Friday, April 25, 2008

Disaster Response in Israel: Relationships Count

Interesting comments in this article from the National Guard Bureau on the trip made by NG representatives to a disaster exercise in Israel. They accompanied the Israeli Defense Force’s (IDF) Home Front Command (HFC), which is Israel's version of a National Guard.

For me, this was the key take-away:

Guard leaders also observed how the HFC works with civilian authorities and shares civilian assets to supplement its own after a disaster. Contrasts and similarities between how the National Guard and the HFC do business include:
  • Bottom-up versus top-down.Everything in the United States is local and then it ratchets up to the state and then the governor asks for the feds,” explained Col. Brent Feick, chief of the National Guard Bureau’s future operations division. “It’s a little quicker response from the feds in Israel, where the fire battalions and the police have a much more limited capability, and they rely more heavily on the HFC. Normally the governor wouldn’t call the National Guard until it was a much larger event because we put more effort in each state trying to take care of themselves. We’re the last in and first out. That’s our concept. In Israel, the HFC is almost always in there very quickly.”

  • Close local relationships. State National Guards are building relationships with mayors, police departments and other agencies at the most local level, Feick said. The military service required of every Israeli has helped the HFC build close ties with local agencies. “No matter where you are in the country, you have an appreciation for how the IDF and the HFC works,” Feick said of the Israeli system. “The mayor of Nazareth knew to donate the building … for this exercise because of his prior military experience. He knew that this would be an advantage to the brigade commander up here.”
The lesson? It doesn't matter if your system is bottom-up or top-down. What matters is relationships - being able to see what's needed from others' perspectives. That's an irreplaceable key to success.


WMD?

When you start applying a term to cases where it ought not apply, you dilute its meaning:

An 18-year-old straight-A student accused of planning to bomb his high school was charged Tuesday with attempting to use a weapon of mass destruction, which carries a possible life sentence.

Authorities say his parents called police because he had ordered 10 pounds of ammonium nitrate, which they retrieved after getting a delivery notice from the postal service. Ammonium nitrate is a fertilizer that was a component in the deadly 1995 Oklahoma City bombing.
The kid seems extremely disturbed, and if he had gone ahead with an attack, the results could have been terrible.

But none of that means this would have been a WMD attack.

This sort of thing is irritating because if we start applying "WMD" to any threat that can kill a few dozen people, then the term has lost its potency - and we risk underestimating real WMD threats.

There are already enough problems with threat recognition - let's not muddy the waters by pretending that words can mean whatever we want them to mean.

Update 2008-05-09: A bit of perspective on what 10 pounds of ammonium nitrate can do:
Ten pounds could take out, certainly take out a classroom,” said Donald Sachtleben, an FBI Bomb Technician with the Indianapolis FBI Field Office.
I stand by my argument.





Heavily Armed Anti-Terrorism Police in NYC Subways

Operation Torch:

Part of New York City’s new effort to better defend against terrorism will include the introduction of machine-gun toting NYPD “Torch Teams” in the city’s subways.

In addition to the automatic weapons, the teams will also be patrolling subways with bomb-sniffing dogs. They will be outfitted with body armor as well. Beginning Thursday they will board trains and patrol platforms in Penn Station, Rockefeller Center, and Times Square.
Mostly a deterrent move. It requires the right balance. The deterrent effect won't be maximized unless the Torch groups have enough of a public presence to cause a potential adversary to seriously consider the possibility of running into them during the planning or operations of an attack. If an intervention doesn't have enough of a presence to change the adversary's risk calculus, then it's just theater.

On the other hand, if you go too far, you alter public perception in negative ways - making the city seem like an armed compound, which must be unsafe because all these guys are walking around with automatic weapons, right?

Update 2008-04-25: Newsday has the staffing figures:
Five or six teams -- six police officers and a dog -- each day will patrol heavily used subway stations and lines as part of Operation TORCH...







Thursday, April 24, 2008

Port Security: How Much Is Enough?

The Port of Los Angeles is testing a new "small craft intrusion barrier" designed to prevent small boats from approaching cruise and cargo ships while they are docked:

While the foam and steel cable obstacle might not look like much, port authorities say they hope it will serve as a deterrent to small boats that may pose a threat to cruise ships and cargo vessels passing through the port.

"The barrier stops the vessel, then forces it to bounce back," said George Cummings, director of homeland security for the Port of Los Angeles.

Port officials said they hope the new security device will prevent a terrorist attack similar to the one in Yemen that killed 17 American sailors and wounded 39 others when a small boat laden with explosives blew a large hole in the USS Cole on Oct. 12, 2000.
The idea of protecting docked ships has merit, of course. But what protective interventions are planned for ships that are underway? From an attacker's perspective, a ship in the channel may be a more tempting target than a docked ship anyway. If you can seriously wound or sink a ship, you might be able to block the channel and interfere with the port's operations for some time.

So while the small craft intrusion barrier is a legitimate protective intervention, does it really address the port's biggest risk? It wouldn't seem so.

They also conducted a host of other security interventions:
About 50 port police officers used the occasion to conduct a drill and test several other tools aimed at bolstering security.

The port's canine unit sniffed for explosives around the cruise terminal. Five dive team officers clad in black wetsuits plunged into the harbor's cold water to look for suspicious devices. A hazardous materials team used bio-sensors to search for contaminants.

Elsewhere, port police officers tested the new Long Range Acoustical Device, a loud alarm meant to deter wayward recreational boaters from entering restricted areas.
While a port needs a whole system of preventive interventions, the thing about all these is that they're "11th hour" interventions. They are effective only after a potential malicious actor has gone operational - i.e., planted the explosives or contaminants, taken the helm of a small boat to launch an attack. At this point an attack would be imminent, so you'd need excellent intelligence to detect the hazards or intercept a small boat. And of course an alarm wouldn't do - the terrorist would simply ignore it.

So while these may be elements of the port's security regime, there needs to be more than this.

I still like this as a proactive preventive intervention for port security, humble as it is.



Every Special Event Is A Disaster

And no, I'm not talking about the upcoming wedding season.

I'm talking about the fact that Boston used this year's marathon as an opportunity to test elements of its disaster preparedness system. It only makes sense to do so, as the marathon brings in large numbers of people and creates an inherently complicated environment for a disaster response. Large gatherings also provide tempting targets for potential terrorists, as we have seen before in other places.

According to Boston Emergency Medical Service (BEMS) chief Richard Serino, his department considers events like the marathon and the Fourth of July celebration as "planned disasters" - safe, controlled environments that present "an opportunity to test some things you would never want to test in a real disaster."

Although the principal goal during such events remains the safety of everyone involved, organizers have realized that these annual gatherings of hundreds of thousands of people present the perfect opportunity to evaluate new technologies, exercise disaster plans, and build vital relationships between public safety agencies and the private sector.

That last bit, public-private sector partnerships, is especially important, as I've argued before. But let's give credit where it's due. The fact that Massachusetts is focusing on public-private sector collaboration is not much of a surprise, considering that public-private sector engagement is one of the three major goals of the state's homeland security strategy. (Also see this post.)

Preparedness involves casting a wide net for potentially beneficial relationships. It's all about the network:
To successfully manage the marathon, BEMS and other public safety agencies must have relationships not just with the Boston Athletic Association, which organizes the race, but also with a diverse set of private organizations. These include, but are not limited to, private ambulance services that back up BEMS, and hotels and other businesses along the route that help make the behind-the-scenes operation of the marathon run smoothly. When a real disaster strikes, these contacts can be called upon to lend needed supplies and other assistance.
With the summer schedule full of activities in towns and cities nationwide, this is an idea that any community could employ.

