Homeland Security Watch

Tuesday the Senate passed the Cybersecurity Information Sharing Act of 2015 by a vote of 74 to 21.   This bill is similar to a measure passed previously by the House.  Reconciliation is likely.

Part of the Congressional Research Service summary:

Requires the Director of National Intelligence (DNI), the Department of Homeland Security (DHS), the Department of Defense (DOD), and the Department of Justice (DOJ) to develop and promulgate procedures to promote: (1) the timely sharing of classified and declassified cyber threat indicators in possession of the federal government with private entities, non-federal government agencies, or state, tribal, or local governments; (2) the sharing of unclassified indicators with the public; and (3) the sharing of cybersecurity threats with entities to prevent or mitigate adverse effects…

Permits private entities to monitor, and operate defensive measures to detect, prevent, or mitigate cybersecurity threats or security vulnerabilities on: (1) their own information systems; and (2) with authorization and written consent, the information systems of other private or government entities. Authorizes such entities to monitor information that is stored on, processed by, or transiting such monitored systems.

Allows entities to share and receive indicators and defensive measures with other entities or the federal government. Requires recipients to comply with lawful restrictions that sharing entities place on the sharing or use of shared indicators or defensive measures.

Requires the federal government and entities monitoring, operating, or sharing indicators or defensive measures: (1) to utilize security controls to protect against unauthorized access or acquisitions, and (2) prior to sharing an indicator, to remove personal information of or identifying a specific person not directly related to a cybersecurity threat…

Exempts from antitrust laws private entities that, for cybersecurity purposes, exchange or provide: (1) cyber threat indicators; or (2) assistance relating to the prevention, investigation, or mitigation of cybersecurity threats. Makes such exemption inapplicable to price-fixing, allocating a market between competitors, monopolizing or attempting to monopolize a market, boycotting, or exchanges of price or cost information, customer lists, or information regarding future competitive planning.

Basically, CISA allows — encourages — owners and operators of cyber-networks to work with each other and the public sector to monitor and defend the networks. The legislation does this by reducing the chance of successful lawsuits involving actions taken for this purpose.

DHS will play a key role brokering private with private and private with public information flows.  In fact, according to The Hill — and what was said and done on the Senate floor Tuesday — “funneling the vast majority of CISA data through DHS was a key compromise the bill’s backers struck to win the support of on-the-fence lawmakers.” For some DHS is considered more circumspect than other federal options.

Many in the tech community have resisted the measure.  Most privacy advocates have been adamantly opposed.  There is evidence that some at DHS do not want the authority being granted to it.  But that’s not what Secretary Johnson seemed to say.

According to Wired:

The version of CISA passed Tuesday, in fact, spells out that any broadly defined “cybersecurity threat” information gathered can be shared “notwithstanding any other provision of law.” Privacy advocates consider that a vague and potentially reckless exemption in the protections of Americans’ personal information. “Every law is struck down for the purposes of this information sharing: financial privacy, electronic communications privacy, health privacy, none of it would matter,” says Robyn Greene, policy counsel for the Open Technology Institute. “That’s a dangerous road to go down.”

Given the recent spike in hacks, seems the body-politic has decided better the devil you know than the devil not known.

California is now in its fourth year of drought. In a state this big precipitation varies widely, but for example, in Bakersfield the average annual precipitation is 6.4 inches and through the end of September roughly 4.5 inches.  This year’s total at the end of September was 2.8 inches. The winter snowpack was almost non-existent this year.  The lowest in 500 years according to some.

The State of California reports reservoir levels as of October 15 are roughly two-thirds below capacity and less than half historic averages. Some examples: Castaic Lake 31% of capacity (40% of year to date average); Don Pedro 31% of capacity (47% of average); Exchequer 8% of capacity (18% of average); Folsom Lake 17% of capacity (31% of average); Lake Oroville 29% of capacity (48% of average); Lake Perris 36% (47% of average); Millerton Lake 35% of capacity (90% of average); New Melones 11% of capacity (20% of average); Pine Flat 12% of capacity (34% of average); San Luis 18% of capacity (35% of average); Lake Shasta 33% of capacity (56% of average); and Trinity Lake 21% of capacity (32% of average).

Since early this year Californians have cut their total water usage. For June, July, and August the cumulative statewide savings rate was 28.7% equal to 611,566 acre-feet of water saved. The Governor’s office has set a goal of saving 1.2 million acre-feet of water by February 2016. Some are seeing signs of a long-term shift in cultural attitudes toward water use.  Last week the LA Times advocated public shaming of Southern California water hogs.

