Homeland Security Watch

No you didn’t. The Homeland Security appropriations bill started out four years ago as a pork free piece of legislation (no special projects for legislators using federal funds).  By last year’s passage of the FY2007 bill, pork had taken hold, albeit modestly compared to other bills. This time, the FY08 appropriations bill that went to the Senate yesterday from the House includes significantly more pork than there has ever been in the bill. (See last year’s in-depth analysis by Christian Beckner.)

The FEMA Pre-Disaster Mitigation Grant program, which has never been earmarked before, is bogged down with 96 earmarks totaling $51.3 million. Earmarks are found in everything from Coast Alteration of Bridges ($19 million) to research projects totaling $150 million, which includes a $27 million research institute courtesy Reps Alexander, Corchran, and Corker. There is also $20 million for interoperable communications for Mississippi, even though the total of unearmarked grants for interoperable communications in the bill is only $50 million.

No time to write more now, but see the full list “projects” is on pages 102-110 of the joint explanatory statement. Earmarks are rarely defensible, but always expected. The Homeland Security bill had been a haven from this kind of selfish spending. Some, like the National Domestic Preparedness Consortium, may be worth it. Let’s hope the Senate gives this bill the scrutiny that forces these projects to be defended.

Congress included $13million for the Global Trade Exchange within the spending bill sent to the Senate last night. GTX is the third phase of an effort to bring better security and system visibility to the global maritime shipping supply chains. The bill reads as follows:

$13,000,000 shall be used to procure commercially available technology in order to expand and improve the risk-based approach of the Department of Homeland Security to target and inspect cargo containers under the Secure Freight Initiative and the Global Trade Exchange.

The Department issued an RFQ (thumbnail below) for this effort last week. Criticism of the effort usually revolves around the opaque nature in which it has evolved. Private sector operators whose information would theoretically populate a central data exchange express concern over the potential imposition on their supply chains that would come without sufficient benefit to their operations.

GTX has the potential to become a game-changing new dynamic between the public and private sector. However, much remains to be revealed in terms of the anticipated concept of operations that would create the appropriate mix of incentives to support private sector involvement. It is conceivable that if such a ConOps is crafted – including data privacy assurances, a durable governance framework, and shared risk, among other things – the kind of transparency that could be brought to the global maritime trade domain may generate a great advantage for our Homeland Security efforts to identify threats and for our maritime economic operators to identify and mitigate disruptions to their supply chains.

NOTE:
Singapore is now the seventh international port to join an effort to test scanning capabilities geared toward preventing radioactive material from being smuggled via U.S.-bound shipping containers. Integrated scanning for these purposes includes radiation detection and X-ray imaging of 100 percent of maritime cargo headed to the U.S.

This effort, part of the Secure Freight Initiative run jointly by DHS, Energy, and State, is in response to a Congressional mandate included in the SAFE Port Act. Other recently announced ports that signed up include Port Qasim (Pakistan), Puerto Cortés (Honduras), and the Port of Southampton (UK).

Not much time to write these days, so this will be quick.  These two reports were sent in to the Watch yesterday.  While they were issued to the Department earlier in the year, they were just made public.

Both of these are by the Homeland Security Institute, the FFRDC set up for DHS.  HSI primarily serves the S&T Directorate, but they are a resource for the entire Department.  More on HSI here.

The first report is a study of the factors that contribute to the success or failure of a terrorist attack, as well as measures taken to counter those attacks.  Click here to download the pdf.

The second is a revealing report on the process of strategic planning for DHS.  The report asks a basic question: If the mission is to protect the homeland, how should the mission space really be defined?  The authors take on the scope of sub-missions and begin to identify actionable objectives for each of them.

A seven-year extension of the Terrorism Risk Insurance Act, or TRIA is closer to passage in the Congress this week. This will be the result of a compromise between Dems and Repubs, and between the House and the Senate. In general, Dems favor the legislation to enable private insurers to write policies that cover acts of terrorism, which they believe insurers otherwise would not provide out of concern that such a policy would be too risky. Repubs are, in general, unsupportive of extensions for the bill in favor of private sector market solutions that they believe would be less expensive.

The insurance industry paid more than $30 billion in claims as a result of the 9/11 terrorist attacks.  Afterward, commercial terrorism insurance for businesses became expensive and even impossible to obtain. Congress responded by passing TRIA to provide a financial backstop for the insurance industry so that it would continue to underwrite policies. TRIA is set to expire on December 31.

House Financial Services Chairman Barney Frank is leading the House charge to bolster TRIA. The Senate is seeking ways to continue TRIA in more modest ways. The White House supports the Senate’s more conservative version of the TRIA bill.

CQ wrote today that Chairman Frank will accept the Senate’s seven-year extension of TRIA, which is shorter than the 15-year extension he sought. The seven-year TRIA extension would increase the deficit by $3 billion over the next five years and $5.1 billion over the next decade, according to CBO estimates. Chairman Frank said he also would step back from requiring an expansion of the program to cover nuclear, biological, chemical, and radiological attacks. On the other hand, Frank is committed to reducing the $100 million threshold that would trigger government coverage to $50 million.

