Homeland Security Watch

A former FBI intelligence analyst speaks out today in a Washington Post op-ed on the Bureau’s failures to develop a successful intelligence shop since 9/11. She alludes to a DOJ Inspector General report that criticized FBI’s treatment of intelligence analysts earlier this year, a report that noted that the Bureau’s retention of analysts was low, in part because they were treated like “second-hand citizens” and frequently assigned menial tasks .

But she notes:

It wasn’t the photocopying or the lack of promotion potential that compelled me to leave my job as an FBI analyst this year — it was the frustration of working in a system that does not yet recognize analysis as a full partner in the FBI’s national security mission.

Many of the first-hand details in the rest of the article are devastating, such as:

Analysts found that in many cases they had to operate with a dearth of information and intelligence resources. For example, not all the people carrying the title “All Source Analyst” in the division for which I worked even had desktop access to the Internet or to intelligence community e-mail and intranet servers.

And:

There is no guidance giving field offices the information they need to direct case reporting to the appropriate analytic groups, and no policy mandating that they do so. In this vacuum, the analyst’s access to investigative data becomes almost entirely a function of personal relationships cultivated with agents in the field — a difficult task for those whose work it is to assess threats emerging across the nation and overseas.

Articles such as this confirm my long-standing belief that it was a serious blunder not to create a “MI-5” type organization to lead domestic intelligence, either within DHS at its inception or as a stand-alone entity. Nevertheless, I have been cautiously optimistic until now that the FBI would eventually adapt and get its act together on analysis. Articles like this severely dent this optimism.

A mid-course correction might be an even worse alternative at this point, although perhaps a reinvigorated intelligence shop at DHS could be the foundation for a shift of responsibility from the FBI to DHS on domestic intelligence.

CQ’s package of year-end stories (by subscription only) is interlaced with some juicy nuggets of information.

For example, is DHS planning to move FEMA into the Coast Guard?

There is no shortage of speculation about possible changes. Some have heard that FEMA will become part of the U.S. Coast Guard, others that FEMA will be responsible for only the economic aspects of disaster response — as opposed to actual rescue operations.

I’m skeptical on this one, mostly because the Coast Guard’s plate is already close to full; but we’ll see…

And another story notes that a new report will be released that criticizes explosives detection activities in the aviation system in January:

In late January, federal investigators will release a “scathing” report exposing major gaps in the TSA’s system for screening airline passengers and their bags for bombs, according to Rep. John L. Mica, R-Fla., chairman of the House Aviation Subcommittee. The agency has not deployed enough bomb detection equipment, Mica said, and has not trained all of its screeners to identify bombs hidden in bags or on people.

Perhaps Kip Hawley’s changes to TSA’s screening rules last week were a preemptive response to this report?

And finally, another story notes that DHS received 5,000 (!) public comments on the National Infrastructure Protection Plan.

Early in 2005, an interim National Infrastructure Protection Plan (NIPP) unveiled by the government earned mixed reviews. A more robust draft NIPP emerged in November after lawmakers complained the plan had been delayed for too long.

The first round of public comment ended in early December, netting some 5,000 comments from government and private sector sources; a second round is expected.

I don’t envy the team that gets to read and process all of these…

The Wall Street Journal has a rather dour opinion piece today on homeland security, one that questions whether it’s even worth the government’s effort to try to secure the homeland. The piece cites several recent setbacks in the nation’s homeland security efforts (DHS personnel reform, congressional oversight, and FBI’s Trilogy project) as examples of government failing to exhibit the “can-do” spirit needed for success.

The article then argues:

But the points aptly illustrate the underlying problem with our collective homeland security apparatus, which is that no government bureaucracy is ever going to be the kind of well-oiled machine that can reliably and effectively prevent domestic terrorist threats. And this is to say nothing of natural disasters.

Instead, what we have is a kind of antiterror version of France’s pre-World War II Maginot Line; an expensive, highly visible static defense against a nimble adversary. Congress loves it because it offers the chance to throw money at domestic constituencies, and liberals love it because it allows them to sound hawkish on terror without having to fire a shot. The rest of us, however, need to be realistic about its abilities.

