Thursday, May 31, 2007

Evacuation Schmevacuation

Just a brief comment on this story in the LA Times, wherein we learn that only half of LA County residents would evacuate if ordered to do so in the aftermath of a terrorist attack:

Just half of Los Angeles County residents would immediately follow local government officials' instructions to evacuate if terrorists attacked, according to a report by the Department of Health Services to be released today.

One-third of those surveyed said they would want more information before they complied with government orders to relocate to a nearby school during a terrorist attack.

Ten percent would wait until it was convenient or wouldn't follow the directive at all, the report showed.

People with higher incomes and more education were more likely to want more information from government officials before following emergency orders.
The implication as I see it: If you can raise the percentage of compliance from 50 percent to as much as 83 percent by providing reliable and timely information, then it will be a very good idea to work on your information plan, ensuring that it is coordinated and includes multiple and redundant modes of delivery.

Respondents to the survey, unsurprisingly, think they're pretty well prepared:
A majority of county residents surveyed reported that they were at least somewhat prepared for a major disaster.

The county classifies preparedness as having a three- to seven-day supply of food and water for each family member, a flashlight, first aid kit, batteries and a battery-powered radio.

One-third of respondents said they were hardly prepared for a catastrophe.
Given the vulnerabilities of the LA area (e.g., earthquakes, fires, terrorist attacks), everyone there should ideally be prepared. The fact that many aren't is to some extent an inevitable consideration in disaster preparedness.

And in related news: The majority of Gulf Coast residents are not adequately prepared for a hurricane, a new poll says.
Most people along the eastern and southern U.S. coasts still lack a hurricane survival plan and don't feel vulnerable to storms

Fifty-three percent of those surveyed in 18 Atlantic and Gulf Coast states say they don't feel that they are vulnerable to a hurricane, or to related tornadoes and flooding, according to the Mason-Dixon poll.

Eighty-eight percent said they had not taken any steps to fortify their homes, and 45 percent still believed the old wives' tale that masking tape helps keeps windows from shattering during hurricanes.

But only a small amount of people, 16 percent, said they would defy orders to evacuate and ride out a hurricane in their homes.

Sixty-one percent of poll respondents had no hurricane survival kit. Of those who did, 82 percent packed a fire hazard - candles or kerosene lamps. Missing from most of those kits were axes, which emergency officials recommended after many residents were trapped in their attics after Katrina.
There's a certain percentage of people you just can't do anything about or for. There's another percentage who have the smarts and resources to take care of themselves. It's the folks in the middle - the "sorta but not really" prepared group - that makes the difference. Providing resources that allow them to quickly get up to an adequate level of protection will make a big difference.

I like the way this Florida county has created public-private partnerships to quickly pool and distribute resources. That's good local initiative.

Disrupting Terrorist Recruitment

The U.S. State Department recently published an e-journal titled Countering the Terrorist Mentality.

A couple of the articles in there dealt with one of my particular interests, countering terrorist recruiting. Some highlights follow.

First, in its article entitled "A Strategic Assessment of Progress Against the Terrorist Threat,"
the State Department's Office of the Coordinator for Counterterrorism pointed out, as others have before, that al Qaeda's current focus is on using propaganda to develop a worldwide "franchise" organization:

Overall, however, al-Qaida's current approach focuses on propaganda warfare—using a combination of terrorist attacks, insurgency, media broadcasts, Internet-based propaganda, and subversion to undermine confidence and unity in Western populations and generate the false perception of a powerful worldwide movement.

[In 2006] Radicalization of immigrant populations, youth, and alienated minorities in Europe, the Middle East, and Africa continued. It became increasingly clear, however, that such radicalization does not occur by accident, or because such populations are innately prone to extremism. Rather, there was increasing evidence of terrorists and extremists manipulating the grievances of alienated youth or immigrant populations and then cynically exploiting those grievances to subvert legitimate authority and create unrest.
The process of indoctrination is slow and gradual:
Terrorists seek to manipulate grievances in order to radicalize others by pulling them further and further into illegal activities. This is best represented as a "conveyor belt" through which terrorists seek to convert alienated or aggrieved populations, convert them to extremist viewpoints, and turn them, by stages, into sympathizers, supporters, and, ultimately, members of terrorist networks. ...

Countering such efforts demands that we treat immigrant and youth populations not as a source of threat to be defended against, but as a target of enemy subversion to be protected and supported. It also requires community leaders to take responsibility for the actions of members within their communities and act to counteract extremist subversion.
As I've argued before, terrorist organizations and sympathizers are highly vulnerable when they recruit. They must expose their violent desires, and they must work carefully to ensure that their audience is receptive, without being detected by anyone who might compromise their security.

To counter these recruitment and radicalization activities, the Office of the Coordinator for Counterterrorism argues that:
[W]e must seek to build trusted networks of governments, private citizens and organizations, multilateral institutions, and business organizations that work collaboratively to defeat the threat from violent extremism.

Such networks, over time, help wean at-risk populations away from subversive manipulation by terrorists and create mechanisms to address people's needs and grievances, thus marginalizing terrorists.

Youth organizations, educational networks, business partnerships, women's empowerment, and local development initiatives can all play a role, with government as a supportive partner.
Note that these types of networks are best suited to the local level, as are two of the three strategic components to the terrorist threat:
To make such active measures effective, the three strategic components of the terrorist threat that must be neutralized are leaders, safe havens, and underlying conditions.

Leaders provide a motivating, mobilizing, and organizing function and act as symbolic figureheads.

Safe havens, which are often in ungoverned or undergoverned spaces, provide a secure environment for training, planning, financial, and operational support, and a base for mounting attacks. They may be physical or virtual in nature.

In addition, underlying conditions provide the fuel, in the form of grievances and conflicts that power the processes of radicalization.
Safe havens, assuming they are not virtual, will always be best detected on the local level. Underlying conditions are also best detected and countered at the local level.

Finally, the article argues that collaborative counterterrorist efforts should include the entire community:
Because the enemy is a nonstate actor who thrives among disaffected populations, private-sector efforts are at least as important as government activity. Citizen diplomacy, cultural activity, person-to-person contact, economic cooperation and development, and the application of media and academic resources are key components of our response to the threat. Motivating, mobilizing, and supporting such privately led activities are key leadership tasks in the new environment.
Another article that focuses on terrorist recruitment is "From Profiles to Pathways: The Road to Recruitment" by John Horgan, PhD, senior research fellow at the Centre for the Study of Terrorism and Political Violence.

Horgan focuses on the individuals who perpetrate and support terrorist acts.
Although terrorism can bring about significant and large-scale consequences, it remains, in essence, low-level, low-volume, and disproportionate activity perpetrated by individuals.
He is clear to point out, as others have before, that profiling is not useful when trying to identify terrorists:
Psychologist and terrorism expert Ariel Merari has correctly argued that it is more precise to state that "no terrorist profile has been found" rather than that "there is no terrorist profile."

I would strongly argue that there are several real dangers associated with the continued effort to construct such profiles, particularly as far as understanding recruitment to terrorism is concerned.
I'd be inclined to say it a bit differently: There's no useful terrorist profile. People who join terrorist organizations, especially young people, are generally interested in finding a cause that gives meaning to their lives, joining a supportive social group, and establishing an identity for themselves. This is certainly a "profile," though not a useful one, as it generally describes almost every young person in the world.

