Homeland Security Watch

This follows the earlier post I ran on Senator Obama’s positions on Homeland Security. Today I had intended to examine Senator Clinton’s positions. The content for the Obama post was based almost entirely on his campaign’s official website and speeches he had given. While very little material is put forward by the Hillary Clinton campaign on homeland security ideas, her Senate office focuses on past accomplishments attending mostly to New Yorkers.

Senator Clinton’s campaign website includes nothing under the Issues section on homeland security. Nor is there any content under the speeches or biography (beyond mere references).

Clinton’s Senate homepage dedicates a brief section to HLS issues with links to press statements. Among those, she calls for safeguarding nuclear materials that could be used to produce a dirty bomb by urging adoption of the recommendations of a report by the National Academies of Sciences, which would review the industrial, research, and commercial use of nuclear materials that could be used to make a dirty bomb and recommends that cesium chloride be phased out as soon as is possible. Not much else.

If readers have any material that can shed some light on Clinton’s plans for homeland security, please add them as comments. In the meantime, it just looks like homeland security is not a priority for the Clinton campaign.

NOTE: We’ll examine Senator McCain’s positions/plans on HLS issues next in this series.

Let’s lighten things up a bit.  Reader DA sent this link to a series of government warnings modified for everyday advice you’ll need.  Set down the HSC national planning scenarios and the DHS National Response Framework.  Pay attention.  These situations are far more likely to happen to YOU.  For example, how would you reprimand a dirty bomb?

And who says we’re not prepared?  In the event of a chemical attack, don’t underestimate the calm, stiff upper lip approach.  All’s not lost:

A post here earlier this week detailed a conference on homeland security taking place in the Middle East next month. I suggested the U.S. should be more proactive in engaging that region on such issues as protecting civilians as a means to bridging a perception gap about the threat of terrorism made worse by the Iraq war, among other things. That we have an attaché attending the conference in Abu Dhabi, whereas the British and Spanish are dispatching senior officials, represents an important missed opportunity.

Some readers – only half joking – thought we wouldn’t have much to say of value at the conference anyway. We have a lot to gain from sharing what we do know about protecting the homeland, especially with governments in that region. However, doing so would benefit greatly first by deploying multilateral mechanisms for engagement. NATO is ready for such a role.

NATO’s unique map of nearly sixty countries represents the only multilateral consultative environment in the world wherein the U.S retains a significant – albeit underutilized – political advantage. Creative U.S. leadership of NATO in the 21st century can foster a better consensus between the U.S. and the many other countries within that framework for how to combat the evolving threat posed by terrorism. This would include a targeted mix of security cooperation efforts, deeper dialogue on counterterrorism best practices, and capabilities training. Ultimately, such leadership would serve as the basis for greater cooperative efforts in crucial regions that serve U.S. security and foreign policy interests.

While the very purpose of NATO was questioned after the Cold War ended, many observers expected the post-9/11 security environment to offer the Alliance a lifeline, if not a renewed raison d’etre. Ultimately, uneven U.S. engagement of NATO in Operation Enduring Freedom (Afghanistan), combined with the deterioration of U.S.-European relations in the lead up to and conduct of the Iraq war, fed doubts about NATO’s relevance as the 21st-century security environment took shape. Without an engagement of NATO that redeploys the non-military legitimacy and outreach of the Alliance, the U.S. risks finding its cooperative security options unnecessarily limited when they are needed most.

The first seven years of the war against terrorism demonstrated the importance of developing trust and confidence with non-traditional allies, namely those in the Mediterranean region and the Middle East. U.S. national and homeland security interests would benefit from developing innovative security assistance relationships here as it would garner more confidence and trust among countries that, while not pro-American, have not assumed entrenched anti-American positions. NATO offers the potential to assist in developing capabilities for counterterrorism (defeating terrorists) and antiterrorism (protecting civilians) as the new currency of cooperation.

