Homeland Security Watch

Washington-based think tank CSIS is joined by Rep. Jim Langevin (D-R.I.), chairman of the Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology; and Rep. Michael McCaul (R-Texas), the ranking Republican on the subcommittee to launch a cybersecurity commission of top experts in the field charged with putting forth recommendations for the next U.S. president.

The 32-member commission plans to finish its work by the end of 2008. Co-chairmen of the commission are retired Admiral Bobby Inman, former director of the U.S. National Security Agency; Scott Charney, corporate vice president for trustworthy computing at Microsoft Corp.; Rep. Langevin and Rep. McCaul.

UPDATE:

IBM Plans Major Security Initiative
Thursday November 1, 6:29 am ET
By Brian Bergstein, AP Technology Writer

IBM Says It Will Spend $1.5 Billion on Computer Security-Related Products in 2008

BOSTON (AP) — IBM Corp. plans to announce Thursday that it will boost what it spends developing computer security products to $1.5 billion in 2008, reflecting an intensifying focus for the company.

IBM executives would not say how much they used to spend. But analyst Charles King of Pund-IT Research said he believes $1.5 billion would be twice what IBM traditionally spends on security research and product development each year.

The figure is separate from IBM’s spending on acquisitions that bring in new technology. In the past year IBM has bought several security companies, including Internet Security Systems Inc. for $1.3 billion and Watchfire Corp. for at least $100 million.

Now IBM says it is integrating technologies from its acquisitions with security software and services developed in house. It expects to offer broader security packages so customers can reduce the number of providers they hire to protect their data.

“We believe there’s a crisis in the marketplace right now,” said Val Rahmani, who heads IBM’s infrastructure management services.

Even with this sharper focus, IBM will encounter tough competition from security specialists and other information-technology vendors such as Hewlett-Packard Co. and EMC Corp., which have also been spending heavily to bolster their offerings.

“Maritime Security: The Port Act: Status and Implementation One Year Later” was released yesterday by the GAO. The report assess several challenges DHS faces, including the 100% screening mandate, and makes recommendations to DHS to develop strategic plans, better plan the use of its human capital, establish performance measures, among other operational improvements. Top-level highlights are available here.

DHS announced it has contracted California-based Computer Sciences Corp. for information-technology support. Under the $53 million contract CSC will provide desk support, systems training and security and strategic business system planning among other business intelligence analysis support services for USCIS.

USCIS announced that it has selected a team that includes Northrop Grumman Corporation to provide large operations management services at the USCIS California and Vermont service centers. The three-year indefinite delivery/indefinite quantity (ID/IQ) contract has a total ceiling value of $225 million to the team, on which Northrop Grumman will be a subcontractor to Stanley, Inc.

A $357 million contract from USCIS went to Northrop Grumman to continue providing biometric capture services in support of U.S. citizenship applications and green card renewals. Biometric capture services involve electronic scanning and recording of fingerprints, and photograph and signature collection, for identification purposes. Under Northrop Grumman’s management of the biometric program, USCIS has reduced its fingerprint rejection rate from 20 to 1.5 percent.

A $225 million contract supporting USCIS Service Center Operations in Nebraska and Texas went to SI International. The company also supports USCIS Office of Records services with the tracking and accounting of more than 62 million immigration files.

In a letter to the outgoing Deputy Secretary of Homeland Security, Michael Jackson, House Homeland Security Committee Chairman Bennie Thompson chose to focus on the low lights of Jackson’s tenure. Thompson’s letter is a response to Jackson’s October 19 letter highlighting the efforts to fill vacancies at DHS.

The response takes issue with Jackson’s positive spin on filling vacancies (“filled, selected, or formally advertised” to be exact).  Thompson takes the opportunity to list a number of programs failing to meet expectations that may indicate a pretty clear agenda for the Dems to start critiquing the Repub’s homeland security record.

The programs identified in Chairman Thompson’s letter include:

• The Transportation Worker Identification Card program

• Secure Border Initiative and Project 28

• US-VISIT (biometric exit capability)

• National Infrastructure Protection Plan and the corresponding Sector-Specific Plans

• DHS Office of Health Affairs

• Surface Transportation Security (mass transit)

• FEMA (brain drain)

• Office of Emergency Communications

Of course, the Thompson letter could have highlighted some positive accomplishments by the Department.  But the Chairman closes his missive with a reference to a recent hearing that the DepSec did not to attend. Thompson suggests that the hearing, “Holding the Department of Homeland Security Accountable for Security Gaps,” was a missed opportunity for Jackson to defend the Department’s record. With a hearing title like that, I suppose its no surprise the DepSec had somewhere else to be.