(h/t W. David Stephenson)


Wednesday, April 23, 2008

Exemplary Disaster Response in Minneapolis

The U.S. Fire Administration (USFA) has released a new technical report on last August's collapse of the I-35 bridge in Minneapolis. It should be an inspiration for every jurisdiction to set dual goals:

  1. To the extent possible, prevent and mitigate the risk of disaster in the first place. (It's worth remembering that this was a thoroughly preventable disaster.)
  2. In the case that a disaster does happen, earn an after-action report as good as this one.
While the bridge collapse was no Hurricane Katrina, it was still a complex event involving two different disaster sites/access points (one on each side of the river), multiple jurisdictions, and a witches' brew of hazards. Yet the response was exemplary in many respects because local officials had prepared rigorously:
Local and State staff and officials from fire, law enforcement, emergency management, and public works received immediate alerts and, having trained together in classroom settings and through field exercises, knew what to do and with whom they needed to coordinate their response. Years of investing time and money into identifying gaps in the city’s disaster preparedness capabilities; acquiring radios for an interagency, linked 800 MHz system; and participating in training on the National Incident Management System (NIMS) and on the organizational basis for that system (the Incident Command System (ICS) and Unified Command) paid off substantially during response and recovery operations.

In 2002, Minneapolis elected officials and key staff took a hard look at its state of preparedness ... and conducted a risk assessment that identified areas where improvements were needed. The city wasted no time in resolving the gaps, aggressively pursuing Federal grant dollars, e.g., the Urban Area Security Initiative, and general fund dollars to pay for radio and communications upgrades, equipment, and training that together elevated its level of preparedness.

The local response to the bridge disaster—and the coordination with metro, State, and Federal partners—demonstrated the extraordinary value of comprehensive disaster planning and training. The City of Minneapolis was as well prepared as any local jurisdiction could be to handle a major incident.
The critical element was a collaborative working relationship that had been established among all agencies involved in the response. There is simply no substitute for a trusting working relationship to get things done:
The excellent working relationships that had been developed through joint interagency training, planning, and previous emergency incidents was one of the primary reasons that response and recovery operations went as smoothly as they did. As one leader commented “We didn’t view it as a Minneapolis incident; it was a city/county/State incident.”

When key personnel from the primary response agencies were asked to what they attributed their excellent response, without exception they answered, “relationships.” Those relationships were developed as a result of all the planning, training, and exercises that multiple agencies and levels of government shared in recent years. Responders knew whom to call for what resources. They knew to work through the established chain of command. They knew each other’s names and faces and had built a level of trust that made it possible to move quickly through channels and procedures. ... Turf battles, not uncommon in events of this size, were not a factor because of the relationships that had been developed over the years.
If there were just one factor that predicts success or failure in a crisis situation, collaboration is it.


Friday, April 18, 2008

Fusion Centers in the News

In May, the DOJ will release baseline standards for fusion centers' information-sharing capabilities, reports Federal Computer Week:

The Justice Department next month will release baseline standards for the information-sharing capabilities of the more than 50 state and local intelligence fusion centers nationwide.

John Cohen, a spokesman for the Office of the Director of National Intelligence’s Program Manager for the Information Sharing Environment, said the baseline capability requirements will incorporate the role in the federal information-sharing environment laid out in the 2007 National Strategy for Information Sharing (NSIS). He added that much of the guidance is not new and that state and local authorities were involved in developing the directions, which will include additional guidance on privacy issues.
Also, on April 17 there was a hearing before the Senate Committee on Homeland Security and Governmental Affairs Ad Hoc Subcommittee on State, Local and Private Sector Preparedness and Integration. A few highlights from the testimony.

The general drift of the testimony was that progress is being made in sharing information, but some systemic and programmatic hurdles remain. The most significant of these, from the perspective of the fusion centers themselves, is the uncertainty of future funding streams.

Captain Charles Rapp, Director of the Maryland Coordination and Analysis Center, said that centers are still having trouble dealing with the quantity of information received - too much, too disorganized, not the right kind:
One of our greatest challenges is to expeditiously process the profusion of information to determine what is useful to our consumers.

It is also imperative that we make our federal partners understand that access to information does not necessarily equate to sharing information.

Another facet of this process is to educate state and local managers about what information they need and what they can expect from the fusion centers. Many state and local managers narrowly seek only tactical information, while ignoring a broader strategic analysis that could benefit their agencies.
And yet, when dealing with familiar, well-established categories of crimes, the fusion centers are doing pretty good:
Fusion centers are sharing more time sensitive information about organized criminal activities, gang-related activities and other information that previously may have only been shared in response to a specific request.
But in their interface with Joint Terrorism Task Forces, the fusion centers are not being treated as significant partners:
The FBI’s Joint Terrorism Task Forces have been reluctant to integrate fusion centers into their intelligence gathering operations. Instead, they continue to rely on state and local task force members to relay information to their agencies. This compartmentalization of information gathering and sharing is counter-productive and counter-intuitive to the fusion center concept.

Once the JTTF opens a case and investigates the information, it can either move forward as a classified case or be closed. This information is generally not reported back to the fusion centers. Other bits of information may not fit anything and may only be entered into a database. The fusion center may never know whether any of the information played a significant role in an investigation. Thus most of the success stories from information sharing have been anecdotal. We can quantitatively measure factors like how many calls are received per day, how many information requests are processed daily, the number of products produced, etc. However, I am not convinced that these measures will give you the true value of the centers or provide an accurate picture of their capabilities.