The current level of political engagement of NATO by the U.S. obliges Western policymakers to pursue a less unified – and suboptimal – approach to working with important countries in the Mediterranean and Middle East, which includes approximately fifteen countries within NATO’s Mediterranean Dialogue and Istanbul Cooperative Initiative. The U.S. can focus resources that reinforce a relatively pro-American political environment without forcing nations of the region to choose between the U.S. and Europe or spurn regional allies by appearing overly pro-western if we engage them through such consultative mechanisms as the Med/D and ICI.

This initiative would enable the development of policy options to help pursue U.S. homeland security and counterterrorism interests while cultivating a more productive dialogue between the U.S. and critical countries in the Mediterranean and Middle East. This includes maximizing or augmenting current NATO programs such as the Program of Work on Defense Against Terrorism, NATO Security Through Science, and the Euro-Atlantic Disaster Response Coordination Center. Each of these efforts contributes greatly to U.S. interests. Yet the U.S. has allowed or even led efforts to cut funding of some of these most essential programs.

Certain perennial challenges would complicate an effort by the U.S. to recalibrate engagement of NATO in this way. First, EU leadership remains reluctant to encourage members also belonging to NATO to support a more substantive NATO role in protecting civilians as well as troops. This “EU Bloc” in NATO can be formidable: France, Belgium, and Germany, among others, regularly obstruct efforts to broaden NATO’s non-military engagement. France routinely objects to – and almost as often succeeds in preventing – proposals at NATO to focus its existing capabilities on homeland security requirements.

This proposed initiative should identify ways for the U.S. to neutralize – or at least offset – unnecessary competition with the EU. One model might employ the NATO “Quad,” whereby political directors from Germany, France, UK, and the U.S. work together on an ad hoc basis to identify shared objectives and negotiate acceptable solutions on a wide range of security concerns through NATO. The tensions surrounding the Iraq war left the Quad to languish, but U.S. leadership to reinitiate this dialogue could generate useful progress.

A second problem is in Washington: Disunity between the U.S. Homeland Security Department’s objectives and the Departments of State and Defense further complicates the use of NATO for these purposes. After more than three years since its creation, DHS runs few, if any, coordinating efforts with State or Defense at the U.S. NATO mission.

Failure to change course from the currently constricted approach to NATO risks denuding this historic alliance that has served American interests for over fifty years, while severely limiting U.S. freedom to develop broader consensus in the war against terrorism, deeper cooperative engagement with the Middle East and Mediterranean region, and a more durable dialogue with the nearly sixty countries under NATO.

DHS seeks FY09 funding for an array of projects tied to cyber security and the National Strategy to Secure Cyberspace. Many of them are concerned with simply assessing the threat. Some are focused on shoring up obvious vulnerabilities. And whole lot of them are just plain classified. We’ll highlight a few here that are drawn from the Administration’s 3,754-page justification of their FY 2009 budget request recently submitted to the Congress.

The Information Infrastructure Security (IIS) Program is designed to identify new technologies to protect critical infrastructure. The IIS program, under DHS S&T, works with industry, government, and academia to secure the core functions of the Internet. This has both civilian and government benefits because the program is focused on functions used by everyone from a shopper on eBay to a network specialist at DHS. The IIS program uses economic assessment, risk analysis, and modeling to evaluate cyber security technologies through such projects as Secure Protocols, Process Control Systems, and Cyber Security Assessment.

In FY 2008, the S&T Directorate will award a contract for the Cyber Infrastructure and Emerging Threats Project. This uses a “distributed scenario-based exercise” to help the private sector – primary owner of critical infrastructure – respond to and manage cyber disruptions. This one has an impressive acronym, too: The Distributed Environment for Critical Infrastructure Decision-Making Exercises (DECIDE) project.

But to really understand just what it is we’re trying to protect, DHS is starting the Internet Route Monitoring Project. This project will identify critical internet infrastructure, mapping important internet hosts and routers by FY 2010. The maps to be developed under the Project are intended to help identify cyber threats and predict the cascading impacts of various scenarios.

