Homeland Security Watch

News and analysis of critical issues in homeland security

July 31, 2006

New book on the Katrina response

Filed under: Preparedness and Response — by Christian Beckner on July 31, 2006

A new book comes out next week entitled “Disaster: Hurricane Katrina and the Failure of Homeland Security” by Wall Street Journal reporters Bobby Block and Christopher Cooper. The WSJ had an article last Thursday that highlights one of the linchpin issues in the response to Katrina: the information flow regarding the breach of the levees in New Orleans. The article describes how the Homeland Security Operations Center became a bottleneck to information rather than a centralized clearinghouse:

disaster.jpg

…Likewise, Matthew Broderick, the director of the Homeland Security Operations Center, or HSOC, saw no reason for extraordinary action without definitive proof that there was a catastrophe in New Orleans. And his view of what constituted a catastrophe was pivotal: As HSOC commander, he was responsible for giving Mr. Chertoff and the White House virtually all of the ground intelligence they would receive during the disaster.

To Mr. Broderick, the trigger for a heightened response was clear: If the city’s levee system was seriously breached and couldn’t be repaired immediately, it was a catastrophe. Flooding over the levees, by contrast, even if it was severe, was “normal, typical, hurricane background stuff,” he would later tell Senate investigators. “You know, we have floods in Pennsylvania all the time. We have floods in New Jersey all the time. Every time there’s a hurricane, there’s a flood.”

A retired Marine brigadier general with some 30 years of experience, Mr. Broderick was determined that the information he delivered to Mr. Chertoff and the White House be stripped of innuendo and boiled down to only the hardest facts. “One of the jobs of HSOC is to not overreact, not get hysterical and get the facts,” Mr. Broderick told investigators. Under this rubric, he simply didn’t pass on much of the information he collected.

The result is that even though the breach of the levees began on Monday morning (8/29), and there were numerous channels by which this information was reported, it did not make it to the senior decision-makers until late that night (in part because contradictory information was given undue value), and Katrina was not declared an Incident of National Significance (activating the NRP) until the next morning.

Block is one of the top DHS beat reporters, and Cooper came to the WSJ from the Times-Picayune, so I’m expecting the whole book to be a worthwhile read, in terms of synthesizing the narrative of the response to Katrina. I’ll post a full review at some point in the near future.

Update (7/31): Here’s another longer excerpt.

Grants under fire in Virginia, Oklahoma

Filed under: Preparedness and Response,State and Local HLS — by Christian Beckner on July 31, 2006

The DHS inspector general released an audit of Virginia’s homeland security grant spending last Friday, attracting the attention of the Washington Post over the weekend. The audit points out examples of irregular grant spending in 2002 and 2003, but these represent less than 1% ($408,000 out of $53.5 million) of the funds in 2002-03 to the state for the programs examined, and I think former Virginia homeland security advisor and current DHS Under Secretary George Foresman is correct when he defends the state’s activity in the Post:

In an interview yesterday, Foresman said the audit failed to take into account the frenzied atmosphere after the terrorist attacks of Sept. 11, 2001. “You have to put this period in context,” he said. “They will find the same thing in all 50 states.”

Meanwhile, the Tulsa World reported yesterday that Oklahoma has spent only one-third of the money awarded to it in homeland security grants in the 2002-2006 period, and finds problems in the execution of many important state preparedness and response programs:

A $16.6 million regional response system using special trailers is unfinished and partially unequipped after years of planning. The system is the centerpiece of the state’s disaster-response plan. Funding for some segments of the plan has been extended since 2003 and probably cannot go beyond December.

A second key element of state’s preparedness plan also faces challenges. The state is spending $28 million to extend an 800-megahertz radio signal linking first-responders across the state. While the radio channel will cover a large swath of Oklahoma, key cities such as Broken Arrow and Oklahoma City would be dead to the signal without a frequency patch. The patch and other transfer methods have their limitations and could be problematic for responders during a disaster.

The findings in this story are much more serious than the IG report on Virginia, and are surprising for a state that has experienced domestic terrorism on a tragic scale. It raises serious questions about the effectiveness of the state’s homeland grant bureaucracy, and prompts questions as to whether Oklahoma deserved to be in the top 50% of states in terms of discretionary homeland security grant spending per capita for FY 2006.