Horgan argues that in developing counterterrorist strategies, it's not the psychological profile of the terrorist that's important, but the process by which that terrorist is radicalized:
In assuming the existence of a profile, we tend to miss several critical features associated with the development of the terrorist. These include, but are not limited to:
  • The gradual nature of the relevant socialization processes into terrorism
  • A sense of the supportive qualities associated with that reruitment (e.g., the "pull" factors, or lures, that attract people to either involvement in terrorism in a broad sense, or those positive lures that are used to groom potential recruits)
  • The sense of migration between roles (e.g., moving from fringe activity such as public protest to illegal, focused behavior—in other words, moving from one role to another)
  • A sense of the importance of role qualities (e.g., what attractions does being a sniper hold as opposed to becoming a suicide bomber, and how do these "role qualities" become apparent to the onlooker or potential recruit?)
When we assume static qualities of the terrorist (a feature of profiles), we become blind to the factors and dynamics that shape and support the development of the terrorist. One further consequence is that we also obscure the basis from which a more practical counterterrorism strategy might develop to prevent or control the extent of those who initially become involved in terrorism.
Using the process of "creating" a terrorist as his guide, Horgan identifies risk factors that shape the development of a terrorist:
I have identified a series of what I have termed predisposing risk factors for involvement in terrorism. In no particular order, these include:
  • Personal experiences of victimization (which can be real or imagined)
  • Expectations about involvement (e.g., the lures—such as excitement, mission, sense of purpose—associated with being involved in any "insider" group and its various roles)
  • Identification with a cause, frequently associated with some victimized community
  • Socialization through friends or family, or being raised in a particular environment
  • Opportunity for expression of interest and steps toward involvement
  • Access to the relevant group
So, instead of looking for formulations such as, "terrorists tend to come from low- to middle-class families, have an interest in politics, etc. etc" we would be better off focusing on what it means to be and become a "terrorist":
In order to move beyond rather sterile and unhelpful debates about profiling, it might be useful to consider what involvement in terrorism implies ...

While many of the activities that terrorist movements engage in are not actually illegal per se (and cannot be meaningfully encompassed under the label "terrorism," but perhaps instead "subversion"), without them actual terrorist operations could not exist.

For the most part, engagement in violent activity is that which we most commonly associate with terrorism. However, the reality of terrorist movements today is that this most public of roles and functions tends to merely represent the tip of an iceberg of activity. Supporting the execution of a violent attack are those directly aiding and abetting the event, those who house the terrorist or provide other kinds of support, those who raise funds, generate publicity, provide intelligence, and so forth.

The person we think of as "the terrorist" is therefore fulfilling only one, albeit the most dramatic in terms of direct consequences, of multiple functions in the movement.
Along the process of radicalization, an individual can fill any of these roles and functions:
Overall, we can say that involvement in terrorism is a complex process, comprising discrete phases that could be encapsulated as an individual terrorist engages in a gradual process of accommodation and assimilation across incrementally experienced stages. There is a sense of ongoing movement into, through, and, sometimes, out of different roles and functions.
In short, a terrorist is not what someone is, but rather what someone becomes.
And as long as commitment and dedication to one's socialization further and further into the movement remains positive for the follower, this eventually results in the formation of a new—or at least effectively consolidated—identity.

If we want to appreciate what, if anything, is the "terrorist mind," it is probably best thought of as the product of:

  • Increased socialization into a terrorist movement and its associated engagement in illegal activity
  • Focused behavior, more generally, that is increasingly relevant to the context of a terrorist movement
From a personal and social perspective, this often means that a socialization into terrorism, and those associated with it, sees a socialization away from nonrelevant friends, family, and the person's former life.
The key, then, is to interrupt this process.
One of several consequences that would seem to emerge from making distinctions between these phases is that we might begin to develop phase-specific counterterrorism initiatives, depending on what it is we can ascertain is the most effective intervention point; that is, whether it be initial prevention of involvement, subsequent disruption of engagement, or eventual facilitation of disengagement.
I found Horgan's analysis to be similar to this one by RAND analysts
Scott Gerwehr and Sara Daly. (My post here.)

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

Wednesday, May 30, 2007

Pandemic Preparedness: Will Healthcare Workers Show Up?

Here's a story from Reuters that sounds troubling:

A survey of U.S. healthcare workers suggests that not all will be willing to be on the frontlines if there should be an outbreak of bird flu or other infectious disease. Some will opt to play it safe and stay home, according to the survey.

Doctors (73 percent) were more likely than nurses (44 percent) or other hospital personnel (33 percent) to indicate that they would report to work in the event of bird flu pandemic.

Results are based on surveys completed by 169 nurses, doctors and other hospital workers regarding their willingness to report to work in the event of bird flu pandemic.

It's worth recalling that, according to estimates, about 40 percent of the U.S. workforce would become ill and unable to work in the event of a pandemic. (See this earlier post.) As a result, the numbers of absent workers could actually be greater. You'd have 40 percent who are sick, plus others who call in sick but aren't.

Irwin suggests that planners take an honest approach with healthcare workers:
"Open and honest discussion may turn out to be the most important feature" of a pandemic influenza plan, Irvin predicted. "No workers means no plan, so no matter what you have on paper, and stored in the closet (masks, gowns, gloves), the plan won't work if no workers show up."

This advice may stem from the finding that:

For the "maybe" responders, the factor making the biggest difference (83 percent) was their level of confidence that the hospital would protect them.
As a result, Irvin argues that planners need to build confidence by educating workers about the risk:
"Clearly, we have work we need to do to educate healthcare personnel about the realistic risk given the infection control measures we would be using," Irvin said. "The SARS outbreak can be used as a close template for what to expect; once strict infection control measures were followed, the infection rate in healthcare personnel plummeted."
And yet, an epidemiologist at Effect Measure takes a skeptical view:
Surveys like this, done before an actual event, no matter how representative (and there are questions about this one given the tiny sample size and no description of methods) are probably a poor measure of behavior during a pandemic. Behavior will depend on many things, most of which aren't specified in this survey. And people react differently than they think they will ahead of time. Some rise to the occasion. Others find their fear is greater than they imagined. My guess is that [healthcare workers] will behave much better than these numbers suggest.

Still, it's a good idea to educate employees about the risk. That's a good way to build confidence, right? Only if you have an accurate understanding of the risk:

Educating [healthcare workers] to an appreciation of the risk is difficult when no one knows what the risk is. The current CFR may or may not sink to "only" the level of the 1918 flu. No one knows and there is no way to predict. To say otherwise is incorrect and doesn't inspire confidence about other claims -- for example, that the hospital's infection control practices would be effective -- especially as most hospitals are not remotely prepared for a pandemic. Even if masks and other measures work, and there is controversy about that, most institutions have only a fraction of what they would need.

So then ... what else could work? Making sure that you are prepared for the things that you can predict and control.

As an example, Effect Measure quotes a separate study that examined potential ways to dispense antiviral medicine to healthcare workers. A "ticket strategy," modeled on the way customers take numbers at a delicatessen, proved the most efficient. Under this scheme, each worker would be scheduled to receive medicine at a predetermined time and location. Lines and wait times were shorter under this model.

Concrete measures properly done will do more to improve [healthcare worker] turnout during a pandemic than attempts to educate the worker about a realistic appreciation of the risk.
I'm probably less skeptical of the efficacy of education. Assuming that some people will rise to the occasion, and I agree they probably will, they may be more inclined to do so if they have an accurate view of the risk - even if it's something as as, "No one can predict the mortality rate for any future pandemic, but we can tell you what we've experienced in past pandemics."

It may not sound like much, but it has the virtue of being true. And more importantly, it can change the grounds on which the worker decides whether to work. In the absence of information, workers' motivation to avoid a threat may be basic self-defense. But providing information about the threat, even the barest information, allows the worker to make a conscious choice. It's empowering. The worker is able to base his/her decision on an estimation of risk rather than on simple self-preservation.

Providing information about risk is even more likely to be effective if it is accompanied by other confidence-building measures.

Tuesday, May 29, 2007

Private Security Guards' Training: A Lasting Problem?

The AP runs a story today about the insufficient training offered to private security guards. This is old news worth repeating; most private security guards have never been sufficiently trained in homeland security.

Exacerbating the problem is the amount of turnover in the workforce. People constantly shuttle in and out of these low-paying jobs.

The security guard industry found itself involuntarily transformed after September 2001 from an army of "rent-a-cops" to protectors of the homeland. Yet many security officers are paid little more than restaurant cooks or janitors.

