Tuesday, July 31, 2007

The London-Glasgow Bombers: Homegrown?

Some characteristics of the June London-Glasgow bombers make them unusual, Jeffrey Cozzens reports in Terrorism Monitor:

First, there were no converts among the group, perhaps indicating a more global element to this plot:

Unlike many previous jihadi plots and attacks in the United Kingdom (including the "Operation Crevice" cell, the 7/7 attackers and the autumn 2006 "planes" plot), there is no data thus far to indicate the involvement of Muslim converts. Converts to radical Islam have figured prominently in European-based jihadism (arguably because of their accelerated embrace of Salafi-Jihadi activism in their quest for "authentic Islam"), and the absence of such in this plot could indicate a more international cast of organizers.
(For more on the vulnerability of converts to the radicalization process, see these previous posts.)

Along with the fact that the plotters were from atypical countries (most notably India), this plot takes on a particular "international" flavor:
While still too early to draw firm conclusions about the plot and its alleged participants, there is one strategic angle elicited by these events that merits consideration: the tension between the global and homegrown nature of the plot, a point of recent media speculation and contradicting views among the quoted "intelligence sources" (Daily Mail, July 4). The history of jihad in the United Kingdom demonstrates that, with few exceptions, this is a faulty dichotomy. Both global and homegrown forces motivated and shaped most, if not all, jihadi plots in the United Kingdom and the West. This theory will likely be validated in the case of the June 2007 plots as well.
Cozzens argues that it may be time to do away with the concept of "homegrown terrorism" - as jihadist terrorism is a global phenomenon, and jihadist terror groups share little other than ideology:
The nature of global jihadi ideology itself, however, with its focus on pan-Islamic suffering and unity, defense of Muslim lands and the establishment of Sharia zones in the place of current Middle Eastern, African and Asian regimes, inherently exhibits transnational qualities and aspirations—even if those who subscribe to it never travel outside London or Los Angeles to meet with al-Qaeda operatives or receive overt directions from international terrorist networks. Homegrown jihadi plots, in this respect, are misnomers.

In sum, separating the homegrown from the global nature of this plot will likely prove exceedingly difficult, as will determining whether the bottom-up impetus of the suspects' British experiences—or conversely, their association with al-Qaeda-linked figures—motivated their suspected activities. This calls for a new mode of thinking about Western jihadi networks and a re-exploration of the strategic doctrine behind this militant organizational form—one in which the structural links to al-Qaeda are ambiguous, but ideologically connectivity a certainty.
Most terrorism has historically been a reaction to local events - commonly, resistance to oppression or occupation. The idea that upwardly mobile professionals in Britain, with a bright future to look forward to, would commit terrorism in response to grievances on behalf of others around the world is a challenge to the process of preventing radicalization.

On the local level, it suggests to me that intelligence is critical. Radicalization must proceed along social tracks, which can be identified and guarded. And once radicalized, jihadists (especially those in self-contained cells whose primary connectivity to others is ideological) must learn the tradecraft of violence - presenting another opportunity for intervention. Fortunately, the Internet has so far been an inefficient tool for learning the terror trade, so some real-world training is useful and/or necessary (see this earlier post).

It is these points along the path of radicalization and "going operational" that present opportunities for local homeland security.

Tuesday, July 17, 2007

Natural and Accidental Threats

With new reports that al Qaeda is re-energizing, it's tempting to focus - at least for the short-term - on intentional threats. But an all-hazards approach is really what we need, as evidenced by yesterday's earthquake in Japan - along with the cascading effect of damage to a nuclear power plant:

The world's largest nuclear power plant by output capacity remained closed Tuesday, after seismometers indicated the magnitude 6.7 earthquake that hit northwestern Japan Monday produced shocks that exceeded the reactors' design strength, according to media reports.

The seismic activity detected during Monday's quake was reportedly the strongest ever detected at a domestic nuclear reactor.

Japanese officials are investigating the possibility of a second radioactive leak from the plant, the BBC reported on its Web site.

Drums with low-level nuclear waste fell over during the tremors, and some of their lids were found open, the BBC reported.

So althought the damage is apparently limited, it could have been worse. When the shaking exceeds the design specs, you're in uncontrolled-experiment-land.

And sometimes we get reminders that accidental threats can be nasty, too. Like this train wreck and chemical spill in Ukraine:

A train carrying yellow phosphorus derailed in western Ukraine, releasing a cloud of toxic gas into the air over 14 villages. Twenty people were hospitalized and hundreds evacuated on Tuesday, officials said.

Rescuers extinguished a fire that broke out in the highly toxic substance, which can catch fire spontaneously on contact with air at temperatures higher than 104 degrees. It can cause liver damage if consumed.

The poison cloud produced by the fire contaminated 35 square miles, Krol said. Local residents were advised to stay inside, not to use water from wells, eat vegetables from their gardens or drink the milk produced by their cows.


If you're prepared to mitigate a release of radioactive and/or toxic materials, it doesn't matter if the source is natural, accidental, or intentional.

Friday, July 13, 2007

Situational Awareness Tool: Virtual Alabama

Alabama DHS's situational-awareness tool for municipalities and first responders, Virtual Alabama, is getting some good press:

The Alabama De­partment of Homeland Security hopes every county will have use of its Virtual Alabama com­puter system by the end of this year, revealing images of the state's infrastructure.

Virtual Alabama is available to any agency with a dot-gov In­ternet address. At least 1,000 reg­istered users have signed up for it. Users can view evacuation routes, flood zones, school dis­tricts and watersheds.

The software required to view the program is available free to counties and municipali­ties, DHS officials said.


The system has a multitude of uses for emergency response planning, roadbuilding, fire­fighting and other situations that require government re­sponse.

"We're working with city and county agencies to increase the data layers available," EMA planner John Kilcullen said Thursday. "It's only limited by the information you put in."
The system provides real-time information - useful for establishing situational awareness during a disaster:
Department of Transporta­tion camera feeds are available on the system, Kilcullen said, al­lowing officials to monitor ma­jor thoroughfares and critical intersections, which helps in planning a hurricane evacua­tion.