I’m of a mixed opinion on these arguments. I agree absolutely that the US homeland security system needs to become more nimble, adaptive, efficient and mission-focused. But unlike the writer, I’m not yet ready to give up on the men and women working for the government on homeland security around the country today. Why can’t DHS become a “well-oiled machine?” There are plenty of examples of effective government bureaucracies – including the FEMA of the 1990s, and today’s Coast Guard – that show that this is possible. And it shouldn’t be that difficult to figure out how to do this. For starters: (1) cut down on red tape, (2) remove roadblocks to hiring good people, (3) empower people on the frontline to make decisions, (4) give them the tools and intelligence they need, (5) create organizational transparency, and (6) show zero tolerance for internal turf wars.

I also think that “Maginot Line” is an unfair epithet for homeland security. To be certain, there are elements of the homeland security system, such as checkpoints at borders or airports, that have a Maginot Line-like character to them. But that’s not the whole system. Homeland security is more aptly described today as “defense-in-depth,” with interconnecting layers of security – intelligence, detection tools, boots on the ground, credential checks, physical barriers, public awareness, etc. – each contributing to a create a spider’s web of defenses that harden targets and deny terrorists entry and access to materials. There’s still a long way to go to get the system where it needs to be, but it’s hardly fair to compare it to the Maginot Line.

On Tuesday I posted an analysis of federal homeland security spending in FY 2004 on a state-by-state basis, using new data that was released on that day from the US Census Bureau’s annual Consolidated Federal Funds Report.

I focused my comments on the state-by-state per capita ranking of homeland security grant funds spent that year. But the spreadsheet also contains per-capita rankings of DHS procurement on a state-by-state basis, which paint an interesting picture of the geographic distribution of funds to the private sector:

The top ten:

1. Washington, DC ($1,324.61)
2. Virginia ($267.77)
3. Maryland ($81.90)
4. Alaska ($51.15)
5. Hawaii ($41.29)
6. Texas ($29.82)
7. Arizona ($18.48)
8. Georgia ($17.29)
9. Washington ($14.69)
10. Florida ($13.65)

No surprise that DC, VA, and MD are the top three…although bear in mind that it’s quite possible that some of these totals could reflect where the check is cut, not where the work is done. The rest of the states are all home to traditional government contractors and/or known for their appropriations clout.

And down at the bottom of the list:

43. Delaware ($0.85)
44. Illinois ($0.80)
45. Wisconsin ($0.75)
46. Utah ($0.72)
47. Nevada ($0.69)
48. Mississippi ($0.44)
49. South Dakota ($0.36)
50. North Dakota ($0.25)
51. Arkansas ($0.24)
52. Nebraska ($0.11)

There is definitely a large disparity between the top 20% and bottom 20% of this list. This must be one reason why Illinois is now trying to actively cultivate homeland security businesses.

The full ranking of states (plus DC and Puerto Rico) can be found in the spreadsheet.

The Arizona Republic writes yesterday about U.S. assistance to Mexico to support border security activities:

…the reality is that U.S. taxpayers have bankrolled much of Mexico’s increased border vigilance. From X-ray scanners and helicopters to intelligence training, the United States has been quietly pouring millions of dollars into Mexico in the hopes of bolstering U.S. national security.

U.S. spending on military and police aid to Mexico has more than tripled in the past five years to $57.8 million with the hope it will help protect America’s southern flank. But the funding also marks a dramatic shift in the relationship between the two countries, as Mexico, long wary of accepting military and police aid from its northern neighbor, becomes the third-biggest recipient in Latin America behind Colombia and Peru.

I don’t have a problem with this. Border security accounts for only a portion of the $57.8 million, which also includes other security-related aid for missions such as drug interdiction and port and maritime security. This total is a relatively small sum in comparison with total border security spending, and this type of investment seems consistent with Sec. Chertoff’s stated perspective of looking at the entire border system and prioritizing investments based upon their system-wide impact. It doesn’t make sense to put all of our resources on one side of the line.

The only thing in the story that stands out as a waste of money is this:

Meanwhile, Canada has gotten only one item from the United States since 2001: a 50-foot patrol boat used by the Royal Canadian Mounted Police in Vancouver.

