Homeland Security Watch

The Department of Homeland Security held a press conference yesterday to discuss progress over the past year on border security and immigration enforcement, and CBP and ICE both issued press releases that contain statistics documenting their efforts over the past year.

Overall these two documents paint a justifiably positive portrait of the Department’s efforts at border security and interior enforcement. It’s clearly true that the increased attention to these missions has led to improved performance over the past twelve months.

My main complaint about the documents is that year-to-year comparisons are omitted in certain instances; for example, CBP notes the amount of marijuana seized in FY 2006, without providing the FY 2005 tally as a point of comparison. And it notes the number of C-TPAT validations in FY 2006, without mentioning the comparable statistic for FY 2005. These documents are better than previous DHS fact sheets on border security and immigration enforcement, but still have a way to go.

Finally, there’s this line item in the CBP fact sheet:

Developed and coordinated the Rice-Chertoff Initiative to establish two model international ports of entry at Washington/Dulles and Houston Intercontinental airports. This initiative seeks to renew America’s welcome with improved technology and efficiency, the development of secure travel documents for the 21st century, and improved information sharing.

I arrived on an international flight into Dulles last Friday, and I still don’t see any evidence that this “model airport” initiative has been implemented, unless a TV hanging on the wall showing “The Redskins Report” counts as “renewing America’s welcome.”

A few months ago, the White House quietly issued a classified joint Homeland Security Presidential Directive / National Security Presidential Directive – HSPD-16/NSPD-47 – and has not released its contents. The San Francisco Chronicle ran a story about the directive in mid-August, noting that it contained the following contents:

The order, confirmed to The Chronicle by officials with knowledge of its contents, focuses on threats to aircraft from passenger baggage and air cargo — including detection of conventional, nuclear, radiological, and chemical devices — securing the airspace over the continental United States, and developing technologies to detect and prevent missile attacks on aircraft.

The directive, known as both National Security Presidential Directive 47 and Homeland Security Presidential Directive 16, also orders the agencies to implement a plan to check airline passenger lists against the government’s watch lists and to assume the costs of conducting the database searches. The cost of checking passenger lists currently falls to the airlines.

Recently a notice appeared in the Federal Register that is the first government confirmation of HSPD-16/NSPD-47 that I’ve seen. The notice describes a new Plan for the Emergency Security Control of Air Traffic, which cleary defines DOD, DOT, and DHS roles in the event of an emergency airspace incident, and establishes a “ESCAT Air Traffic Priority List (EATPL)” which serves as an order of priority for use and entry into U.S. airspace in the event of the activation of this plan.

This EATPL seems a bit out of balance to me, putting state and local law enforcement and first response activities near the end of the air traffic priority list, after a long list of military air assets. In a scenario where an attack has taking place and out-of-region emergency services are needed, it seems as if this priority list create a risk that state and local response assets would be stuck at the back of the queue, behind military assets who may be necessary to secure airspace and facilitate continuity of government, but who aren’t going to save any civilian lives. Hopefully this is an issue that is being discussed between DHS and DOD; otherwise this could lead to of the same command-and-control response breakdowns that we saw in the response to Hurricane Katrina.

Note to self: don’t create script to allow anyone to print out fake airline boarding passes:

A website that let anyone with an Internet connection and a printer create fake airline boarding passes has been shut down after federal agents visited the creator.

FBI agents raided Christopher Soghoian’s home over the weekend, seizing computers and other equipment, Soghoian wrote on his blog. They first visited him Friday afternoon with a request to take the site down, but when he got online, he found that the site had already been removed, he wrote.

….Soghoian’s “Northwest Airlines Boarding Pass Generator” let people create boarding passes that look virtually identical to the ones printed from the Northwest Airlines website. They could be used to get past airport security, but not to get on an airplane, because the airline would have no record of the reservation, Soghoian said.

Here’s Soghoian’s blog. While it probably wasn’t the wisest move to create this script and put it online, I think that making a criminal case out of this is an unfortunate response. Instead, the FBI and/or the airlines should be focusing on strengthening the security of commercial aviation documents – perhaps by working with Soghoian and offering him a job.