If an aircraft flies over a dis­aster area with a camera, the photo can quickly be download­ed onto Virtual Alabama. With revenue maps online, officials can estimate the property losses in short order.
The information that's supplied is useful in both emergency and non-emergency situations:
Walker said law enforcement agencies also could use it to track sex offenders or plan tacti­cal operations, such as meth lab raids.

Firefighters could call up floor plans for schools and take a look at building contents.

"All that information as firefighters are going into a scene would benefit you," DHS Director Jim Walker said.
This is a nice example of two-way communication between state and local authorities. Local authorities can provide the information and state officials make it widely available through an easy-to-use interface. All too often the information gets pushed down to local governments. It's good to see locals sending the information upstream, and then seeing that information being utilized in a useful way.

Thursday, July 12, 2007

Locals Share Info in Colorado

Nice to see:

Sixty-two security officials from across the state [are] attending a three-day conference in Centennial this week to share information on terrorist tactics. ... The Colorado Information Analysis Center put on the conference.

Said Norris Croom, Castle Rock fire chief and one of the organizers, “If we are going to stop a terrorist attack in this country, it is going to be those individual officers and personnel, and the citizens, who stop it.”

It is the first conference specifically for local and state terrorism liaison officers, including those from police and fire departments, state agencies, public health departments and other organizations.

Along with establishing relationships with other terrorism liaison officers, they are learning what to watch for and where to send the information.

“The primary thing is to make all the agencies we work with aware of how to get information to each other and up the chain,” said El Paso County sheriff Sgt. Rick
McMorran.
They've got a number of agencies involved; they're clarifying roles; they're collaborating. In short, they're establishing the right kind of environment. One caveat: They ought to make sure the collaboration continues after the conference.


Can I Get a Volunteer?

Bob Jaffin at In Homeland Security has written a nice piece about the shortage of volunteers to staff emergencies at the local level. A few excerpts:

Current estimates indicate the real number of volunteers actually available within a small to medium sized area would be some 25 - 40% less than the aggregate count on the volunteer lists ... This is a daily concern for local emergency planners, yet not one that gets any attention at the state, regional, or national level.

"Especially in small communities, you may have a person in the National Guard, working for the fire or police department, who may also be a part-time ambulance driver. So when you lose one person to deployment, you actually lose several functions,” states Randal Noller a National Guard spokesman in a Yahoo News article dated June 14, 2007.

Clearly the good news is that there is a cadre of Americans who can and do volunteer in their own communities and adjoining communities. The dual realities here are that this is still a relatively small number of our neighbors and co-workers, but, much more significantly, many of these selfless individuals are already on the public protection-first response payrolls. ... Yet another side of the volunteer issue is that of our public-spirited citizen-soldiers serving in the armed forces.

Three things are clear:

1. We cannot look to limit volunteerism in any way. It is an intrinsic part of the fabric that makes America great.

2. We need to involve a much larger segment of the American public in volunteer programs related to manmade and naturally occurring disasters.

3. Regional cooperation and coordination based on data sharing is neither a luxury nor a theoretical goal; it is an immediate necessity.
Can't disagree with any of that.

Another thought: This is a problem that may extend beyond the most common instances of disaster response (e.g., tornadoes, hurricanes, earthquakes). In the event of a public health emergency such as a flu pandemic, trained volunteers will also be needed (see this post).

Tuesday, July 10, 2007

May Mean Nothing ...

But interesting nonetheless. DHS Secretary Chertoff tells the Chicago Tribune his "gut feeling" is an increased risk this summer:

In an unusually blunt and frank assessment of America's terror threat level, U.S. Homeland Security Secretary Michael Chertoff said in Chicago this morning that his "gut feeling" is the nation faces a heightened chance of an attack this summer.

"I believe we are entering a period this summer of increased risk," Chertoff told the Chicago Tribune's editorial board.

Calling it "a gut feeling" based on past patterns of terrorists in Europe, recent al-Qaeda statements and intelligence he did not disclose ... Chertoff said he is sure [al-Qaeda is] regrouping, retraining and rethinking.
All things considered, this is unsurprising. Count me among those who find it hard to believe we've gone more than 5 years without a successful terrorist attack.

Monday, July 09, 2007

Fusion Centers: Overview and Criticism

Last week, the Congressional Research Service (CRS) published a new report that examines the rise of fusion centers as a critical element in the effort to share information among local, state, and federal homeland security professionals.

The
report is a critical examination of fusion centers, which distinguishes it from the glossy praise that fusion centers typically receive from local, state and federal authorities, as well as key politicians and DHS Secretary Michael Chertoff.

Let's take a look. I've reorganized CRS' comments into a few major categories:

Fusion Centers' Establishment and Organization:

First, a bit o' history. Fusion centers did not spring forth fully formed from the head of Michael Chertoff, or even the head of Tom Ridge. Instead, they were a logical outgrowth of a number of phenomena, including new philosophies of policing, the war against drug trafficking, and 9/11:

While the [9/11] attacks were the direct impetus for the creation of most state and regional centers, the fusion center movement did not occur in a vacuum and can be best understood as a continuum of a mounting tide. Important influences include the increasing favor of the Intelligence-Led Policing model, among others; the perception that the High Intensity Drug Trafficking Area (HIDTA) Center structure was successfully enhancing coordination; rising agreement amongst Governors that each state should have a fusion center; and the support of the President and key federal homeland security entities, such as the Homeland Security Advisory Council (HSAC), and the Director of National Intelligence (DNI) — Information Sharing Environment Program Manager’s Office.

Since 1990, 28 areas have been designated as HIDTAs across the country. HIDTAs are designed to be multiagency entities that facilitate the coordination of law enforcement counterdrug efforts across all levels of government. Prior to 9/11, the benefits of collocation, coordination of resources, and information sharing across agencies was apparent to many in the law enforcement communities, and there were several states and regions that were looking to replicate the HIDTA model in their communities.