Port terminals at the UK, Pakistan, and Honduras are the first of a batch of countries to sign up for DHS’s current phase of the Secure Freight Initiative (SFI). SFI screens US-bound maritime containers for nuclear or other radiological materials. It is unclear whether the agreements, protocols, equipment, and other requirements put in place to screen for nuclear threats will be put to use for other valuable security and trade purposes.

SFI is part of the DHS response to fulfilling the Security and Accountability For Every (SAFE) Port Act of 2006, which requires non-intrusive scanning for nuclear material on 100% of all maritime containers headed for the U.S. Data from these inspection systems informs the National Targeting Center in its assessment of what seems threatening enough to warrant added scrutiny. SFI almost entirely focuses on the nuclear threat. Jay Ahern, CBP Deputy Commissioner, said “…preventing a nuclear weapon or dirty bomb attack has to be one of our highest priorities. This initiative (SFI) advances a comprehensive strategy to secure the global supply chain and substantially limits the potential for terrorist threats,” said CBP Deputy Commissioner Jayson Ahern.

The “comprehensive strategy to secure the global supply chain” suggests much more than just detecting smuggled nuclear material. Subsequent phases of SFI may reveal a more robust – and much needed – program to view the global supply chain more strategically. The tools being developed and put in place for the nuclear threat, including bilateral and multilateral agreements, can provide significant leverage for bringing more security to the global trade flows. Illicit trafficking – not only of nuclear material – is always a threat in some way to some legitimate party. And the transparency that a program like SFI could generate promises the potential to do much more that detect loose nucs.

The kind of vulnerability these global flows confront carry with them a global concern for their resilience and protection, as well as their economic viability. Imagine if the Secure Freight Initiative and the Advanced Trade Data System were combined with the Proliferation Security Initiative. That would align many of the efforts and interests of DHS, DOD, DOE, State, and the Department of Commerce. It would also reflect a more “comprehensive” approach to a shared concern between the U.S. and her overseas partners – many of whom are reluctant partners – in securing global trade against both terrorism and general threats to economic efficiencies that these global flows attempt to maximize.

NOTE: Thank you for accommodating my absence while I was away. HLSWatch is back up and running.

I had the honor of working with two great colleagues in producing the next IBM white paper on Homeland Security issues. I will be off-line until November 1 and wanted to introduce this new study before I sign off to get married next week.

The new paper — by Scott Gould, Dan Prieto, and me — is entitled “Global Movement Management: Commerce, Security, and Resiliency in Today’s Networked World.” As IBM’s most recent thought leadership piece on homeland security, the paper offers a perspective on challenges shared by a broad community of interest that includes governments, corporations, NGOs, and individuals.

The report is to be rolled out on October 16th in Vancouver at IBM’s Global Executive Forum on Customs, Ports, and Border Management. You may download the Executive Summary here. By month’s end (possibly sooner), readers will be able to click through here to request a copy of the full report.

The key ideas presented in this paper focus on:
• The networked nature of 21st century risk
• A new concept of security we call “Intelligent Immunity”
• A revised and extended Global Movement Management analytical framework
• Strategic human capital
• Unique data assets and skills to be leveraged through technology in new ways
• A challenge we call the “governance gap” that currently limits progress in these areas

IBM first introduced its global movement management strategy in 2005 with “Global Movement Management: Securing the Global Economy.” Chris Beckner, the founder of this blog, co-wrote that piece with Scott Gould.

Both GMM papers explain how the health and well-being of modern society depend on highly integrated, complex economic systems that serve to move people, goods, conveyances, money and information around the world. These systems include, for example, immigration, aviation and transit systems for the movement of people; maritime, trucking and air cargo for the movement of goods; pipelines and electric grids to transport fuels and energy; and the Internet and other communications networks to move information and to enable financial flows. Collectively, these comprise the “global movement system.”

This thumbnail is a sneak preview of the revised GMM framework illustration (click to enlarge):

“Global Movement Management: Commerce, Security and Resiliency in Today’s Networked World” asserts that, despite the complexity of today’s global economy, movement systems are more alike than they are different. The basis for the GMM initiative is a belief that policymakers, business leaders, and security professionals should focus on these similarities as the keys to developing sound strategies for improving the performance, security and resilience of global movement systems, while also seeking to preserve core societal values.

NOTE: I may be recruiting a guest blogger or two for the next couple weeks. If interested, email jonah.hlswatch [at] gmail [dot] com.