What's needed, Rapp argues, is a better process for prioritizing information so that everyone from the local level on up knows what to look for:
Baseline capabilities require a statewide threat assessment listing vulnerabilities and gaps from which prioritized collection requirements can be derived. Once the centers develop prioritized information needs, they can clearly communicate that to collectors. Collectors will then report back to the fusion centers enhancing the capacity of the state to detect potential precursors to terrorist activity. This should then be the focal point for federal agencies to synthesize their intelligence with any intelligence gathered on a local level. This is not happening.
The point was echoed by
Matthew Bettenhausen, Homeland Security Director for California, who said:
However, more work needs to be done to better define the requirements of the Intelligence Community from State and local public safety agencies. Locals need clearer direction on the types of information that should be shared.
And yet in some operational respects, Bettenhausen said, things are improving - including the implementation of the HSIN, which I've criticized in the past.
At the operational level, fusion center analysts have been pleased with the Department of Homeland Security's deployment of the Homeland Security Information Network (HSIN), a system for sharing sensitive analytical products. Under Mr. Charlie Allen's leadership, the Department has improved both the timeliness and the quality of the HSIN products.
Even in the absence of solid direction, fusion centers are trying to innovate. For instance, to better capture information from local agencies, Rapp said Maryland has developed a regional structure:
Collection of information is another challenge for the local jurisdictions. In Maryland we realized that we were not capturing information from areas that were not in the Baltimore Metropolitan region. To counter that lack of information flow, we developed a regional plan. We currently have three regional centers operating in Hughesville, Salisbury and Frederick Maryland. Control of these centers is maintained locally and they are networked into our main center. The value of these centers is collecting local information that will benefit the participating agencies. The regional centers add value to the agencies within their area by providing crime information and identifying local patterns. They are tracing criminal activity and participants and looking for travel patterns within their communities and helping solve criminal incidents by linking associates and acts.
Fusion centers have also developed a network (a type of desired "network of networks") to share information about what's working.
Over the past two years the development of a Homeland Security Information Network State and Local Intelligence Portal Community of Interest (HS SLIC) has become a vital link and extremely beneficial tool for the fusion centers. ... The connectivity of the states within this portal is very effective and allows members to exchange information within a secure environment.
DHS Under Secretary for Intelligence and Analysis Jack Tomarchio also had good things to say about HS SLIC:
DHS sponsors the Homeland Security State and Local Intelligence Community of Interest (HS SLIC), a virtual community of intelligence analysts from across the country -- currently, 1,000 members from 42 states, the District of Columbia, and six federal departments. Through the HS SLIC, intelligence analysts across the country collaborate via weekly threat conference calls, analytic conferences, and a secure Web portal for intelligence information sharing at the sensitive-but-unclassified level.
Federal agencies, to their credit, are trying to involve state and local officials, via pilot projects. GAO's Eileen R. Larence, Director of Homeland Security and Justice Issues, reported:
As of March 2008, four state and local law enforcement representatives had been detailed to the ITACG to provide a nonfederal perspective to the intelligence community in its situational and threat reporting and intelligence products, by, for example, requesting changes to report language to better address state and local needs. According to one of the representatives, these changes have involved requesting that specific tactical information be included in reports or that, where possible, the security classification of a report be lowered so that it could be disseminated more broadly to state and local officials. While these efforts to improve the quality and flow of information to state and local users are promising, it is too soon to determine the extent to which they will address the challenges in accessing and managing information reported to us by fusion center officials.
And DHS' Tomarchio
added:
Over a six month period, DHS I&A undertook a pilot project, working with six of our fusion center partners to examine their day-to-day information needs. By working with I&A deployed personnel, assigned pilot personnel within I&A headquarters and most importantly our state and local partners, I&A was able to develop a precise set of information needs.
And yet, hanging over all of this is a concern about funding. As indicated above and by many other sources, the fear that fusion centers will become an unfunded mandate is a major concern. Rapp, Maryland's center director, is concerned:
However, without a consistent funding stream some centers may never attain the core capabilities. ... This year, my funding has not been released. Aside from funding contractual analysts, I have no funds to spend on operational needs. This makes planning and developing baseline capabilities difficult.
On the same point, California's
Bettenhausen said:
[I]nconsistent guidance (Information Bulletins 235 and 281) regarding the use of federal funds under the State Homeland Security and Urban Area Security Initiative Grant programs has been extremely counterproductive and detrimental to State and local efforts to build and sustain a network of fusion centers.
And GAO's Larence added:
[S]ome fusion center officials raised concerns at the national fusion center conference [in Feb 2008] about how specifically the federal government was planning to assist state and local governments to sustain fusion centers. For example, whether federal funding for fusion centers would continue to be available through DHS’s homeland security grant program or whether in the future there would be fusion-center specific funding has yet to be determined.
On the contentious issue of security clearances, the hearing produced more confusion than clarity. On the one hand, DHS' Jack Tomarchio said the clearances backlog is, well, clear:
When I arrived at DHS from the private sector two and half years ago, the wait time to receive even a Secret-level clearance was nearly two years and the backlog of applicants was enormous. Thanks to the efforts of the DHS and I&A Offices of Security, we have dramatically reduced the amount of time it takes to grant those clearances and nearly eliminated the backlog.
But Larence reported:
Both DHS and the FBI have provided security clearances for state and local personnel and set timeliness goals for granting clearances. However, officials cited challenges obtaining and using clearances. Obtaining and using security clearances represented a challenge for 44 of the 58 centers we contacted, which could limit their ability to access and use some information. In addition, while law and executive order provide that a security clearance granted by one federal agency should generally be accepted by other agencies, officials in 19 of the centers encountered difficulties with federal agencies, particularly DHS and the FBI, accepting each others’ clearances. DHS and DOJ officials reported that they were not aware of recent fusion center challenges with reciprocity of clearances.
And California's Bettenhausen
added:
Security clearances - both in terms of availability and proper level - remain an issue for State and locals. Perhaps the most recent and best example I can provide you with, is the classification of the new Presidential Homeland Security Directive regarding cyber security at the Top Secret level. Unfortunately, the Department has not recognized the need to issue Top Secret clearances to State and local public safety officers - even those whom bear the responsibility of implementing national security directives.
All things considered, it's a mixed bag. The biggest concern still seems to be a clear demonstration of a level of commitment to the concept and to the centers.




Pandemic Planning Guidance for State & Local Health Departments

The Association of State and Territorial Health Officials (ASTHO) has released a draft document designed to help local officials plan for pandemic flu: "At-Risk Populations and Pandemic Influenza: Planning Guidance for State, Territorial, Tribal, and Local Health Departments."

(h/t Effect Measure)


Thursday, April 17, 2008

Public-Private Sector Collaboration in Virginia

In another installment from the "better late than never" file, the Washington Post reports on the efforts that DC-area Arlington County, Virginia, is making to enlist the support of the business community in emergency preparedness and response:

Since the terrorist attack on the Pentagon on Sept. 11, 2001, Arlington County has taken steps to help residents prepare for disasters. Now, officials are extending that effort to the private sector, enlisting the business community in a joint project to get ready for terrorist attacks or other emergencies.

The Businesses for a Safer Arlington Partnership consists of a series of workshops in which corporate leaders and government officials discuss how the business community can help plan for and recover from emergencies including an attack and a large-scale power outage. The first workshop drew more than 100 people this month to the FDIC Seidman Center in Arlington.

Especially after Katrina, said Robert P. Griffin Jr., the county's director of emergency management., the thinking is that "it's a symbiotic relationship. If you want to bring your community back to a level of normalcy, you have to bring your private sector with you."
This stuff isn't rocket science. You have to know who can help get you get back on your feet after an emergency.

And make no mistake - in our increasingly interdependent economic structure, we cannot last long on our own. We have to know where help will come from, so we can get the systems back up and running. The first step, as always, is shaking hands and business cards:
Kiersten Todt Coon, a vice president at Good Harbor Consulting, an Arlington-based national-security and risk-management firm, said the April 1 workshop "was an intensive day. It got people around the table, and just by walking away from that event you've met 20 people who are working on these issues."

Arlington Deputy Police Chief Jay Farr, who also attended, said he wants to help businesses develop more aggressive emergency management plans, in addition to exploring how to get them back in operation quicker after a disaster. He said the workshop was "a good dialogue. It was a good start."



Tuesday, April 15, 2008

LAPD Adopts New "Suspicious Activity" Codes

It's a step in the right direction, but I continue to be amazed at how long it takes to implement this kind of thing.

The Los Angeles Police Department has launched a new reporting system aimed to help connect dots that could uncover local terror plots...

During the course of police officer's day, the officer could run across suspicious packages, people taking pictures of bridges or a car that looks out of place parked in front of a water tower.

Now LAPD officers - from traffic cops to detectives - are able to report suspicious activity on their investigative reports, which will later be catalogued by intelligence officers.
What's been lacking for so many years, of course, is the intelligence function. In the past, nobody would have been able to do anything with the information, because there were no intelligence analysts.