Why are we buying patrol boats for the RCMP? Canada can afford their own.

Following up on the story on behavioral profiling at TSA that I mentioned in this post, Brian Dickerson at the Detroit Free-Press has a helpful guide on “How to talk to a TSA screener”. Some highlights:

SCREENER: Where you headed today, young fella?

RIGHT: I’m visiting my grandparents in Des Moines.

WRONG: I have a one-way ticket to Paradise!

And:

By contrast, the passenger who answers a screener’s questions in a forthright, self-confident manner is unlikely to arouse suspicion, regardless of her answers.

SCREENER: What a lovely pair of earrings! Where did you get them?

PASSENGER B, smiling brightly as she makes eye contact with her interrogator: I obtained them in exchange for sexual favors at a Taliban trading post outside Kabul. I got a pair just like them for my sister, but the CIA had her killed before our mutual friend in Frankfurt could deliver them.

SCREENER: What a pity. She would have loved them! Have a safe trip, ma’am.

Read the whole thing.

According to this story today in Information Week, DHS is going to begin testing RFID passports at SFO:

The Department of Homeland Security will begin testing passports embedded with radio frequency identification (RFID) technology at the San Francisco International Airport mid-January, a spokesperson for the agency said Friday.

Australia, New Zealand and Singapore have begun to issue passports to travelers with RFID chips. Many pass through the San Francisco, making it a likely location to test the technology, according to Anna Hinken, a US-Visit spokesperson at the Department of Homeland Security. “We’re bringing technology to the borders and chose RFID as one to help reach the goals of expediting safe entrance into the United States,” she said.

And the story details new tests on the way:

And there are more trials underway. RFID chips have been embedded in I-94 forms. People who frequently cross U.S. borders to work, for example, are required to carry these forms. Tests at the five border crossings will continue through spring 2006. A formal evaluation on the project is scheduled by March. The department will then make a decision on whether to continue the program. Since August, the US-Visit program has tested forms with RFID at five United States border crossings: two in Nogales Ariz.; two in Blaine, Wash.; and one in Alexandria Bay, New York.

The Collins-Lieberman chemical security bill that was introduced on Dec. 19 finally appeared on the Internet today. I’ve just finished reading through it, and it’s a well-written and thoughtful bill, taking into account the complete cycle of security for chemical plants – not just initial validation, but also efforts to maintain security and develop local response capabilities for chemical plant attacks or other incidents. It strikes an appropriate balance between the real need for security and unduly burdensome regulation.

The only concern I have is the timeline for implementation. The bill gives DHS a full year to write the regulations for chemical plant security; and then gives the industry another year to comply. So if the bill passes in, say, May 2006, we could be talking about May 2008 before compliance really emerges on an industry-wide basis. Do we have this luxury of time?

USA Today had a great overview piece this week on the interoperability of first responder and law enforcement communications systems. The article does a good job of summarizing the key challenges of interoperability:

Local agencies often lack the money and radio frequencies needed to upgrade equipment. And federal aid is sorely limited. Even with more money and frequencies, other hurdles thwart seamless communication among first responders:

• City, county, state and federal agencies buy radio equipment for their own needs. Turf battles often keep neighboring agencies from buying compatible gear, or even from teaming in an emergency. The federal government can’t force all agencies in a state or region to buy the same gear.

• Safety agencies often fail to plan for interagency communication in disasters or to train officers in how to talk to their counterparts.

• Technology standards that would let disparate radio systems talk with each other have been delayed. Experts at least partly blame foot-dragging by radio manufacturers.

The upshot: Free-flowing communication among agencies in the USA won’t come till 2023. At least that’s the projection of Safecom, a program in the Homeland Security Department that promotes public-safety communication.

If the costs are really as high as indicated in this article (e.g. $150-300m for the state of Mississippi alone, and $60b nation-wide), I’m uncertain as to whether this is the best way to be spending money on homeland security. There’s certainly a need for gateways that can patch together different systems on the fly, but it’s questionable whether some of the brand new radio systems that states and cities are buying are good investments, especially if they are not interoperable on a national basis.