DHS staffs screening coordination office

Filed under: Aviation Security,Border Security,DHS News — by Christian Beckner on July 31, 2006

Eighteen months after the announcement of the office, DHS has named a director for the Screening Coordination Office (SCO). From a statement by Sec. Chertoff:

I am pleased to announce that Kathleen L. Kraninger has started as Director of the Office of Screening Coordination for the Department of Homeland Security. In this new role, Kathy will oversee efforts to enhance our security measures by integrating the department’s terrorist and immigration-related screening efforts, creating unified screening standards and policies, and developing a single redress process for travelers.

Kathy’s unique expertise in screening and credentialing programs will foster new and innovative approaches to how the department detects and interdicts threats of all types. She will also play an important role in improving the experience for legitimate foreign travelers entering the United States.

I appreciate Kathy’s willingness to return to service at the department after her time at the Senate Committee on Homeland Security and Governmental Affairs. She helped to stand up the Transportation Security Administration and then the Department of Homeland Security as a policy advisor to the Secretaries of Transportation and Homeland Security. She has specialized in border, maritime and transportation security policy, privacy issues, and intelligence. Kathy is a Phi Beta Kappa graduate of Marquette University, and a native of Cleveland, Ohio.

I think that there’s a real need for this office, given the insufficient level of coordination among the Department’s (and the rest of the federal government’s) multiple screening and targeting programs, but this office is going to face significant challenges in pursuit of efforts to enhance coordination. The original name for this office was the “Office of Screening Coordination and Operations.” The dropping of these last two words reflects an already scaled-down vision for this office.

Kraninger will also face the challenge of running an office that technically has no money. The $4 million that was appropriated for the SCO in FY 2006 was rescinded in the FY 2006 wartime supplemental, according to page 12 of the Senate’s conference report on FY 2007 DHS appropriations. And neither the House nor the Senate included funding for the office in the respective FY 2007 appropriations bills, insisting that the Policy Office’s budget should cover this account.

DHS.gov prepares for a makeover

Filed under: DHS News — by Christian Beckner on July 31, 2006

This webpage at DHS.gov describes current plans to relaunch the website in the early fall with a new look, and adjust its information architecture, making it so that “information is organized according to topic, NOT according to organizational structure, and that the choices are clear to visitors.” This document provides an outline for that new “information architecture.”

This new architecture is a slight improvement over the current site, but I think it’s still too hierarchical, in the manner of a static website circa 1998-2000, and not designed in a way that reflects the inherently networked nature of homeland security, linking content across the multiple content verticals. And I don’t see anything in the plan that indicates that DHS.gov will develop newer capabilities such as RSS feeds, live streaming video, podcasts, and online chats. (For example, see how the State Department’s website uses these tools.) Finally, the new info architecture diminishes the importance of critical infrastructure protection, which should be one of the most important areas for general outreach via the website. It would split CIP-related information into multiple categories, instead of providing a single portal where those responsible for the security of different types of infrastructure can find information.

WaPo looks at the evolving bioterror threat

Filed under: Biosecurity — by Christian Beckner on July 31, 2006

The Washington Post published two long, excellent pieces on bioterrorism yesterday and today, the first story focused on the controversial creation of the National Biodefense Analysis and Countermeasures Center (NBACC), and today’s story focused on the disturbing threats could arise out of the development of synthetic biology. Together, the two stories provide a solid precis of the key issues in bioterrorism today, and raise important questions:

  • The work of the NBACC is intended to defeat new bioterror threats, but could it also help create them?
  • Will there be enough accountability and oversight at the NBACC, given the shroud of secrecy in which it is covered? (See this link for some of the scraps of info on it.)
  • Does the creation of the NBACC help create a de facto bioterror arms race in the world?
  • Will synthetic biology become a terrorist tool, or a tool used by rogue nations?
  • What’s the best way to counter these threats?
  • Does the Select Agent rule need to be expanded to account for synthetic biology-related risks?

Overall, two very interesting stories, worth reading in full.

Update (8/1): David Stephenson weighs in on the stories.

Update (8/2): A good post from Jason Sigger at Armchair Generalist on the two stories.