The middle ground pay for security officers in 2006 was $23,620, according to a Labor Department survey. The low pay reflects cutthroat competition among security firms, who submit the lowest possible bids to win contracts. Lowball contracts also mean lower profit margins and less money for training and background checks for guards.

In an annual survey of employers, the Bureau of Labor Statistics reported that the median hourly pay for security guards in 2006 was $11.35, compared with restaurant cooks at $10.11, janitors at $10.45 and laboratory animal caretakers at $10.13.
And these folks are guarding important potential targets:
[S]ites protected by the security industry include drinking water reservoirs; oil and gas refineries; ports; bus and rail commuter terminals; nuclear power plants; chemical plants; food supplies; hospitals, and communications networks.
To their credit, security firms are honest about their own shortcomings:
The security businesses' own trade group, representing the largest firms, acknowledges the industry as a whole isn't ready to recognize signs of terrorism and respond to an attack.
But surely they must have some training in homeland security, right? Not much:
[Richard] Bergendahl, aLos Angeles guard who protects a high rise near the formerly named Library Tower — now the US Bank Tower — thinks often of Bush's disclosure last year that terrorists with shoe bombs planned to take control of a jetliner and crash it into the building. ...

Bergendahl said his training usually consists of a real estate manager reading security measures to him every few months. His building rarely has evacuation drills. Management's advice? "Keep your coat buttoned. Keep your shoes shiny," Bergendahl said.
One big problem is a lack of collaboration with first responders:
Franklin Bullock, 51, a guard at the busy bus and rail commuter station in Kent, Wash., said he's had no drills with police and fire responders despite terrorist bombings of trains and buses overseas.

A supervisor once tested Bullock by walking him down the platform to see whether he would spot a package he could hardly miss. It had "BOM" written on it. That was the end of his useful hands-on training, Bullock said.

To improve the situation, some private security companies are taking matters into their own hands. Good for them:

Some companies have decided to conduct anti-terrorism training, regardless of whether their clients will cover the cost.

At the AlliedBarton office in Washington's Virginia suburbs, training instructor Richard Cordivari's class consisted of 13 company guards. Their assignments included a financial institution, high-rise office buildings, Washington's water and sewer utility, a university and a shopping mall.

Get to know the people who deliver packages and bottled water, Cordivari instructed. Make sure the person repairing the air conditioner is supposed to be there. Watch for people casing the location. Take note of odd smells. Know how to conduct a thorough search.
The lack of adequate training for private security guards and local first responders is a long-standing problem. And given the economics involved, it's hard to see how that problem goes away anytime soon.

But the lack of collaboration between private security companies and local first responders? That's a problem that could be addressed, if both sides want it.

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

Wednesday, May 23, 2007

HSIN Latest

Here's a piece which complements a few previous posts.

Government Computer News has an update on the Homeland Security Information Network (HSIN). DHS now plans to link the HSIN to other existing databases:

After HSIN’s full-scale launch in early 2004, the low-level DHS network functioned as a somewhat information-poor shadow of the FBI’s Law Enforcement Online (LEO) and the linked Regional Information Sharing System Network (RISSNet). RISSNet has more than 75,000 subscribers who, in turn, provide information to hundreds of thousands of officials in law enforcement agencies nationwide and in selected foreign countries. HSIN serves a much smaller user base.

During the past three years, HSIN’s leaders have conspicuously failed to link their network to the existing law enforcement networks.

That decision has generated a series of consequences that now put DHS technology managers in the position of playing catch-up in an effort to harmonize HSIN with the other networks.

By July, documents posted on HSIN will transfer to RISSNet for immediate posting and vice versa, said Wayne Parent, deputy director of DHS’ Office of Operations Coordination. "It’s much easier to share information across HSIN and RISSNet today than trying to do that three years ago."
DHS also plans to link HSIN to Intelink-U, an unclassified network provided by the Pentagon, as well as to the Data Exchange Hub that ties together the National Capital Region’s emergency management systems. They vow to stick to the information architecture required by the Information Sharing Environment (ISE).

Better late than never, I suppose.

has also assembled a concise timeline that captures the short, turbulent life of the Homeland Security Information Network (HSIN). Some highlights:
The Homeland Security Department starts building a pilot version of the Homeland Security Information Network (HSIN) as an extension of a nationwide law enforcement program called the Joint Regional Information Exchange System (JRIES). Both networks operate at the sensitive-but-unclassified security level, which is also known as the law-enforcement-sensitive level.

February 2004
DHS officially launches HSIN.

Throughout 2004
Officials of RISSNet, a law enforcement network funded by the Justice Department and controlled by six regional groups of police agencies, negotiate with DHS’ HSIN managers in a bid to fully connect the incompatible systems and eliminate overlapping functions. RISSNet officials present several briefings to DHS officials about their system, but progress is slow. Eventually, HSIN and RISSNet establish a limited connection that bars transfer of data such as file attachments.

May 2005
DHS confirms that JRIES’ executive board has scuttled plans to fully merge their system with HSIN. The rupture occurs amid accusations by law enforcement officials that sensitive JRIES information had leaked onto the Internet via HSIN.

Spring 2006
DHS adds its Common Operating Picture, an online situational-awareness tool, to share information to HSIN. Early versions of COP focus on hurricane season updates. COP also includes the infrastructure critical-asset viewer, or iCAV, a geospatial application that can overlay events such as hurricanes onto infrastructure assets.

June 2006
The department upgrades HSIN’s systems. In the process, DHS severs HSIN’s connection with RISSNet.

June 2006
DHS Inspector General Richard Skinner issues a report citing pervasive flaws in HSIN systems and management. The department rushed HSIN deployment without gathering views from other agencies on how to structure its connects, Skinner reports. DHS also failed to train users on HSIN’s functions and capabilities, according to the IG.

May 2007
DHS tells the House Homeland Security Committee that it plans to upgrade HSIN technology and reconnect the system to RISSNet.

May 2007
GAO reports on pervasive HSIN problems that have resulted in a stand-alone design. The audit agency found that DHS uses at least 11 homeland security networks. During fiscal 2005 and 2006, the DHS networks cost $611.8 million to develop, operate and maintain, according to GAO. DHS states that HSIN costs about $21 million annually.

May 2008
A senior DHS official’s estimate of when the department will complete upgrades and management reorganization steps recommended by GAO 12 months previously.

Tuesday, May 22, 2007

School Emergency Preparedness

Some revealing information in new GAO testimony on school district emergency preparedness.

Like businesses and public agencies, schools are not adequately prepared for pandemic flu:

[B]ased on GAO’s survey of a sample of public school districts, an estimated 56 percent of all school districts have not employed any procedures in their plans for continuing student education in the event of an extended school closure, such as might occur during a pandemic, and many do not include procedures for special needs students.
It's worth remembering that school closures are an important tool in slowing the spread of a pandemic, as St. Louis learned during the 1918-19 Spanish flu:
St. Louis closed its schools at a time when flu was causing 21 more deaths per 100,000 people per week than what had been seen in previous years. That step -- the earliest taken by any of 33 cities analyzed so far -- appears to have reduced St. Louis's flu mortality by 70 percent.
GAO also found there is not enough collaboration with the community in developing emergency plans:
Fewer than half of school districts with emergency management plans involve community partners such as the local head of government (43 percent) or the local public health agency (42 percent) when developing and updating their emergency management plans, as recommended by HHS.
... or with training:
[W]e estimate that 29 percent of all school districts train with community partners [such as local government and local public health entities].

Specifically, there is not enough collaboration with the first responder community:
[S]chool districts are generally not training with their first responders (i.e., law enforcement, fire, and Emergency Medical Services [EMS]) and community partners (such as the local head of government and local public health agency).

Based on our survey, we estimate that 27 percent of all school districts with emergency management plans have never trained with any first responders on how to implement the plans...