In several cases, post-9/11 state/regional fusion centers have been located with HIDTA centers, and in one case, organizationally linked with the local HIDTA...
And although the federal government has done a lot to encourage the development of fusion centers over the past few years, they remain a state entity - for the most part under the auspices of the state law enforcement agency. Local law enforcement is less represented:
The overwhelming majority of the centers examined by the authors are statewide in jurisdiction and are largely operated by the state police or state bureau/division of investigation. These state fusion centers are largely the outgrowth or expansion of an existing intelligence and/or analytical unit or division within the state’s law enforcement agency.

Furthermore, the majority of sworn officers detailed to fusion efforts are from state police agencies and state bureaus of investigation, rather than local departments. Some may argue this is natural given the majority of fusion centers are state-wide entities that grew out of state police/bureau of investigation intelligence/analysis units. Of the local law enforcement agencies represented, the overwhelming majority are from the largest local police departments in the country, which have more resources, and in some cases, intelligence units (which are somewhat rare in local police departments).
Yet there is diversity among the centers in their funding, staffing, organization, and goals:
Fusion centers are state-created entities largely financed and staffed by the states, and there is no one “model” for how a center should be structured. State and local law enforcement and criminal intelligence seem to be at the core of many of the centers. Although many of the centers initially had purely counterterrorism goals, for numerous reasons, they have increasingly gravitated toward an all-crimes and even broader all-hazards approach. While many of the centers have prevention of attacks as a high priority, little “true fusion,” or analysis of disparate data sources, identification of intelligence gaps, and pro-active collection of intelligence against those gaps which could contribute to prevention is occurring.
And though most centers focus on law enforcement, there is a general shift toward a broader, all-hazards approach, which includes a wider variety of public safety agencies:
In general, the fusion centers studied for this report remain largely law enforcement oriented entities. That said, centers appear to be increasingly bolstering their non-sworn officer ranks and reaching out to non-law enforcement homeland security partners.

All-hazards centers are more likely than their counterterrorism or all-crimes colleagues to have non-criminal justice personnel, to include Department of Health, Fire, Emergency Management Services (EMS), and other non-traditional homeland security partners in the public sector.

The rise of fusion centers is representative of a recognition that non-traditional actors — state and local law enforcement and public safety agencies — have an important role to play in homeland defense and security.
In an article discussing the CRS report, Government Computer News labels this expanded role "mission creep." I tend to disagree, as many of the preparedness and response functions are similar, regardless of the cause of the incident (e.g., the response to a bioterrorism incident will be similar in many ways to a naturally occurring disease outbreak).

Fusion Centers' Counterterrorism Function
:

The idea of fusion centers has always been to be a proactive element in counterterrorism.
From a law enforcement perspective, it has been argued that state and regional intelligence fusion centers, particularly when networked together nationally, represent a proactive tool to be used to fight a global jihadist adversary which has both centralized and decentralized elements. This network of fusion centers is envisioned as a central node in sharing terrorism, homeland security, and law enforcement information with state, local, regional, and tribal law enforcement and security officials.
One problem, though, is that much of the information-sharing tends to be reactive rather than proactive:
However, research indicates that while fusion centers want to become more proactive, many continue to follow a reactive model. Most fusion centers respond to incoming requests, suspicious activity reports, and/or finished information/intelligence products. This approach largely relies on data points or analysis that are already identified as potentially problematic. ... [I]t could be argued that this approach will only identify unsophisticated criminals and terrorists. The 2007 Fort Dix plot may serve as a good example — would law enforcement have ever become aware of this plot if the would-be perpetrators hadn’t taken their jihad video to a video store to have it copied?
I've covered the vulnerabilities of the Fort Dix plotters in a previous post, and I agree that a more proactive stance would have offered a greater chance of uncovering more vulnerabilities.

Of course, the Fort Dix plotters, like many others, had more ambition than operational skill. The critical question is whether a reactive information-sharing center could stop a well-trained, disciplined terrorist group, especially if they avoid committing precursor crimes or hide their tracks well. CRS is skeptical:

It could be argued that sophisticated terrorist operatives may be so well trained as to avoid any potential illegal activity that may undermine their inimical plots. These operatives may dissociate themselves from direct interaction with supporters who may engage in criminal acts. Do all terrorists or terrorist supporters within the United States engage in criminal activity? The answers to this question are arguable. If, however, the premise that sophisticated terrorists do not necessarily engage in criminal activity is accepted, is reactive and ex post facto collection of intelligence sufficient to uncovering sophisticated terrorist plots?
Also see these prior posts regarding the link between precursor crimes and terrorism. They also suggest that a proactive stance is required.

Fusion centers with stronger information-sharing mechanisms for counterterrorism tend to be those that run under the direct auspices of the state law enforcement agency:

An important consideration when assessing the maturity of fusion center information sharing and analysis efforts is the centers’ access to and quality of relevant information and intelligence.

The fusion center leadership of state-wide centers, which were largely “owned” by one state agency, tended to have a more direct relationship with the “boots on the ground.” These centers operated under the same parent agency, usually a state police or investigation agency, making it easier to have direct access to both investigators and their information/intelligence collection efforts.
Fusion Centers' Broader Homeland Security Functions:

After initially focusing mostly on counterterrorism and crime-solving, fusion centers have been broadening their scope - but crime is still a major focus, and there is a lot of variety among the centers:
Given the fractured development of grassroots fusion centers around the country, and the broad nature of federal guidelines on the subject, fusion centers have significantly different roles and responsibilities. Some fusion centers are solely counterterrorism focused, while others have a broader mission. Some are prevention oriented, while others have a response and/or recovery role.

Many of the “first-wave” centers, those created soon after 9/11, were initially solely focused on counterterrorism. Today, less than 15% of the fusion centers interviewed for this report described their mission as solely counterterrorism. In the last year, some counterterrorism-focused centers have expanded their mission to include all-crimes and/or all-hazards.