The “$60 billion” that might be spent in the next two decades needs to be carefully weighed against other needs, such as training for first responders and new terrorism prevention capabilities. Alternatively, interoperable communications might be a more feasible investment if the federal government were to lead this effort, create a national system that promotes efficiency and economies of scale, and reduce substantially these projected costs.

Update (1/2): Another good story on this topic.

Former Congressman Tom McMillen has an interesting and provocative comment on homeland security at Huffington Post that recounts his experience as a young Olympic athlete in Munich in 1972, discusses his reactions to the film Munich, and puts forth an original and common-sense agenda for homeland security that includes the following items (slightly paraphrased for succinctness):

1. Fund our homeland security needs by level of risk and not by politics.
2. Establish a World Security Organization modeled after the World Health Organization.
3. Engage our young people who do not believe terrorism presents a danger to them.
4. Secure nuclear material globally today, not a decade from now.
5. Develop the will to finance responsibly the war on terror.

The second proposal, for a World Security Organization, is particularly intriguing and worthy of further discussion. It gets to an idea that I’ve been obsessed with for the last three years: what sort of international framework do we need to govern and enhance homeland security activities on a global basis?

McMillen writes:

We sorely need a global organization dedicated to mobilizing the resources of the many nations needing stability. Over 50% of the funds spent on global security is spent by the United States, while nations like China and India spend very little, less than 5% of worldwide governmental security spending. While these nations may think that global terrorism, since it is not a threat within their borders, does not affect them, they must realize that they, by necessity, have a huge stake in a stable, terror-free world. China, for example, has amassed over a trillion dollar trade surplus with the US just since 1990. Without a stable world and a stable US economy, where would China’s economy be? Isn’t it time for the US to ask for significant world support for the war on terror?

I agree with the problem that McMillen identifies here, but have some concerns as to whether creating a new international organization is the right solution, unless it is done the right way. For one, it’s too often the case that international organizations become ineffective bureaucratic paper-pushers. That’s not what is needed and would probably be counterproductive. For another, there are a number of existing international organizations that already play this role to some degree, such as Interpol, IAEA, WHO, ICAO, IMO, and the WCO. The relationship of a new “World Security Organization” to these existing agencies needs to be clarified.

However, I would be in favor of a World Security Organization that was light and flexible in its design – almost a special-ops force structure – and had a clear and narrowly-defined mandate that included the following responsibilities:

– Provide a means to agree upon and jump start the implementation of global homeland security policies and activities such as the Container Security Initiative (CSI) and the G8 SAFTI initiative.
– Create an international funding mechanism that can be used to share costs and also provide homeland security-related assistance to at-risk developing countries.
– Provide a forum to share best practices on an international basis in diverse areas such as response training, WMD detection, and critical infrastructure protection.
– Provide a forum for agreements on interoperability and technical standards for homeland security technologies such as biometrics and cargo seals.

It will be interesting to see if this idea begins to enter the policy dialogue. I’m glad to see McMillen bring it up.

This editorial in the Vero Beach Press-Journal (login req’d – borrow one here) asks a good question:

Does organization trump leadership in disaster management?

And later:

Had former, unlamented FEMA director Michael Brown been in the Cabinet when Hurricane Katrina bore down on the Gulf Coast, would he have performed any differently? Would he have had a plan? Would he have implemented it effectively? All we know for certain is he did not act, Homeland Security did not act and government at all levels was laggard in responding.

Count me among the skeptics on the idea of making FEMA a cabinet-level agency again. I can understand how the loss of cabinet status lessened FEMA’s prestige and access after 2003, but that’s not a sufficient excuse for their performance in Katrina. As the Post recounted last week, FEMA was already losing its effectiveness during the period from 2001-2003 before it was moved into DHS. I think the heart of the problem was leadership – and the focal point of any solution needs to also be focused on leadership, and finding ways to bring back the sense of mission and purpose that had made FEMA a model agency under James Lee Witt. If the plan for FEMA focuses on moving the boxes around, then there’s a high probability that what we’ll end up with is the “appearance of action” rather than “fixing the problem.”

The Boston Globe has a story today on the use of behavior detection in aviation security screening, noting how the TSA initiative follows the Israeli model of behavior detection and that an initial pilot project at Logan Airport has expanded to other airports in the Northeast. The article notes:

The TSA is facing opposition from the American Civil Liberties Union, which filed a lawsuit in Massachusetts last year claiming behavior detection can be easily abused because TSA officers have to guess who is suspicious, leading to racial profiling.