If we had truly cross-functional and cross-jurisdictional information sharing, then this wouldn't have been an obstacle. But we didn't/haven't, so there wouldn't have been much of a point in collecting data that couldn't be analyzed. Now, of course, LA has a fusion center with a team of analysts. (I presume that's who's looking at the local data.) So they're collecting it:
Since the September 11 attacks, more local police agencies have been training officers to look for certain indicators of terrorist activity. Some fire departments have also provided this type of training.

But the LAPD's program is the first of its kind to incorporate these reports into a standard system that is used everyday, said John Cohen, senior adviser to the program manager for the Information Sharing Environment.

The LAPD gave each suspicious activity a specific code. There are about 65 codes for activities ranging from surveillance to trespassing at sensitive places, said Joan McNamara, the LAPD commander who developed the system.
It's important, of course, to be forthright about your collection and analysis processes, so that you don't risk the perception of violating civil liberties. That becomes especially important when you start sharing information, which LA is doing in a novel way:
Police departments in Boston, Chicago and Miami-Dade, Fla., are meeting with LAPD officials to learn more about the system, said Michael Ronczkowski, a major in the Miami-Dade Police Department's homeland security bureau.

Ronczkowski said if his officers [in Miami] have seen a certain suspicious activity consistently for a few months, the standard reporting system allows him to call LAPD and tell them about "suspicious activity" code 67, for example. When he does this, LAPD will know exactly what he is referring to and can tell him if their officers have seen the same thing.
I like the direct local-to-local sharing, but DHS really ought to be in on it as well. Cross-jurisdictional sharing should move up the chain as well as down. Still, I thought the LAPD chief said it best:
"Homeland security is really hometown security," Los Angeles police chief William Bratton said during an interview Friday.
I wonder if I can get credit for that ... ?

Update 2008-04-18: Establishing a system for Suspicious Activity Reporting is part of the National Strategy for Information Sharing, which charges fusion centers to:
Ensure that all locally generated terrorism-related information, including suspicious activity and incident reports, is communicated to the Federal Government and other States, localities, and regions, through the appropriate mechanism and systems. Locally generated information that does not appear to be threat or incident related will be gathered, processed, analyzed, and interpreted by the same State and major urban area fusion centers in coordination with locally-based Federal officials. The same information will be disseminated to the national level via appropriate Federal agencies.



Monday, April 14, 2008

Anti-Crime? Counter-Terrorism? Both?

One of the risks of talking about fighting terrorism - especially in the public and political spheres - is the temptation to link everything to terrorism. Terrorism is recognized almost universally as an evil, so you can always pick up political and PR points by tying whatever you're doing to "counter-terrorism."

For instance, over the weekend, the Shelby County (TN) Sheriff's Office coordinated a regional "counter-terrorism" initiative called Operation Sudden Impact. From the advance press release:

In an unprecedented event among law enforcement agencies in Tennessee, Mississippi and Arkansas, Deputies with the Shelby County Sheriff’s Office will coordinate a regional crime suppression initiative this weekend that will involve Officers from more than 50 federal, state and local agencies.

"This is the first time a regional effort of this magnitude has ever been conducted. We are proud to be the coordinating agency for ‘Operation Sudden Impact.’ We’ll use this weekend’s initiative as a starting point to begin a routine of sharing crime information among the various agencies," said Shelby County Sheriff Mark H. Luttrell, Jr.

During “Operation Sudden Impact,” the police agencies from six counties in the tri-state area will simultaneously round up fugitives, conduct traffic safety checkpoints and be involved in other crime abatement programs ...
I like the regional, cooperative approach. I like the teamwork. I like the information-sharing. But ... rounding up fugitives? Traffic checkpoints? Is it accurate to call this a counter-terrorism initiative? Media outlets around the region certainly did. But the links seem somewhat tenuous:
The names of those who are arrested, issued traffic citations or noted in other criminal activity will then be reviewed by Intelligence Officers at the Shelby County Sheriff’s Office Homeland Security Operations Center. The crime information will then be forwarded to the State of Tennessee Homeland Security Center in Nashville to see if they might have possible ties to terrorist activity.
The main effort does seem to be an anti-crime effort; and since terrorists are known to commit "precursor crimes" I suppose it's possible to call anything counter-terrorism. But I'm not sure that helps.

For example, does law enforcement expect the public to accept this as counter-terrorism?
Sheriff's Department Patrolman Jason Case Kopacko pulled over a driver for improperly displaying a temporary tag. A closer look revealed the driver had no insurance and no license.

Most criminals caught by the sweep did not have terrorist ties, but law enforcers said you can't be too careful.
Or how about this?
Many agencies put an emphasis on traffic stops. A little after 8 p.m. Saturday in Hickory Hill, Sgt. Chris Harris of the Shelby County Sheriff's Office street crimes unit stopped a white SUV that was booming with music. The driver was driving on a suspended license -- he received a citation -- and there was marijuana residue in the car, but "not enough to weigh out," Harris said.
I suppose it's possible that these drivers could have been linked to terrorism. The Shelby County Sheriff certainly tried to make that case:
Still, every traffic stop holds the potential of netting much more than expected.

"Timothy McVeigh, who bombed the federal building in Oklahoma, was stopped because of a busted tail light," said Shelby County Sheriff Mark Luttrell.
Now, when you arrest someone or hand out a citation, it only makes sense to check their name against the state's terrorism database. This ought to be SOP. But this is serious needle-in-the-haystack time. It strains credibility to suggest that traffic checkpoints, targeting random drivers, are a serious counter-terrorism effort. (Worth reading again: This post from HLS Watch.)

However, having said all that, I do like one element of the program as a counter-terrorism initiative:
During the past few months, Deputies with the Shelby County Sheriff’s Office Homeland Security Bureau have made on-site inspections at various businesses throughout Shelby County to identify ways terrorists might damage the businesses.

About 500 Officers from the various law enforcement agencies also received specialized training about tactics used by terrorists.

Community education sessions were also conducted recently for the public in Shelby, Tipton and Fayette Counties in Tennessee and in Desoto County, Mississippi. The two-hour sessions helped the students learn to spot possible terrorist activity in their neighborhoods.
Unlike the traffic checkpoints, etc., which seem to have a slim link to counter-terrorism, these certainly can. Forewarned is forearmed. But even then, you have to be sure you're providing useful information, instead of adopting a general "see something, say something" model. If citizens don't have a good idea of what to look for, some of them may not trust their own judgment and won't supply any information. Conversely, others will supply useless leads. (
Worth reading again: This post by Bruce Schneier.)

It seems like the agencies did a little of both - supplied some useful information and also asked residents to go fishing for "anything suspicious":
Lt. Perry McEwen with the Shelby County Sheriff's Office said, "Operation Sudden Impact" also is about involving the private sector and citizens in terrorism prevention. It's about people paying attention when something "just doesn't look right" and reporting it to authorities.

Possible indicators of terrorism that FBI intelligence analyst Sarah Pillsbury said citizens should be aware of include: Surveillance of buildings or places; suspicious questioning about employees or security; tests of security; purchases in bulk of items such as fertilizer; suspicious people; "dry runs" such as timing of traffic lights or map making; and the deploying of assets.
I do think businesses and citizens can be helpful partners, and I'd emphasize that their primary utility may be in preventing crime rather than terrorism. The odds of spotting a criminal are much higher than the odds of spotting a terrorist. And by creating an environment that's adverse to criminals, you also help to make it adverse to terrorists as well. (See last week's post about crime prevention in L.A.'s marinas.)

Or perhaps a better way to think about it is: "prevention is prevention." Preventing a crime is just as useful as preventing a potential terrorist incident, and the same process is useful for both.