Since January 1 there have been 5942 wildfires in California, consuming 307,335 acres, almost triple a five year average.

All of which further complicates the already tough job of selling flood insurance in California.

Yet last week Accuweather reported accumulating evidence for a powerful 2015-2016 El Nino, beginning to impact California in late November into December.

The most likely, and most impactful, scenario during this winter is that California will get significant precipitation in the form of both rain and snow.

“California will be much more active weather-wise this winter than last winter,” AccuWeather Meteorologist Ben Noll said.

Copious amounts of rain from systems over the same area, a theme which occurs often during this type of weather pattern, can lead to problems for California.

Locals may be faced with flooding and mudslides, which could prove devastating for home and property owners. This will be especially problematic over recent burn scar areas, where rampant wildfires have charred millions of acres.

According to the Census Bureau there are 12,542,460 households in California.  According to FEMA there are 229,538 flood insurance policies in force.  Hmmm?

Last week NOAA and FEMA made a concerted effort across California to raise-the-warning and encourage preparations, including purchasing flood insurance.  I happened to be in Los Angeles at the same time.  City, county, and state officials are taking the flood risk very seriously.  But it does require a particular exercise of the will to prepare for floods in the midst of drought.

And selling flood insurance in these conditions: How about ice to Eskimos or sand in Timbuktu or coal to Newcastle?  There must be a better way to recognize and mitigate the risk.

MONDAY, OCTOBER 19, 2015

0618-0632 LOCAL TIME (rough estimate)

DULLES INTERNATIONAL AIRPORT (TSA-Pre GATE)

GENERAL OBSERVATIONS:

Lines are short.

Two TSA officers are checking tickets and identifications. Mine is pleasant and apparently thorough.

Two luggage check-lines are operating.  No significant back-up.

As I unload my pockets into my carry-on, the TSA officer on the other side of the conveyor addresses a colleague beyond the security-line. “[Name no longer remembered], what’s with the boots, active duty in uniform?”

I look behind me to see a man in army fatigues unlacing his campaign boots, it’s taking a while.

The TSA officer working the line answers with something like, “He can keep the uniform on, but the alarm says the boots come off.” The response sounded smug to me.  The guy closer to me mutters something inaudible, but unhappy.

Whatever the regulation might actually be, the guy asking the question was shut down, at least for the morning–probably longer.

I walk toward the standard screening gate, but am told I have been randomly selected for advanced treatment.  I proceed to the millimeter wave scanner where I am politely told to assume the position.  As I exit the same polite TSA officer asks me to hold.

Another civilian — a woman — is standing with us.  I soon realize the male TSA officer is needing a female TSA officer to check the full-body image of the female who had preceded me.

He calls for his boss, who is answering a phone.  He calls the name of the nearest female colleague, who seems to purposefully ignore him. He calls for another female colleague who just shakes her head.  Then his boss is off the phone, but disappears seeming frantic, into the increasing hubbub.

My polite TSA officer captures the attention of the one female to his right, but she insists there are plenty of females to his left. One of the females on his left approaches (out of curiosity?).  He explains needing her help. She responds that she’s on break.  He implores.  She says its a management problem.  But when he asks, “Do you approve the image? (I think that’s the line), she glances over his shoulder and — reluctantly, it seemed to me — says yes.

The female civilian is released.  I’m not sure he looked at my image before apologizing and letting me go.  At least five more were waiting on the other side of the Imaging Cylinder.

AFTER-ACTION CONSIDERATIONS:

If I had been more mindful, I should have taken names. I should have, at least, told the polite TSA officer his efforts were appreciated. Instead I just gathered my bags from the now crammed conveyor and scurried to my plane.

In the midst of this mildly Kafkaesque scene the polite TSA officer was an effective agent of sanity, hope, and progress.  It was not yet dawn and there must have been parts of his limbic system feeling under attack.  Yet he was civil to everyone and persistent in his efforts to free us to be about our day, even as he tried to do his job.

Many worry our entire aviation security system teeters on the absurd or worse (it was Kafka who wrote, “Evil is whatever distracts”). But especially if this is true, how do we better develop systems to support and empower this civilized man and others like him?  So much of what we do seems more likely to create the very attitudes and behaviors he was struggling to overcome.