I get frustrated when I read things like this. This kind of “cry wolf” absolutism on civil liberties fails to examine the potential security benefits of a given initiative and rationally weigh it against the impact on civil liberties. And I always hear the ACLU criticizing homeland security activities, but I never hear them offering alternative proposals on how they would conduct security. Do they want watch list matching? (No.) Do they want risk-based profiling? (No.) Or registered traveler programs? (No.) Or something else? Do they really think that screening should be entirely random, and have a process where an 88-year old grandmother has the same chance of getting pulled aside as a young foreign citizen from a country with known terrorist connections?

I’d like to know.

A new issue of Homeland Security Affairs, published by the Naval Postgraduate School in Monterey, was put up on the web last week. Its contents are here. The issue contains several interesting articles, including “Potholes and Detours in the Road to Critical Infrastructure Protection Policy.”

The authors walk through some of the reasons why efforts to improve critical infrastructure protection have been suboptimal, including the lack of standards, the devolution of authority to states and cities, and the difficulty (disputed by the authors) of regulating private sector activity.

The authors’ argument about the need for a federal lead role in critical infrastructure protection due to the distributed and intrastate nature of infrastructure is the strongest section of the piece:

Consider the case of the Alaskan telecommunications sector. Alaska’s telecommunication infrastructure supports local police, fire, and emergency management functions as well as consumer telephone and Internet access. Without it, Alaskans would be isolated from the rest of the United States. Naturally, it makes sense for the Federal government – through the Department of Homeland Security – to provide funding and training to Alaskans so they can strengthen their telecommunications infrastructure and harden it against potential terrorist attacks. However, this strategy is inadequate and dangerous, because Alaska’s telephone and most Internet services are dependent on a single building in Seattle! The Weston building in Seattle is the sixth largest telecom hotel in the nation, and it provides connectivity to the citizens of Alaska. Alaskan’s cannot protect this major asset no mater how much money the Federal Government provides, because it lies outside of their jurisdiction.

In addition to the problem of an asset in one state being critical to another state, there is the overarching problem of Interstate Commerce laws that regulate and shape infrastructures such as telecommunications, energy, power, and transportation. States have little power over the Federal regulators when it comes to passing laws that might affect an element of one of these infrastructures and weaken the same infrastructure at the national level. Examples of this can be found in cross-sector interdependencies. For example, the largest electrical power plant in Missouri (New Madrid) is totally dependent on the rail system that delivers coal from Wyoming. Rail transportation and electrical power sectors are regulated by federal agencies – not Wyoming and Missouri – and yet, a policy that may ensure reliable electric power generation in Missouri could conflict with energy policies affecting Wyoming….

Read the whole thing.

I generally like William Arkin’s Early Warning blog at Washingtonpost.com, but his latest post goes off the deep end. He writes:

Let’s hope as well that 2006 isn’t another year where weapons of mass destruction destroy America. From the continuing house of pain in Iraq to hurricane Katrina to the end of the year news that the Department of Energy secretly sniffed around mosques for radioaction, the government is so enamored of exotic threats from nuclear and biological weapons that it can barely see straight. In the case of Katrina, it couldn’t fulfill its fundamental duties….

Sure al Qaeda is “interested” in acquiring WMD; PROOF WAS FOUND IN AFGHANISTAN, the nuclear crazies say. And then there are all the loose nukes in Russia and the missing nuclear materials and the suitcase nuclear bombs. I wonder whether there is any veracity to the presumption of any kind of a serious terrorist WMD threat.

Huh? Nuclear and biological weapons are “exotic threats”? The terrorist WMD threat isn’t “serious”? Call me a “nuclear crazy” if you must, but for my money, nuclear and biological threats are practically the whole ballgame in homeland security and counterterrorism, because the potential consequences of attack are so high. If these are exotic threats, then what does he think the real threats are?

And what did efforts to protect the United States against WMD-related threats have to do with the response failures of Hurricane Katrina? If anything, the response to Katrina tells me that the US government needs to be doing MORE to prepare to respond to WMD-related attacks, in concert with preparedness for natural disasters.