July 28, 2006

HLS in DC, July 31-Aug. 4, 2006

Filed under: Events — by Christian Beckner on July 28, 2006

Below is a list of homeland security policy events in the DC area next week (as well as the occasional listing outside of DC). I post a list each week and will sometimes update mid-week when I find new items. You can always find current and previous postings under the “Events” category tab at right. And please note that many events require prior invitations and/or RSVPs.

7/31-8/4: 15th USENIX Security Symposium. Vancouver, BC.
8/1-8/2: Midwest Security Conference. Rosemont, IL.
8/1: National Association of Manufacturers-hosted event to release a report entitled “Innovators in Supply Chain Security: Better Security Drives Business Value.” 1331 Pennsylvania Ave NW, Suite 600, 10am.
8/1: Cato Institute event on “Comprehensive Immigration Reform for a Growing Economy” with Sec. of Commerce Carlos Gutierrez. 1000 Massachusetts Ave NW, 12 noon.
8/2: Aspen Institute discussion of the new book “Disaster: Hurricane Katrina and the Failure of Homeland Security” by WSJ reporters Robert Block and Christopher Cooper. 1 Dupont Circle, NW, time TBD.
8/2: Senate Finance Committee hearing on “Border Insecurity, Take Two: Fake IDs Foil the First Line of Defense.” Dirksen 215, 10am.
8/3: Commercial Operations Advisory Committee meeting. Reagan Building, Horizon Ballroom, 9am.
8/3: Heritage Foundation event on “Rethinking Immigration Proposals: Security and Enforcement Gaps” with DHS Asst. Secretary for Policy Stewart Baker. 214 Massachusetts Ave NE, 3pm.

(Please e-mail me if you have suggestions about additions to this list for this week, or future weeks).

Hearing chides DHS cybersecurity efforts

Filed under: Congress and HLS,Infrastructure Protection — by Christian Beckner on July 28, 2006

A subcommittee of the Senate Homeland Security and Government Affairs Committee held a hearing today on “Cyber Security: Recovery and Reconstitution of Critical Networks.” DHS Under Secretary George Foresman testified at the hearing, and found himself having to respond to a GAO report also released at the hearing that lambasted DHS’s efforts to coordinate preparedness for a catastrophic cybersecurity attack. The hearing is summarized well in this story at ZDNet:

A Republican senator on Friday blasted the U.S. Department of Homeland Security’s readiness for a massive cyberattack, saying he hasn’t seen any improvements since bringing in department officials for questioning last summer.

“Despite spending millions of dollars over the past year, DHS continues to struggle with how to effectively form and maintain effective public-private partnerships in support of cybersecurity,” Sen. Tom Coburn of Oklahoma said at a hearing convened by a Senate Homeland Security subcommittee, of which he is chairman.

Coburn, the only politician present at the 90-minute hearing, grilled top computer security officials from Homeland Security, the National Security Agency, the Office of Management and Budget, and the Government Accountability Office (GAO). He also asked private-sector companies for suggestions for government action.

The Oklahoma senator joined industry groups and congressional colleagues in chiding the agency for failing to appoint a high-level cybersecurity chief one year after the post’s creation. He said having a strong leader in charge is critically important to defend against a crippling cyberattack that could take out not only e-commerce and communications capacities, but also “electrical transformers, chemical systems and pipelines” controlled by computers.

“There’s going to be an assistant secretary (for cybersecurity and telecommunications), I promise you, even if we have to raise the salary for the position,” he said.

The problem isn’t just the salary, as I’ve noted previously. There’s no good reason to apply a political litmus test to a technoratic position.

….Homeland Security’s top cybersecurity post has remained a low- to mid-level position ever since Congress passed a 2002 law that melded 22 federal agencies and made the department chiefly responsible for protecting cyberspace. Numerous audits have faulted the sprawling cabinet department for its lack of readiness to handle large-scale attacks and for shortcomings on its internal networks.

That blistering critique continued on Friday with a new GAO report, which accused Homeland Security of failing to finalize clear plans that detail the responsibilities of state and local governments, other federal agencies and the private sector before, during and after Internet disruptions. “Today, no such plan exists” despite a federal mandate to devise one, Keith Rhodes, the GAO’s chief technologist, told the committee.