Anti-crime and counter-terrorism, on the local level, are part and parcel of the same effort. A critical question: Will the law enforcement agencies follow up with the businesses and community groups, or will this be just a one-off effort? These relationships won't open up as trusted channels of information unless the relationships are built over time.

Update 2008-04-15: No word yet on the final tally of terrorism suspects:
The Sheriff’s Department says that altogether 332 people were arrested, 142 of whom are considered fugitives. No word on how many of those arrested may actually have ties to terrorism.



Flood Data Online

Useful: USGS' WaterWatch, providing real-time flood data for 7400 rivers and streams.

Click your state for information on rivers and streams in your area.


Friday, April 11, 2008

A New Direction for FEMA?

Not sure what to think about this:

Federal emergency management grants will require state and local agencies to spend more money on planning, and less on acquiring resources and attending exercises, said FEMA's preparedness coordinator for the Pacific Northwest.

The agency believes states and localities have reached a point of exercise overload, according to Patrick Massey, division director and federal preparedness coordinator for FEMA's Region 10, which covers Alaska, Idaho, Oregon and Washington. Therefore, more emphasis will be placed on emergency response planning and citizen preparation when FEMA dishes out funds.
Depending on what they mean by "planning," this could be a good thing or a bad thing. If it means, for instance, working closely with the private sector, then I think it's good (because there's not enough of that). But if it means developing planning documents for a comprehensive set of potential disaster scenarios, then I'm not so excited.

One thing: Don't give up on exercises. They're part of the planning process.

But the following seems frankly bizarre:
Massey also warned against focusing homeland security efforts only on external threats. Pointing to the fall of the Roman Empire, he said societies ignore internal risks at their own peril. Indeed, the message that homeland security encompasses internal threats too -- such as the national debt, the trade deficit, unfunded pensions and global warming -- was a popular one at the conference.
These are certainly significant issues for the nation, but this sounds like mission creep to me. Are we suggesting that DHS should be involved in heading off, say, another Great Depression? How in the world would that work?

Or how would DHS or FEMA get involved in global warming in a substantive way that the Department of Energy or the EPA wouldn't be?



Thursday, April 10, 2008

Review: The Edge of Disaster

I've decided to incorporate a new element of the blog: reviews of books on homeland security topics. I've done this on a couple of occasions before, but I'm going to try to do a more systematic job of it.

I'll start with a book that's about a year old, Stephen Flynn's The Edge of Disaster: Rebuilding a Resilient Nation (2007). I consider Flynn to be one of the stronger voices in the homeland security field. His general argument, which he has made many times, is that the U.S. can do a much better job of preparing itself for the threats it faces. Flynn favors a kind of aggressive defense, a concept which has always resonated with me.

I've always thought of homeland security first and foremost as a local issue. Nobody knows our own neighborhood better than us. The first and most basic way of keeping ourselves secure is to take care of our neighborhood.

In The Edge of Disaster, Flynn extends the argument he made in his 2005 book, America the Vulnerable. In the new book, he writes:

Despite all the rhetoric since September 11, 2001, and some new federal spending on homeland security, America remains dangerously unprepared to prevent and respond to acts of catastrophic terrorism on U.S. soil. ... Managing the risk associated with predictable large-scale natural and man-made disasters remains far from the top of our national priorities.
The difference between the two books? The devastation of Katrina and the increasing recognition of our vulnerability to pandemic flu forced Flynn to re-calculate the risk-management equation, with an increased emphasis on natural disasters. As such he adds an all-hazards focus to his argument, focusing not only on reducing our vulnerability to terrorism, but on boosting our resiliency to all types of adverse events:
America needs to make building national resiliency from within as important a public policy imperative as confronting dangers from without.
With a stated aim of creating "a more resilient nation," Flynn uses the first half of the book to outline some of the threats we face, and the second half to describe some possible remedies.

In describing potential threats, Flynn tends to gravitate toward worst-case scenarios, imagining, for instance, that a suicide truck bomber will be successful in puncturing pipelines at an oil refinery, setting loose a plume of deadly anhydrous hydrogen fluoride. While it's a plausible terrorist scenario, it relies on the terrorists getting everything just right and getting lucky besides.

While I don't advocate overstating or understating the terrorist threat, I do agree with Flynn that it's not possible to truly address the risk in the absence of greater candor with the public:
The only way to muster the political will to reduce our exposure to malicious acts is to acknowledge our weaknesses and to openly discuss the options for addressing them.
Still, I get stuck on the questions involved with the terrorist scenarios Flynn describes. For instance, would a terrorist team be able to puncture the hull of an LNG tanker and ignite the gas? It's never been attempted before - would they risk failure in trying this attack, or would they choose an attack that's more certain?

That's why I find Flynn more compelling when he writes about our vulnerability to potential natural disasters - for instance, the risk that an earthquake could shake loose the earth dams that hold back the water in the Sacramento-San Joaquin River Delta, throwing California's agricultural economy and water system into turmoil. Or the ongoing risk that a major hurricane will wipe out massive swaths of expensive new housing developments along our Atlantic and Gulf shores.

These risks are much more knowable, and I agree with Flynn entirely when he writes:
Natural disasters will happen, and not all terrorist attacks can be prevented. However, what is preventable is the cascading effects that flow from these disasters and attacks.
Flynn's concept of resiliency is built on this idea - that you configure your society and your infrastructure in such a way as to reduce the risk of a catastrophic incident; and when a catastrophic incident inevitably occurs, you prepare the systems to recover from it.

Flynn then levels a blistering attack against our current preparedness regime, arguing that the political will to prepare is lacking - and in some cases, we are pursuing policies that make us much more vulnerable to catastrophe than we ought to be:
This lethal combination of natural and man-made factors suggests that the gravest source of danger for Americans derives not from acts of God or acts of terror; it is largely our own negligence that has placed us on the edge of disaster.
"Our own negligence" includes such short-sighted moves as developing extensively in hurricane- or flood-prone areas and in adopting a "just-in-time" economic model in businesses that require surge capacity, such as hospitals. Flynn points out that:
[T]he entire inventory of staffed hospital beds within the United States is 970,000.

In 2005, half of the nation's 4,000 emergency departments were routinely operating at or over capacity.

In the 1990s, 198,000 hospital beds were eliminated to reduce overhead costs.
Is it possible to imagine that this system will be prepared to respond to the inevitable flu pandemic, when it finally comes?