The Middle East is beginning to appreciate the importance of homeland security in new ways, and the United Arab Emirates appears to be at the forefront. With what’s being billed as the Middle East’s first event focused exclusively on homeland security, Abu Dhabi will host a conference on protecting national borders, building disaster resilience, and countering international terrorism next month.

Entitled “International Security / National Resilience,” the gathering takes place March 2-5, 2008, at Abu Dhabi and is sponsored by HH General Sheikh Mohammed Bin Zayed Al Nahyan, Crown Prince of Abu Dhabi and Deputy Supreme Commander of the UAE Armed Forces, along with the UAE Ministry of Interior. ISNR Abu Dhabi follows ISNR London, which was held 4-5 December 2007.

Last year the UAE President, His Highness Shaikh Khalifa Bin Zayed Al Nahyan created a new government agency charged with protecting vital facilities and utilities in the emirate of Abu Dhabi. With critical infrastructure that includes onshore and offshore petroleum facilities, power generation stations, water desalination plants, a natural gas transportation network, airports, seaports, and service networks, its no wonder they see the value in their own version of a DHS. However, since all of this infrastructure is owned by the emirate, they’ll likely have an easier go of it than DHS, which must navigate a domain of critical infrastructure owned almost entirely by the private sector.

Promoters of ISNR Abu Dhabi explain that the gathering will provide a comprehensive look at homeland security issues to enable “governmental authorities to respond resiliently to natural disasters as well as man-made ones.” This is just the sort of opportunity the U.S. Department of Homeland Security should capitalize on by sending delegates armed with speeches and presentations that explain the way we perceive the threat, the lessons we’ve learned, and the interest we have in supporting their efforts in a partnership against a threat that requires cooperation in order to be combated.

This blog has written before about the opportunities – some missed – for sharing our expertise in homeland security to benefit reluctant friends overseas. We have a shared interest in protecting our civilians. And the U.S. could really use some friends nowadays in that region.

DHS just put the full FY09 congressional budget justification online.  At 3,574 pages, this is a rare amount of detail for DHS to make available. It offers a unique perspective for understanding the Department’s priorities and plans.

You can access the entire document here. I hope to dig into this and highlight worthwhile findings here over the next few days.

We are here to do the work that ensures no other family members have to lose a loved one to a terrorist who turns a plane into a missile, a terrorist who straps a bomb around her waist and climbs aboard a bus, a terrorist who figures out how to set off a dirty bomb in one of our cities. This is why we are here: to make our country safer and make sure the nearly 3,000 who were taken from us did not die in vain; that their legacy will be a more safe and secure Nation.

That’s how we’ll start a mini-series here on HLSWatch to take a look at how the candidates of both parties stack up on homeland security. We’ll take each in turn, and, since the quote above is Senator Barack Obama’s, we’ll start with him. And since this is Chesapeake Tuesday, those of us in DC, Maryland, and Virginia are voting today in the primary elections. If you’re here, please vote!

This series will focus on the priorities of the candidates. Since the campaigns and the candidates cannot reasonably cover every topic within this broad subject of homeland security, let’s see what they highlight as the most important issues for meeting the expectations quoted above.

Obama made headlines at the first Democratic debate of the election season when asked what he would do first after a terrorist attack on the homeland if he was president. Instead of offering the predictable “Kill or capture those responsible, if they aren’t already dead as a result of the attack,” Obama said he’d first make sure the victims were tended to. Interesting. Why not fire missiles at the mountains between Afghanistan and Pakistan to at least send a message while we plan? Why not go before the TV cameras and proclaim that whoever is responsible will be held so? Because we gain two things if we first respond to the victims and neither has to do with political messaging:

1. If the attack is carried out with a form of WMD, there is a lot we can do to mitigate the impact of the attack by forcefully responding to the needs of the victims and effectively communicating or evacuating those nearby and at risk. The president must be engaged.

2. The intel community starts responding immediately. But when the president takes a step back and deals first with the consequences of the attack – if only for the first day – we stand a good chance of learning important facts about the attack and its perpetrators that could be critical in determining the quality of intel and deciding what is the best response for the president.