Based on our survey of school districts, an estimated 39 percent of districts with emergency plans experience challenges in communicating and coordinating with local first responders. Specifically, these school districts experience a lack of partnerships with all or specific first responders, limited time or funding to collaborate with first responders on plans for emergencies, or a lack of interoperability between the equipment used by the school district and equipment used by first responders.
Some emergency plans are almost certainly out of date, too:
10 percent of all school districts had never updated their plans.
Another finding is that just 86 percent of urban schools and 70 percent of rural schools have multi-hazard emergency plans that specifically address the threat of terrorism. Really, it should be 100 percent, given the experience in Beslan and the fact that Osama bin Laden has said:
[T]his prohibition of the killing of children and innocents is not absolute. It is not absolute. There are other texts that restrict it.

If they kill our women and our innocent people, we will kill their women and their innocent people until they stop.
History shows that schools are vulnerable to many threats, and collaboration with the community is essential to preparation.

Update 2007-05-23: Today's Open Source Daily Brief (subscription req'd) at IPS also deals with the risk of terrorism in schools, reasserting the need for collaboration between school authorities and first responders. An excerpt:
Speaking at an anti-terrorism conference sponsored by the International Association of Law Enforcement Firearms Instructors, Lt. Col. Dave Grossman (ret.) and Sgt. Todd Rassa cautioned that the 2004 Beslan, Russia, school hostage crisis, in which nearly 200 children died, provides a grim dress rehearsal for what we could expect in America.

Given the activation time required for SWAT units, the speakers asserted that officers on routine patrol will likely be called upon to respond immediately to a school attack. Accordingly, among their recommendations for police departments to prepare for this threat include the following:
  • work with school officials to anticipate problems, including cross-training on crowd-control tactics, and realistically rewrite emergency plans including school lock-down procedures
  • thoroughly familiarize each officer with the floor plans of schools in their jurisdiction

Friday, May 18, 2007

DNDO Again: Secure Cities Initiative

Just a quick link to this post on HLS Watch, which advocates funding DNDO's Securing the Cities Initiative (SCI). That's the progam through which major U.S. cities purchase and install radiation detectors.

HLS Watch makes a number of valid points, first pointing out that the threat is both internal and external:

The scenario of nuclear material smuggled across U.S. borders, while dangerously possible, is perhaps as likely as nuclear material obtained from within the United States for use against a major U.S. city. Dangerous source material for a dirty bomb can be found in unsecured commercial locations or universities where nuclear material is located for legitimate uses.
Second, regarding the current and possible efficacy of the sensors:
Whether or not SCI will be successful is difficult to say at this stage, but some precedence already exists that indicates such an effort could indeed be effective. The Department of Defense (DOD) already deploys their own version of SCI focused exclusively on protecting bases within the U.S.
In justifying the $30 million pricetag, HLS Watch argues that it's a small amount relative to other costs, and it's a worthwhile investment because if the technology improves the payoff could be significant. But the technology is somewhat unproven (at least the advanced technology), so it remains true that:
SCI is equal parts R&D and strategy.
I'm not as optimistic about using detectors as a primary means of prevention, mostly because by the time the detector senses the radiological material, the plot (if indeed there is one) would be far advanced. The group would be fully operational and would have already assembled the materials necessary for an attack. It's an eleventh-hour strategy. For me some remaining questions include:
  1. How will cities make the buying decision? GAO has pointed out that so far, DNDO has not shared information with states and cities to help them make an informed decision. If this situation remains, then the benefit of the DNDO-DOD collaboration is lost. Local buyers should be able to tap into DNDO-DOD expertise.
  2. What will local homeland security professionals do to secure the unsecured radiological sources in their communities?
  3. Will more cities take advantage of the opportunity to get background radiation maps?

Tuesday, May 15, 2007

Radiation Detection Update

An update on earlier posts regarding radiation detection:

HLS Watch points out that the Domestic Nuclear Detection Office (DNDO) is starting a project to evaluate radiation detection systems at ports - specifically, at the transfer point from ship to rail:

The U.S. Department of Homeland Security (DHS) will soon begin conducting multiple projects in the Port of Tacoma, Wash., to evaluate technology and concepts of operations for radiation detection that will scan cargo at various points in transfer from ship to rail. By establishing a Rail Test Center (RTC) at the port, DHS will identify and evaluate radiological and nuclear detection solutions for intermodal rail port facilities that can be used across the country.
As I've argued before, a detection system is necessary but not sufficient to address the threat. A system of detectors, no matter how robust, is essentially a series of nets intended to snare an adversary.

Nets can be avoided, however. A comprehensive preventive scheme should exploit all aspects of the threat: the adversary, his motivations, his capabilities, his financial and human resources, his access to weapons, and his access to the target.

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

U.S. Taliban Trainees?

The Counterterrorism Blog has a brief item about an interview conducted with Taliban commander Mullah Dadullah the day before he died.

Dadullah claims the Taliban is training U.S. and British citizens for future attacks here.

If the claim is true - and it's best to assume it is, since other Americans have been trained in terrorist camps before, and al Qaeda hasn't lost its determination to fight the West - then it's worth remembering that if these jihadists successfully slip back into the U.S., the people in the best position to find them will be local police or other authorities. As William Bratton and George Kelling have pointed out:

The presence of police in our communities sensitizes them to anomalies and yields counterterrorist data valuable to other agencies.

"Only an effective local police establishment that has the confidence of citizens," former CIA director James Woolsey testified to Congress in 2004, "is going to be likely to hear from, say, a local merchant in a part of town containing a number of new immigrants that a group of young men from abroad have recently moved into a nearby apartment and are acting suspiciously."
Building a local network is critical.

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.


One to ponder:

Their guilt isn't in question. The six men and four women already admitted being involved in a series of arson fires that did $40 million in damage to research facilities, a ski resort and other businesses in the West. But are they terrorists as the government says?

A federal judge was set to hear arguments Tuesday on a motion by the government to add a so-called terrorism enhancement to their sentences.
To some extent, the definition of whether this is terrorism is a bit of a distraction from the more important point that the threat is significant:
Prosecutors want Judge Ann Aiken to declare the group terrorists — something defense attorneys argue has never happened in 1,200 arsons nationwide claimed by Earth Liberation Front and Animal Liberation Front.

The fires targeted forest ranger stations, meat packing plants, wild horse corrals, lumber mill offices, research facilities, an SUV dealer and, in 1998, Vail Ski Resort. No one was injured, the defense notes in legal motions.
That no one was injured is also something of a red herring. As any firefighter will tell you, arson is a serious crime. Firefighters get hurt and killed in arson fires every year.

In terms of the threat, it's noteworthy that the group was coordinated:
The case, known as Operation Backfire, is the biggest prosecution ever of environmental extremists, and has turned on its head the prevailing idea that arsonists have generally acted alone, said Brent Smith, director of the Terrorism Research Center at the University of Arkansas.

"We thought these people operated for the last 15 years under this kind of uncoordinated violence approach, just like the extreme right was doing — leaderless resistance," Smith said. "That's why this case is so very different."

Prosecution filings argue that though the defendants were never convicted of terrorism, they qualify for the label because at least one of the fires each of them set was intended to change or retaliate against government policy.
I guess I'm agnostic on what label is applied to them. Their sentences aren't likely to change if they get the "terrorism" add-on. More important is the recognition that it's not just jihadists who are willing to use coordinated violence to promote an agenda.

Update 05-24-2007: They got the terrorist label.

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

Thursday, May 10, 2007

It's a HSIN: The State of Information Sharing

Information-sharing continues to be a kind of holy grail of homeland security. Everyone - well, almost everyone - agrees that agencies across all levels of government should share information to prevent, prepare for, and respond to threats.

But actually implementing information-sharing systems has been a constant struggle. Priorities have been announced. Committees have been seated. Initiatives have been rolled out. Efforts have been undertaken. Problems have been identified.

DHS is supposed to lead the effort, and yet, agencies are still trying to figure this out - to the extent that earlier this week we learned that a lieutenant commander in the Coast Guard finally said "to heck with it" and built an information-sharing system of his own accord.