But ... business is business. And you can't blame businesspeople for making decisions that either boost their profits or keep them economically viable in a competitive market. And you can't fault them for not adopting security measures when the market doesn't reward this behavior. Flynn sees danger in a persistent drought of public-private sector engagement on emergency preparedness and response:
More worrisome [than inter-governmental collaboration] is how much room there is for improvement when it comes to the public sector working with companies and business leaders to deal with a statewide or regional emergency.
Flynn argues that, although private sector involvement is vital, we cannot expect the private sector to act on its own. Without a mandate or a compelling business case (and, preferably, a combination of the two), businesses will be reluctant to act. Sharing information is critical toward compelling the private sector to act:
[T]here are other understandable reasons why the private sector resists making security investments when the government is out of the picture. One significant barrier is the difficulty of obtaining information about the threats they are trying to secure themselves from. Government agencies collect this kind of information, but they don't like to share it. This leaves CEOs in a tough spot. Without a clear sense of both the probability and character of potential threats, making practical decisions about investing in countermeasures becomes little better than guesswork.
There is a lot of room for improvement in terms of sharing information with the private sector, which controls most of our critical infrastructure:
The consensus among corporate security officers I have met with since 9/11 is that information sharing with federal law enforcement is too often a one-way street: the companies provide specific information when asked but receive little information of value in return.
The solution, as Flynn sees it, is to apply a risk-management methodology to our preparedness. I have to say I agree:
[O]ur ability to overreact can produce more harm to our way of life and quality of life than terrorists are able to inflict. ... What we can aspire to do is to keep [the risk of terrorism] within reasonable bounds by preventing it when we can and minimizing the risk that terrorist acts will have cascading consequences when we can't.
To that end, Flynn argues for a re-ordering of priorities:
Our top national priority must be to ensure that our society and our infrastructure are resilient enough not to break under the strain of natural disasters or terrorist attacks.
Flynn provides a prescription for action, a wide-ranging set of proposals that ranges from the smallest scale (e.g., encouraging personal preparedness for every family) to the largest (e.g., an increase and reallocation of federal expenditures, including reducing funding for and dependence on the Department of Defense as the primary defender of national security, the establishment of new federal entities whose focus would be on building national resiliency, and wide-ranging incentives and partnerships to encourage and/or require private sector preparedness, especially in critical infrastructure sectors).

While there can be disagreements about Flynn's specific policy proposals, I agree strongly with his basic premise. Our government and economic systems too often reward short-sighted behavior and fail to reward long-term preparedness. As a result, we leave ourselves at greater risk than necessary.

It's not possible to prevent a Katrina, and it's not possible to prevent all potential terrorist attacks, but we can certainly do more to prepare for disasters that may occur and to limit their effects.

What's required is the will to discuss and recognize the problem and the commitment to solve it.



Outcome of Cyber Storm II: I Hope This Is Not News

It's a good thing to hear DHS folks say this, but I certainly hope they're not realizing it for the first time:

Forming relationships ahead of time is key to cooperation during a cyber attack, said Greg Garcia, assistant secretary for cyber security and communications at the Department of Homeland Security, during a town hall meeting at the RSA Security Conference on Cyber Storm II. Cyber Storm II was a huge exercise in protecting the nation's IT infrastructure held last month.

The relationships built up over the 18 months of planning for Cyber Storm II "will last well beyond the one week of the exercise" and will result in better responses and improve our defense capabilities, he added.

The cooperation of industry was, and will be, "critical" when we are under cyber attack, Garcia said.

Another lesson the DHS learned was that social networking is essential well before any threat occurs.
Yes, yes, and yes.

Not just for a cyber attack, though. For any type of disaster - accidental, natural, or intentional.

Protection and restoration of critical resources is not a matter of "your business" plus "my business." It's our business.


Wednesday, April 09, 2008

Watching the Water

Just a short note on this system the EPA developed to detect contaminants in municipal water supplies.

The system determines the best places to put sensors and then provides real-time data on potential contamination events:

TEVA sensor placement optimization tool (SPOT) enables water utilities to determine and evaluate sensor placement. TEVA-SPOT requires specific information from the utility and allows users to select design objectives and compare and contrast the benefits of different sensor placement.

The TEVA research program has developed CANARY, an event detection tool, that reads data from water quality sensors in real time and predicts whether the recorded water quality changes are actual contamination events.
I'm sometimes critical of protective interventions, because they can tend to be passive and offer a false sense of security. But assuming this system works as advertised, this is the sort of protective intervention that can yield real results, for a number of reasons.

First, it's capable of detecting both accidental and intentional contamination. This makes it a desirable protective element for any water-supply system, regardless of whether there is a legitimate threat of intentional contamination. Next, it detects things that behave in consistent, predictable ways. If there's a contaminant in the water, you can recognize it and act. You don't have to be concerned with shifting the danger to another place, as you do when your protective intervention is designed to alter the behavior of unpredictable, inconsistent agents (i.e., humans). Third, because this detection system is protective of the entire water system, it provides a real deterrent to any potential malicious actor. A comprehensive protection regime such as this can greatly reduces the chances that someone will use the water system as an avenue of attack.

On the municipal level, the other critical element in the system is communications with the public in the event of a contamination incident. Then you've got a solid protective regime.


Charlie Allen Sells the National Fusion Center Network

In a speech yesterday before the annual conference of the International Association of Law Enforcement Intelligence Analysts (IALEIA) and Law Enforcement Intelligence Unit (LEIU), DHS Under Secretary for Intelligence and Analysis (I&A) Charlie Allen once again took up the task of explaining how federal, state, and local agencies will share information.

Allen has been in the news recently, taking some heat from key members of Congress who charge his unit with dragging its feet on the effort to share information (also see these posts).

But in prepared speeches, of course, everything is always sweetness and light. Let's see if we can read between the lines.

Perhaps the most significant focus of Allen's speech is his commitment to creating a National Fusion Center Network, which was called or in the National Strategy for Information Sharing (my post here). On previous occasions I've questioned whether fusion centers would essentially become funnels for federal agencies to move information down to the state and local levels. State officials have questioned the federal government's commitment to the fusion centers, revealing an anxiety that the centers could become an unfunded mandate.

But on these questions, Allen says the right things in his speech, committing to the fusion center concept as well as two-way sharing through the National Fusion Center Network:

Fully incorporating the analytic function into the law enforcement (sic) is essential to a true implementation of intelligence-led policing, a concept which is being adopted far and wide.

My goal is to support the implementation of a National Fusion Center Network working with our colleagues in the FBI, DOJ, DNI and the PM-ISE.

Working together – leveraging Federal as well as State and Local networks; moving relevant information and intelligence quickly; enabling rapid analytic and operational judgments – that is what this National Fusion Center Network is all about.

In addition, information once only available in cities and states can be used to protect the nation as a whole.
Funding isn't discussed directly, and frankly, Allen doesn't have full control over whether funds are allocated to fusion centers.

But in Allen's comments about two-way sharing, there was one comment I found odd:
[I]nformation which may fit into the bigger picture of national security, but means nothing to the local police officer or analyst who comes across it, now has an avenue to get where it can become part of the national, or even international, intelligence picture.
So the information gathered by state and local law enforcement "means nothing" to the officers and analysts there (and presumably at the fusion center). If so, then how or why would this information move from local and/or state to the national level? If the local/state analyst can't recognize its importance, why would they pass it on? You can't share everything, and even if you could, you couldn't sift it effectively.

To me this gets to a fundamental objective of information sharing - to provide everyone, at all levels, an improved understanding of the context in which potential threats may appear. The goal is to reduce the "unknown unknowns," so that even if a given analyst doesn't have full information on a given threat, he or she can at least recognize it as a "known unknown" - i.e., something that has significance, even if complete information is either unavailable anywhere or unavailable to him/her.

I don't know why Allen would imply that there could be situations in which state and local analysts or officers are in the dark, when it's the point of information sharing to provide light.



Tuesday, April 08, 2008

The Utility of Security Cameras

To camera or not to camera?

Cities everywhere have addressed this question, with varying answers. London has opted for near-saturation coverage. New York has broad coverage in certain parts of the city. But in other cities, such as San Francisco, the question has been contentious.

The San Francisco Chronicle recently reported on the efficacy of that city's 68 cameras. Researchers discovered little deterrent effect:

San Francisco's 68 controversial anti-crime cameras haven't deterred criminals from committing assaults, sex offenses or robberies - and they've only moved homicides down the block, according to a new report from UC Berkeley.