Obama was criticized for suggesting this. In hindsight it reflects a smart approach that would hopefully be the same for anyone in that office. However, it is telling that his immediate answer already understands this.

But what about his programs? How would he apply our nation’s resources to prevent the next attack or prepare to limit its impact? While it isn’t very exciting, his campaign lists a few priority areas that make sense.

Obama’s position is outlined by his campaign as pursing the following priorities:
• Bolster emergency response
• Protect critical infrastructure
• Improve intelligence capacity and protect civil liberties

All good things, even if the details read as though they were written a year ago. Each of these priorities should be top of the list for any incoming administration, e.g. allocate funds based on risk, revise the response plans and critical infrastructure plans, revise PATRIOT Act and FISA laws to protect civil liberties. And I must admit that it is a welcome sight to have nuclear stewardship articulated as part of this position. Obama’s Spent Nuclear Fuel Tracking and Accountability Act could be a real asset in reducing the threat of dirty bombs or smuggled nuclear material. And finally, he includes the right decision about restoring habeus corpus. More on that issue available in this post.

But this plan also risks falling victim to a sort of policy myopia to which most homeland security plans fall: It does not sufficiently acknowledge and incorporate the interagency and international dimensions of a successful homeland security strategy. (His attention to securing loose nuclear material is a worthy exception.)

I’d like to see more about how he considers homeland security as tying into national security. Moreover, what are his plans regarding the perennial urge to reorganize the Department of Homeland Security and its related structures? What role does he see for the rest of the government “beyond DHS” in securing the homeland?

We’ll see which candidate is up next on HLSWatch. In the meantime, get out there and vote today!

Twelve cyber security experts identified and ranked the most damaging and likely attacks to be faced in cyberspace in 2008. Experts included Stephen Northcutt, Ed Skoudis, Marc Sachs, Johannes Ullrich, Tom Liston, Eric Cole, Eugene Schultz, Rohit Dhamankar, Amit Yoran, Howard Schmidt, Will Pelgrin, and Alan Paller.

1. Attacks That Exploit Browser Vulnerabilities and Trusted Web Sites
Attacks increasingly target browser components, such as Flash and QuickTime, because they are not automatically patched when a browser is enhanced with security upgrades. These experts predict more sophisticated attacks that cycle through multiple exploits or disguised threats that attack visitors of trusted websites that convey an assumption of privacy or security.

2. Attack of the Botnets
Deceptive emails with attention-grabbing subject lines that infect an opener with computer worms will use “peer-to-peer control” that corrupts the user’s computer instead of relying on a central controller. SANS cites the Storm Worm as an example of what’s to come, but with more veracity.

3. Cyber Espionage seeking large amounts of data using phishing techniques
Nation-state attacks on government systems will expand, seeking more targets and employing greater sophistication. Attackers are expected to exploit newly discovered vulnerabilities in Microsoft Office and techniques that dupe virus checking software.

4. iPhones and VOIP Beware
Since mobile phones are computers – and increasingly ubiquitous – worms, viruses, and other malware will target them. Vulnerabilities of VoIP phones are widely published on the Net, along with attack tools to exploit these vulnerabilities. The experts see these as a target of choice.

5. Insider Attacks
“Going Postal” may look more like a hacker attack in new cyber era. Disgruntled employees with some tech savvy can attack their employers from the inside, but cyber warfare also enables them to attack from afar with their insider knowledge and legitimately granted access.

The remaining five of the Top 10 cyber security threats from the SANS Institute:

6. Advanced Identity Theft from Persistent Bots

7. Increasingly Malicious Spyware

8. Web Application Security Exploits

9. Increasingly Sophisticated Social Engineering Including Blending Phishing with VOIP and Event Phishing

10. Supply Chain Attacks Infecting Consumer Devices (USB Thumb Drives, GPS Systems, Photo Frames, etc.) Distributed by Trusted Organizations

Today DHS issued new rules for certain immigration requests that also propose establishing a new pilot program for a land-border exit system. This – in addition to making Lou Dobbs apoplectic – will have significant effects on benefits delivery and may invoke certain security and governance challenges.  It’ll also make it a lot easier for those fruit farmers in Florida this season.  The rule is intended to provide employers with a streamlined hiring process for temporary and seasonal agricultural workers (the H-2A program).