GAO has continually studied the struggle to share information and, based on a
review of DHS' information-sharing efforts from February 2006 through December 2006, recently released this report, with the ponderous but significant title:

Numerous Federal Networks Used to Support Homeland Security Need to Be Better Coordinated with Key State and Local Information-Sharing Initiatives.

First, some of the background info from the report:

The Departments of Homeland Security and Justice have 17 major networks that support their homeland security missions, including sharing information with state and local governments.

While some networks and applications are used solely within their respective departments, others are used both within the department and by other federal, state, and local agencies and the private sector. For example, of the 17 networks, 9 are used only within their own department, and 8 are used within the department and by other federal, state, and local agencies.
The big one is the Homeland Security Information Network (HSIN):
DHS considers HSIN to be its primary communication application for transporting sensitive but unclassified information. According to DHS, this network is an encrypted, unclassified, Web-based communications application that serves as DHS’s primary nationwide information-sharing and collaboration tool. It is intended to offer both real-time chat and instant messaging capability, as well as a document library that contains reports from multiple federal, state, and local sources.

HSIN is composed of over 35 communities of interest such as emergency management, law enforcement, counterterrorism, individual states, and private sector communities.
But as I've noted before, HSIN has been beset with problems ever since its inception. One major issue has been lack of use. As senators Susan Collins and Joe Lieberman pointed out last November in a letter to DHS Secretary Michael Chertoff:
[N]o more than 6 percent of the approximately 18,000 registered users contribute daily to the network’s three major portals (law enforcement, emergency management, and counter terrorism).
GAO details one of the key reasons for HSIN's struggles - it hasn't been adequately coordinated with existing state and local information-sharing systems:
Key practices to help implement the guidance include establishing joint strategies and developing compatible policies and procedures to operate across agency boundaries.However, DHS did not fully adhere to these practices or guidance in coordinating its efforts on the Homeland Security Information Network with key state and local information-sharing initiatives. For example, in developing the system, the department did not work with the two key state and local initiatives, which are major parts of the Regional Information Sharing System program, to fully develop joint strategies to meet mutual needs.

DHS’s limited use of these practices is attributable to a number of factors, including the department’s expediting its schedule to deploy information-sharing capabilities after the events of September 11, 2001, and in doing so not developing a comprehensive inventory of key state and local information-sharing initiatives. Consequently, the department faces the risk that, among other things, effective information sharing is not occurring. It also faces the risk that the Homeland Security Information Network may be duplicating state and local capabilities.
Two major state and local information-sharing systems are the Regional Information Sharing System Secure Intranet (RISSNET) and the Automated Trusted Information Exchange (RISS ATIX). Some background on RISS:
The RISS program is a nationwide initiative, operated and managed by state and local officials, to share criminal intelligence among stakeholders in law enforcement, such as federal, state, local, and tribal law enforcement agencies; first responders; and the private sector; to coordinate efforts against crime that operates across jurisdictional lines. Established in 1974, the program consists of six regional information analysis centers that serve as regional hubs across the country.

Among others, RISS operates two key state and local information-sharing initiatives. The first is RISS Secure Intranet, which is commonly referred to as RISSNET; the second is the RISS Automated Trusted Information Exchange, or RISS ATIX.
  • RISSNET is intended as a secure network serving law enforcement agencies throughout the United States and other countries. Through this network, RISS offers services such as secure e-mail, document libraries, intelligence databases, Web pages, bulletin boards, and a chat tool. Created in 1996, RISSNET offers resources to member agencies across the nation and internationally.
  • RISS ATIX offers services similar to those described in RISSNET to agencies beyond the law enforcement community, including executives and officials from governmental and nongovernmental agencies and organizations that have public safety responsibilities. the RISS ATIX application was developed in response to the events of September 11, 2001, and initiated in 2002. As of July 2006, RISS ATIX supported 1,922 users beyond the traditional users of RISSNET.
It's interesting to note that while RISS ATIX claims 1,922 users, the HSIN has only about 1,100 active users (i.e., 6% of 18,000).

DHS, in a hurry to build an information-sharing network, has not adequately coordinated its efforts with existing systems like RISS.
First, while DHS officials met with RISS program officials to discuss exchanging terrorism related documents, joint strategies for meeting mutual needs by leveraging resources have not been fully developed.
In fact, they haven't even met much:
  • DHS did not engage the RISS program in ongoing dialogue to determine how resources could be leveraged to meet mutual needs. According to RISS program officials, they met with DHS on September 25, 2003, and January 7, 2004, to demonstrate that their RISS ATIX application could be used by DHS for sharing homeland security information. However, communication from DHS on this topic stopped after the meetings with no explanation. DHS officials told us they could not remember having the meetings and attributed this to people in the meetings no longer being at DHS.
  • While DHS initially pursued a limited strategy of exchanging selected terrorism-related documents with the RISS program, the strategy has been impeded by technical issues and by differences in what each organization considers to be terrorism information. For example, the exchange of documents between HSIN and the RISS program stopped on August 1, 2006, due to technical problems with HSIN’s upgrade to a new infrastructure. As of December 2006, the exchange of terrorism-related documents had not resumed.
That's pretty much the opposite of an effective collaborative relationship. They haven't met in more than 3 years, and when the two systems stopped talking to one another, no one bridged the gap. The clear implication is that the two systems are seen as competitors rather than collaborative partners.

In fact, that's what GAO indicates. DHS has tried to build HSIN without understanding RISS and what it could bring to the table:
DHS did not fully understand the RISS program. Specifically, DHS officials did not acknowledge the RISS program as a state and local based program with which to partner, but instead considered the RISS program to be one of many vendors providing a tool for information sharing. Further, DHS officials believed that the RISS program was solely focused on law enforcement information and did not capture the broader terrorism-related or other information of interest to the department.

HSIN and RISS ATIX currently target similar user groups. DHS and the RISS program are independently striving to make their applications available to user communities involved in the prevention of, response to, mitigation of, and recovery from terrorism and disasters across the country. For example, HSIN and RISS ATIX are being used and marketed for use at state fusion centers and other state organizations such as emergency management agencies across the country.
Unfortunately, this sounds a lot like the criticism in February's report from the DHS Inspector General (OIG) on the department's work with the food sector. (Also see this post.) The OIG reported that DHS wasn't coordinating efforts with food sector representatives:
By spring 2006, the Food Information Sharing and Analysis Center's (ISAC’s) contact with the government had deteriorated to the extent that, according to the ISAC, it did not have a dedicated DHS point of contact.
And its HSIN Food and Agricultural portal is duplicating an existing FBI information-sharing network:

[The OIG is] concerned that the HSIN's Food and Agriculture portal may essentially duplicate an FBI effort [AgInfraGard]. ... As described by the FBI and food sector representatives with access to the web community, much of AgInfraGard’s content is similar to that of the Homeland Security Information Network’s portal.
The solution to the information-sharing problem is not more networks. Building more networks that don't talk to one another will only dilute efforts to share information, as it becomes stovepiped in systems.

Meanwhile, DHS acknowledges the problem and says they're working on it.
DHS officials stated that the department has efforts planned and under way to improve coordination and collaboration. For example, it is developing an integration strategy to allow other entities’ applications and networks to more easily connect with its Homeland Security Information Network. In addition, the department is establishing a Homeland Security Information Network Advisory Committee, that includes state and local officials, whose charge is to advise the department on how it can better meet user needs, including examining DHS processes for deploying the Homeland Security Information Network to the states.
While these are steps in the right direction, they have either just begun or are being planned, with milestones for implementation yet to be defined.
And in the meantime, DHS is taking some small steps. Which is nice but not sufficient to solve the problem. For example, DHS is establishing a portal to accept suggestions from state and local first responders to improve communications systems. DHS has dedicated $8 million to the project, and they will choose projects that take less than 1 year at a cost of less than $1 million each. This is a nice ad hoc approach that may solve some small problems and help build bridges here and there, but it is not a strategic way to build information-sharing systems.

It is so very important to get this right, but the struggles to share information continue...

