Homeland Security Watch

The head of Customs and Border Protection, Commissioner Ralph Basham, circulated a memo to employees this week announcing plans to open a new Office of Intelligence and Operations Coordination on October 1 under his command.  Frankly, I’m fond of any reorganization that includes the word Coordination.  I’m not sure if its possible to have too much. 

The main points at this stage are that the OIOC is not operational, it appears to be more of an executive management function, and it reflects a focus on information analysis and flow.  This is key language from the announcement: 

The office will be comprised of an optimal blend of operators and analysts and will be structured in such a way as to optimize their interaction and collaboration.  The office will be focused on programmatic oversight, analysis and coordination, rather than conducting operations.  The new OIOC will establish mechanisms to ensure the flow of valuable information to and from field intelligence assets and the integration of field information into broader analytic products that directly support headquarters and field operators. 

And the starting line-up:

• Al Gina, Deputy Assistant Commissioner
• Tom Bortmes, Executive Director of Intelligence and Situational Awareness
• Tom Bush, Director of Targeting and Analysis
• Jeanne Ray-Condon, Director of Field Coordination
• Rodney Scott, Director of Incident Management and Operations Coordination

The Basham memo: 

 

The final conference agreement on the 9/11 Bill is now available.  As noted in earlier posts, the 9/11 Bill represents the effort to implement a number of the recommendations of the 9/11 Commission.  This was among the commitments Democratic candidates made while running to take the majority in the Congress last November. 

I’ll continue the series of posts here that analyze selected portions of the Bill, and update those already posted if the final Bill changed those sections.

Looks like the U.S. and EU overcame the most recent tussle concerning how the two allies will share private or personal information in pursuit of terrorists (and other criminals, or course).  The press release from this afternoon is available here.  Following are the main points:

• The Department of Homeland Security will collect 19 types of PNR data.
• The data will be maintained for seven years in an active file, and eight years thereafter in a dormant file with limited access.
• How DHS collects PNR data from airline reservation systems changes, too. Air carriers will now transmit PNR data directly to DHS.
• European air carriers get legal assurance that they will not be in violation of EU privacy law.

This is just a placeholder to share the new DHS strategy document.  The International Supply Chain Security Strategy was recently shared with Congressional staff and is now available here.

 

I’ll come back to this soon for some comments.  In the meantime, enjoy the read.

General Eisenhower is often quoted for having said that, “In preparing for battle I have always found that plans are useless, but planning is indispensable.” In a way, that’s the underlying motto to the Defense Department’s Quadrennial Defense Review, which was mandated by Congress in the Military Force Structure Review Act of 1996. The new 9/11 Bill establishes a similar process for DHS called the “Quadrennial Homeland Security Review.”

The QDR is a “comprehensive examination of the national defense strategy, force structure, force modernization plans, infrastructure, budget plan, and other elements of the defense program and policies of the Unites States,” according to the 1996 Act. That boils down to a four-year strategic assessment of the current threats facing the U.S. and its interests, a top-level strategy for how the Defense Department will address those threats, and a preliminary justification for near- and long-term investments. DOD has a way of connecting that document with other planning mechanisms, including the National Security Strategy, National Defense Strategy, National Military Strategy, Unified Command Plan, Strategic Planning Guidance, Transformation Planning Guidance, and Joint Operational Concepts, to name a few. Imagine if the Department of Homeland Security generated or linked strategies like this. It might lead to what the Defense Department would call an overarching framework, something that is difficult to pin down in the HLS domain.

Section 1606 of HR1 establishes the Quadrennial Homeland Security Review. The main purpose according to the legislation is to conduct:

“a comprehensive examination of interagency cooperation, preparedness of Federal response assets, infrastructure, budget plan, and other elements of the homeland security program and policies of the United States with a view toward determining and expressing the homeland security strategy of the United States and establishing a homeland security program for the 20 years following that examination.”

That reads a lot like the Military Force Structure Review Act. It also reflects the insightful analysis offered by a veteran of four QDR’s, former Deputy Assistant Secretary of Defense The Quadrennial Defense Review: A Model for the Quadrennial Homeland Security Review.”

Now the President and Co-Founder of the Center for a New American Security, Michele Flournoy suggests a list of commonalities between DHS and DOD that might allow the former to benefit greatly from a so-called QHSR. She says that both Departments are:

• charged with missions that are vital to the health and welfare of the nation “ protecting the American people and our way of life is a mission in which we cannot fail;

• facing persistent and resourceful enemies;

• large, complex bureaucracies comprised of a number of diverse and (in some cases, previously independent) organizations with their own cultures, traditions, and ways of doing business;

• responsible for spending billions of taxpayer dollars as efficiently and effectively as possible;

• perennially in the position of having more programs to pay for than budget; and

• trying to balance near-term demands against long-term investments.

