Tuesday, October 31, 2006

USCG Hazmat Database Available to First Responders

The U.S. Coast Guard is publishing a free CD-ROM database of chemical information to first responders nationwide:

Users can search the database by a substance's color, odor, and physical appearance and use the data to plan for a safe and effective response. Chemicals are rated according to health risk, flammability, and reactivity, among other factors, using data from several sources. The CD-ROM, known as CHRIS+, includes:
  • USCG's Chemical Hazards Response Information System (CHRIS)
  • The National Institute of Occupational Safety and Health (NIOSH) Pocket Guide
  • The Department of Transportation's Emergency Response Guidebook (ERG)
  • USCG's Weapons of Mass Destruction (WMD) First Responder's Guide
This is a common-sense approach to information-sharing.

Monday, October 30, 2006

Collaboration in Missouri HLS Grant System

The Memphis (MO) Democrat reported last week about how Missouri is revising its system for distributing homeland security grants:

[I]n the past, approximately 1,300 sub-grantees successfully applied for Homeland Security funding across the state, causing a tremendous administrative workload on SEMA staff. The old process of allowing each political subdivision to apply for grant funding individually also led to duplication of equipment and resources within close geographical proximity to each other.

[T]he State has proposed to organize into [eleven] regions ... the local Regional Planning Commissions (RPCs) will be utilized to organize the local political subdivisions in the creation of regional grant allocation committees who will decide upon grant funding request priorities on a regional basis. The local regional planning commissions will also be responsible for handling local administration processing of the grant funding.

It generates incentive for local regions of the State to cooperate with each other in focusing on their immediate needs.
I think it is a good call to encourage this kind of collaborative effort. The committees can consider both local and regional needs.

Thursday, October 26, 2006

National Guard Upgrading Emergency Communications

The National Guard is spending some money to buy communications systems that will allow easier communication with local, state, and federal responders during disaster response:

The National Guard Bureau is using supplemental congressional funding to upgrade its interim satellite incident site communications sets, which it deployed in 11 states, to field an upgraded version called the Joint Incident Site Communications Capability (JISCC). JISCC packages can be towed or airlifted to incident sites and can communicate via high-frequency radio, telephone, video and satellites to interface a variety of communications equipment used by first responders and state and federal agencies.

"We are on track to have this rapid-response capability in all 54 states and territories by mid-2007," Maj. Gen. Alan Cowles said.
Any step toward interoperable communications is good news. The lack of interoperable communications systems was a real hindrance to the response to 9/11 and Katrina.

Homeland Security Report Card

The Council on Foreign Relations' Stephen Flynn has given DHS a report card on its homeland security efforts. It is mostly focused on preparedness for various threats and does not address some threats such as bioterrorism, agricultural and food terrorism, and rail safety. But ... it is what it is. Here is the crib sheet on Flynn's grades:

  • Port Security: D+
  • Nuclear Plant Security: B/B+
  • Air Defense: B
  • Airport Security: C+
  • Border Control and Immigration: C
  • Chemical Plant Security: D-/F
  • Disaster Response: C-
  • Bridges, Tunnels, and Other Infrastructure: C
  • Public Relations: D
Even though these things are always grossly oversimplified, I think they can at least serve some purpose if they refocus attention on threats that can face local jurisdictions. If there is a chemical plant in your area, what do you know about its security? What do you know about the critical infrastructure in your area? Etc.

Wednesday, October 25, 2006

Trying to Fix the HSIN

Problems have long plagued DHS' Homeland Security Information Network (HSIN) since its launch in 2004. It was supposed to be a dynamic, technologically advanced system for sharing information among local, state, and federal authorities.

The problem, as cited in a June 2006 report by DHS' Inspector General, is that not enough people use it:

HSIN is not effectively supporting state and local information sharing. Although users generally like the web portal technology because of its user-friendliness and flexibility, those we interviewed said they are not committed to the system approach. Users are confused and frustrated, without clear guidance on HSIN’s role or how to use the system to share information effectively. Because some lack trust in the system’s ability to safeguard sensitive information, and because the system does not provide them with useful situational awareness and classified information, users do not regularly use HSIN. Instead, users resort to pre-existing means such as related systems and telephone calls to share information, which only perpetuates the ad hoc, stove-piped information-sharing environment that HSIN was intended to correct.
This is a shame, but it isn't a unique problem. After all, how many consumer products fail because they don't adequately take into account their users' wants, needs, and concerns?