The Washington Post ran a story today about the new National Strategy for Homeland Security that emphasizes the timing chosen for the new document. The article misses some important points.

The President’s homeland security advisor, Fran Townsend, is quoted as suggesting that “Homeland security both as a policy matter and as a concept didn’t exist prior to 9/11 and prior to…President Bush assuming office.” We may have called it “homeland defense” or “anti-terrorism” before, but it sure isn’t the sole product of 9/11 or this Administration. Whether it was the Gilmore Commission (1999-2004) or the Hart-Rudman Commission (1998-2001), or one of several other high-level efforts, that concept long predates the authors of the 2002 and 2007 Homeland Security Strategy documents.

The Post writers go on to quote Frank Cilluffo and David Heyman. Frank is candid in proposing that the new Strategy is more rearview mirror that proactive. Less than a contribution to the next Administration, he suggests it’s an effort to preserve the Bush Administration’s legacy. One would get that impression from the fact sheet put out by the White House Press Office. A full third of that document is dedicated to past successes and advice for the Congress.

David Heyman’s analysis is focused on one of the elephants in the room: How do you carry out a strategy – old or new – if you have a depleted workforce? But the Post story quotes him as though the problem is a lack of “processes and operations to support” the Strategy. This seems odd since a major highlight in the new document, also explained in this earlier post that broke the story of the Strategy being revised, that shows a very detailed process for policy, operations, and support.

The story did not point out that the timing of this new Strategy may just be overdue. After the first Strategy in 2002, there was the 2003 Iraq invasion and the creation of a whole new enemy called “al Qaeda in Iraq,” the Madrid bombings in 2004, London bombings in July 2005, and the Bali bombings later that same year. The Department of Homeland Security had only been around for six months at the time the first Strategy was issued.

I can understand why the re-election effort in 2004 may have slowed things down in the policy shop, but why not issue a new Strategy in 2005? That would have given this Administration four years to carry it out. Did we have to wait to have the concept of natural disasters included more prominently into our Homeland Security doctrine until after Hurricane Katrina?

Readers will recall the post we had here on September 25 introducing the presentation slides being used by White House officials to brief Congressional, State, and Local stakeholders about changes to be made to the nation’s homeland security strategy. It revealed a broadened focus that emphasized both natural disasters as a risk and offensive measures as a resource in protecting the homeland. The White House issued a statement today that describes those changes as:

Acknowledging that while we must continue to focus on the persistent and evolving terrorist threat, we also must recognize that certain non-terrorist events that reach catastrophic levels can have significant implications for homeland security.

Emphasizing that as we secure the Homeland we cannot simply rely on defensive approaches and well-planned response and recovery measures. We recognize that our efforts also must involve offense at home and abroad.

A full third of this fact sheet lists accomplishments by the Administration since 9/11 and suggests what Congress should do on secret surveillance laws, Committee jurisdictions, and grant allocations.  The entire strategy is available for download here. 

Leaving aside for the moment the question of “Why now,” the “national information management system” cited in the Strategy peaks my interest. Since there’s little on it in the document, perhaps this refers to something already underway. It may be the Interagency Incident Management Group. Readers of this blog usually have all the answers so please comment.

Other highlights include the following:

Situational Awareness & Information management
Maintaining situational awareness requires “prioritiz[ing] information and develop[ing] a common operating picture, both of which require a well-developed national information management system and effective multi-agency coordination centers to support decision-making during incidents.” The concept of situational awareness is identified as the fifth core principle of incident management and defined as

“continuous sharing, monitoring, verification, and synthesis of information to support informed decisions on how to best manage threats, potential threats, disasters, or events of concern.”

The Strategy acknowledges that while timely information is valuable, it also can be overwhelming. Situational awareness and decision-making, therefore, demands that incident information be effectively prioritized. The Strategy refers again to a “national information management system.” That system’s role is to “integrate key information and define national information requirements.” Not a bad job to have. This type of role would amount to the czar of all czars.

Cyber Security: A Special Consideration
The Strategy asserts that in order to secure the nation’s cyber infrastructure against man-made and natural threats, Federal, State, and local governments, along with the private sector, must work together to prevent damage to, and the unauthorized use and exploitation of, cyber systems.

The Secure Freight Initiative is called out specifically as a “comprehensive model for securing the global supply chain that seeks to enhance security while keeping legitimate trade flowing.” The Secure Initiative, it explains, “leverages shipper information, host country government partnerships, and trade partnerships to scan cargo containers bound for the United States.” Nothing further about the Global Trade Exchange or other phases of this Initiative can be found in the Strategy.