A little more than 40% of fusion centers interviewed for this report describe their center’s mission as dealing with “all-crimes.” There were shades of meaning in the definition of “all-crimes” across fusion centers. Some fusion centers were concerned with any crime, large or small, petty or violent. Such centers provided support to investigations into single criminal acts and larger criminal enterprises. Some centers, however, focused on large-scale, organized, and destabilizing crimes, to include the illicit drug trade, gangs, terrorism, and organized crime.
Further diversity is found in the "all-hazards" approach:
A little more than 40% of fusion centers interviewed for this report describe their center as “all-hazards” as well as all-crimes. It appears as if all-hazards means different things to different people ...

For some, all-hazards suggests the fusion center is receiving and reviewing streams of incoming information (i.e., intelligence and information) from agencies dealing with all-hazards, to include law enforcement, fire departments, emergency management, public health, etc. To others, all hazards means that representatives from the aforementioned array of public sectors are represented in the center and/or considered partners to its mission. At some centers, all-hazards denotes the entity’s mission and scope — meaning the fusion center is responsible for preventing and help mitigating both man-made events and natural disasters. For others, “all-hazards” indicates both a pre-event prevention role as well as a post-event response, and possibly recovery, role.
Without some kind of consistency, the question arises as to how well the fusion centers can share information with one another and the federal government. If the information is so varied in its content from different centers, this may complicate the process of gaining full situational awareness.

Fusion Centers' Information Sharing Function:

It goes without saying that, regardless of whether the subject is counterterrorism or disaster preparedness, a key function of the fusion center is information sharing. An overview:
The majority of fusion centers interviewed for this report serve a solely, or at least primarily, analytic role. These centers operate a support function for operations and investigations, but are not directly engaged in such activities, although there were some exceptions.

In order to prevent, as well as mitigate, a variety of threats, fusion centers work to enhance information sharing, conduct threat assessments and analysis, and support and/or facilitate preparedness efforts. To those ends, most fusion centers acted as:
  • intelligence/information relay centers;
  • collocation centers for personnel from various agencies (often with access to their agencies’ databases);
  • facilitators of coordination on a variety of projects;
  • analytic centers; and
  • case support centers.
The stated emphasis is toward prevention:
Most fusion centers fulfill both prevention and response functions, with a bias toward prevention.
That's good, but without a proactive stance (as discussed earlier) the question arises as to how well they may be able to fill this prevention role. In addition, some fusion centers play a much more direct role in response and recovery:
However, in numerous cases, the fusion center is described as playing a situational awareness role to support the emergency operations center (EOC) during events. Some fusion centers said they had a reserved seat at the EOC that they could access during events.
Fusion Centers' Information Sharing Process:

Given that one of the most critical roles that a fusion center plays is a central node for sharing information, it is vital for the information-sharing processes to be efficient and robust. But many fusion centers are still new, so there are still problems with the system:
Moreover, the development of a process for gathering information according to clearly defined information requirements in fusion centers remains nascent.
One ongoing problem is that not everyone's systems talk to one another - a common concern at all levels:
Research indicates that there may be a misconception that all states and regions are operating sophisticated intelligence management systems that have access to all databases available within their jurisdiction. Not every state has a state-wide intelligence system, in fact many don’t.

Even states that have such a system, often don’t have access to all the data pools outsiders believe they do. For example, one center that is more mature than many of its counterparts reported having access to only 30% of the law enforcement data in the state — and that was good compared to other respondent fusion centers.

[F]usion centers and states continue to purchase systems that operate using proprietary language and that cannot “speak” to other systems without additional equipment and costs.
Beyond the technical concerns, there are questions about whether there is shared understanding about what "intelligence" means:
Another philosophical concern stems from the different conceptions of intelligence among the intelligence and law enforcement communities. In the absence of a common understanding about what constitutes intelligence, fusion center development and progress may be impeded.
In Washington DC, this lack of shared understanding has manifested itself in less-than-ideal information sharing:
In January 2007, Washington, DC, Police Chief Kathy Lanier testified to the cultural differences and lack of understanding between SLT and federal communities:

[T]he Department of Homeland Security is not a law enforcement agency like the FBI ... is a law enforcement agency.... So it’s very difficult for them to understand what my need to know is, if they don’t know what it is that I do. If they’re not familiar with what I do on a daily basis, what resources I have, and how I can reduce vulnerabilities through the daily activities of more than 4,500 employees here in Washington, D.C. ... So a lot of information doesn’t get to me, because they don’t believe I have a need to know.... I think it’s just a lack of understanding. And this is not in all DHS’s fault ... local law enforcement’s just as much at fault. The Department of Homeland Security is not completely aware of what our operational capabilities are and how the information, if passed on to us, could be used to reduce the vulnerability.... So information that may be shared with us is not shared with us because they don’t think it’s something that we can do anything with or that we can use to help reduce that vulnerability.
Relationship with Feds re: Info Sharing:

Lanier's complaint is a nice segue into the topic of local-state-federal information sharing in the fusion centers. CRS says the FBI tends to enjoy a better relationship with fusion centers, and not just in the nation's capital:
Overall, relationships with DHS were described by fusion centers having a DHS detailee as relatively positive. However, by comparison, fusion centers reported a more favorable relationship with the FBI than DHS.
But the relationship between these federal agencies left something to be desired:
A common refrain from state fusion center leadership was that there was no coordination between the FBI and DHS with respect to substantive mission support and resource allocations were often duplicative or nonexistent.
The state-federal relationship - with any agencies -
may be aided by collocating fusion centers with federal agencies:
To varying degrees, federal participation in state and regional fusion centers appears to influence the relationship between levels of government, state, and local access to information and resources, the flow of information/intelligence, and maturation with regards to intelligence cycle functions. Approximately 30% of fusion centers are collocated with a federal agency(s), and as a result, that federal agency(s) may have a significant influence on their development, operation, and even budget demands.