They looked at seven types of crime: larcenies, burglaries, motor vehicle theft, assault, robbery, homicide and forcible sex offenses.

The only positive deterrent effect was the [22 percent] reduction of larcenies within 100 feet of the cameras. No other crimes were affected - except for homicides, which had an interesting pattern.

Murders went down within 250 feet of the cameras, but the reduction was completely offset by an increase 250 to 500 feet away, suggesting people moved down the block before killing each other.

The cameras have contributed to only one arrest nearly two years ago...
As a result, some in law enforcement argue that the cameras are a waste of resources:
"In their current configuration they are not useful, and they give people a false sense of security, which I think is bad," said Police Commissioner Joe Alioto-Veronese. He added that previous studies of security cameras in other parts of the country have also shown that they do not deter violent crime.
But others argue that the system needs to be upgraded, not scrapped:
Kevin Ryan, director of the Mayor's Office of Criminal Justice, is pushing for the cameras to be monitored in real-time like they are in Chicago and other cities. Those police departments are often able to catch crimes in progress and immediately respond.
The value of security cameras, as I see it, is not as a preventive tool, although I think Ryan is right that a system like Chicago's, which is networked into a fusion center, is certainly more capable of preventing crime.

For most systems, the primary value of a security cameras is in supplying evidence. Also, after a major crime or terrorist incident - such as the 2005 London transit bombings - camera images can have a calming effect on the population, who can see and recognize the criminals/terrorists and feel assured that they have been positively identified and are no longer a threat.

It's reasonable to debate whether a network of cameras provides enough benefit to justify the cost, but we should be clear about what those benefits are.

(h/t to Bruce Schneier)

Update 2008-04-10: Washington DC is also in the midst of a controversy, regarding its plan to consolidate monitoring of its security cameras and to move to live-monitoring.



Monday, April 07, 2008

All Prevention is Local ... and Small

So much of the time, prevention is mundane, ordinary stuff on the local - and even personal - level. Secure your belongings. Be aware of your surroundings. Pay attention to people acting strangely.

But when people collaborate on these sorts of efforts, the benefits multiply:

[O]ver the past few years, the Wilmington Boat Owners Association (WBOA) has successfully launched a formalized Marina Watch program at seven of the 14 marinas at the Port of Los Angeles.

Each month, a Port Police community officer attends the association’s monthly meeting, where boaters can discuss issues or concerns at local marinas.

It takes local knowledge to police a port,” explained Sgt. Kevin McCloskey of the Los Angeles Port Police. “There are a lot of intricacies and unique things about a port region — particularly one with blended uses.”

If one marina reports a theft or suspicious persons or activities in or around the marina, officers will walk the docks at night to help resolve the situation, explained Donna Ethington, president of the WBOA.

The boating community has a much better relationship with the Port Police than in the past,” she explained. “They’re out in our community, they understand the issues and they can go straight to the decision makers and resolve them. It’s a great partnership.”

While drug deals, auto thefts, boat break-ins, stolen dinghies and outboard engines, and dock box theft were once regular occurrences in Port of Los Angeles-area marinas, there is now a near zero incident rate, Ethington said.
Note how the flow of information is two-way. Police share information with marina tenants and vice versa:
To alert marina tenants to unusual occurrences, Port Police community relations officers send e-mails to WBOA members and other local boat owners. “Being (that each marina is) a tight-knit community, it is important for our officers to know the people in various locations in the port, and have this free flow of communication,” explained Capt. Ralph Tracy of the Port Police. “If anything appears to be usual or out of place, they don’t hesitate to pick up the phone and give us a call.”
And once the lines of communications are established, it's relatively easy to add dimensions to the relationship. For example, some marinas are adopting an all-hazards approach to preparedness:
At Ventura West Marina, dock captains have been established, training sessions have been held and many boaters are signed up for May CERT training. Each dock captain serves as a point of contact, distributes emergency preparedness information and assesses capabilities among tenants.

We are realizing that in cases of a large emergency, such as a tsunami or fire, most of our emergency response teams are probably not going to respond to us right away -- so, we have to be capable of surviving on our own for a while,” said Chuck Ormson of Ventura West Marina.
It may seem quaint or old-fashioned to suggest that small, local efforts such as this can make a real difference to homeland security. After all, marina tenants are much more likely to spot vandals than terrorists.

But if you were a criminal or aspiring terrorist, which would present a more challenging target: a port with an active network of concerned marina tenants is going to be a harder target than a port without such a network? Where would you try to pull something?

That's the key distinction. An observant local citizenry with trusting connections to law enforcement is a great prevention tool. In fact, one danger for such a program might be that it can work too well:
Nicole Avalos, a Neighborhood Watch coordinator for the Port of Long Beach, is currently trying to re-establish a Marina Watch program that was discontinued five years ago. “It just came to an end,” she said.

Once the incidents that many residents had complained about were resolved, locals became less involved in the program, she said. “We want to change that and be more proactive, and keep people involved long-term,” she said.



Friday, April 04, 2008

The New Intelligence Community Information-Sharing Strategy

The spies have spoken. The Office of the Director of National Intelligence (ODNI) has published a new Intelligence Community Information Sharing Strategy.

Overall my impression is that the ideas are all in line - everyone is saying the right things - but the road map is rather nebulous. And time consuming. While the introduction sensibly argues that 9/11 imbued a sense of urgency into the effort to improve intelligence-sharing:

The need to share information became an imperative to protect our Nation in the aftermath of the 9/11 attacks on our homeland.
The implementation roadmap is described as:
...a long-term plan with a five year time horizon that will guide and synchronize implementation efforts.
So the argument is, in 2001 we received a shock that made it imperative to improve our intelligence-sharing. Six and a half years later, we are implementing a strategy to achieve this, and we will complete it in five years. That's almost 12 years after 9/11.

I recognize the complexity of the task - but it does seem that a long timeline is a primary feature of every effort to improve information-sharing. (Other examples: ITACG, ISE, HSIN). Call me impatient, I suppose.

Let's look at the strategy more closely. The introductory sections that explain the justification for the strategy are rather long on platitudes, but I thought this nugget was worth repeating:
A central principle is the recognition that information sharing is a behavior and not a technology. In the Intelligence Community, information sharing behavior is the act of exchanging intelligence information between collectors, analysts, and end users in order to improve national and homeland security. Information providers must make information accessible, available, and discoverable at the earliest point possible.
All too often we hear from officials at all levels that their information-sharing will improve because they've set up a new system. But the critical element in any system is people. People have to make it work.

Again, the intelligence community has good intentions. They're pledging to do all the right things:
Intelligence Community participants shall have access to all appropriate information that they are authorized to see—no matter where it is in the intelligence information life cycle—as well as the tools that they need to make use of the information.

Since the National Security Act was signed in 1947, the U.S. Intelligence Community has worked under a “need-to-know” mindset where protection of sources and methods was foremost. ... This new environment requires the Intelligence Community to move to a “responsibility to provide” culture to ensure all members of the Community can retrieve the information they need and effectively support intelligence customers. The “responsibility to provide” culture is predicated on managing risks associated with mission effectiveness and unauthorized disclosure of sensitive information.
None of this is new, of course. The 9/11 Commission Report argued for this change of focus in almost the same terms (see section 13.3 - "Unity of Effort in Sharing Information").