Photograph by Hilary Swift for the New York Times

Jeh Johnson, the Secretary of Homeland Security, had lunch recently with Claire Danes, star of “Homeland”.  Philip Galanes brought them together (above) for a piece printed in the Style section of the Sunday Times.

It strikes me as an odd invitation for the Secretary to accept.  But he is evidently a fan and, as explained in the feature, Mr. Johnson perceives that popular culture can do a great deal to shape the political context.

No breaking news that I recognized.  But it did cause me to look more carefully at yesterday’s edition of our “newspaper of record” for other homeland security related stories.

The magazine’s cover story is an exposé on the death of Osama bin Laden.  While a bit of a stretch, doesn’t anything dealing with bin Laden somehow touch homeland security?  That story is immediately followed by a two-page photo spread on confederate memorials in Richmond, Virginia.  What do you think?

The first section of Sunday’s paper has plenty on Israeli-Palestinian tensions, Hindu nationalism, the war in Syria, refugees in Europe, and a Mexican drug lord.  In their current form none of these reports quite strike me as speaking to the homeland.  But there is a follow-up on the mass shooting at Umpqua Community College.  That counts, wouldn’t you agree?

The business section’s big lead is on the head of the International Association of Fire Fighters.  Recently I have argued here for greater involvement by homeland security professionals in policy/strategy development.  The IAFF does so.  The NYT tells how.

Racial discrimination in housing is the topic of Sunday’s lead editorial.  The Sunday Review also includes an essay on how recent scientific studies show (again) “how easily we can be fooled by our belief in patterns.” Then there’s a piece on how Americans no longer learn to actively listen.  These issues strike me as having profound implications for what I frame as homeland security. But I expect many of you would disagree.

The sports section confirms we are closing in on the World Series (a National Special Security Event).

Scanning the travel section my synapses fired on several terrorism or counterterrorism possibilities.  Did you see the recent article claiming paranoia is good?

In an interview with Steven Spielberg we read:

So many things were in my mind in the contemporary world. Drone missions. Guantanamo Bay. Cyberhacking, because cyberhacking is a form of spying…  And yet today, there is much more dread and fear of who’s looking over our shoulders.  There was a specific enemy, the Soviet Union, in the the 1950s and ’60s. Today we don’t know our enemy.  The enemy doesn’t have a specific face.

The Book Review tells us about a post-catastrophe novel, a non-fiction “biography” of weather, a couple of thrillers involving “China is ascendant, Russia is on a real estate acquisition binge, the Middle East is aflame…”  There are also two new texts on “how we make sense of a complex world and try to predict its future.”

Any of the above strike you as homeland security stories?  Sorry, nothing that I saw on floods, droughts, grid-failures, earthquakes, cyclones, current epidemics, or even supply chains. Maybe I missed something, will look more carefully on the plane tomorrow.

I’ve been invited to write a chapter for a new text on national security. Saturday I was reading complaints by several scholars regarding how there is no consistent definition of national security.  If so, maybe the President is right when he insists, “Homeland Security is indistinguishable from National Security…”

But isn’t the Claire Danes character a CIA agent?  She should be having lunch with John Brennan not Jeh.

Presidential Policy Directive 8 is one of several tools designed to actuate the President’s constitutional authority under Article II.

PPD-8 sets-up the National Preparedness Goal, a second edition of which was released last week.  Acts of Congress might have been used to justify the Goal.  From PPD-8: “The national preparedness goal shall reflect the policy direction outlined in the National Security Strategy… applicable Presidential Policy Directives, Homeland Security Presidential Directives, National Security Presidential Directives, and national strategies, as well as guidance from the Interagency Policy Committee process. The goal shall be reviewed regularly to evaluate consistency with these policies, evolving conditions, and the National Incident Management System.” Absence is often meaningful.  The Goal, for better or worse, is a creature of the Executive.

Whether the legislature, executive, or both are involved, the creation of of such products is aptly called sausage-making: usually involving left-over scraps and fat, ground together, combined with spices and herbs, packed into something that tastes much better together than apart.

But making is only the first step.  An example:  In the 2011 first edition of the National Preparedness Goal there is one mention of supply chains:

Supply Chain Integrity and Security: Strengthen the security and resilience of the supply chain. 1. Secure and make resilient key nodes, methods of transport between nodes, and materials in transit.

This was one of many core capabilities listed.  This particular core capability was situated under the so-called “Protection Mission”. Protecting supply chains tends to invoke a security-orientation much more than a resilience-orientation.  It was a struggle to insert “and make resilient”.  Over the last four years I have applied these few words like a beachhead at Normandy (it sometimes felt like Gallipoli).