It may be a little late, but DHS is going to try to fix HSIN. Federal Computer Week reports:

The department recently established an HSIN advisory committee to provide independent advice from representatives of state, local and tribal governments, as well as from the private sector, about what users specifically need from HSIN ...

In the future ... HSIN would be made up of two parts: HSIN-Intelligence, which will handle unclassified information, and HSIN-Secret for the classified data.
I sincerely hope they get it right this time. A robust, widely-used, and reliable system for information-sharing across all levels would be a real benefit for all.

Tuesday, October 24, 2006

Homegrown Jihadism: U.S. & Europe

Two recent stories contrast the situation in Europe and the U.S. regarding homegrown jihadism.

The Christian Science Monitor reports that al Qaeda is finding the U.S. to be "sterile ground" for jihadism. The basic reasons are fairly simple: U.S. Muslims tend to be better educated, with higher incomes and social standing. The imams in their mosques tend to preach assimilation, rather than the extremism found in many European mosques.

"We weren't isolated growing up. We were part of the culture," says Hala Kotb, who grew up outside Washington in a family that inculcated a success ethic. "Religion was important, but not so much that you'd have to cover your head or if you don't pray five times a day, that's it - nothing like that. There were a lot more progressive attitudes" within her local Muslim community.
The young Muslims quoted in the article say that the danger for the U.S. is to overreach and end up alienating U.S. Muslims. One young Muslim calls the FBI's intense scrutiny on Muslim-Americans "good for the short term, but bad in the long term."
The young Muslims interviewed for this story chose their words carefully, but their inference is clear: They worry that suspicion toward Muslims has been building since 9/11, and they suggest that US intervention in Iraq and its support for Israel cause angst among many Arab-Americans.
FBI spokesman John Miller says that the Bureau is putting more effort into community outreach, and he adds that in a number of cases, the FBI has intervened to prevent potential jihadist terrorism in the U.S.

My own take is that a balance must always be struck, with the single most important variable being the establishment of trust. A certain level of intrusion can be tolerable to most people, provided that they perceive it as trustworthy and fair.

Meanwhile, across the pond, Terrorism Monitor examines the situation in Scandinavia, and finds it much worse:
In a security report released in September, PET, the Danish domestic intelligence agency, warned that the largest threat to Denmark, as in most European countries, comes from small, unsophisticated groups that are "inspired by al-Qaeda's global jihad ideology but can act autonomously and apparently without external control, support or planning."

[T]he overwhelming majority of terrorist activities taking place in Scandinavia currently are carried out by homegrown networks.
The article examines the cases of a number of young people arrested in Denmark, who were turned on to jihadism via the Internet and had an unusual profile for jihadists:
What is striking about the members of the Mujahedon network, aside from their extremely young age and operational un-sophistication, is their unusual profile. All three seem to have backgrounds and interests that have little to do with those of an Islamic fundamentalist: they appear to be young men with a greater fascination for violence rather than for the ideology of committed jihadis. Ramic is a troubled teenager who lives with his parents and is a regular hashish consumer (Sydsvenskan, May 3). Ganjin is also known as a consumer and petty smuggler of soft drugs. Fahlen is the son of a wealthy Swedish family and, while acknowledging an interest in Islam, claims not to have converted. Despite these backgrounds, the three developed a sudden fascination with radical Islam and, almost immediately after, began to send threats online.

Their knowledge of Islam is virtually non-existent and their fascination with jihad seems to be dictated by their rebellious nature rather than a deep ideological conviction. Nevertheless, these "improvised jihadis" seem to be the norm in Scandinavia.
This "non-ideological" jihadism was also recently described by Brian Michael Jenkins in his book, Unconquerable Nation (my review is here). Jenkins writes:
It is a trajectory we often see in terrorist organizations. Well-educated ideologues like Osama bin Laden and Ayman al-Zawahiri initiate the campaign. Violence is for them a means to an end, but as the organization grows, it recruits "soldiers" who share their beliefs ... The 9/11 attackers fit this category. As the violence continues and the earlier veterans are killed off or picked up, a third generation emerges. It usually lacks the intellect and ideological grounding of the first generation, which still dominates the leadership; it is more attracted by death and destruction. This is the generation in which we find the thugs, including, until his death, Zarqawi.