There appears to be a direct correlation between contact between a federal agency and a fusion center, and the center’s positive outlook on the relationship between the two. In general, fusion centers collocated with a federal agency reported favorable relationships with that agency. This was often in stark contrast to the views of other fusion centers not collocated with a federal agency(s).
Specifically, federal agencies can help with security clearances for local and state personnel:

Almost all fusion centers studied for this report had multiple personnel with security clearances, although there were a couple of exceptions that had few if any cleared personnel. On average, fusion centers appear to have 14 staff with Secret clearances, which is not insignificant considering the average staff size of the fusion centers interviewed for this report was approximately 27 full-time persons. Clearances for state and local personnel were not restricted to Secret-level clearances, but also included some Top Secret (approximately 6 persons on average) and Top Secret-Secure Compartmentalized Information (SCI) (approximately one person on average) clearances as well

Fusion center representatives claimed that in recent months DHS has increasingly conducted security clearances for state and local personnel at fusion centers. Fusion centers claimed that the DHS process has improved to the point that it was faster than the FBI’s.

In addition to the significant number of cleared state and local personnel at the fusion centers, fusion center collocation with federal agencies has also increased state/local access to threat intelligence and information. However, often that access was indirect (i.e. a federal official may need to access the information on behalf of state and local fusion center staff).
But one big problem is the volume and form of the information that comes into the fusion centers from federal agencies:
Numerous fusion centers officials claim that although their center receives a substantial amount of information from federal agencies, they never seem to get the “right information” or receive it in an efficient manner. According to many state fusion center leaders, often pertinent threat intelligence must be requested by fusion centers, rather than federal agencies being proactive in providing it. The obvious difficulty arises regarding the inability to request relevant threat information that is unknown to members of the fusion center.

[A]ccording to some fusion officials it appears that information sharing from the federal government to the state and local fusion centers continues to be a largely reactive, especially when it comes to information state and local officials believe is relevant to their jurisdiction. Several fusion center officials remarked that they receive such intelligence and/or information when they request it, which is an improvement over pre-9/11 situation, however according to fusion center officials, federal agencies are still not proactive in reaching out to state and regional fusion centers, sometimes even when a connection to that locality is apparent in an analytic product.

The fusion centers interviewed for this report cited numerous sites operated by federal agencies that they needed to check in order to receive information from the federal law enforcement and intelligence communities, including, but not limited to, the HSIN and its sister systems HSIN-Secret and HSDN, Law Enforcement Online (LEO), Federal Protective Service (FPS) portal, Regional Information Sharing Systems (RISS), among others.

Respondent fusion center officials remarked that their staff could spend all day, every day reviewing all the information posted on these systems, and still not be confident they had seen all relevant and/or unique data. Often information is duplicated on several sites, but because of the occasional situation when it is not, fusion center officials believe they need to check them all.
The upshot of this? Fusion centers compile and sort information but because the process is so cumbersome, they aren't able to add much value.

Relationship with private sector:

Relationships with the private sector - the benefits of which were recently described in the Governors Guide to Homeland Security (also see this post) - also could be improved:
There is also a misconception that fusion centers, and the information management systems that some of them manage, have access to vast amounts of private sector data. This is largely unfounded.

The flow of information from the private sector to fusion centers is largely sporadic, event driven, and manually facilitated. It does not appear that these databases are directly linked together. In general, the private sector seems very wary of that level of sharing — concerned with lack of government safeguards, industrial espionage, exposing weaknesses to competitors, as well as privacy and civil liberties concerns.

The relationship and role of the private sector is a function that most state fusion centers have yet to fully define and/or embrace.
Critical infrastructure is an obvious area for improvement:
Very few of the state and regional fusion centers have an infrastructure sector representative detailed to their organization and rely, in part, on open-source information, data provided by the federal government, or contract data vendors for information about threats to a critical infrastructure facility.

Information Sharing and Analysis Center (ISAC) organizations, originally envisioned as a mechanism for the sharing of critical infrastructure information between partnering corporations and with the federal government currently are not being fully utilized by state and regional fusion centers as a resource for information.
Summary:

CRS asks if, given these constraints, fusion centers can really be effective:
It could be argued that if information flow into fusion centers is limited, the quality of the information is questionable, and the center doesn’t have personnel with the appropriate skill sets to understand the information, then the end result may not provide value. Furthermore, if fusion center constituent agencies don’t buy into a common fusion and prevention philosophy that arguably needs to accompany fusion centers (i.e., responsibility for security, a proactive approach, and need for understanding their environment to discern potential threats) can fusion centers be effective?
The answer is yes. A more proactive stance is possible; it just requires a different mindset, better understanding, better processes, and better tools:
Embedded in the fusion process is the assumption that the end product of the fusion process can lead to a more targeted collection of new intelligence, to include private sector data, which can help to prevent crime. It could be argued that through a more pro-active and targeted intelligence process, one that has as its starting point an intelligence gap, or unknown about a particular threat, it is possible that sophisticated criminal groups could be undermined.
Ideally, how might the fusion center analysts such a proactive stance?

Rather than wading through the information that comes into the fusion center, an analyst there might proactively search for connections that may indicate, for example, the nexus between crime and terrorism.

The analyst could gather reports from many sources to analyze precursor crimes (e.g., identity theft, drug dealing, counterfeiting) to see if there are any red flags with relation to a terrorist threat. They could check immigration databases, criminal records, etc., to determine whether any threats may exist.

When suspicions are raised, they pass on this information to local, state, and federal law enforcement, who may decide to proceed with an investigation.

Of course, this does not preclude a reactive engagement. The fusion center analysts can and should examine the data that comes to them. But if they simply collect the information that comes to them, they are compilers and sorters rather than active participants in counterterrorism.

You have to start by asking a question. Do the research, find the answer to that question. Maybe it leads somewhere, maybe it doesn't. When it does lead somewhere, follow up. When it doesn't, ask a new question.

That's how to be proactive.

The future of fusion centers:

Back in the real world, CRS gazes into the crystal ball and finds that, in spite of today's sunny rhetoric regarding fusion centers, it's possible they won't have a long shelf life:
It could be argued that in the absence of another terrorist attack or catastrophic natural disaster, over the course of the next 5 to 10 years, state and regional fusion centers may be eliminated and/or replaced by regional fusion organizations.