Later in the same 2011 document, under the Response Mission, is another core capability worded as:

Public and Private Services and Resources: Provide essential public and private services and resources to the affected population and surrounding communities, to include emergency power to critical facilities, fuel support for emergency responders, and access to community staples (e.g., grocery stores, pharmacies, and banks) and fire and other first response services. 1. Mobilize and deliver governmental, nongovernmental, and private sector resources within and outside of the affected area to save lives, sustain lives, meet basic human needs, stabilize the incident, and transition to recovery, to include moving and delivering resources and services to meet the needs of disaster survivors. 2. Enhance public and private resource and services support for an affected area.

Supply chain resilience has become the weird personal mission of my sundown career. The words immediately above, despite their likely intent, complicated mission achievement.  When combined with the Protection mission language, the Response mission language could even encourage non-resilient choices.

In the second edition of the National Preparedness Goal released last week the capability under Protection remains the same.  The capability under Response now reads:

Logistics and Supply Chain Management: Deliver essential commodities, equipment, and services in support of impacted communities and survivors, to include emergency power and fuel support, as well as the coordination of access to community staples. Synchronize logistics capabilities and enable the restoration of impacted supply chains. 1. Mobilize and deliver governmental, nongovernmental, and private sector resources to save lives, sustain lives, meet basic human needs, stabilize the incident, and transition to recovery, to include moving and delivering resources and services to meet the needs of disaster survivors. 2. Enhance public and private resource and services support for an affected area.

My professional menu just evolved from boiled hot dogs to grilled kielbasa. And I will spend the next months, even years, trying to deliver this kielbasa as widely as possible.  Making is only worthwhile when a product is delivered and consumed.

The 2011 hot dogs were better than nothing.  But there is now a substance and flavor better matched to market realities and consumer needs.  I expect this kielbasa will be consumed much more widely and enthusiastically than those hot dogs.

Supply chain issues are equally important to mitigation. Plenty of sausage-making still ahead. I am a great fan of Merguez sausage (especially made with lamb).  It is a bloody, sticky, messy process.  But results can fill and satisfy.

Last week a second edition of the National Preparedness Goal was released.

The Goal itself has not changed since the 2011 original:

A secure and resilient nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk.

There is also considerable continuity between the original details and the new details.  According to a FEMA Information Sheet on “What’s New”:

The refresh of the National Preparedness Goal centered on discrete, critical content updates based on lessons learned, real world events and the results of the National Preparedness Report. In working towards development of the second edition of the Goal, FEMA and its whole community partners focused on assessing the existing core capabilities. Resulting updates to the core capabilities include changes to select titles and definitions and the addition of one new core capability – Fire Management and Suppression.

The National Preparedness Goal is part of the policy/strategy apparatus emerging from Presidential Policy Directive 8 released in late March 2011.  In the PPD the President directed the Secretary of Homeland Security to coordinate federal — even “all-of-nation” — implementation.  For richer or poorer, the Goal is widely perceived as FEMA-centric. (As noted below, I don’t think this is healthy or necessary.)

Thursday I intend to give particular attention to one change from the 2011 edition that I consider a potentially important positive.

But first a comment on the context and limitations of this sort of document: In my experience the homeland security professions — federal, state, or local — tend to receive the vast majority of “national” policy and strategy statements with skepticism at best and more often with disdain.

The story is told of a First Responder delegation meeting with a President’s Homeland Security Adviser.  After an hour-long discussion of policy, strategy, operations and tactics, the Senior Official encouraged one of those who had not contributed to share his thoughts.  The Big City professional responded, “With all due respect sir, just tell us what we have to say to get the money.”

The defense, foreign policy, and intelligence communities are also interested in money.  But they self-consciously engage in making and critiquing policy/strategy in order to shape their budget and spending context.  This can sometimes be cynical.  In some cases, even corrupt. But by-and-large the nexus of policy, strategy, and money is a crucial arena for thinking through and refining where resources will be spent and why.

It is an entirely fallible process, but in the traditional national security space the active participation of a wide array of professional, academic, political, commercial and other interests can generate substantive benefits across the strategy-to-tactics continuum.