US News reported this week on a new collaborative tool within the Intelligence Community for analysis: Intellipedia. From the article:

Intellipedia. Many of the hottest online tools now in use turn out to be ideal for sharing intelligence, officials say. Two years ago, the CIA launched its own wiki. (A wiki is an online site that allows users to collectively add and edit content, like Wikipedia, the online encyclopedia.) Dubbed simply the CIA Wiki, it now boasts some 10,000 classified pages. In January, the DNI followed with a communitywide wiki, dubbed the Intellipedia. The DNI’s National Intelligence Council-which produces the government’s weighty National Intelligence Estimates on key topics-has just launched an experiment to produce the first NIE by wiki. The subject: Nigeria. Top experts on the oil-rich African nation are working together on the Intellipedia to help chart its future. “I don’t know if it’s going to work,” says Thomas Fingar, the chief of analysis for the DNI. “It might; might not.”

The DNI held a news conference yesterday to describe Intellipedia in greater detail. I think this is a great idea, and is a perfect example of how the intelligence community can harness new tools and technologies to strengthen analysis.

Update (10/31): More on Intellipedia from the L.A. Times.

In a post last week, I linked to a document on the Government Printing Office website that contained the full congressional justifications for the FY 2007 DHS budget request. In that post, I mentioned that it contained a wealth of information for DHS-watchers about the Department. On that note, I went through the document to research one topic that I haven’t seen analyzed previously: the average salaries within each of the constituent parts of DHS, which can be estimated by analyzing the “Permanent Positions by Grade” charts that are found throughout the document. You can see the full results of that analysis in this Excel spreadsheet, which computes average salaries for FY 2006. Some key findings:

1. The average salary of the 177,844 DHS employees included on the spreadsheet was $56,334 in FY 2006.
2. The average salary of a civilian (i.e. non-military Coast Guard) General Service (GS) or GS-equivalent civilian employee (e.g. TSA, which has a different pay-band system) was $56,319. And the average salary of a civilian Executive Service (ES) or ES-equivalent employee at DHS was $151,376 in FY 2006.
3. Within both categories (ES and GS) there is a lot of variation among agencies and sub-agencies in terms of average pay. Part of this is due to natural variations in the years of experience and skill requirements of employees, and/or is abnormal due to a small sample size, but it’s difficult to tell if it’s all attributable to these differences. The highest paying-components of DHS in the analysis (ES+GS) are as follows:
• US-VISIT, $151,197 average salary (115 employees).
• Office of the Undersecretary for Preparedness, $131,360 (85 employees).
• Infrastructure Protection and Information Security, $118,425 (445 employees)
• FEMA, Disaster Relief Account, $115,781 (25 employees).
• DHS Chief Information Officer, $112,590 (78 employees).
• US Coast Guard, Acquisition Account (Civilian), $112,311 (345 employees).

And the lowest-paying accounts are as follows:

• TSA, Aviation Security, $36,387 (51,275 employees).
• ICE, Immigration User Fee Account, $39,050 (275 employees).
• ICE, Breached Bond Detention Fund, $41,084 (63 employees).
• CBP, Puerto Rico Account, $51,098 (654 employees).
• US Coast Guard Military, $54,715 (39,764 employees).
• Customs and Border Protection, $59,852 (34,319 employees).

You can see the full analysis by downloading the spreadsheet which contains the complete analysis. Note that the Federal Air Marshal Service is not included within the scope of this analysis, because statistics on its workforce are classified.

Just published in the new issue of Washington Technology: an op-ed by my boss (and sometime co-author) Scott Gould and the Reform Institute’s Dan Prieto headlined “The data trail: Best vector to secure aviation.” Check it out.

The Post’s Stephen Barr reviews a new book entitled “Meeting the Challenge of 9/11: Blueprints for More Effective Government” today, one which he argues provides important lessons for the leaders of the Department of Homeland Security. His review focuses on a chapter of the book on the role of the Undersecretary of Management at DHS:

Dean and Ink discuss the importance of having a senior official in large agencies focused on management issues — such as accounting and finance, procurement, personnel, technology and property. They point to the undersecretary of management in the Department of Homeland Security as the kind of post that can help a Cabinet secretary succeed in pulling together internal operations.