Overall, a useful hearing, one that will hopefully prod DHS into filling this year-long vacancy and addressing the important concerns outlined in the GAO’s report.

Forbes looks at the homeland security market

Filed under: Business of HLS — by Christian Beckner on July 28, 2006

Forbes Magazine published a couple of stories today on the state of the homeland security market, one on SAIC’s upcoming IPO, the other providing a more general survey of the market. The latter story is a bit convoluted in its analysis, not surprising given the challenges of trying to define and apply clear parameters to the homeland security market, but it does a better job than most similar stories at pointing out the multiple factors and points of evidence that must be considered in assessing the general trajectory of the market.

Presentation surveys Coast Guard intelligence activities

Filed under: Intelligence and Info-Sharing,Port and Maritime Security — by Christian Beckner on July 28, 2006

The website for a homeland security-related conference held last month recently posted a presentation from the event, on the Coast Guard’s intelligence-related activities:

Coast Guard Intelligence and Criminal Investigations, Mike Payne, U.S. Coast Guard

It’s an interesting presentation, as an insight into the Coast Guard’s generally low-profile intelligence activities, which were also discussed in this Congressional testimony last month.

A couple of other interesting presentations from the conference:

Information Sharing Environment, Clark Smith, DNI
NGA and Multi-Level Security, Robert Laurine, NGA

July 27, 2006

New DHS support for fusion centers

Filed under: Intelligence and Info-Sharing,State and Local HLS — by Christian Beckner on July 27, 2006

DHS issued a press release today announcing its intention to post intelligence analysts at state and regional fusion centers around the country – a decision that DHS intelligence chief Charlie Allen mentioned in his remarks last week. The announcement coincides with the official opening today of LA’s Joint Regional Intelligence Center (JRIC). I’ve been somwhat skeptical in the past about these state & local fusion centers, worrying that they would be disconnected from the federal intelligence apparatus. But as it has become apparent that DHS and DOJ are making a serious commitment to support them, I’ve changed my mind, and I think that they can potentially play the same role that a federal domestic intelligence agency (like the British MI-5) would serve.

Border bill nonsense on CNN

Filed under: Border Security — by Christian Beckner on July 27, 2006

CNN’s Lou Dobbs Tonight aired one of the most asinine, slanted pieces I’ve heard in a long time tonight, on the state of play of the immigration and border legislation. The transcript is here - the segment by correspondent Lisa Sylvester is about 1/3rd of the way through the document. She begins (emphasis added):

Lou, the Senate passed its immigration legislation after only 10 days of full debate. Many questions were never answered, including, how would the federal government screen the millions of illegal aliens and what guarantee is there that terrorists could not exploit the system? Today, the House took up some of those issues.

Ten days? Hmm, how many days did the House spend debating H.R. 4437 on the floor last December? TWO.

And later, at the end of the segment, Sylvester says:

Supporters of the Senate bill want to settle these issues in conference committee. Members of the House say the issues are too large and too important to be decided behind closed doors. House members are concerned the amnesty provisions are so generous, the United States would still have less, not more, control over its immigration system. As one witness put it, he said, “The Senate bill almost ignores that there ever was such a thing as a 9/11 attack on the United States”

Hmm, so the negotiations on the Bill of Rights in 1789 were suitable for a House-Senate conference, but this bill is “too large and too important” for doing things the way that Congress is supposed to do them? And this last sentence is bunk. Both bills contain relatively strong border security language that would add more guards, fencing, and technology; the main dispute at this point is over the temporary worker program, which is primarily an immigration and economic issue, not a terrorism-related issue. So how exactly does the Senate bill ignore 9/11? Did illegal immigrant Mexicans carry out the attacks of 9/11 and no one told me?

The debate on immigration and border security is getting to the point of shrillness where I’m beginning to think that it’s undermining the #1 mission of DHS: preventing terrorism. So much of the DHS senior leaders’ time is spent these days doing photo-ops at the border and at worksite crackdowns that I’m starting to wonder whether they’re taking their eye off the ball. I’ve supported the passage of border security legislation this year because I do there are important terror-related vulnerabilities at our land borders, given the statistics about the number of people from “countries of interest” who have been intercepted trying to cross the border. That’s why I think certain provisions in the House bill (i.e. more border fencing) are better than the Senate’s bill. But I worry that the highly-politicized, demagogic debate that’s emerged on these issues over the last six months is creating an unhealthy dynamic that is distracting us from our fight against the real enemy: al-Qaeda.