President Obama has been very clear from the beginning, “I believe that Homeland Security is indistinguishable from National Security — conceptually and functionally, they should be thought of together rather than separately.”  As some readers may recall, I disagreed with the President on this matter.  But in any case, for this policy formulation to be effective, the homeland security professions are required to engage the policy-strategy-budget process with a skill and resolve equal to national security veterans.

This “refresh” of the National Preparedness Goal offers another opportunity to do so.

The radar loop above starts on Thursday evening, October 1 and runs through Sunday evening (thanks to Matt Daniel at WMAZ in Macon, Georgia).

A similar video — showing a narrow band of intense moisture — could be shown for the 2010 mid-Atlantic “Snowmageddon”.

Some have suggested that Japan’s extraordinary flooding in early September reflected meteorological conditions similar to what we saw last week over the Carolinas.

Detailed data does not exist to show the unfolding of the 1861 California megaflood. According to Scientific American, this 43-day storm, “turned enormous regions of the state into inland seas for months, and took thousands of human lives. The costs were devastating: one quarter of California’s economy was destroyed, forcing the state into bankruptcy.”

“Geologic evidence shows that truly massive floods, caused by rainfall alone, have occurred in California every 100 to 200 years. Such floods are likely caused by atmospheric rivers: narrow bands of water vapor about a mile above the ocean that extend for thousands of kilometers.”

The emergence of so-called atmospheric rivers is well-established, but not widely understood. NOAA explains, “Atmospheric Rivers (AR) are relatively narrow regions in the atmosphere that are responsible for most of the horizontal transport of water vapor outside of the tropics. While ARs come in many shapes and sizes, those that contain the largest amounts of water vapor, the strongest winds, and stall over watersheds vulnerable to flooding, can create extreme rainfall and floods.”

In 2011 USGS, FEMA, CalEMA, and others collaborated in the ARkStorm exercise focusing on a recurrence of the historic pattern in California.  Scenario elements include, “The Central Valley experiences hypothetical flooding 300 miles long and 20 or more miles wide. Serious flooding also occurs in Orange County, Los Angeles County, San Diego, the San Francisco Bay area, and other coastal communities. Windspeeds in some places reach 125 miles per hour, hurricane-force winds. Across wider areas of the state, winds reach 60 miles per hour.”

What is important to recognize is that this is not worst-case thinking, but historically demonstrated risk.  It is not so much a matter of if, but where and when.

And by the way, this winter’s El Nino is predicted to be strong, especially in Southern California.

Sunday the Governor of South Carolina explained that the state has not seen the current level of flooding in 1000 years.  I doubt that was what she was told.  But I understand how she might have heard it.

Monday morning’s headline in USA Today was 1,000-YEAR STORM SLAMS S.C.  The millennial reference was not explained.

‘1,000-year’ rain floods South Carolina, and it’s not over yet is how the CNN website headlined their video-and-text reporting.  The text-based version includes, “A “1,000-year rainfall” means that the amount of rainfall in South Carolina has a 1-in-1,000 chance of happening in any given year, CNN meteorologist Taylor Ward said.”

A thousand-year-flood or a hundred-year-flood are shorthand descriptions for the annual exceedance probability for such a flood-event. Too often this is heard, as by the governor, as suggesting it has been a very long time since such an event and — of even more concern from a public understanding and public policy perspective — it will be a very long time until such an event recurs.

Here’s how the U.S. Geological Survey explains exceedance probabilities:

In the 1960’s, the United States government decided to use the 1-percent annual exceedance probability (AEP) flood as the basis for the National Flood Insurance Program. The 1-percent AEP flood was thought to be a fair balance between protecting the public and overly stringent regulation. Because the 1-percent AEP flood has a 1 in 100 chance of being equaled or exceeded in any 1 year, and it has an average recurrence interval of 100 years, it often is referred to as the “100-year flood”. Scientists and engineers frequently use statistical probability (chance) to put a context to floods and their occurrence. If the probability of a particular flood magnitude being equaled or exceeded is known, then risk can be assessed. To determine these probabilities all the annual peak streamflow values measured at a streamgage are examined. A streamgage is a location on a river where the height of the water and the quantity of flow (streamflow) are recorded. The U.S. Geological Survey (USGS) operates more than 7,500 streamgages nationwide (see map) that allow for assessment of the probability of floods. Examining all the annual peak streamflow values that occurred at a streamgage with time allows us to estimate the AEP for various flood magnitudes. For example, we can say there is a 1 in 100 chance that next year’s flood will equal or exceed the 1-percent AEP flood. More recently, people talk about larger floods, such as the “500- year flood,” as tolerance for risk is reduced and increased protection from flooding is desired. The “500-year flood” corresponds to an AEP of 0.2 percent, which means a flood of that size or greater has a 0.2-percent chance (or 1 in 500 chance) of occurring in a given year.