Invariably, tensions arise between the strategists of the first generation and the harder men of the third generation, who push for ever-escalating violence without concern for its longer-term political consequences.
I interpret this as a possible source of vulnerability for the terrorists. Thugs who are primarily interested in violence, rather than advancing an ideology, may be more likely to take unwise risks and expose the organization.

Disaster Prep: Text-Messaging in SF

San Francisco is starting a program that allows residents to register to receive text messages in the event of a disaster:

Oct. 17 - San Francisco Mayor Gavin Newsom announced the launch of AlertSF, a new text-message alert system for the public coordinated through the Department of Emergency Management. In the event of a large earthquake or natural disaster, the new system will provide emergency information and alerts to registered users.
This seems a very sensible approach to emergency communications. In the aftermath of a disaster, you don't know what's going to work. After Katrina, there were almost no communications. After 9/11, some communications systems worked; others didn't (mainly due to the fact that a major Verizon station was right across the street from the WTC, and a telecom hotel was just a few blocks away.)

The more channels that are available, the better your chances of getting the message out.

Monday, October 23, 2006

Local Police and Immigration Enforcement

A commentary in JURIST argues that local police should not be required to enforce immigration laws, because it would undermine efforts to share information and gather intelligence from immigrant communities. This information can be vital to locating potential homegrown threats:

Most police have realized that they must have the help and support of the communities they serve in order to do a good job of assuring public safety. This means that police must create and maintain relationships with the communities they serve – relationships based on trust. Without this kind of relationship, police will receive little in the way of intelligence and information from the public, making it harder for officers to do their always-difficult jobs.

Police officers understand that if they are forced to become adjunct immigration agents, people in immigrant communities will begin to fear talking to them because doing so might bring with it the potential for deportation ... The fear will cause immigrant communities to cut themselves off from police, not offering information about criminal activity and not reporting crime.

[P]ushing police into immigration enforcement will prove a substantial setback to every effort now underway to obtain crucial intelligence against potential terrorists on our own soil ... In any number of successful anti-terrorism cases in the U.S. – in Lackawanna, N. Y., and Toledo, Ohio, to take just two examples – crucial intelligence has almost always come from people in the Middle Eastern, Muslim, and Arab communities.
I find this a compelling argument. There are other ways to stem the tide of illegal immigration. The costs of chilling the relationship between local police and immigrant communities seem too great. Local police are in a unique position to develop a trusting relationship with immigrant communities and get information about potential threats before they emerge. No one else can do the job as well.

A Recipe for Disaster in the Schools?

As recent events have shown, U.S. schools continue to be vulnerable. Knowing that perfect security is not possible, school officials are left to do the best they can to minimize the threat.

A school district in Texas has become the first in the nation to offer "fight-back" training for teachers and students, and other school districts are considering it. Would it work? The company offering the training says so:

"Getting under desks and praying for rescue from professionals is not a recipe for success," said Robin Browne, an instructor for Response Options. "Five or six seventh-grade kids and a 95-pound art teacher can basically challenge, bring down and immobilize a 200-pound man with a gun."
To me, it sounds like a recipe for disaster. Close collaboration and extensive planning between school officials and local police seems like a better approach.

Friday, October 20, 2006

Evacuation Report Card for U.S. Cities

The American Highway Users Alliance just published an interesting study of the evacuation capacity of highway systems in 37 major U.S. urban areas - those with populations of 1 million or more.