A misleading new report on DHS contracts

Filed under: Business of HLS,DHS News — by Christian Beckner on July 27, 2006

The House Government Reform Committee released a report this morning entitled “Waste, Abuse and Mismanagement in Department of Homeland Security Contracts”, in conjunction with a hearing on the topic. The report earned front-page treatment in the Washington Post today – surprising given that it contains little new information. The report make a number of attention-getting claims, but many of these are misleading when you look at the underlying data and check the sources cited in the footnotes.

For example, one of the report’s banner claims is that it “identifies 32 DHS contracts collectively worth $34.3 billion that have been plagued by waste, abuse, or mismanagement.” Sounds shocking, right? If I was reading this quickly, I would think that DHS has wasted $34 billion of the taxpayers’ money. But take a look at the distribution of this “$34.3 billion.” Nearly half of it – $17 billion – is for the Coast Guard’s Deepwater program, their effort to modernize their fleet of ships and planes – a program that usually ranks up there with mom and apple pie. While projected costs have risen for this program, the most likely reason for this is not waste or fraud, but the Coast Guard’s transformed requirements after 9/11. And keep in mind that this $17 billion includes spending out into the next decade – as is the case with the next largest item on the list, the US-VISIT program (at $10 billion, only a small fraction of which has been spent to date).

The remaining $7.3 billion of this total largely consists of two things: first, TSA contracts back in 2002 before the creation of DHS, which were no doubt flawed (something that the Congress itself deserves a share of responsibility for, given the deadlines that it set for complying with ATSA mandates). And second, post-Katrina FEMA contracts which were also flawed (and which I’ve also frequently criticized).

The list does include one additional recent contract – the acquisition of Radiation Portal Monitors – but the report’s treatment of this contract makes a very erroneous claim. The report states that:

According to press reports, on an average day at the combined ports of New York and Newark, only 6% to 7% of the shipments are run through the radiation portals.

…linking to the transcript of a 60 Minutes report in March 2006, which clearly states that the 6%-7% applies to the VACIS x-ray imaging equipment – not the radiation portal monitors.

Finally, the report makes the claim that “Procurement spending at DHS has surged 189% since the creation of the new Department, rising from $3.5 billion in 2003 to $10 billion in 2005.” I’d like to see the underlying data that supports that claim. Since 2003 I’ve tracked DHS spending as closely as anyone outside of government, and this doesn’t square with my prior analysis, which would suggest that the % growth in contracts between 2003 and 2006 is actually quite small. I suspect that the Committee is using a source that has incomplete data for DHS’s first year or two, given the lack of reliable public data on contracts for this period. Or perhaps this increase is due to the fact that DHS was heavily reliant on contracting through other agencies in its first 2-3 years, and the database that the Committee used credits this spending to other agencies (this is why it’s important to cross-check with budget documents). Or perhaps the report uses one-time post-Katrina contracts to falsely denote a meaningful trend. My sense is that that this “increase” is actually an indicator that the DHS procurement shop has done a better job in the last two years of accounting for all DHS contracts.

There no doubt have been problems with homeland security-related procurement in the past few years, especially during TSA’s first year of existence and the post-Katrina spending spree. But this report is an error-filled and misleading account of this record.

Update (7/27): Overheard on the DC metro this afternoon, confirming my contention that this report and the Washington Post story give misleading impressions: “You won’t believe this story…it says that DHS has wasted 34 billion dollars in the last two or three years!”

Update 2 (7/28): More misleading press coverage of this report, this time from AP:

The Homeland Security Department spent $34 billion in its first two years on private contracts that were poorly managed or included significant waste or abuse, a congressional report concluded Thursday.

As I mentioned earlier in the post, $27 billion of this total is for full costs of the Deepwater and US-VISIT programs, out over the next 10-15 years. The vast majority of this total – at least 75% of the $27 billion – has not yet been spent by DHS.