I have done some modest work with the Charleston, South Carolina region on community resilience.  They have been concerned about flooding and especially the potential impact of a strong hurricane.  The current storm has been “just” a rain event, but it has exposed — again — many of the vulnerabilities of concern to the community.  Even without strong winds and storm surge, massive volume and high tides have been destructive enough.

The greatest challenge in Charleston — and everywhere else I have ever worked — is a strong tendency to diminish attention to what are perceived as rare risks.  Too often I have seen individuals and organizations decide that since they just experienced something exceedingly rare they have essentially been indemnified from future losses.

Rather, at least in many coastal communities, there is good cause — data-driven and statistically sound — to reasonably assume that this weekend’s extremes will recur with increasing frequency in the next hundred years.  Instead of indemnifying, it is just a down payment.

Late Monday USA Today reported:

The biblical flooding in South Carolina is at least the sixth so-called 1-in-1,000 year rain event in the U.S. since 2010, a trend that may be linked to factors ranging from the natural, such as a strong El Niño, to the man-made, namely climate change.

So many “1-in-1,000 year” rainfalls is unprecedented, said meteorologist Steve Bowen of Aon Benfield, a global reinsurance firm. “We have certainly had our fair share in the United States in recent years, and any increasing trend in these type of rainfall events is highly concerning,” Bowen said.

TUESDAY MORNING UPDATE:

Yikes!  Here are the two opening sentences and the closing sentence of the lead editorial in the October 6 Charleston Post and Courier:

Catastrophic rainstorms like this one happen only every thousand years, climate and weather experts explained as unprecedented flooding forced people out of their homes, closed roads and submerged stalled vehicles. One can only hope that assessment holds true… We must work to prepare for the next disaster, even if it doesn’t happen for a thousand years.

The P&C is a much better than average daily newspaper.  When they get this so very wrong, we can be sure most other folks will too.

Above, Jeh Johnson, Secretary of Homeland Security speaking on September 16

A couple of days after I began this most recent hiatus, Secretary Johnson spoke at Westminster College in Missouri.  An old friend happened to be in the audience.  I have not seen any media coverage.  I’ve since found a transcript.

In his speech the Secretary tells a personal story that I had not previously heard.  For me it is compelling because the story is–at least as the Secretary renders it–a parable of a compromised hero, principles long-defended but ultimately forsaken, and an early death.  This is an interesting parable for a Secretary of Homeland Security to choose to tell.  I hope you will read his story and the entire speech.

Here are a few lines from toward the end, well after the personal story was concluded.

I can build you a perfectly safe city, but it will amount to a prison. 

I can guarantee you a commercial air flight perfectly free from the risk of terrorist attack, but all the passengers will be forced to wear nothing but hospital-like paper smocks, and not be allowed any luggage, food, or the ability to get up from their seats. 

I can do the same thing on buses and subways, but a 20 minute commute to work would turn into a daily, invasive two-hour ordeal. You’d rather quit your job and stay home.

I can guarantee you an email system perfectly free from the risk of cyber attack, but it will be an isolated, walled-off system of about 10 people, with no link to the larger, interconnected world of the Internet. 

I can profile people in this country based on their religion, but that would be unlawful and un-American.    

We can erect more walls, install more screening devices, and make everybody suspicious of each other, but we should not do so at the cost of who we are as a Nation of people who cherish our privacy, our religions, our freedom to speak, travel and associate, and who celebrate our diversity and our immigrant heritage.

In the final analysis, these are the things that constitute our greatest strengths as a Nation.

More and more I perceive that true security — like happiness? — is most likely to be achieved as the result of effort primarily focused elsewhere. Viktor Frankl wrote, “Happiness cannot be pursued; it must ensue, and it only does so as the unintended side effect of one’s personal dedication to a cause greater than oneself or as the by-product of one’s surrender to a person other than oneself.”

There are interesting lacunae in the Secretary’s speech, especially interesting for a lawyer with a reputation for detail.  It goes beyond what the Secretary actually says, but in those pregnant spaces I hear something similar to, “Security cannot be pursued; it must ensue, and it does so mostly as the side effect of a peoples’ dedication to a cause greater than their own safety.”