It is likely that the fate of fusion centers would differ drastically from state to state, depending on a range of factors, to include, their level of maturity, buy-in from other agency partners, their resource needs, and noted successes, balanced with other critical issues and programs within the jurisdiction.
In short, fusion centers are enjoying a honeymoon period now; but in the long run they will have to prove their value.


Former MI5 Head: Jihadist Radicalization Process Speeds Up

In The Daily Telegraph, the former head of Britain's internal intelligence agency, the MI5, says that the radicalization process of jihadists in the UK is speeding up.

Dame Eliza Manningham-Buller, the former director-general of MI5, said the radicalisation of teenage Muslims "from first exposure, to extremism, to active participation in terrorist plotting" was now worryingly rapid.

It was vital that the Government rose to the challenge of trying to change the attitudes that "lead some of our young people to become terrorists".
How to do this? Manningham-Buller advises:
She warned of the "pressing demand" for the police to create a secret network of Muslim spies capable of improving intelligence gathering.

[S]he called on both the police and MI5 to develop their relationship, which she said had created a counter-terrorist organisation "unmatched anywhere in the world".
In creating a network of Muslim spies, is the goal to infiltrate and disrupt potential jihadist groups, or is it to identify and address the root causes of the quickening pace of jihadism? The former is a necessary-but-insufficient short-term solution. The latter is ultimately the key to addressing the threat.

And yet...
The former spy chief also warned that "it is inevitable that some terrorist plots will escape our combined attention," adding: "Even if we have the numbers of personnel engaged in looking at our own citizens as, say, the KGB or the Stasi did during the Cold War, and with the same authoritarian powers, some things would slip under the radar."
Manningham-Buller's warning regarding the inevitability of terrorist attacks is well-founded and appropriate. The idea that the U.S. can eliminate the risk of further terrorist attacks - or even that we already have eliminated it - is a false notion. We run the risk of being lulled into a false sense of security.

Such misperceptions are ultimately dangerous, as they disrupt our ability to respond in a manner consistent with the threat.

Update 2007-07-09: A tip of the cap to Jonah Czerwinski at Homeland Security Watch, who also addresses the radicalization process. Jonah links to a pair of related documents which I'll briefly cover here. First is the recent congressional testimony of Frank Cilluffo, who directs the Homeland Security Policy Institute and George Washington U.

Cilluffo contextualizes the problem:
Radicalization is not a well understood phenomenon, hence greater study of the life cycle of a terrorist – specifically, the process by which an individual becomes motivated to listen to radical ideas, read about them, self-enlist or respond to terrorist recruiting efforts, and ultimately, undertake terrorist activity – is needed in part to identify trigger points and possible points of intervention.
There is agreement that there is no single terrorist profile; however, there are some more general indicators that may indicate whether a young person is susceptible to the siren song of jihadism, such as a desire to join a group, to do something meaningful, to strike back against perceived forces of oppression, etc. (See this post.)

Cilluffo addresses the differences between "homegrown terrorism" in Europe and the U.S.:
[I]t is something of a misnomer to speak of “homegrown terrorism” for the term is suggestive of watertight compartments that do not in fact exist. To the contrary, we live in a borderless world and the threats that we face are similarly transnational. That said, the United States remains in some respects reasonably well situated. Other countries are currently experiencing a more full-blown manifestation of certain dimensions of the problem such as the United Kingdom. In a sense therefore, we have an opportunity to get ahead of the curve and deal proactively with these elements before they have the chance to flourish more vigorously in this country.
It is true that real differences exist between the U.S. and Europe, in terms of the risk of jihadism (See this post as well as this analysis of European jihadism from Foreign Affairs.) But Cilluffo is correct in his assertion that we are becoming borderless.
Internet chat rooms are now supplementing and replacing mosques, community centers and coffee shops as venues for recruitment and radicalization by terrorist groups like al Qaeda. The real time, two-way dialogue of chat rooms has enabled extremist ideas to be shared, take root, be reaffirmed and spread exponentially. By incorporating and manipulating local political grievances – some of which are legitimate – extremists have woven an effective tale of an imaginary “clash of civilizations.” The extremists’ compelling “call to action” based partly on myths and falsehoods begs for the development of an effective counter-narrative that forcefully refutes and responds to the extremists’ own.
[I]t is clear that the U.S. needs to catch up in this cyber-battle of words and ideas. However, unless elements of the counter-narrative emanate from within the Muslim community and are conveyed by voices that are trusted and credible within those communities, the opportunity to achieve impact will be limited at best.
So far it seems that online recruits have not been able to develop robust operational capabilities. The intent is there, but the skills are lacking.

The larger point here is the creation of the counter-narrative. I couldn't agree more.

Cilluffo extends his argument, echoing my sentiments above - that infiltration and disruption are only short-term fixes to the radicalization problem, and that a real solution must address the root causes:
Granted, where appropriate we should seek to deny or disrupt extremist access to and extremist efforts through the Internet via legal and technical means and covert action. At the same time however, it is crucial that we bear in mind wider and deeper goals and themes such as the need to offer an alternative to those who feel alienated and marginalized. Another example is the importance of intelligence work to inform counterterrorism. These underlying or foundational elements merit special consideration as they are critical components of our efforts concerning radicalization writ large.
Importantly for local first preventers, Cilluffo emphasizes the importance of local action to solve the radicalization problem:
[T]he solution sets for the problem under discussion must emanate principally from the grassroots, from local communities, their leaders and the citizens that reside there. Governments at the federal, state, local and tribal levels certainly have a contribution to make however, and there is also a measure of interplay between the public and private sectors that is and will continue to be crucial to combating radicalization at home and elsewhere.