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

More on LNG Risk

GAO provides a bit more information on the risk associated with liquified natural gas (LNG) in this follow-up testimony, which was provided in the wake of its earlier report on LNG. (My post is here.)

Everyone agrees that the "nightmare scenario" of LNG shipping is a tanker explosion. While such an explosion is possible, especially when vapors are trapped in a confined space, it seems unlikely that this could result from an intentional attack:

For confined spaces, such as under a dock or between the hulls of a ship, [a group of 19 experts] agreed that it is possible, under controlled experimental conditions, to induce explosions of LNG vapors; however, a detonation—the more serious type of vapor cloud explosion—of confined LNG vapors is unlikely following an LNG spill caused by a terrorist attack. For unconfined spaces, experts were split on whether it is possible to induce such explosions under controlled experimental conditions; however, even experts who thought such explosions were possible agreed that vapor cloud explosions in unconfined spaces are unlikely to occur following an LNG spill caused by a terrorist attack.
If experts are skeptical of the likelihood of a detonation, it's clear that a terrorist group certainly couldn't engineer an attack that would predictably result in such a detonation. However, I was interested in this caveat:
One expert noted that although the consequences of cascading failure could be serious, because the extreme cold of spilled LNG and the high heat of an LNG fire could damage the tanker, there are virtually no data looking at how a tanker would be affected by these temperatures.
In summary, there is a risk involved with LNG tanker shipments, but it's reasonable to conclude - for now anyway - that a terrorist group would seek a more reliable mode of attack.

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

Wednesday, May 09, 2007

Fort Dix Plotters: More Vulnerable Than First Appearances Suggested?

I haven't yet had a chance to read the complaint against the Fort Dix plotters, but the New York Times summarizes it in this article. It appears the plotters may have been more vulnerable than first appearances suggested:

They seemed to be prepared: with terror training tapes, with computerized ballistic simulations, even with what appeared to be a template of the last will and testament drawn up by two of the hijackers from Sept. 11. At the same time, one of the men worried aloud to a government informer: "I just want to be safe, brother. I got five kids, so I don’t want to go down."
Sidestepping the question of whether it's rational to think you could be "safe" after attacking a U.S. military base with automatic weapons, a more interesting question emerges:

How can homeland security professionals exploit the apprehension of individual terrorists?

As background, it is important to remember that jihad is a voluntary enterprise, as RAND's Brian Michael Jenkins testified to Congress last month (my post is here):
Volunteers move on by self-selection. There may be powerful peer pressure, but there is no coercion. Submission is voluntary. Not all recruits complete the journey. Commitment is constantly calibrated and re-recalibrated. Some drop out along the way. A component of our counter-recruiting strategy must be to always offer a safe way back from the edge.
The possibility that one or more members of a cell may pull back is a serious vulnerability for a terrorist organization, from the perspective of both operational security and tactical effectiveness.

But don't take my word for it. Recall that an al Qaeda strategist argued, and Terrorism Monitor reported earlier this year, that it is vital for terrorist organizations to maintain the strongest possible ideological commitment among their members:
The decisive factor for successful jihadi training is the moral motivation and the desire to fight, not knowledge in the use of arms, al-Suri asserts. If the ideological program is not fully digested and the mental preparation is absent, weapons training is of no use.
(Also see my post.)

So the hesitance and vacillation of the Fort Dix plotters was a serious problem for them:
The recorded conversations indicate that the suspects shifted between a deadly intent to kill and a fear of losing heart. They appear at times to bolster one another — "I’m in, honestly, I’m in," one says — or to give one another pretexts to avoid the plot. One says they need a fatwa, or religious decree, before they actually proceed. Another unwittingly suggests that the informer take the lead in the attack since he is a former soldier and is thought to be more seasoned than the rest.

Throughout, however, there are anxieties about the law, resulting in what soon sounds like a plot within the plot. Fearing the informer is betraying them, one of the men confronts him. "I don’t know whether you’re F.B.I.," he says. But the planning goes on, according to the complaint.

When the informer asks one suspect, Shain Duka, if he is "with them," Mr. Duka says, "God willing, we will see." Mr. Duka’s brother Eljvir is quoted as saying they need a fatwa before they can attack. And another suspect, Serdar Tatar, asserts he is "in" but cautions that they must take steps to ensure their families’ safety.
It is clear that they were acutely aware of their own vulnerabilities regarding the commitment of cell members.

But that wasn't their only worry. They were also aware that the commission of precursor crimes (i.e., illegal firearms possession) made them vulnerable:
In the next few months, the men talk guns (somewhat oddly, they seem troubled by the thought of weapons that are fully automatic, noting they are, after all, illegal) and take shooting practice on state land in the Poconos, in Pennsylvania.
And in a stunning move, they actually contact the police to inquire about the bona fides of a cell member. (Talk about a lack of operational security...)
There are also lingering suspicions. In November, for example, trying to determine if the first informer is a plant, Mr. Tatar contacts the police in Philadelphia, according to the complaint, and tells a sergeant he has recently been approached by a man who "pressured him to acquire maps of Fort Dix." In a remarkable turn, he tells the sergeant he is fearful that "the incident was terrorist-related."
This incident is really intriguing. The plotters exposed a new vulnerability by going to the police with information about their own plot. And - significantly - from the perspective of the Philly Police, this would almost certainly have been a raw tip. It is unlikely that they would have had any prior involvement with the FBI's investigation.

This raises some cricital questions about the federal-state information-sharing system. If this was a raw tip from the perspective of the Philly Police, then what happened after Tatar talked to the Philadelphia Police sergeant?
  • Did the Philly Police share this information with the FBI?
  • Did the FBI, who was already on the case, share information with the Philly Police?
  • Was the fusion center contacted?
In short, did the information-sharing system work?

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.

Tuesday, May 08, 2007

Radioactive Sources, Come Home!

One way to prevent a dirty bomb attack is to restrict access to radiological materials. The NTI Newswire reports that Los Alamos has brought 15,000 radioactive sources back to roost:

The Los Alamos National Laboratory has recovered more than 15,000 U.S. radioactive sources, ensuring they are not used in a radiological "dirty bomb," the National Nuclear Security Administration announced May 7.

The sources, collected through the Global Threat Reduction Initiative, come from U.S. medical, academic, agricultural, research and industrial entities that no longer need the material.
This is a nice protective intervention, though it doesn't eliminate the threat, of course. There are millions of radioactive sources in the world, though only a small fraction of them are suitable for use in a high-grade dirty bomb. The number would be in the tens of thousands. (Good background in this paper.)

Still, it's good to get these sources under control. Unneeded sources are more likely to become orphaned and used for nefarious purposes.

Vulnerabilities of the Fort Dix Plotters

According to the AP report, via CBS News, the six would-be jihadists who were arrested for plotting to attack Fort Dix were essentially a homegrown plot. These guys were apparently not tied to al Qaeda:

White House spokesman Tony Snow said Tuesday there is "no direct evidence" that the men had ties to international terrorism.
This demonstrates the evolving threat of al Qaeda. While the core organization is still dangerous, it is also becoming a "franchise" operation, in which small cells can go operational on their own, only taking inspiration from the parent organization and developing capabilities independently.

The good news about this is, self-taught terrorists are apt to show less operational discipline and make more mistakes than those who have been more professionally trained. From the early reporting, I can see five vulnerabilities of this group - some of which were exploited, some of which weren't. First, there are immigration violations:
Four of the men were born in the former Yugoslavia, one in Jordan and one in Turkey, officials said. All had lived in the United States for years. Three were in the country illegally; two had green cards allowing them to stay permanently; the other is a U.S. citizen.
But their immigration status didn't trip them up; their other vulnerabilities did. Their worst mistake was to show their jihadist tendencies outside their inner circle:
The FBI was tipped off in January 2006 when a shopkeeper alerted agents about a "disturbing" video he had been asked to copy onto a DVD, according to court documents. The video showed 10 men in their early 20s "shooting assault weapons at a firing range ... while calling for jihad and shouting in Arabic 'Allah Akbar' (God is great)," the complaint said.
Not good operational security, that.