The document identifies five "strategic keystones" that are necessary to create the infrastructure for information-sharing.
Keystone #1: Intelligence Information Retrieval and Dissemination Moves Toward Maximizing Availability. Our strategy must support retrieval and dissemination from the point of initial collection through the resulting product. Maximizing access and dissemination must occur using a managed risk approach...

Keystone #2: All Intelligence is Discoverable, and All Intelligence is Accessible by Mission. The Intelligence Community collects information that is difficult to discover or access outside of collection stovepipes. Analysts “don’t know what they don’t know.” ... We need to move to a collaborative information environment, where all information is discoverable ... The key concept is that regardless of classification or compartment, intelligence analysts and collectors can be aware of the existence of all intelligence information.

Keystone #3: Sharing Requires Greater Trust and Understanding of Mission Imperatives. The key concepts are the need for consistent certification and accreditation practices, uniform information security standards, and uniformity across the Intelligence Community for accessing data to enable information sharing.

Keystone #4: Developing a Culture that Rewards Information Sharing is Central to Changing Behaviors. If Intelligence Community personnel perceive that their professional success is based in part on how well they share information, sharing will improve.

Keystone #5: Creating a Single Information Environment (SIE) Will Enable Improved
Information Sharing. The SIE will improve how the Intelligence Community manages transactions, information, and knowledge and will open the door for new collaboration opportunities and improved analytic practices.
If I were to put a gold star next to any of the above keystones, it would be #4. Participants in a system will not change their behavior unless the system rewards those who behave in the new, desired way.

The intelligence community does plan to integrate with other information-sharing efforts, but how they'll do so remains unclear - perhaps because so many of the other information-sharing plans and systems are still in the formative stage.
Through the Intelligence Community Information Sharing Steering Committee, the ODNI will integrate with these and other information sharing initiatives by leveraging the Information Sharing Environment to take into consideration efforts such as the DOJ Law Enforcement Information Sharing Program (LEISP) and the DHS Information Sharing Strategy, to ensure alignment to the overarching community-wide goals and objectives for information sharing.
They've got plans for the first 500 days, which are to:
  • Update Policy Documents Clarifying and Aligning Intelligence Community Authorities
  • Collaborate to Protect Privacy and Civil Liberties
  • Harmonize Intelligence Community Policy on “US Person” Information
  • Create a Single Information Environment
  • Implement Attribute-Based Access and Discovery
  • Establish a Single Community Classification Guide
  • Improve the Information Technology Certification & Accreditation Process
  • Create Collaborative Environment for All Analysts
  • Provide Collaborative Information Technology to Federal Executive Department Agencies and Organizations
Some of those are pretty vague (e.g., "Collaborate to Protect Privacy and Civil Liberties," "Create Collaborative Environment for All Analysts"). Some of them are fraught with organizational and technological peril (e.g., "Establish a Single Community Classification Guide," "Provide Collaborative Information Technology to Federal Executive Department Agencies and Organizations")

How they'll go about accomplishing this remains unstated - probably in the absence of an implementation plan. And what happens beyond the first 500 days, the strategy doesn't specify. Maybe we'll find out as we go...






Thursday, April 03, 2008

DHS Inspector General on FEMA's Progress: Meh

The text of the new DHS Inspector General's report on FEMA is not publicly available, but GovExec provides a brief summary:

FEMA has made moderate to modest progress in eight of nine of the most important preparedness areas, according to the report...

FEMA has made moderate progress in five areas: overall planning, coordination and support, interoperable communications, logistics and acquisition management.

The agency has made modest progress in three areas: handling evacuations, providing housing for displaced persons, and building a workforce to deal with disasters.

But overall, none of the nine major areas was given the highest rating of making substantial progress.

FEMA has the most need -- rated as making only limited progress -- in clearly defining mission assignments, the report concludes.

In a written response to the report, FEMA Director R. David Paulison said the inspector general did not accurately reflect much of the work his agency has done over the last two years or how some responsibilities fall to other components of the department.
Without details, it's hard to know how accurate this survey is. But duly noted...

Update 2008-04-07: HLS Watch has posted a copy of the report.



DHS Dirty Bomb Cleanup Guidelines: Is Flexibility Desirable?

DHS has published guidelines for cleaning up radiation following a dirty bomb attack, but not without criticism:

The guidelines issued Tuesday by the Homeland Security Department would allow cleanup standards that in some cases would be far less stringent than what is required for Superfund sites, commercial nuclear power plants and nuclear waste dumps.

The guidelines, which have been several years in the making, are designed to help local, state and federal officials plan how they would deal with a terrorist attack where radioactivity was released.


Long-term radiation exposure using some of the cleanup standards in the guidelines could be as high as 10,000 millirems a year, equal to more than 1,600 chest X-rays or 30 times the average background radiation from natural sources.

By comparison, the Nuclear Regulatory Commission limits public exposure from the facilities it licenses to no more than 100 millirems a year. The radiation exposure limit proposed for the future Yucca Mountain nuclear waste site is 15 millirems per year.
The thing about a dirty bomb is, it's not really a weapon of mass destruction. It's a weapon of mass disruption, designed to scare people away from areas where excessive radiation may be present, resulting in potentially significant economic damage.

Given that this is the risk - that citizens will be excessively anxious about returning to areas where radiation may or may not be dangerous - it would seem that Job #1 of the cleanup effort should be reassuring people that any areas opened up will be safe.

As a state or local official, your first priority must be restoring confidence.

But DHS has specifically avoided publishing a clear guideline:
Donald Tighe, a spokesman for the White House Office of Science and Technology, said the guidelines specifically avoided setting a numerical cleanup standard because there is such a wide range of potential cleanup scenarios.

In the long term a community would "have to evaluate not only public health, but the health of the community as well," said Tighe. "This is the feedback we've gotten from state and local officials. (They want) a flexible approach."

So the guidelines direct local, state and federal officials to various benchmarks used by other agencies as well as international organizations.
Let's imagine this realistic scenario:

A terrorist group, already skilled in bomb-making, acquires three radioactive sources, out of the tens of thousands which may be potentially usable for such an attack. One day, the group simultaneously explode three dirty bombs in Philadelphia, Chicago, and Houston.

After an initial period of high anxiety, local leaders in the three cities use three different sets of guidelines to determine what level of radiation will be considered safe so that people can return to their homes and businesses. Philadelphia sets the highest standard; Chicago a slightly lower standard, and Houston the lowest.

Would this really be a politically viable position for local officials in Chicago or Houston to take? Or would the citizens in Chicago and Houston insist that their cities adopt a standard that is at least as strict as Philadelphia's?

And what if Philly's standard isn't even as strict as the NRC's guideline? Are we really suggesting that the leaders in Philadelphia wouldn't get flayed in the media for adopting a guideline that's not the strictest possible?

The response to such questions might be: With the right information, local leaders can accurately determine what level is safe.

But that's not the issue. It's not about what level is safe It's about what level will inspire confidence. Because that's what a dirty bomb is designed to do - destroy confidence.

Update 2008-04-03: Sometimes as a blogger you get egg on your face.

A tip-o-the-cap to Arnold, who notes in the comments that the SF Chronicle article I quoted is not current. The guidelines are in the news, but the current story is that they are nearing completion. However, questions remain, per Global Security Newswire:
Proposed U.S. guidelines for responding to “dirty bomb” attacks are approaching final approval, but concerns persist that the federal rules could permit radioactivity levels outside U.S. environmental standards, Defense Environment Alert reported yesterday.
We'll have to see what the final guidelines say.