As part of their review of the undersecretary’s job at Homeland Security, they recommend that the department ensure the job, which will probably be held by a political appointee, has a sidekick from the career ranks who can provide continuity during presidential transitions.

Dean and Ink also contend that too many jobs in the Homeland Security undersecretary’s office have been reserved for political appointees. “With respect to fighting terrorism overseas, there is recognition of the value of depending on professional career military leaders who serve under a small number of political policy leaders in Washington. Why should professional career leadership be any less critical for protecting our homeland against terrorism?” they ask.

They add, “It is essential that the management of homeland security not be politicized.”

That, however, appears to be happening. Members of Congress have questioned whether the position of undersecretary is needed at Homeland Security, in part because the deputy secretary has a strong hand in day-to-day operations. Congress also has cut funding requests for the undersecretary’s office, usually to reorder priorities. (Only one person has ever held the undersecretary position, and she left in May.)

This last paragraph is a correct assessment of the current conventional wisdom about the role of an Undersecretary for Management, confirmed by the fact that DHS hasn’t shown any real urgency to replace Janet Hale over the last seven months, since March when she announced her resignation. I think there is still an unsettled debate about whether this position is necessary, or if instead it’s more appropriate for the other C-level officials at DHS – CFO, CIO, CHCO – to report directly to the Secretary and Deputy Secretary. From an organizational design perspective, I’m inclined to favor the latter perspective, since the CFO, CIO, and CHCO need direct access to the Secretary and Deputy Secretary on the org chart if key initiatives are going to get the attention and priority that they deserve. If these officials are two levels away from the Secretary’s office on the org chart (and compounding the problem, in offices across town) then it’s more likely that key Department-wide financial, human capital, and IT initiatives will languish.

Below is a list of homeland security policy events in the DC area next week (as well as the occasional listing outside of DC). Please note that many events require prior invitations and/or RSVPs.

10/30-10/31: Border Management Systems and Technologies conference. San Diego, CA.
10/30: DHS press conference on immigration enforcement. Reagan Building, 1300 Pennsylvania Ave NW, 11am.
10/30: Wilson Center event with CFR’s Steve Simon on “Why the Jihad is So Durable.” Reagan Building, 1300 Pennsylvania Ave NW, 12noon.
10/30-10/31: Serious Games Summit. Crystal Gateway Marriott, 1700 Jefferson Davis Hwy, Arlington, VA.
10/31-11/2: Asia-Pacific Homeland Security Summit. Big Island, Hawaii.
10/31: American Trucking Association Management Conference features remarks by Sec. Chertoff. Gaylord, TX.
11/1: Financial Services Roundtable event to release a report on the pandemic flu. National Press Club, 529 14th St NW, 12 noon.
11/2: Global Justice Information Sharing Initiative meeting. Embassy Suites Hotel, 900 10th St NW, 8:30am.
11/2: UK-US Security Technologies Symposium hosted by UK Trade & Investment and CSIS. 1800 K St NW, B-1 Level, 9:30am.
11/3: Cyber Conflict Studies Association fall symposium. George Mason U. Law School. 3301 Fairfax Dr., Arlington, VA. 8am.
11/3: Middle East Policy Council conference: “Are We Trapped in the War on Terror?” 1319 18th St NW, 9:30am.

(Please e-mail me if you have suggestions about additions to this list for this week, or future weeks).

I attended and spoke at the Global Security Challenge Conference today in London, England, an event that was organized by a group of London Business School students over the past year centered around a business plan contest for promising homeland security start-ups. It was an excellent conference, featuring a diverse and interesting group of speakers and involving some top-notch companies in the business plan competition. I’m pretty jaded by all of the homeland security-related business pitches that I’ve heard over the past 4+ years, but the quality of these plans was excellent:

• Ingenia Technology
• ScanWalk
• Secerno
• TIRF Technologies
• Vumii

Ingenia Technology was the ultimate winner of the competition, for what looks to be a very interesting technology for document and asset authentication based upon the natural physical signatures of items.