The editorial pages of the Washington Post and the Wall Street Journal – which usually disagree with each other – are in lock-step on the border security bill passed by the House early last week.

From the Post’s piece:

Before leaving town the House of Representatives passed a terrible bill designed to shore up American border security — or, at least, to appear to do so. The bill, sponsored by Judiciary Committee Chairman F. James Sensenbrenner Jr. (R-Wis.), is dangerous because of what it does and what it doesn’t do. It contains any number of mindless criminal penalties for immigration violations, and it would make both detention and deportation of illegal immigrants easier. But it would do nothing to rationalize U.S. immigration policy. The Bush administration, which has rightly argued for a more sensible approach, disgracefully got behind the bill. And House members, many of whom know better, passed it 239 to 182.

I think the “many of whom know better” comment is exactly right. As I argued earlier here and here, we’re still in the early innings on this legislation, and for many members of Congress this was a consequence-free vote.

The Wall Street Journal is even harsher on the bill:

Tom Tancredo has done everyone a favor by stating plainly the immigration rejectionists’ endgame–turn the United States into the world’s largest gated community. The House took a step in that direction this month by passing another immigration “reform” bill heavy with border control and business harassment and light on anything that will work in the real world.

…The legislation is aimed at placating a small but vocal constituency that wants the borders somehow sealed, come what may to the economy, American traditions of liberty or the Republican Party’s relationship with the increasingly important Latino vote.

Clearly the business community is going to be more engaged in the next stages of border legislation and will try to moderate its contents.

At the end of the day, I think the most likely outcome is a relatively modest bill that strengthens border staffing and technology, improves the detention and removal process, and makes modest improvements to workplace enforcement, but doesn’t include a Southern border fence or a guest worker program. There’s a chance that these latter two items could be packaged together as part of a grand compromise between the key factions on this issue, but there is a rhetorical chasm between these factions right now, so compromise will not be easy.

Carie Lemack, a co-founder of Families of September 11, had an editorial in USA Today on Tuesday asking who would take up the role of the 9/11 Commission and its successor, the 9/11 Public Discourse Project:

More than four years after the attacks, shocking gaps remain in our nation’s defense against terrorism. Keeping a watchful, skeptical eye on the government is in the best tradition of our republic.

As the commissioners go their separate ways, the question remains: Who will champion the reforms that haven’t been adopted?

That’s a good question. I’m still not sure why the Public Discourse Project was ended – was it a money issue? Hopefully the ten commissioners will still be engaged in the public dialogue on an individual basis. And the Government Accountability Office, Inspectors General of the key agencies, and the media are all key cogs in holding government officials accountable and bringing these issues to public attention.

And I think the blogosphere has an important and growing role. This site will certainly strive to play a small part in keeping a “watchful, skeptical eye” on homeland security activities, in the bipartisan spirit of the 9/11 Commission, and promote an open, informed dialogue on key issues.

The editorial continues:

Progress to address the greatest threat — the threat of nuclear terrorism — does not appear to be a top priority. At the current rate, the U.S. government’s effort to “lock down” nuclear materials in the former Soviet Union, so it can’t be stolen or bought by terrorists, will not be completed for 14 years.

And the most difficult recommendation from the 9/11 Commission has been all but abandoned: Who will push Congress to reorganize itself to provide adequate oversight over intelligence and homeland security?

On this first issue, I couldn’t agree more. This needs to be the #1 priority for U.S. national security today. Period.

On the issue of congressional oversight, I think it’s too strong to say that this recommendation has been “all but abandoned” – there was some very real progress on homeland security oversight between the 108th and 109th Congresses, particularly in the House, where the Homeland Security Committee now has solid jurisdiction over most of the key homeland security issues. But it’s correct to say that there is still much more to do, especially in the Senate, where efforts to consolidate jurisdiction in the Homeland Security and Government Affairs Committee (HSGAC) went only halfway, with committees like Judiciary and Commerce retaining substantial jurisdiction.

My thoughts are with Ms. Lemack and others who lost loved ones on 9/11, in what must be a difficult time of year.