Interoperable and Resilient Communications
The Strategy identifies two distinct communications challenges: interoperability and survivability. Interoperability, according to the Strategy requires “compatible equipment, standard operating procedures, planning, mature governance structures, and a collaborative culture that enables all necessary parties to work together seamlessly.” Survivable communications infrastructure requires that the nation’s “communications systems [are] resilient – either able to withstand destructive forces regardless of cause or sufficiently redundant to suffer damage and remain reliable.”

GAO released a statement this week on the SAFE Port Act. The Act covered a range of policies focused on maritime security, but may be best known for its mandate to scan 100% of all incoming maritime cargo. DHS is principally responsible for executing on the Act, but relevant component agencies include the U.S Coast Guard, Customs and Border Protection, Domestic Nuclear Detection Office, and the Transportation Security Agency.

GAO delved into this one. They “visited domestic and overseas ports; reviewed agency program documents, port security plans, and post-exercise reports; and interviewed officials from the federal, state, local, private, and international sectors.” GAO’s recommendations focus on the need to develop strategic plans, better plan the use of DHS human capital, and establish performance measures. The programs addressed in this document can be organized as follows:

CBP announced the dates of its 2007 trade symposium. To be held on November, 14th and 15th of November, topics include the following:
• Cargo Security
• Trade Issues
• ACE / ITDS
• Post-Incident Business Resumption
• Global Issues

The Trade Symposium will be held at the Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Avenue, N.W., Washington, DC. CBP set up a website dedicated to the event at which updates can be found.

I couldn’t find much more than this for the agenda:

Wednesday, November 14, 2007
• Registration/Exhibition – 10:30am
• Opening and Symposium Panels – 1:00pm – 5:30pm
• Review Exhibits 5:30pm – 6:00pm
• Open Forum with Senior Management – 6:00 pm – 8:00pm

Thursday, November 15, 2007
• Continental Breakfast – 7:30am
• Symposium Panels – 8:15am – 11:45am
• Luncheon – 11:45am – 1:15pm
• Symposium Panels – 1:30pm – 4:45pm
• Closing Remarks – 4:45pm – 5:00pm

Monday, October 08

Events TBD

Tuesday, October 09

6:30 PM EDT
Transportation Security Administration Administrator Kip Hawley will address the British-American Business Association
British Embassy Rotunda
3100 Massachusetts Avenue, NW
Washington, DC

Wednesday, October 10

9:30 AM EDT
Assistant Secretary for Cybersecurity and Communications Greg Garcia will deliver a keynote address to the Detroit SecureWorld Expo on the development and implementation of the Information Technology Sector-Specific Plan, National Cyber Security Awareness Month activities, and the steps public and private sector organizations can take to protect cyberspace
Ford Motor Company Conference and Event Center
Keynote Theater
1151 Village Road
Dearborn, MI

10:00 AM EDT
Transportation Security Administration Administrator Kip Hawley will testify before the House Committee on Homeland Security, Subcommittee on Transportation Security and Infrastructure Protection on aviation security
2167 Rayburn House Office Building
Washington, DC

1:30 PM EDT
Chief Privacy Officer Hugo Teufel III will speak at the National Chamber Foundation’s “RFID Solutions: Securing the Commerce for Tomorrow” conference on the Department’s policy on Radio Frequency Identification
Ronald Reagan Building and International Trade Center
1300 Pennsylvania Avenue, NW
Washington, DC

2:00 PM EDT
Domestic Nuclear Detection Office Director Vayl Oxford will testify before the House Committee on Homeland Security, Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology on the Domestic Nuclear Detection Office’s technical nuclear forensics program
311 Cannon House Office Building
Washington, DC

Thursday, October 11

9:00 AM PDT
Federal Emergency Management Agency Administrator David Paulison will deliver the keynote address at the National Emergency Preparedness Conference
Capital Christian Center
MRC Room
9470 Micron Avenue
Sacramento, CA

2:00 PM EDT

Update: This hearing is postponed to Tuesday, Oct. 16, 10 a.m. Location: 342 Dirksen Bldg.