The proposed rule:

• Reduces current limitations and certain delays faced by U.S. employers and relaxes the current limitations on their ability to petition for multiple, unnamed agricultural workers.

• Reduces from six to three months the time a temporary agricultural worker must wait outside the U.S. before he or she is eligible reenter the country under H-2A status.

• Establishes a land-border exit system pilot program. Under the program, H-2A visa holders admitted through a port of entry participating in the program would also depart through a port of entry participating in the program and present upon departure designated biographical information, possibly including biometric identifiers.

President Bush’s FY 2009 federal budget is the largest in history at $3 trillion. The government-wide homeland security portion of that represents a 10.7% plus-up compared to 2008. Within DHS, spending will increase by 7.6 percent from FY08.

 

Customs and Border Protection is the biggest slice with $9.5 billion in discretionary spending. The largest account by far is SBInet. With $775 million of the pie, SBInet is a technology investment intended to create a net-centric border security capability. Indeed, the budget request for SBInet only includes 15 full time staff equivalents. The second largest ticket for CBP actually is people. $442 million is requested for staffing up the army of Border Patrol agents.

The Coast Guard claims $7.8 billion in discretionary spending for FY09. About $1.1 billion of this is for fleet modernization under the Integrated Deepwater Systems program. $44 million is dedicated to Maritime Domain Awareness support through such programs as Nationwide Automatic Identification System, Maritime Awareness Global Network (MAGNet) 2.0, and Command 21.

With a budget request of just above $7 billion, TSA comes in at a hardy third. Another Administration document explains that almost $6 billion will go toward aviation security systems, but this also includes a four-year surcharge in the passenger security fee of $0.50 “per enplanement” with the potential to increase to $1.00 per one-way trip. The budget anticipates $426 million to be collected and deposited in an “Aviation Security Capital Fund.” As part of the remainder, Behavioral Detection Officers, the Aviation Direct Access Screening Program, and Visible Intermodal Protection and Response (VIPR) and Canine Explosive Detection (K-9) teams comprise $125 million in new dollars.

For more on the budget breakdown among DHS component agencies, see the Administration’s Budget in Brief, from which the table below is drawn.

The Department of Homeland Security program to partner with major cities in an effort to defend against the use of dirty bombs and covert nuclear attacks, called Securing the Cities, received rare coverage in the press yesterday. The Washington Post’s Spencer Hsu was invited to New York City by Richard Falkenrath, NYPD’s deputy commissioner for counterterrorism. You may recall Falkenrath as the Harvard instructor and then White House staffer who joined up after 9/11 with the Office of Homeland Security. Falkenrath today occupies a perch unlike any other and was probably interested in spreading the word about the City’s efforts to defend against rad/nuc and bio threats. (Spencer ran an earlier story on anti-bioterrorism, too.)

The Securing the Cities Initiative (STC) is operated by the Domestic Nuclear Detection Office with a budget of about $40 million this year. Supporters of the program suggest that it makes straight forward sense that we invest in technology and techniques that will help avert an attack on a major city with something as deadly and disruptive as a dirty bomb. Critics argue that efforts like STC throw bad money and bad money in a futile effort to defend against a terrorist tactic that should be defeated far away from any U.S. city, if it can be defended against at all.

I’m cited in the story as a member of the former group because I believe that the U.S. is uniquely equipped with the innovation and budget to make significant progress in defeating the threat of dirty bombs and covert nuclear attacks. I do not believe that domestic defense should be pursued at the expense of vigorous nonproliferation efforts that should reduce the likelihood of an attack overall. The two efforts are equal parts of a comprehensive approach.

And STC is more than an effort to design and deploy detectors throughout New York City. In addition to improved training and information sharing for state and local authorities, STC also works to secure the sources of domestically available radiological material that could be misappropriated for use in a dirty bomb.