For instance, law enforcement at the local level should develop new relationships and deepen existing ones within Muslim communities as local figures are best placed to identify radicalization at its earliest stages. Cultivated mutual respect and understanding between officials and communities, founded on a solid education about Muslim cultures and Islam, is critical. Notably, in the Fort Dix case, the mosque attended by three of the plotters quickly called an “emergency town hall meeting” to invite law enforcement, other officials, and members of the public “to ask anything they want about the mosque or about Islam, and to publicize a ringing denunciation of terrorism and violence of any sort…”.
Also see this post regarding the relationship between local law enforcement and Muslim communities.

Next, Jonah links to this report from the Future of Terrorism Task Force. Published in January and attributed to 9/11 Commission co-chair Lee Hamilton and the aforementioned Frank Cilluffo, it comes to a similar conclusion as
Manningham-Buller:
Like crime or disease, terrorism should be conceived as a chronic problem requiring a sustained and patient strategy, with ever evolving tactics.
Hamilton and Cilluffo also find that radicalization is spreading:
While difficult to measure with precision, it is known that al Qaeda’s ideology is spreading. Per the National Intelligence Estimate, “Although we cannot measure the extent of the spread with precision, a large body of all-source reporting indicates that activists identifying themselves as jihadists, although a small percentage of Muslims, are increasing in both number and geographic dispersion.”
One problem that limits the West's ability to prevent the spread of jihadism is limited knowledge of Islam. As a result, we have a difficult time driving a wedge between the violent jihadists and the broad Muslim community:
Muslim culture, and in particular the Islamic faith, are not widely understood within the Western world. This lack of understanding, coupled with fear of extremist adversaries, taints our ability to relate with the larger and overwhelmingly peaceful and moderate Muslim population, reinforcing misconceptions of and dividing us from those susceptible to radicalization.
But the effort to drive this wedge is best placed at the local level:
The potential rise of self radicalized, unaffiliated terrorists domestically cannot be easily prevented through traditional federal intelligence efforts, and requires the incorporation of state and local solutions. Similarly, the protection of critical assets, as well as the initial response to an attack, are primarily state, local and private sector responsibilities, with federal assets and resources provided as a supplement.
As we carry out our counterterrorism efforts, we can learn important lessons from other nations:
Australian officials, for example, have concluded that protective security measures over the next five years must not become rigid, and both variability and unpredictability must be consciously injected into flexible prevention measures.

Israeli officials highlighted the need for public participation, rather than just awareness, and emphasized that resilience must be built from the bottom up in addition to the top down.

In Britain, officials have worked to inculcate in the public an understanding that there is no such thing as zero risk, and that sometimes even the best efforts of the authorities will not be good enough.
As I see it, the underlying philosophical stance of Hamilton and Cilluffo's argument is best expressed by this passage:

To change hearts and minds – and encourage moderation – we must challenge ideas with ideas. Trust is the most valuable currency we have in this battle because trust underpins all counterterrorism tools (e.g., military, diplomatic/policy, legal, economic and covert action).


Thursday, July 05, 2007

To Find Terrorists, You First Have to Ask the Right Questions

In the wake of a terrorist event, news outlets always produce some breathless stories that examine the terror suspects' past - all in the name of answering the question:

"What kind of person would do such a thing"?

The New York Times offers up such a story today. The lede gives it away:

In some ways, he was the unexceptional product of a privileged upbringing in an educated Baghdad family: an intelligent, pious young man who enjoyed swimming, hiking and socializing at the Iraqi capital’s exclusive Hunting Club. But associates of Bilal Abdulla, a doctor who is accused of riding a flaming Jeep into Glasgow’s international airport on Saturday, say he was a religious zealot and a lone wolf whose anger about political developments in Iraq may have driven him to an act of terrorism.
The problem is, there is no terrorist profile. Terrorists are not all "lone wolves." They're not all "angry." As a group, terrorists have an incredibly diverse profile. They're rich, they're poor, they're uneducated, they're educated, they're married, they're single. They're everything.

So the salient question is not, "What kind of person would do this?" Rather, the question is, "Is there anyone in my community who is exhibiting behavior that indicates terrorist intent (e.g., sympathy with terrorist causes, commission of precursor crimes, etc.)?"

In telling Abdulla's story, the Times provides only one genuine indicator of potential terrorist intent:
Shiraz Maher, a former member of the radical group Hizb ut-Tahrir who knew Dr. Abdulla in Cambridge, ... said that Dr. Abdulla at one point shared an apartment in Britain with a less devout Muslim. "This other Muslim didn’t pray five times a day and played the guitar. Bilal said, 'Look, you’d better start praying and stop playing.' He was adamant about it and put on this DVD of al-Zarqawi beheading a hostage," he said, referring to the slain insurgent leader in Iraq, Abu Musab al-Zarqawi. "He said, 'If you don’t change, this is what we do. We slaughter.'"
If you're looking for terrorists, you're not going to find them if you go around looking for loners, unhappy people, etc. You'll find them - in this instance - by talking to people who have seen them exhibit behaviors like this.

This is why trust is so important. It can be risky for someone to turn in their roommate for making a threat. What if the police do nothing, and then the roommate retaliates?

The trust between local authorities and the public is a vital element in preventing terrorism.

But first, it's crucial to focus on the right questions.

Updated 2007-07-06: In the UK, The Independent runs a similar story about another terrorist suspect. These tales of "good boys gone bad" make for interesting reading, but they aren't helpful in developing a strategy for rooting out the problem.

Tuesday, July 03, 2007

Prevention Fails in London and Glasgow Bombings

The title of this post is not an error. I'm calling these the "London and Glasgow Bombings" because they were bombings; they just fizzled. As AFP has reported, the car bombs failed for purely technical reasons:

The attempted London car bombings were meant to be detonated by calls to mobile phones in the two vehicles, but failed for technical reasons...

The bombers twice called the car outside the "Tiger Tiger" nightclub on Haymarket off Piccadilly Circus and the one in nearby Cockspur Street off Trafalgar Square four times.
In short, prevention failed. In the absence of technical glitches, we'd be talking about another Bali instead of a "successful counterterrorism operation." We're simply lucky the suspects were doctors and not engineers. We're also lucky they were - at least initially - reluctant to engage in suicide terrorism, in which case the driver could have detonated the bomb without relying on a remote device. (Note that I'm only addressing the London incident here, not Glasgow as yet.)