U.S. Coast Guard Admiral Craig Bone, Transportation Security Administration Director of Maritime and Surface Credentialing Stephen Sadler, Domestic Nuclear Detection Office Director Vayl Oxford, and U.S. Customs and Border Protection Office of Field Operations Assistant Commissioner Thomas Winkowski will testify before the House Homeland Security Committee Subcommittee on Border, Maritime and Global Counterterrorism on the SAFE Port Act
311 Cannon House Office Building
Washington, DC Friday, October 1210:15 AM EDT
U.S. Citizenship and Immigration Services Director Emilio Gonzalez will address the National Foundation for Women Legislators
The Seelbach Hilton Louisville
500 Fourth Street
Louisville, KY

11:00 AM EDT
U.S. Citizenship and Immigration Services Ombudsman Prakash Khatri will address the conference of the American Academy of Adoption Attorneys on International Adoption and Immigration
Marriott Hotel
300 South Charles Street
Baltimore, MD

DHS is back to the drawing board with its National Applications Office. In hindsight, it was impressive that this new Office should come together so quickly and in final format with a Fact Sheet and all more than a month ahead of its roll-out. The interagency negotiations and burdens of transforming the legacy aspects of the Civil Applications Office must have quite a challenge. But not as challenging as the Congress would prove to be.

Bennie Thompson, Chairman of the House Homeland Security Committee released a statement this week that began by explaining that “After several requests from the Homeland Security Committee calling for a moratorium on the controversial use of spy satellite imagery for domestic purposes, the Department has heeded the call and delayed its planned October 1st launch of its new National Applications Office (NAO).”

Readers may recall the September 10 post here explaining the plans for this new office. This is effectively a modernization of the Civil Applications Office (CAO) to reflect a joint effort of two new entities: DHS and the Office of the Director of National Intelligence. A lot has changed since the days of the CAO. Evidently the civil liberties questions today are no match for the NAO. Thompson explains that as a result of the “moratorium,” DHS “has cited the need to address unanswered privacy and civil liberties questions from Congress – as addressed in the Committee’s September 6th hearing on the matter and also in letters from August 22nd and September 6th from Committee Members.”

This sounds a lot like the days when we rolled out the Domestic Nuclear Detection Office. While the challenges had more to do with political science than with privacy protection, the Congress felt as if they were in the dark about the DNDO and pushed back hard. Both Democrats and Republicans were skeptical of the DNDO since they were effectively told of its existence when it showed up in the President’s budget request. (The Presidential Directive creating it was not released.) It made a Congressional Affairs expert out of the DNDO Director real quick. Vayl Oxford spent upwards of 30 visits to the Hill over a few months. Eventually, as he explained it to me, they went from “justifying our existence to justifying our investments.”

That may be a better fate than the NAO will meet.

Tom Friedman’s piece in yesterday’s NYT made a heck of a sound point: “We have to get our groove back.” By that he means that the America we knew may have changed on 9/11, but it doesn’t need to go on changing along the same hyper-secure trajectory along which the costs risk outweighing the benefits.  I’ll be the first to admit that our efforts to secure the homeland against terrorism are needed and unfinished. However, Friedman’s observation suggests we do not need to have only two views on this issue:

In one corner we have the New York Times editorial staff. In the other corner is Secretary Chertoff. The NYT ran an editorial suggesting that the Administration’s invocation of 9/11 and the terrorist threat supports political objectives and obscures the real challenge of securing the homeland. Secretary Chertoff’s “how dare you” rebuttal roundly criticized the NYT for failing to mention a number of accomplishments and risking the reemergence of another vulnerability: a public’s eroding commitment.

Break it up, gentlemen. Freidman offers a third way that makes sense. Recognize that we are winning in the fight against terrorism, narrowly defined. Consider the externalities of our “global war on terror,” particularly the ones that come back to bite us (i.e. declining credibility in crucial regions, important international organizations, and visitors to the U.S. that make this country great).

Despite all the negative overtones when just about anyone in the world is asked about the fight against terrorism that followed 9/11, we are not in it alone. While researching this topic I found several dedicated programs underway at the European Union, NATO, and countless non-government organizations. Get this: there’s an International Institute for Homeland Security, Defense and Restoration. Sign me up. We run a serious risk of losing the fight against terrorism and the effort to protect civilan populations if we fail to work together. Collaboration can be a decisive advantage.  That’s something the terrorists can’t attack.

However, Friedman’s correct when he points out that we can lose this fight by simply changing who we are. Its just not worth it to be secure in a non-America where the role of government, free speech, and commitments to the next generation are obscured. Friedman calls for a “9/12” mentality as opposed to a “9/11” mindset.

If the NYT is 9/10 and the Secretary is 9/11, who will represent the 9/12 way forward? Perhaps we should give some space on this site for the presidential campaigns to weigh in….