Hard to argue with that. The authors of the QHSR will be challenged by a constant pressure to seek reform through reorganization. This is misplaced energy in large part. The focus for a QHSR should certainly seek to address the bullets above, but also the important questions of how we clearly define the threat posed by terrorism, as well as natural disasters in the context of securing the homeland; how do we define the capabilities necessary in such a way that we can craft an actionable investment strategy; how do we plan to spread this responsibility more effectively across the Executive Branch agencies; and what is the strategy for engaging allies in the process of defining the threat and our shared interests in defeating it?

The language in the Bill ends by stating that “the Secretary [of Homeland Security] shall provide to Congress and make publicly available on the Internet a detailed resource plan specifying the estimated budget and number of staff members that will be required for preparation of the initial quadrennial homeland security review.” According to the Bill, the first QHSR would commence in 2008, just when the next QDR process begins.

Update 7/25: Turns out the people who worked up the International Supply Chain Security Strategy considered how that plan relates to other existing ones in a way similar to how DOD does so with the QDR as I mentioned above. This is from the new supply chain strategy document:

This summer’s two CNN and YouTube presidential primary debates – one Republican and one Democratic – accepts questions submitted by all of us online via www.youtube.com/debates. 

• The Democratic debate takes place at the Citadel in Charleston, SC, tomorrow (7/23/07) from 7 to 9 p.m. EST. 
• The Republican debate takes place Monday, Sept 17, from 7 to 9 p.m. EST in Florida. 

For the Democratic debate, any 30 second question submitted at www.youtube.com/debates before the end of July 22^nd may be chosen.  Anderson Cooper will moderate and ask follow-up questions.   Homeland Security will be an unavoidable topic during both debates.  I encourage readers to log on to the site and submit questions. Consider posting them here, too, and we’ll have our own debate.

CNN.com Live will stream tomorrow’s debate live and re-feed portions of it by topic.  Site visitors will be invited to submit video critiques, and there will be opportunities for them to describe how they would have responded to the questions. 

To go with the second installation in this series of posts looking into sections of the conference version of HR1, note the provision establishing a second Deputy Secretary of Homeland Security.  A posting here in February detailed a then-newly released report of the Homeland Security Advisory Council on the culture at DHS.  Readers will recall that it included a recommendation for creating another Deputy Secretary, but one for “operations.” 

That report made more hay with its comments about a lack of unity among the ranks coinciding with the release of the Federal Human Capital Survey, which placed DHS at the bottom of the list measuring its performance culture.  However, its recommendation for a Deputy Secretary for Operations (DSO) gained enough support in the Congress to find a version of it proposed into law.  Section 1601 of the bill “to provide for the implementation of the recommendations of the National Commission on Terrorist Attacks Upon the United States” (read: the 9/11 Bill) creates a second Deputy Secretary for DHS.  This one is charged with a Management portfolio, whereas the HSAC believed a new DepSec was needed to focus on Operations. 

There is a significant difference between these two portfolios.  Title VII of the Homeland Security Act of 2002, which created the U/S for Management, described it as being responsible for: 

the management and administration of the Department, including the following:

(1) The budget, appropriations, expenditures of funds, accounting, and finance.

(2) Procurement.

(3) Human resources and personnel.

(4) Information technology and communications systems.

(5) Facilities, property, equipment, and other material resources.

(6) Security for personnel, information technology and communications systems, facilities, property, equipment, and other material resources.

(7) Identification and tracking of performance measures relating to the responsibilities of the Department.

(8) Grants and other assistance management programs.

(9) The transition and reorganization process, to ensure an efficient and orderly transfer of functions and personnel to the Department, including the development of a transition plan.

(10) The conduct of internal audits and management analyses of the programs and activities of the Department.

(11) Any other management duties that the Secretary may designate.

That has to rank among the world’s most difficult jobs.  The language in the 9/11 Bill elevates the current DHS Under Secretary for Management (now Paul Schneider) to a Deputy level that is implicitly junior to the existing Deputy Secretary (now Michael Jackson).  But managing the finances, IT, and facilities just doesn’t seem like the role that needs elevating at DHS.  The HSAC proposed a new DSO for specific reasons having little to do with human resource management.  Their report states: 

The DSO would be responsible for creating and/or championing strategic initiatives that reinforce the assumption that all efforts should be about “the Security of the Homeland” – not about the Department of Homeland Security….