The cities' highway systems were graded in three dimensions:

  • Exit Capacity: Capacity of major roadways leading out of an urban area.
  • Internal Traffic Flow: Traffic flow within the urban area, allowing access to exit roadways.
  • Automobile Access: The percentage of city residents with access to an automobile
Highlights of the study included:
  • Half of the 37 cities received an "F." (New Orleans got a "D.")
  • Only one city, Kansas City, received an "A."
  • Landlocked cities scored the best, because evacuation is possible in any direction. Every city that scored "C" or above is landlocked.
  • The three largest cities in the U.S. had the lowest scores: New York, Chicago, and Los Angeles.
Specific problem areas are:
  • The majority of cities lack sufficient exit capacity, with New York and Chicago having the most severe problems.
  • Los Angeles and Chicago have especially bad internal traffic flow.
  • New York scores lowest by far on automobile access, because many city residents rely on public transit.
It seems to me that disaster planners in smaller cities could do this kind of analysis, too. While it does not take into account any obstacles that are caused by the disaster itself (e.g., bridges washed out in a hurricane or destroyed in an earthquake), it provides a good baseline snapshot of a city's ability to clear itself out.

Thursday, October 19, 2006

Chertoff: Local Police Are First Preventers

On Monday, DHS Secretary Chertoff spoke of the importance of local law enforcement - and the importance of sharing information with them - at the annual conference of the International Association of the Chiefs of Police. Chertoff told the police chiefs:

You are the most likely to detect the beginning phases of a possible plot, particularly a homegrown plot.

[T]he third area I want to focus on ... is the increasing threat of homegrown plots -- that is to say plots arising in local communities, involving local people, American citizens, who may become radicalized over the Internet or because of a recruiter and train themselves, again -- with networks, small groups -- and then would carry out the kinds of attacks that we saw, for example, in London last year...
Chertoff said he's committed to ensuring that local and federal information-sharing is a two-way street. To this end, he said DHS will continue to:
  1. Continue to develop the national network of intelligence fusion centers, with 35 centers active by the end of fiscal year 2007
  2. Expedite the classified, secret level clearance process, so that local law enforcement can be cleared more quickly to review classified data
  3. Open up communication channels and training opportunities for local law enforcement
As I see it, one of the salient points in Chertoff's speech is his emphasis on the homegrown threat. Others have noted that the worldwide jihadist movement is evolving into a loosely connected network of small cells that can spring up spontaneously (i.e., the "seed crystal" method of recruiting, which I recently discussed).

Local authorities are in the best position to "take the temperature" of the local environment and detect the possible formation of new threats.

Lawmakers Want Info Sharing at Borders

Key lawmakers want more information sharing at the nation's borders, GovExec reports:

Senior members of the House Homeland Security Committee are calling for more information sharing among federal, state and local law enforcers in order to improve border security.

Committee ranking Democrat Bennie Thompson of Mississippi on Wednesday asked the Government Accountability Office to review how information sharing is working among the federal government and law enforcers in border communities.

"The development of border intelligence based on information sharing among the state, local and tribal stakeholders from states along the borders would be a valuable tool to ensure resource allocation decisions are made based on a sound understanding of the risks posed," Thompson wrote to GAO.

This sounds good, but it begs the question: Why are we still making proposals to share information, more than five years after 9/11?

Wednesday, October 18, 2006

$1.2 Billion - But Will It Work?

Yesterday, the Government Accountability Office (GAO) issued a report that was critical of DHS' Domestic Nuclear Detection Office (DNDO), who recently awarded a $1.2 billion dollar contract to a number of contractors for new portal monitors, known as “advanced spectroscopic portal monitors” (ASP), that can detect both the presence and the type of nuclear or radiological material.

DNDO tested ASPs in 2005. They set a goal of identifying highly enriched uranium (HEU) – the main ingredient in a "gun" type nuclear weapon – 95 percent of the time. But the ASP prototypes identified bare HEU only 70 to 88 percent of time. And when the HEU was masked with benign radiological materials, the success rates fell to 53 percent, 45 percent, and 17 percent for the three ASP systems tested.

GAO said:

Despite these results, DNDO did not use the information from these tests in its cost-benefit analysis. Instead, DNDO officials told us that since new portal monitors cannot meet the 95 percent level of performance, they relied on the assumption that they will reach that level of performance sometime in the future.

Moreover, DNDO’s cost-benefit analysis only considered the benefits of ASPs’ ability to detect and identify HEU and did not consider ASPs ability to detect and identify other nuclear and radiological materials.
In other words, DNDO did not consider the ASP portals' effectiveness in identifying radiological materials that would be useful in a dirty bomb, such as Cesium 137 and Cobalt 60.