The speakers at the conference were also very informative. A number of them invoked the Chatham House rules, so I can’t go into detail on the day’s remarks, but I can note that I was surprised by the extent to which many of the Europeans viewed the U.S. homeland security market as ideal in its openness and flexibility in comparison with what they experience in the European Union. And I learned details about two European technology development programs that I hadn’t previously known much about: the European Security Research Programme and NATO’s Defence against Terrorism program.

The most valuable takeaway from the event for me was witnessing the practical results that a small cohort of MBA students could achieve in putting together an event like this. The homeland security community has perhaps fallen for the fallacy of bigness over the past few years, thinking that we need Marshall Plan-like endeavors to solve our critical challenges. Yes, in some sectors we do need large projects akin to the traditional DOD system integrator model, but other elements of the homeland security R&D system require speed, agility, and openness as key parameters rather than size and scale. This conference demonstrated how you can catalyze the innovation cycle by bringing together technologists and business leaders and cut through many of the bureaucratic hurdles that hinder more effective R&D in the security arena. The students who started this event have created an excellent forum, which hopefully will continue in the years ahead.

I’ve pasted a copy of my remarks as prepared for delivery at this link. And I’ve created a webpage with a number of links that were relevant to these remarks at this link.

ps. A nice shot of Tower Bridge (not London Bridge, as MTV might have led one recently to believe) from the conference site:

Today was the yes-we-really-mean-final deadline for compliance with the new e-Passport requirements for participation in the Visa Waiver Program (VWP), and DHS reported this afternoon on the state of compliance. 24 of 27 VWP countries were able to comply with the new rules, with the European microstates of Andorra and Liechtenstein and the Sultanate of Brunei as the only laggards. Their non-compliance is essentially trivial – their combined population of 500,000 is on the order of 0.1% of the total VWP-area population. This deadline had to be extended by a year in each of the last two years, but evidently the third time’s a charm.

Tamar Jacoby from the Manhattan Institute has a compelling article entitled “Immigration Nation” in the new issue of Foreign Affairs, one which argues for a comprehensive approach to immigration reform and border security consistent with the legislation that passed the Senate in mid-2006. It’s a convincing piece, one that carefully weighs each of the key issues within this broader debate, and provides reasoned choices for her proposed course of action. The key paragraph in the story:

This, then, is the essential architecture of comprehensive reform: more immigrant worker visas, tougher and more effective enforcement, and a one-time transitional measure that allows the illegal immigrants already here to earn their way out of the shadows. Together, these three elements add up to a blueprint, not a policy, and many questions and disagreements remain. But on one thing everyone who shares the vision agrees: all three elements are necessary, and all three must be implemented together if the overhaul is to be successful. Think of them as the three moving parts of a single engine. There is no tradeoff between enforcement and legalization or between enforcement and higher visa limits. On the contrary, just as enforcement is pointless if the law is unrealistic, so even the best crafted of laws will accomplish little if it has no teeth, and neither one will work unless the ground is prepared properly.

The one disagreement I would have with Jacoby’s analysis is her assumption that an illegal immigration flow of 400-500 thousand people per year is representative of the natural condition of the supply-demand equation. That amount is based in part on the labor demand pull in the U.S., but it’s also a reflection of the relative openness of the U.S. border. If the border were more open, those numbers would increase, and if it were tighter, those numbers would decrease, and the cost of labor would increase, reducing demand.

But other than that one point, it’s a very well-argued piece that argues convincingly in favor of a comprehensive approach for immigration and border security.

Steve Flynn from the Council on Foreign Relations issued a report card for the nation’s homeland security efforts, and the grades that he gives are the kind that any child would try to hide from his or her parents:

Port Security: D+
Nuclear Plant Security: B/B+
Air Defense: B
Airport Security: C+
Border Control and Immigration: C
Chemical Plant Security: D-/F
Disaster Response: C-
Bridges, Tunnels, and Other Infrastructure: C
Public Relations: D

I would probably give more favorable grades for some of these, such as airport security and border security, but that’s partially a function of the fact that I’m a product of the era of grade inflation, where a B- is considered a poor grade. But some of these grades – notably Chemical Plant Security and Public Relations – are deservedly poor, given the track record of DHS and Congress over the past couple of years.

Steve has a podcast on the CFR site that explains these grades in greater detail. And his new book The Edge of Disaster will be hitting bookstores in early 2007.