Originally, the report made no mention of the U/S for Management.  I was asked to read a draft of the report and made a few very minor suggestions.  One was to cite the role of Management Under Secretariat in order to clarify its relative role, which would be unchanged and junior to the DSO.  The text: 

This [Deputy Secretary of Homeland Security for Operations] would also be in a position of continuity to help drive organizational maturation and to reinforce the culture required for the long-term success of DHS and its components. The DSO would be selected from candidates with a strong National Security operations background similar to a Chief Operations Officer…. The DSO would also maintain close coordination with the Under Secretary for Management, whose ultimate role would be reinforced by the DSO’s seniority and Department-wide jurisdiction.…

So what will happen to Section 1601?  There is some saving language that might compensate for actually moving the U/S Management into second in line of succession behind the regular DepSec (Sec. 1601(g)(2)).  HR1 actually changes Sec. 701 of the Homeland Security Act of 2002 to alter the responsibilities of the U/S Management as follows: 

The Deputy Secretary of Homeland Security for Management shall serve as the principal advisor to the Secretary on matters related to the management of the Department, including management integration and transformation in support of homeland security operations and programs.

That’s closer to the HSAC’s original intent.  However, the HSAC report also stipulated that this new position should be filled by a careerist, as opposed to a political appointee, in order to instill some continuity and overcome some of the politicized nature of the Department’s image.  The HSAC report went a step further by offering this candid assessment of the workforce challenge facing DHS (in 2006): 

Historically and for reasons of urgency it would appear that much of the decision making within the Department’s headquarters has been made by a core group of trusted appointees. … we recommend immediate efforts be undertaken to … identify, select, formally train and empower Government Service personnel throughout the Headquarters to assume positions for a leadership transition period that should be in effect for at least six months on either side of the November 2008 presidential election.

HR1 offers a second nod to the intent of the HSAC recommendations by imposing (albeit with caveats) a five-year term on the position of Deputy Secretary for Management.  That’s a valuable detail to gain the continuity value, but the responsibilities of this new DepSec could be made more concrete and relevant to the challenge by adding some of the more strategic roles envisioned by the HSAC.  Perhaps something will change in conference.

I couldn’t resist.  While the press and the public try to divine what Secretary Chertoff might have meant when he described a “gut feeling” that indicated a heightened threat to the U.S., but not one that registered on the color scale, most responded with more questions.  No surprise there.  We have trouble nowadays really defining what the threat is to the U.S. Is it a terrorist or a tornado?  Nuclear weapons or naturalized immigrants? 

Its all under the purview of DHS to some extent, and that’s probably why the Secretary of Homeland Security has that feeling: It is hard to rule anything out when the threat is so difficult to define.  As I’m often inclined to do, I looked overseas for some guidance on how to define the threat posed by terrorism in a general sense.  It seems the UK is always said to have recent experience in terrorism plots and attacks, and their stiff upper lip often lends itself to a level of candor uncommon on this side of the Pond.  Here is what MI5’s Joint Terrorism Analysis Centre explains might be behind that feeling: 

The US, UK and Israel, and their representatives overseas, remain the prime targets for international terrorist networks, particularly Al Qaida. However, Usama bin Laden has variously identified a number of other countries as allies of the US which should also be targeted. 

[snip] 

Countries that are participating in the reconstruction efforts in Iraq have also been identified as targets.  On 18 April 2005, a statement claiming to be from Abu Musab Al Zarqawi’s terrorist network in Iraq, linked to Al Qaida, appeared on several websites, threatening attacks against British forces in Iraq and “all the agents, spies offering them protection and their human shields”. …  While some countries’ interests may be singled out, however, attacks on generic “Western” interests, irrespective of the specific nationalities of the likely victims, are seen as equally valid. 

Locations

Official personnel and property, such as diplomatic missions and military forces, are still seen as priority targets for attack, as shown by the attacks on the British Consulate in Istanbul in November 2003, the Australian Embassy in Jakarta in September 2004 and the US Consulate in Jeddah in December 2004. 

However, terrorist cells are increasingly looking at less well-protected “soft” targets where Westerners can be found, such as social and retail venues, tourist sites and transport networks (rail, road and airports), as illustrated by the attacks in Bali in October 2002, Madrid in March 2004 and Egypt in July 2005.

I have to give Eileen Sullivan of CQ Homeland Security credit for the title here.  It was her article on this subject that first invoked the song by Boston. 

CQ reported that Senate Republicans agreed to assign conferees to consider HR1, the House bill that implements several of the recommendations made by the 9/11 Commission.  (They were holding out until Democratic leadership dropped their provisions granting certain labor rights to the workforce of airport screeners.  The President also threatened to veto the entire bill if it included these rights for airport screeners.) This post is the first in an occasional series to highlight important sections of HR1 as it undergoes conference proceedings.

