) say they expect a terrorist attack. In the first half of 2010 a survey by  the Pew Center for People and the Press found that 58 percent of respondents expect a terrorist attack using a nuclear weapon.

Experts disagree on the scope and scale of future terrorist attacks on the United States.  In September the Bipartisan Policy Center provided the following assessment:

Despite al-Qaeda’s long interest in acquiring chemical, biological, radiological, and nuclear (CBRN) weapons, on the infrequent occasions that it or its affiliates have tried to deploy crude versions of these weapons their efforts have fizzled, as was evident in the largely ineffectual campaign of chlorine bomb attacks by “Al-Qaeda in Iraq” in 2007. Militant jihadist groups will be able to deploy only crude chemical, biological, or radiologicalweapons for the foreseeable future, and these will not be true “weapons of mass destruction,” but rather weapons of mass disruption, whose principal effect will be panic but likely few deaths.

In contrast the Commission on Prevention of Weapons of Mass Destruction has argued:

• First, there is direct evidence that terrorists are trying to acquire weapons of mass destruction.

• Second, acquiring WMD fits the tactical profile of terrorists. They understand the unique vulnerability of first-world countries to asymmetric weapons—weapons that have a far greater destructive impact than the power it takes to acquire and deploy them. The airplanes that al Qaeda flew into the World Trade Center were asymmetric weapons.

• Third, terrorists have demonstrated global reach and the organizational sophistication to obtain and use WMD. As recent actions by al Qaeda in the Arabian Peninsula demonstrate, the al Qaedanetwork is expanding through international partnerships. In particular, it is well within their present capabilities to develop and use bioweapons. As the Commission’s report, World at Risk, found, if al Qaeda recruits skilled bioscientists, it will acquire the capability to develop and use biological weapons.

• Fourth, the opportunity to acquire and use such weapons is growing exponentially because of the global proliferation of nuclear material and biological technologies.

The President shares the expectations of most Americans regarding the likelihood of a successful terrorist attack.   While he considers the probability of a nuclear attack to be “remote,” he has given considerable attention to preventing such an attack.  During the campaign he gave a major speech on the topic that clearly set the stage for key elements of the National Security Strategy. A series of administration actions since the inauguration follow-through on what was outlined in the July 2008 speech.

In terms of resilience the President evidently makes a distinction between attacks that the nation can “absorb” and an attack that would be a “game changer.”  While it goes beyond his specific statement, the logic seems to be there is a fairly high threshold up to which the nation will bounce back.   This threshold is at least as high as the 9/11 attacks. 

But the President assumes there are some attacks that would produce a fundamental shift in the national game plan or even the national game.   He specifically calls out, “blowing up a major American city” with a nuclear device.   He seems to suggest that such an attack would ipso facto prevent a bounce back.

I wonder. 

National resilience — especially in such a rich, large and populous nation as the United States — is as much a psycho-social-political response as anything else.  Certainly a 10K blast in any major city and especially in Washington D.C. would severely test our resilience.  Would it necessarily break it? 

The fact that a significant majority of Americans already expect such an attack increases our potential resilience.  The facts on the ground may also redound to our potential resilience.  In a 2009 essay in Homeland Security Affairs Journal, Robert Harney writes,

Contrary to the predictions of traditional analysis and experience of Hiroshima and Nagasaki, the more “realistic” analysis presents a picture that is much less dire. Fatalities are 20% of those predicted by the standard analysis, while injuries are 10% of those predicted and the damaged area is 5%. Much of the infrastructure will survive. Most evacuation routes will remain viable (permitting relocation for fallout mitigation). Food, water, sanitation, power,communications, and transportation will remain available to most of the city.

 

Transportation to or from the rest of the country, especially air travel, is likely to be minimally affected. Airports are seldom located in the high population density areas that are attractive for casualty production. The first response system will remain intact. At most one or two police precincts and fire stations will be within damage zones. Only a small fraction of first responders will be among the casualties. The majority of the health care system will remain intact. Few hospitals, clinics, or potential shelter areas may be located within the small damage zones and thus will remain intact and operational. Few health care professionals will become casualties. Regional health care facilities (an estimated 60,000-70,000 beds at three beds/1000 people) have the theoretical capacity to handle the most badly injured. However, most of the 60,000-70,000 beds are occupied during ordinary times and emergency rooms are almost always crowded. Diagnostics and elective procedures account for at least part of the occupation of beds and many emergency room visits occur in lieu of seeing primary care physicians. In a major emergency, many could be discharged by applying triage to those already at the facilities as well as to the victims of the explosion. Nevertheless, emergency treatment facilities will be stressed. This should be considered during planning for disaster preparedness, as well as in any discussions of generally improving national health care.

 

Although horrific and highly stressing of existing resources, this scenario is nearly ideal for disaster response and relief by local, state, and national entities. Because structures and roads will be undamaged outside the immediate blast area, the effects of fallout from a single nuclear event can be minimized through immediate and effective response including fallout prediction and a combination of evacuation, sheltering in place and/or decontamination. Sheltering for as little as one day can reduce the fallout exposure to less than 20% of the maximum possible accumulated exposure at any location, even if the individual then elects to remain in the contaminated area. It can reduce the total exposure to less than 1% of the maximum possible if the individual elects to walk out of the fallout zone (estimated to take a few hours at most). There is a place for renewed interest in civil defense.

Harney starts his essay with, “The unthinkable is probably inevitable.”  But 58 percent of Americans are already thinking about it.  What is the resilience potential if we would forthrightly and specifically deal with a range of catastrophic possibilities? 

The San Andreas fault will shift (a recent study says it will be even worse than previously projected), so will the New Madrid fault.   Each will produce consequences far beyond the scope and scale of an improvised nuclear device.  A Cat-5 hurricane will pummel a major city.  An urban wildfire will jump the lines with frightening death, injury, and destruction.  A pandemic will emerge with all the surprise of H1N1 and thirty-times the punch.

Terrorism is not the only — or most likely — source of catastrophe.  But expecting the worst mitigates its impact.  Preparing for the worst is even more effective. We should certainly invest in prevention.  But in one form or another we will be catastrophically challenged. I perceive that if we would creatively engage this reality, the nation is even more resilient than the President may imagine.

For further consideration:

The Little BIG Things (Resilience Chapter) by Tom Peters

Building Resilient Communities: A Preliminary Framework for Assessment by Longstaff, Armstrong, Perrin, Parker, and Hidek

A quide for implementing the Hyogo Framework for Action by local stakeholders (UNISDR and Kyoto University)