The DHS inspector general released a report yesterday that looks at TSA’s staffing of non-administrative positions at major airports. It finds a system in which airports’ administrative staffing decisions bore little relation to the size of the airport. For example, the chart on page 6 of the report shows airports that had 300-400 screeners and over thirty administrators, for a 10:1 ratio; whereas larger airports with over 1,000 screeners in some cases had 10-15 administrators, for up to a 100:1 ratio.

The report describes a current initiative within TSA to reapportion the administrative workforce, an effort launched in 2004 which thus far has not been implemented. Hopefully it will be soon. And it also looks at the use of TSA screeners for administrative purposes, which has led directly to the screener workforce racking up hundreds of thousands of hours of overtime in recent pay periods.

The report offers up four concluding recommendations:

1. Conduct a workforce analysis of FSD administrative staff and develop a staffing model to identify the number of employees actually needed at airports. This analysis should identify key mission areas and responsibilities; and take into consideration the time and nature of administrative work performed by screeners when assessing its workforce requirements.
2. Review proposed adjustments to FSD staffing levels and ratios of administrative to screener personnel. In particular, proposed changes to Hawaii’s administrative staff caught our attention as warranting more review.
3. Continue to study technologies or systems that will automate data entry functions at airports.
4. Reclassify administrative positions using more inclusive position titles to incorporate more of the functions employees perform and facilitate the hiring of administrative personnel.

In its response, TSA concurs with most of these recommendations, and indicates that it has recently started a comprehensive workforce review.

The Subcommittee on Investigations of the House Homeland Security Committee recently released a report entitled “A Line in the Sand: Confronting the Threat at the Southwest Border,” which provides a detailed and compelling overview of the current threats at the U.S.-Mexico, in terms of smuggling, violent gang activities, and potential terrorist infiltration. It’s a useful report in terms of establishing facts on the ground for border security efforts, but it offers little that’s new as far as recommendations about how to improve the current border security regime.

Reading the report reminded me of another similar report from a couple of years ago, by the minority staff of the House Homeland Security Committee during the 108th Congress, entitled “Transforming the Southern Border: Providing Security & Prosperity in the Post-9/11 World.” It’s still the best treatise on the challenges of US-Mexico border security that I’ve read in the last few years, driven by dispassionate analysis of the facts on the ground at the southern border.. Unfortunately the report is not online anymore, as best I can tell, so I’ve taken the liberty tonight of putting it up on the blog, at this link.

The Department of State issued draft regulations for the PASS card last week, indicating the intended price for the cards:

The limited-use passport card will be adjudicated to the same standards as a traditional passport book. The rule published today proposes a wallet-sized card that would cost $10 for children and $20 for adults, plus a $25 execution fee.

In other words, the PASS cards will be $45 for children and $35 for adults. This is slightly less expensive than the $50 price that was put forward when the PASS cards were announced in January, but I think it’s still at a price point that will be a deterrent to cross-border travel for a large proportion of people in the northern border states.

The full draft regulations are available at this link.

DHS Assistant Secretary for the Private Sector Office Alfonso Martinez-Fonts spoke at a presentation today at an event hosted by Congressional Quarterly, and in his remarks discussed some of the outcomes from a DHS senior-level offsite held two weeks ago. He noted that the offsite meeting led to the identification of six top-level priorities for DHS in 2007:

1. Keeping bad people out of the United States;
2. Keeping the “really bad stuff” out of the United States (esp. rad-nuke materials);
3. Strengthening the screening of workers and travelers;
4. Securing critical infrastructure;
5. Building a nimble, effective emergency response system and a culture of preparedness;
6. Strengthening the core management of DHS.

This list seems to be an updated version of the “Six-Point Agenda” for DHS that emerged after the Second-Stage Review process in mid-2005. That list included “information-sharing with our partners,” which is missing in the updated list. Immigration and interior enforcement issues are likewise no longer emphasized. Added to this new list is critical infrastructure protection, and the bullet items for border and transportation security are reorganized in a way that suggests much more of a strategic focus focused on cross-cutting functions (screening, credentialing, etc.) rather than distinct missions (border security, cargo security, etc.)