Section 1301 of Title XIII is provision recommended earlier this year (see this post) to create an institutional mechanism at DHS charged with promoting HLS capabilities and cooperation overseas.  Creating the Science and Technology Homeland Security International Cooperative Programs Office is an important investment, but one that needs to be revisited in terms of its limited scope and organizational placement.

The bill’s provision offers a half-dozen findings, beginning with these two: 

Jane’s Information Group was acquired by IHS, Inc., which delivers analysis about the energy and engineering sectors.  They paid approximately $183 million in a stock deal to Jane’s owner Woodbridge Co.  

Jane’s, a solid source of intel and analysis on a range of defense and security since topics 1898, commanded about 4.4 million shares of common stock from IHS, whose shares fell 29 cents to $41.42 last week. 

Jane’s Homeland Security & Resilience Monitor launched a few years ago in a partnership with London’s Royal United Services Institute.  RUSI’s Sandra Bell is among the leading thinkers on HLS issues and is someone I credit with elevating the concept of resilience as a viable defense against assymetric theats in a civilan context.  The Brits are sort of keen on that. 

Eight people are under arrest for the attempted car bombings in London’s West End on June 29, 2007, and the bizarre attack on Glasgow Airport’s main terminal building the following day.  All of them worked for the UKs National Health Services.  Hippocrates is spinning in his grave. 

The names of the suspects:

·        Dr. Mohammed Asha and his wife Marwah Dana Asha (Jordan)

·        Dr. Bilal Abdulla (Iraqi, but British born)

·        Dr. Sabeel Ahmed and his brother Dr Kafeel Ahmed (both from India)

·        Dr. Mohammed Haneef was arrested by Australian authorities on July 2 and is the cousin of the Ahmed brothers.

·        Two unnamed medical students are also under arrest.  

Exclusive Analysis reports in an analysis today that up to four of the suspects were previously known to British intelligence services.   

I referred to these incidents in another post as evidence of an evolving adversary.  While that does oversimplify things a bit, we are seeing new characteristics in these cases.  EA identifies three main findings that support the point:

·        The social and familial ties of the suspects were likely invaluable for increasing mutual trust and avoiding detection.

·        The connections to Iraq are likely to have played an inspirational role rather than a technical one.

·        This case indicates groups are increasingly learning from the mistakes and attack styles from one another; this case in particular will inform future terrorists plotting attacks in the UK. 

Sound familiar?  It’s the stuff academics and others have said for a few years would be the likely result of the current tempo and style of the war on terror.  As we continue to fight them there rather than fight them here, ahem, its worth noting some of the more interesting work on domestic radicalization, which was published by the Homeland Security Policy Institute at George Washington University and by the DHS’s own Homeland Security Advisory Council.

When the GAO foiled DHS efforts to detect smuggled nuclear material coming across the border last year, they did so without actually having to dupe the detection equipment.  They forged the associated documentation from the Nuclear Regulatory Commission.  That shifted blame from the DNDO to the strategy itself and the coherence among the motley web of agencies involved in securing the Homeland. 

GAO’s investigators were able to enter the United States with enough radioactive sources in the trunks of their vehicles to make two dirty bombs using counterfeit documents.  

To be sure, CBP felt the heat for this, too, since their strategy allowed the documentation to travel separately from the material it described.

The CBP inspectors never questioned the authenticity of the investigators’ counterfeit bill of lading or the counterfeit NRC document authorizing them to receive, acquire, possess, and transfer radioactive sources. 

And the NRC had to do some soul searching about the part it plays in this strategy.  But whatever happened to the issue of dealing with the forgery? 

While this was another example of both imperfect strategy as well as technology, the technology issue is almost always easier to solve.  Here’s an interesting option: Something called the Laser Surface Authentication or LSATM (developed by Ingenia Technology) reads the surface of paper, plastics, and metals with a low cost laser to determine its structure and veracity.  It generates a signature or “fingerprint” to verify a material for authentication and tracking of anything from credit cards to passports to medicines.  Perhaps even NRC documentation someday. 

Groundbreaking stuff – especially for a company only a few years old.  Last year it was this breakthrough technology that won Ingenia the Global Security Challenge, an international competition run by students at the London Business School. 

The LSATM snagged the top prize of $10,000 bestowed by the jurors.  The jurors were not students, but rather the Director of Siemens Venture Capital, the Global Director of Information Risk Management for Barclays Capital, the Deputy Director of the DOD Technical Support Working Group, and the Strategy Director of BAE Systems Integrated System Technologies, among others. 

Not bad for a bunch of grad students. 

Here’s another way to gauge the success of a competition: The top prize this year jumps to $500,000.  Get to work though because the deadline was already extended from June 30 to July 15.  Check out the press release here. 

Who knows, this year the winner may offer an exit function for US-VISIT.  

Happy Fourth of July!