GAO concludes:
DNDO’s cost-benefit analysis does not justify its recent decision to spend $1.2 billion to purchase and deploy ASP technology.
The lesson of this, as I see it, is that you have to take into account the entire spectrum of risk and reward before deciding on any particular intervention.

Tuesday, October 17, 2006

Al Qaeda Recruiting


I recently came across a useful analysis of terrorist recruiting: this chapter of the McGraw Hill Homeland Security Handbook.

In the chapter, RAND analysts Scott Gerwehr and Sara Daly point out the importance of recruiting to the jihadist cause. Simply put, if jihadists do not successfully recruit, their ability to function is seriously impaired.

As described by others who have reported on terrorist recruiting, it is commonly accepted that terrorist recruiters generally make subtle initial contact, followed by more intense contacts, finally resulting in the loss of the recruit's individual identity and the acceptance of the group's identity.

Recruiters focus their efforts on those who have little identity, feel lost, lack effective social support structures such as family, etc. According to Gerwehr and Daly, this means that:

[I]f a recruiter attempts to weaken targets’ family or community bonds in order to get them to join (e.g., by emphasizing a religious duty to go to war), an effective countermeasure is to strengthen or preserve those social networks (e.g., by emphasizing the religious imperative to protect and preserve one’s family).
One unique aspect of Gerwehr and Daly's analysis is their categorization system for terrorist recruiting strategies. For local homeland security professionals, I thought the most relevant of these strategies was the "seed crystal" method:
In this case recruiters may seek to provide a context for self-recruitment. This may be compared to lowering the temperature of a glass until the water inside it cools and then ice crystals form as the seeds of a complete freeze. Once individuals emerge within the population as new recruits, they will often follow the pattern of the infection. In "seed crystal" recruitment, critical variables include the type of environmental forces being used to "chill the glass," and the durability of the ‘‘freeze.’’
The authors conclude that "the seed crystal approach may be most successful in diasporas or populations where open recruiting is difficult or impossible."

The "seed crystal" method seems to describe the experience of the 2005 London subway bombers.

For local homeland security professionals, the challenge seems to be both "taking the temperature" of the local environment (i.e., the "glass") and figuring out ways to prevent the atmosphere from being "chilled," so that terrorist seed crystals do not form.

Maritime Terror Risks

The RAND Corporation released a new report yesterday, Maritime Terrorism: Risk and Liability. The authors used a threat-vulnerability-consequence methodology and concluded that the greatest risks in terms of threat and vulnerability are:

  • Ferries: Onboard bombings
  • Cruise Ships: Onboard bombings (followed closely by standoff artillery assauts and food or water contamination)
  • Cargo Ships: Radiological Dispersal Device (i.e., dirty bomb)

Monday, October 16, 2006

Review: "Unconquerable Nation"

Brian Michael Jenkins of the RAND Corporation, a well-regarded expert on terrorism, recently released a book titled Unconquerable Nation: Knowing Our Enemy, Strengthening Ourselves.

I found the book to be excellent. Much of it deals with the strategy for addressing the terrorist threat overseas (i.e., Iraq, Afghanistan, Europe, etc.), but the last chapter specifically discusses homeland security. I want to highlight a few of Jenkins' key findings that relate to local efforts to prevent terrorism. Jenkins writes:

Most of the jihadist terrorist attacks since 9/11 have been at local initiative, carried out by local cells inspired by al Qaeda’s ideology ... An entire terrorist plot may proceed under the radar of national intelligence services.

The more than 600,000 sworn police officers in the United States are in the best position to monitor potential homegrown terrorists. They know their territory. Recruited locally, they are likely to be ethnically closer to the communities they serve, they are more aware of local changes, and they are more acceptable to local community leaders. Unlike federal agents, local police do not rotate to another city every few years. They are in the best position to identify “hot spots” for terrorist recruiting, talk to local merchants and community leaders, and develop local sources of intelligence. As we have seen in many cases, local police, through routine criminal investigations, community policing, or dedicated intelligence efforts, may be the first to pick up leads to terrorist plots.
So, not only are local police capable of preventing terrorism, in some cases they are better positioned to prevent terrorism than their federal counterparts.