The last thing we should want to do is to leave America’s economy hanging without viable insurance coverage that can protect it against losses like those we saw in lower Manhattan on 9/11. However, there comes a time when industry will have to step up to identify the market – or create one – for providing the coverage necessary for confidence in today’s risk-laden environment. TRIA was created as a temporary fix to bridge the tenuous time between 9/11 and a more stable economic landscape that would allow the market to operate effectively in this new terrain. However, the question remains: What if the market sets a price so high for this coverage that demand never takes hold? We run the risk of creating an additional vulnerability in the form of a brittle economy that would likely suffer unnecessary cascading effects from a terrorist attack if the insurance coverage is not in place to buffer the financial impact.

Homeland Security Secretary Chertoff delivered a speech before the Institute of European Affairs in Dublin last Thursday and hit the usual high notes of transatlantic cooperation, which continues to strengthen below the radar of our politically charged policy environment on this side of the Pond.

How the Secretary portrayed that progress was with a lingua franca unfamiliar to the State Department diplomats. For example, he cited three principles on which he believes Americans and Europeans agree.

First, nations “must be willing not only to operate within their own borders and ports of entry, but beyond them as well.” He probably doesn’t mean that the way it sounds. Translation: find effective ways to cooperate with other nations to pursue shared interests in countering terrorism that crosses national boundaries.

Second, complete safety is out of reach and “the best alternative is a strategy that is governed by risk management.” While it may seem unremarkable by now, that concept will likely leave observers wondering what exactly the U.S. means by it.

Third, security can only be pursued effectively if in partnership with other nations. Put Chertoff on the National Security Council, please. It’s another unremarkable concept, but one that needs to be stated repeatedly.

So risk is inevitable and we should “manage” it. The closest this country has gotten to defining risk at the strategic level is in the context of debating where to apply federal funds, such as UASI grants.  Unfortunately, for all the work DHS and its component agencies have put toward defining risk over the years – since long before 9/11 – the latest Homeland Security Strategy barely addresses the idea.

The National Strategy gets only so close:

“the [National Preparedness Guidelines] constitutes a capabilities-based preparedness process for making informed decisions about managing homeland risk and prioritizing homeland security investments across disciplines, jurisdictions, regions, and levels of government, helping us to answer how prepared we are, how prepared we need to be, and how we prioritize efforts to close the gap.”

That’s what we should get if we manage risk, but what is the nature of risk in a post 9/11 strategic context? Later in the Strategy is a longer paragraph representing the only other description of risk:

“The assessment and management of risk underlies the full spectrum of our homeland security activities, including decisions about when, where, and how to invest in resources that eliminate, control, or mitigate risks. In the face of multiple and diverse catastrophic possibilities, we accept that risk – a function of threats, vulnerabilities, and consequences – is a permanent condition. We must apply a risk-based framework across all homeland security efforts in order to identify and assess potential hazards (including their downstream effects), determine what levels of relative risk are acceptable, and prioritize and allocate resources among all homeland security partners, both public and private, to prevent, protect against, and respond to and recover from all manner of incidents. A disciplined approach to managing risk will help to achieve overall effectiveness and efficiency in securing the Homeland. In order to develop this discipline, we as a Nation must organize and help mature the profession of risk management by adopting common risk analysis principles and standards, as well as a professional lexicon.”

Over 150 words and it still seems as though we’re talking around the concept without really saying what risk is apart from “a function of threats, vulnerabilities, and consequences.” That’s the same way we described risk on September 10, 2001. What we need is a straight forward explanation of risk in the 21st century. Sure its terrorism, but it is also much more if we consider that terrorist targets include almost anything in the civilian and commercial realm.  Risk is therefore a function of how interconnected today’s world has become.  A danger in this hemisphere ripples around the world depending on numerous factors beyond just threats, vulnerabilities, and consequences.

With little else to go on, our allies overseas listening to Secretary Chertoff last week could be forgiven if they walked away from his speech wondering just what it means to choose “a strategy that is governed by risk management.”

The new IBM white paper we wrote and I blogged about earlier offers the following:
“Risk today is characterized by the rise of the individual as well as the rise of small groups as strategic threats and the speed and unpredictability with which the harmful effects of disruptions in one part of the world can spread to other companies, sectors and countries.”

The National Homeland Security Strategy makes a sound point when in another slight reference to risk, it suggests that “companies that minimize risk will be rewarded by the market.” You might say that this maxim applies to the government, too.

While the National Strategy may have prompted more questions than it answered, there is another opportunity for us to get this knotty issue of risk nailed down so that we can plan against it and make wiser investments in both the public and private sector. Recall that Congress mandated that DHS issue a Quadrennial Homeland Security Review along the lines of the Pentagon’s Quadrennial Defense Review. This repesents a valuable opportunity for DHS to take this head on. No better document – at this point, anyway – than the first QHSR to put forth a workable concept of risk.