On the Counterterrorism Blog, Walid Phares asks (and answers) a good question: Did Britain's silent army of surveillance cameras really help, or would it have been better to intervene earlier?
The UK pride itself for having installed more cameras in their capital than all other European cities combined. But when one wonders why the dense surveillance is so extended one realizes that Britain had to develop an extreme system of monitoring because it was forbidden to be preemptive in the war. Over the years, authorities were pressured by lobbies not to engage the Jihadists "before" they become terrorists and before they strike. So resources were reverted to spy on the Jihadis (and other terrorists) "after" they attack but not before...
My view, as I've written about before, is that one of the best opportunities to prevent terrorism occurs during the recruitment phase. Not only is this a vulnerable time for the terrorist, because he has to reveal himself, but it is also the time during which a potential recruit may most easily be "flipped."

Phares also clearly sees the implications for the U.S.:
Should the US be worried about this development in London? Is there a potential link? ... There is no question that Americans and British alike should be worried about a terror act anywhere on both sides of the Atlantic. For the Jihadi campaign targets both nations, and all other societies obstructing their goals. But on the other hand, terror operations taking place in one country do not have to replicate automatically in another country. Unless al Qaeda has coordinated an international spectacular campaign worldwide (which may not be impossible), uncovering car bombs in London don't have to mobilize police forces necessarily in US cities. We must be logical in perceiving the enemy's moves. Both extremes are unreasonable.
The Glasgow bombings were something of a different animal. Again, prevention failed. The bombers reached their intended target. Fortune smiled again, though, as they were quite inept. For first responders, an initial problem was failing to recognize that the crash and fire were intentional:
As the driver, a massive man, described as over 6ft tall with a broad build, struggled with the boot, Stephen Clarkson, an off-duty police officer, snatched up a fire extinguisher and tried to put out the flames. The man turned and is alleged to have screamed: "It's a bomb. It's a bomb."

A confused struggle then took place with police officers who arrived and squirted CS spray into the driver's face.

Meanwhile, witnesses said the Jeep's passenger tried to run into the terminal with canisters of gas or petrol, before being tackled by security guards, police and members of the public.
For about two hours after the Jeep crashed, they also did not recognize a potential - though eventually false - secondary threat:
The driver of the Jeep Cherokee, who had been extensively burned, had been taken to the Royal Alexandra Hospital in Paisley. He was admitted to the accident and emergency department, accompanied by police officers armed with sub-machineguns.

At about 5:30pm, the entire unit was swiftly evacuated as hospital staff, after removing the suspect's clothes, discovered what they believed to be a suicide belt. Fearful that the device could detonate in the ward, police officers picked it up and sprinted to the nearest open ground - the Ferguslie Cricket Club.

Angela Docherty, a minibus driver, saw a man run down the hill carrying an object. He shouted: "Run for your f****** life." When the bomb squad arrived, they found it was not an explosive device.
Compare this to the response to an incident in Israel in 2006, described in a case study on the In Homeland Security blog. The response was pre-emptive, quick, and coordinated:
The driver of the van, who aroused the suspicions of police, ignored orders to stop the vehicle and a high-speed highway chase ensued. The police, their weapons drawn, eventually surrounded the van, which was stopped in traffic due to multiple roadblocks erected by police on the highway, were able to arrest all 10 men inside the vehicle. During the arrest, police ordered all the passengers to strip and lie on the ground as police searched their bodies for explosive belts. Ambulances rushed to the scene, fearing the occupants would try to detonate the explosives. Police sappers neutralized the explosives on the scene.

In this incident, similar to other incidents in Israel in the past, intelligence was received and disseminated down to the local precincts for their response and interdiction. The dissemination of information between the agencies is an imperative tool for interdicting the bombers and their supporters before the explosive device is detonated.
Police officers are specifically trained in counterterrorism:
As a result of Israel’s history with terrorism, the patrol officers in Israel, and especially in Jerusalem, have been trained both in a law enforcement capacity, but also hold a dual role as a counter terror unit that can interdict on its own and mitigate or defuse many adversarial schemes of maneuvers.
The police training includes vulnerability analysis:
It is not enough to simply control the entrances and exits to the city while awaiting the arrival of the adversary. Understanding the tactic of the adversary and the targets the enemy has chosen in the past, law enforcement must consider securing locations where the bomber may target. Taking into consideration that the bomber was able to bypass the overt checkpoints established based on the intelligence that was disseminated to law enforcement, the command should increase the presence of both covert and overt officers at assets where the bomber may target. These sites include the highly populated areas, transportation venues, Center City, business districts, hospitals and other sites within the jurisdiction.
Israeli counterterrorism operations also involve close collaboration with private security (as this previous post on mall security also indicated):
Considering operational security and the disclosing of intelligence secrets to personnel without clearance, law enforcement can disseminate the information in a format that can be passed on to private security forces. Based on the information relayed to relevant private entities, security managers would be able to initiate an elevated threat level with responses that may include the hardening of their respective assets. ... Testing of such cooperation between public and private enterprises needs to be a part of the routine relationship between the management.
Collaboration with other first responders is a key part of the plan, too:
As part of the response to such incidents, the Jerusalem Police attempts to secure immediately, adequate means for emergency medical services and supporting agencies, easy access to the scene while ensuring a secure perimeter.

The successful response to such an incident is dependent upon the preplanning between all the agencies at all the levels of the command. Dissemination of information, and at a fast pace to the other security agencies is critical in interdicting such a threat. This needs to be done on a regular basis, with open dialogue and cooperation between all agencies.
The London and Glasgow bombings were successes only in the sense that no one was killed and the terrorists were caught.

Prevention failed. The plot was not discovered until the first bomb was fizzling outside Tiger, Tiger. Earlier intervention is essential. More "successes" like this are unacceptable.