Think of STC as the Nunn-Lugar aspect the DNDO mission. In the same way that such Cooperative Threat Reduction programs endeavor to work with Russian nuclear facilities to keep “loose nukes” and poorly guarded nuclear material from being stolen by terrorists or black marketeers, STC works with hospitals that – for medical procedures – routinely use Cesium-137 or Strontium 90, both potentially deadly isotopes, to enhance their stewardship and protective measures to secure these dangerous sources.

We covered this program last year in a post that includes supporting material. This post also speaks to the issue. For further reading, consider checking Charles Ferguson’s report, “Preventing Catastrophic Nuclear Terrorism“, or his article in Foreign Affairs, entitled The “Four Faces of Nuclear Terror and the Need for a Prioritized Response,” in addition to Michael Levi’s new book On Nuclear Terrorism. (NB: I still have to read Michael’s new book, but I sure look fwd to it.) My friend Jeffrey Lewis runs the best blog on the overseas aspects of this issue.

DHS convened a major National Small Vessel Security Summit late last year, and the after action report is now available. While I first considered small boat security to be about as niche a topic as is possible (with more public affairs appeal than public policy), this report shows a heck of a lot of work went into the effort of making the event productive and relevant on a national scale.  The report was prepared by the Homeland Security Institute and, at 122 pages, is a daunting read. Especially with so few pictures. HLSWatch readers get the cliffs notes.  Main recommendations of the effort are as follows:

1.  AIS tracking technologies should not be required for vessels under 65 feet in length until the technology is perfected (read: likely never), the cost of such technology significantly reduced (read: paid by the Feds), and until law enforcement has the ability to track and respond to all vessels in the maritime domain (read: moveable goalpost). RFID technology or other OnStar-like monitoring features can be used in the meantime.

2.  The National Homeland Security Strategy needs a component that represents a National Small Vessel Security Strategy based on a layered defense. (Echoes of the WME Task Force.) This strategy should not, the report explains, focus on deterring a specific type of terrorist attack but should enhance the overall safety and security of the maritime domain. Rightly, the forum recommends that the strategy provide for guidance in coordination with international partners.

3.  Licensing, registration, or tracking of small boats used by private individuals should be accomplished by DHS with the lightest of touch. Failing to do so will be costly, ineffective, and rood (it will “alienate the small vessel operator”).

4.  State, local, tribal, and territorial maritime law enforcement entities need additional funding because, in addition to “other public safety and security missions,” this is too much.

5.  Establish a universal hotline telephone number, similar to the National Response Center 1-800 number, for the boating community to use in reporting suspicious activities and emergency situations.

6.  States could add a boat operator credential — like those required for tractor trailer or school bus drivers — to their state driver licenses. This could lead to a national boat registry for use by law enforcement agencies.

7.  The U.S. should enhance international cooperation and intelligence sharing with “our foreign counterparts,” especially Mexico, Canada, and countries of the Caribbean because these nations are the most likely departure points for a small vessel terrorist attack from overseas.

8.  More fusion centers! The report explains that conference participants felt that additional fusion centers would enable stakeholders to better share, analyze, and disseminate intelligence to with the USCG, CPB, U.S. Navy, the Harbor Master and state and local law enforcement agencies.

9.  Permanent Employment of the DNDO Act: Conference participants believe that federal, state, local, tribal, and territorial law enforcement agencies should be “provided with nuclear detection devices so they can detect radioactive signatures on small vessel and in cargo.” The rest of this language is worth reprinting:

The cost of such equipment requires federal guidance and oversight. In addition, the federal government should develop RAD/NUC detection devices with a stand-off capability in order to provide detection without directly impacting small vessel operators. The federal government should also consider placing nuclear detection devices on commercial vessels in a partnership to increase the chance of detecting a nuclear device or nuclear material before it reaches a major U.S. port or population center. Lastly, the federal government needs to strengthen counter-proliferation initiatives with our foreign counterparts to prevent shipments of WMD, their delivery systems, or related materials from reaching the U.S. maritime domain.