Note that the "shopkeeper" episode demonstrates the value of maintaining good relationships between law enforcement and the public, especially with Arab-American and Muslim populations. (See this post for background on that.)

The group's third vulnerability was to try to expand its ranks.
By March 2006, the group had been infiltrated by an informant who developed a relationship with Shnewer, according to court documents.

In conversations secretly recorded by an FBI informant over the past year, the men talked about killing in the name of Allah and attacking U.S. warships that might dock in Philadelphia, according an FBI criminal complaint.
The group allowed this vulnerability to be exploited not once, but twice. In a timeline of the group's activities from January 2006 to May 2007, the New Jersey Star-Ledger revealed that there were two cooperating witnesses:
July 7, 2006: A second cooperating witness is approached by six men, one of whom identifies himself as "Sulayman," a name used by Eljvir Duka.
Note that this witness didn't go to them; they approached him.

This exposes a truism of terrorist recruiting. Terrorists are vulnerable when they try to expand their ranks. During recruiting, they have to poke their heads above ground and communicate their violent desires, and that's a significant risk to them.

Their fourth area of vulnerability was their attempt to acquire the high-powered weaponry they needed to attack Fort Dix. They were after M-16s and AK-47s. Again from the Star-Ledger:
May 7, 2007: Federal investigators arrest the three Dukas, Shnewer, Tatar and Abdullahu, after several of them are lured to a meeting with a secret FBI informant posing as an arms-seller.
A final potential vulnerability, which went unexploited, was the necessity of finding a place to do their training. Like others before them, they chose a remote area.
The Allentown (PA) Morning Call provided specifics on the group's training in the Poconos:
Six men who allegedly plotted to attack Fort Dix trained with automatic weapons on state game lands in the Poconos and rented a house in that area, according to the criminal complaint filed by the U.S. attorney's office in Camden.

The six men first visited the firing range at State Game Land 127 near Gouldsboro in January 2006, according to the complaint. The men, who had been under surveillance by the FBI for more than a year, returned to the Poconos in February 2007 and rented a house in a gated community called Big Bass Lake near Gouldsboro where they watched videos of U.S. military vehicles being destroyed in various attacks.

The men again visited the firing range, where they practiced with numerous weapons, including handguns and automatic rifles. According to the complaint, each man fired over 400 rounds each.
Their preparations were pretty typical; acquiring weapons, practicing in the woods. What this means for local law enforcement is that if you are in a remote or rural area, there's a chance that terrorists may come to you, even if you consider your community low on the target list.

But the group's vulnerability during training wasn't exploited. It's possible that they didn't do anything to raise suspicions while in the Poconos.

One thing that comes through clearly is the group's determination. They would not be deterred by the risk of jail time, or even death:
"It doesn't matter to me whether I get locked up, arrested or get taken away," a suspect identified as Serdar Tatar said in another recorded conversation. "Or I die, it doesn't matter. I'm doing it in the name of Allah."
It's possible that there's an element of braggadocio here, but not likely. Other homegrown groups, such as the London subway bombers and the recent group in Morocco, have shown the capacity to conduct suicide operations or fight to the finish rather than give up.

The only way to deter these guys would have been to convince them that their chances of success were so small that they wouldn't make the effort. Even then, they would have moved on to another target. They conducted reconnaissance on a number of sites:
The men also allegedly conducted surveillance at other area military institutions, including Fort Monmouth, a U.S. Army installation, the official said.
An important bit of information from the story is that they had access to the target:
[U.S. Attorney Christopher] Christie said one of the suspects worked at Super Mario's Pizza in nearby Cookstown and delivered pizzas to the base.
It is easy to imagine these guys piling into the pizza-deliverer's car, perhaps in the trunk, when he made a delivery to the base, and then coming out firing when he reached a populated area of the base.

In other words , it may be unlikely that the base's gates and other rings of protection would have prevented the immediate attack. They certainly would have been dispatched pretty quickly once the firing started, but they could have done some damage before that happened.

To summarize:

This group had a number of vulnerabilities, but a lack of mission doesn't appear to be one of them. Deterrence was unrealistic. They had done their homework well enough to develop a scheme that may have gotten them past Fort Dix's protective system of gates and guards.

It was up to law enforcement to detect their activities and preempt the attack before it occurred. Some of their vulnerabilities were unexploited. So the tip-offs and informants were critical, as we have seen in prior cases.

Update 2007-05-09: The U.S. Attorney and FBI are giving a lot of credit to the anonymous store clerk who made the original tip:
"If we didn't get that tip," said U.S. Attorney Christopher Christie, "I couldn't be sure what would happen." FBI agent J.P. Weis called the clerk the "unsung hero" of the case.
Trust is the basis for information-sharing. It's essential to maintain public trust, so that people feel confident in coming forward with information. It's especially important in the case of these groups that can pop up spontaneously. They're harder to spot, because they make fewer connections. The people who are most likely to notice this type of behavior are the people in the community close to them:
Weis said the U.S. is seeing a "brand-new form of terrorism," involving smaller, more loosely defined groups that may not be connected to al-Qaida but are inspired by its ideology.

"These homegrown terrorists can prove to be as dangerous as any known group, if not more so. They operate under the radar," Weis said.

"We believe they are their own cell," said Christie. "They are inspired by international terror organizations. I believe they saw themselves as part of that."
Update #2 2007-05-09: A few more details from the Chicago Tribune.

The Tribune quotes Daniel Benjamin, who points out the plotters' lack of operational security. As I mentioned earlier in this post, he's absolutely right that, compared to the disciplined 9/11 plotters, these guys were all too careless about maintaining operational security:
Daniel Benjamin, a terrorism expert and a senior fellow at the Brookings Institution in Washington ... said he knew too little about the New Jersey case to draw a conclusion about the seriousness of the threat. But the fact that the men took a video of themselves firing assault weapons to a store for copying onto DVDs, he said, "somewhat indicates they weren't the A-team of terrorists."
The Tribune story reveals that group was apparently deterred from attacking Dover Air Force Base by what they perceived to be stronger security, choosing what they perceived to be a softer target in Fort Dix:
The plotters also targeted Dover Air Force Base in Delaware, but determined it was too well-guarded to attack, the FBI said.
This is another data point demonstrating that protection of one target generally means that a determined adversary will find a softer target. (And by extension, that simply protecting targets is an insufficient strategy for preventing terrorism.)

For its part, Fort Dix defended its security operations:
A successful attack on Ft. Dix is considered to be highly unlikely. Armed soldiers guard every gate, whose approaches have curbs or barriers that force traffic to slowly snake as they get near.

The soldiers perform "a 100 percent identification check" and conduct random vehicle searches, Carolee Nisbet, a public information officer at Ft. Dix, said.
I haven't been to Fort Dix, so I will assume that security there is strong. But defending the guard system at the gate misses a larger point: The system must stop guys like this before they ever reach the gate. The time to stop a terrorist attack is early, not when the car is loaded with shooters and automatic rifles.

The system worked this time, but it's discomforting to think that if not for the Circuit City clerk who called in the tip, the vulnerabilities of the group might have gone unexploited.

Update 2007-05-10: More on Fort Dix security from AP:
The fort considers its policy for screening delivery people adequate for now, but said it could be reviewed in the future, base spokeswoman Carolee Nesbit said.

Before they are cleared to make deliveries at Fort Dix, drivers must register in advance, undergo a criminal background check, and obtain an access pass that has to be reviewed every 30 days.

Drivers who arrive at the military installation's gate are greeted by armed guards, who check their identification and issue a pass. The delivery people are not followed or monitored once they clear security, Nesbit said.

"There are 16,000 people that come through the gates every day," she said. "It's practically impossible to follow everyone."

Guards are a necessary but insufficient form of protection. They will not stop a genuine threat unless: A) It is imminent (i.e., the shooters are in the car) or B) The potential threat is identified at an earlier phase of development.