In assessing the threat, Jenkins points to a significant vulnerability that jihadists are increasingly relying upon: low-level criminal activity.
Eager jihadists must now provide their own funding, which they do through petty crime or even from their own resources. Although not an entirely new phenomenon . . . this intersection between low-level crime and terrorism has become a signature feature of today’s more-decentralized jihadist operations.
Any low-level criminal activity places the group at risk of detection, which is critical to any preventive effort. In its recent "Trends in Terrorism: 2006" report, the Congressional Research Service also commented on terrorists' increasing tendency to fund their activities through illegal means.

Jenkins also discusses recruiting, which I recently examined. Recruiting is not only critical to the strategic goals of jihadist terrorists; it is also one of their most critical points of vulnerability. While recruiting, terrorists must reveal themselves to those outside their trusted circle. When authorities know the methods of terrorist recruiting, they are in a better position to intervene. Jenkins writes:
As is done in all armies, jihadist recruiters target impressionable adolescents and men in their twenties. Few recruits are married or have children. More often they are lonely young men seeking to belong to something. Joining a secret elite gives them a special sense of power.

The recruiting vocabulary focuses on humiliation, shame, and guilt, contrasted with dignity, duty, and honor. A volunteer doesn’t sign up for jihad and board a bus to basic training. Initiation into jihad is a multistep process that usually begins in a religious setting, at a mosque, religious school, or study group, but it can also start at a student meeting, bookstore, street corner, cybercafe, or cellblock—anywhere young men assemble.
A simple intervention to foil recruiting is to maintain a presence. When recruiters are not completely certain that they are secure, they drastically reduce their activities. If recruiters see every potential recruit as a potential mole for authorities, or if recruiters feel that their activities are being observed in any way, this tends to have a chilling effect on recruiting.

All-in-all, I found the book to be very much worth reading.

Markle Report #3: In-Depth Review

I recently finished reviewing the Markle Foundation Task Force's third report, "Mobilizing Information to Prevent Terrorism (pdf, 4.8MB)."

It was a somewhat disappointing report, though maybe not too surprising. Its essential finding is that, although information sharing has improved in the five years since 09/11/2001, it is still not adequate across levels of government. Here are a few excerpts I found especially significant:

State and local governments have not become full participants in the information sharing environment. Many feel they are still not getting the information they need, and that there is no effective process for sharing their information with the federal government.

[S]tate and local governments are critical to homeland security. They have more resources, they interact more frequently with the public, and they are often in a better position than the federal government to provide and act on useful information.

One of the most significant barriers to effective pre-September 11 information sharing, identified by numerous investigations, is risk aversion. Risk aversion arises in part from fear among government officers that information sharing that is clearly authorized at the time of sharing will subsequently be judged to be improper, resulting in personal criticism, career damage, and even criminal prosecution.

The human dimension is critically important for information sharing. . . . Lack of common training contributes to cultural gaps between intelligence, law enforcement, homeland security, and military personnel; these gaps remain a root cause of poor information sharing. The situation has become even more difficult as the community of counterterrorism analysts and collectors expands beyond the federal level to include state, local, and private sector participants, and as the volume of available information grows.
The report offers some suggestions for creating a comprehensive system for information sharing. Such a system may be the ultimate long-term answer; but given the current status of inadequate sharing across levels of government, there may be a need for shorter-term solutions. The threat is still present. Preventing catastrophe requires sharing information to recognize threats and manage risks. Only then can appropriate measures be taken to prevent disaster.

State Homeland Security Officials Survey

In May 2006 Western Carolina University released the results of a survey of state homeland security officials. Overall, the picture was not too encouraging. A couple of findings that seemed particularly salient:
  • The majority of state officials said that DHS directives are not being implemented effectively at the state level.
  • Although 88% of state officials say that prevention is the most important priority for the federal government, only 38% say that prevention is the most important priority for state government. At the same time, 73.5% say that prevention is the most difficult task for states to accomplish.
At the very least, it seems like our homeland security priorities and efforts are not being adequately coordinated across the levels of government.