US-VISIT expands to include permanent U.S. residents

Filed under: Border Security,Privacy and Security — by Christian Beckner on July 27, 2006

DHS released a notice in the Federal Register today (noticed quickly by the New York Times) that announces plans to increase the categories of people who will be required to enroll in the US-VISIT system (i.e. be fingerprinted and have their picture taken) when they enter and exit the United States, to include:

  • All legal permanent residents (green card holders) living in the United States;
  • Aliens seeking admission on immigrant visas;
  • Refugees and asylees;
  • Canadians who are in the United States as students, journalists, crew members, temporary workers, intracompany transferees, and athletes (but not Canadians visiting for short-term business or pleasure…they will be covered under pending WHTI regs).

Is the U.S. entry system ready for this additional work burden? This could potentially lead to longer wait times at certain land border crossings and airports if not managed correctly. Also, I would expect there to be some serious privacy-related backlash on this decision, given the fact that lawful permanent residents are considered “US persons” from a legal standpoint, and under law should have the same privacy rights as U.S. citizens.

A rat army to the rescue?

Filed under: Technology for HLS — by Christian Beckner on July 27, 2006

IEEE Network magazine published an intriguing paper in a recent issue entitled “A wireless biosensor network using autonomously controlled animals.” (An earlier version of the report is available here). The authors envision using rats for homeland security-related search & rescue options, giving them instructions via autonomous control algorithms and creating a wireless sensor network among multiple rats wearing backpacks. This would in theory make it possible to search a rubble-strewn disaster site (perhaps after an earthquake) in a rapid manner and quickly pinpoint any survivors. The report contains this amusing chart that shows what this network would look like:

Is this idea feasible as a tool for practical homeland security applications? As is the case with any single research effort like this, it’s difficult to say. Although I have a high degree of confidence that collectively R&D efforts like this will lead to real improvements in the nation’s homeland security capabilities over the coming years.

July 26, 2006

Air marshal quotas leading to wrongful watchlisting?

Filed under: Aviation Security — by Christian Beckner on July 26, 2006

Are air marshals forced to make monthly quotas in terms of reporting suspicious activity, leading them to report on innocent passengers…potentially leading to these individuals being watch-listed? Yes, according to air marshals interviewed by a TV station in Denver:

You could be on a secret government database or watch list for simply taking a picture on an airplane. Some federal air marshals say they’re reporting your actions to meet a quota, even though some top officials deny it.

The air marshals, whose identities are being concealed, told 7NEWS that they’re required to submit at least one report a month. If they don’t, there’s no raise, no bonus, no awards and no special assignments.

“Innocent passengers are being entered into an international intelligence database as suspicious persons, acting in a suspicious manner on an aircraft … and they did nothing wrong,” said one federal air marshal.

These unknowing passengers who are doing nothing wrong are landing in a secret government document called a Surveillance Detection Report, or SDR. Air marshals told 7NEWS that managers in Las Vegas created and continue to maintain this potentially dangerous quota system.

If this is true, it’s deplorable. The leadership of DHS and TSA need to intervene immediately to end these quotas and inform the public that this issue has been resolved.

DHS IG report on point-of-entry procedures

Filed under: Border Security — by Christian Beckner on July 26, 2006

The DHS Inspector General released a redacted version of a report entitled “Review of CBP Actions Taken to Intercept Suspected Terrorists at U.S. Points of Entry.” It tells the story of an inspection regime that is not yet able to fully leverage the significant investments in improved systems and databases over the past few years, because of mundane issues like the lack of security clearances for frontline CBP officials and inconsistent procedures for reporting suspicious incidents.

The IG makes the following recommendations for improving the point-of-entry processes:

  • Expand a biometric information collection program to include volunteers who would not normally provide this information when entering the United States;
  • Authorize POE supervisors limited discretion to make more timely admissibility determinations;
  • Review port of entry staffing models to ensure the current workforce is able to perform the entire range of CBP mission;
  • Establish a policy for more consistent reporting to intelligence agencies the details gathered during secondary interviews;
  • Ensure all counterterrorism personnel at POEs are granted an appropriate security clearance.

These are all low-cost, high-value recommendations; diligent efforts to address them would be time well spent.

Next Page »