All of which demonstrates the value of targeting terrorism's precursor crimes (e.g., immigration violations, firearms possession, financial scams, etc.) - the "Capone Strategy" I wrote about last week.

Cross-posted in IPS Blogs at the Institute for Preventive Strategies

Monday, May 07, 2007

Local Anti-Terrorism: The L.A. Model

GovExec has posted a story by Shane Harris, originally in the National Journal, detailing Los Angeles' efforts to share information about potential terrorist threats. Most of the info, naturally, is not useful. But some is, and the extent to which there is cooperation among the various agencies involved, the effort to prevent and/or respond can be enhanced or impaired. The story begins:

On April 23, 2004, a Friday, a man calling himself "Al" contacted the Homeland Security Department in Washington. He claimed that he knew a group of terrorists who were going to blow up a building. Al knew this, he said, because he was once a member of Al Qaeda.

Los Angeles, next Thursday, the 29th, Al said. A shopping mall near the Federal Building on Wilshire Boulevard and the close-by campus of UCLA. Al said that a cell of three terrorists would enter the country from Canada. He even gave names. This didn't sound like a crank.
The local Joint Terrorism Task Force (JTTF) chased down down the leads:
Officials in Washington immediately called L.A.'s Joint Terrorism Task Force, a team of FBI agents, Homeland Security officials, and local police and sheriff's officers. ... [I]n L.A., partly owing to a long history of cooperating on anti-gang and drug squads, the local cops and the feds got along well.

FBI agents traced Al's call to a prepaid phone card. They tracked down the card seller, who gave agents a log of Al's calls. It turned out that his real name was Zameer Mohamed and that he had called in the bomb threat from Room 308 of a Comfort Inn in Calgary.

Hotel management told agents that a Samier Hussein had rented the room. Authorities ran the name and got a hit in federal records: Mohamed had used Hussein as an alias in Texas, where officials had investigated him the year before on a theft charge.

On Wednesday, the day before the threatened attack, city officials informed the shopping mall owners. On Thursday, [L.A. Police Chief William] Bratton stood before news cameras at the Grove and asked Angelinos for help. "We need the eyes, the ears" of the citizenry, he stressed.
A couple of points regarding mall security, which I've discussed before. First, it's notable that law enforcement waited until the day before to notify security officials at the mall. One day's notice isn't much, especially considering that the original call was made 5 days earlier. The unspoken assumption seems to be that notifying mall security earlier would be unhelpful or even detrimental. But couldn't mall security have taken steps to prepare for the threat if they had been notified earlier? And shouldn't they be involved in a coordinated attempt to prevent, mitigate, and/or respond to a potential attack.

It's worth remembering what the Department of Justice found in its recent study on mall security:
By a large majority (63%), mall security officials would welcome greater involvement of their state DHS and law enforcement officials in security planning.
DOJ favors collaboration between law enforcement and mall security, suggesting that they:
  • Develop and rehearse detailed and coordinated emergency response plans and involve stakeholders
  • Enhance partnerships with the public sector
Put simply, it is valuable for private security personnel to have a trusting relationship with local law enforcement. And this applies not just to major cities like L.A. and London, but to smaller cities as well. Mall plots have been uncovered in Columbus, Ohio (pop. 693,000) and Rockford, Illinois (pop. 150,000).

Yet it's not clear that this happened in L.A. To the contrary, the response of the security managers at the two threatened malls suggests that they were not on the same page as the JTTF:
"This just happens all the time.... This is no different than any anonymous bomb threat that gets called in," Gene Thompson, the head of corporate security for the Westside Pavilion's owners, told a reporter for the Los Angeles Times. "Life goes on," said Tom Miles, the Grove's general manager.
It could be that the mall security guys were only trying to prevent a possible media frenzy. Or it could be that their messages were not coordinated with law enforcement. Otherwise, how to explain the fact that law enforcement was asking citizens to keep their eyes open, while the mall personnel were saying, "Nothing to see here, folks"?

Thankfully, this particular threat turned out well:
In fact, life did go on, unimpeded by a bomb or any other shopping disruptions. On the day Mohamed had warned that his Qaeda friends would strike, federal authorities apprehended him as he crossed the U.S.-Canadian border into Montana.

Mohamed confessed that he'd made the whole thing up. There was no bomb. Those supposed Qaeda operatives were actually friends of his girlfriend. Mohamed had called Homeland Security to get back at her for stealing his paycheck from a Toronto bank ... Mohamed said he picked the two malls because he knew the area.
A separate note on citizen involvement: When Chief Bratton asked for citizens to be on the lookout for suspicious activities, did they know what to look for? To be effective as "eyes and ears," citizens need to be both educated and vigilant, as they are in Israel. Jonathan Tucker has pointed out:
The vigilance of the Israeli public plays a key role in preventing terrorism. According to security experts, the average Israeli is highly aware of suspicious packages, individuals, and actions that could pose a threat to public safety and does not hesitate to notify the police. As a result, ordinary citizens foil more than 80% of attempted terrorist attacks in Israel...
But without knowing what to look for, citizens have only a minimal ability to recognize threats, at best:
[B]y officials' count, they have received more than 4,000 tips, leads, and other vague insinuations about possible terrorist attacks in the greater L.A. area in just the past three years.

Most of them turn out to be bogus. Anonymous callers see "Arabs" taking photographs of bridges. Electrical plant owners notice a van driving slowly by their security gates. Some concerned citizen sees "Middle Eastern-looking" men loading fertilizer onto a truck in her neighbor's driveway. Authorities have documented literally thousands of such leads in cities across the country, and few of them come to anything. The camera-toting terrorists are actually tourists; the driver of the van was lost; the men loading fertilizer were Mexican gardeners.

The rest of the story focuses on the role of L.A.'s fusion center, the Joint Regional Intelligence Center (JRIC), in recognizing terrorist threats. The JRIC does a good job of incorporating analysts from multiple agencies and fields of expertise into a collaborative mix:
JRIC's roster is a bureaucratic potpourri. It contains FBI agents, LAPD officers, L.A. County sheriff's deputies, public health experts, contract analysts who study radical Islam, a liaison from the Homeland Security Department, and officers detailed from other local law enforcement agencies across the Los Angeles region.

The region adheres to a pact of "mutual aid," which all but eliminates turf tensions. Cooperatively fighting terrorism fits right in with that culture.
The article also discusses the widely-cited JIS case, in which a group of would-be terrorists were arrested after they conducted a string of robberies. It raises the question of whether the JIS bust should really be considered a "major" bust, because the capabilities of that homegrown group were less than those of an international terrorist organization such as al Qaeda.

To some extent I think this is a red herring. The point is, JIS was both intent and capable of doing damage.

Even if they were not a "major" terrorist operation, the experience of finding, tracking, and prosecuting them is valuable experience. The next time, it may be al Qaeda or some other organization with even greater capabilities. Local law enforcement can use the lessons of the JIS case and other experience to recognize threats and intervene before they manifest themselves.

One problem that remains is the quantity and quality of information coming from federal agencies:

Today, some threat reporting comes from the Homeland Security Department and some from the FBI. Those entities have sparred over which should be the primary conduit for states and localities, and who should decide how much they get to know.

State and local officials, meanwhile, complain that threat reporting is inconsistent and that much of what they know comes from their own residents. Even in Los Angeles, where relations have remained congenial, Chief Bratton says that the federal agencies need to settle their disputes and to give the locals more information.

"How do we get the feds to make nice with each other -- that's still the big issue," Bratton says. From his perspective, local officials have already made a sizable investment in homeland-security policy. "I easily spend 40 percent of my time on terrorism matters," Bratton says, including talking to journalists and members of Congress. Of the federal agencies whose intelligence Bratton wants, he says, "Locals have to be accepted into what was a private club.... We're the new kids knocking on the door."

Implementing the Information Sharing Environment is an ongoing effort which has been slow to develop, though its intentions are good (see this post). More on information sharing later...

Cross-posted in IPS Blogs at the Institute for Preventive Strategies.