Friday, June 27, 2008


Forgive me, it's Friday and I couldn't resist posting this:

Delivery boys across America, beware: Zach Phillips was arrested by Homeland Security Thursday afternoon in Kansas City—for delivering a pizza. Phillips parked his car in front of the KCMO Federal Courthouse to deliver lunch to a few judges and on his way out, he was approached by several Homeland Security officers. When questioned, Phillips forked over his I.D. to the inquisitive officers. According to Phillips, the officers then shoved him up against their S.U.V., cuffed him, and escorted him down the block to the county jail. His crime? An outstanding warrant for a minor, non-moving traffic violation. "They were real rough with me, throwing me up against their car," Phillips told CMJ.

"[Kansas City police officers] couldn't believe [Homeland Security] arrested me," Phillips said. "[KCPD] actually apologized to me. They were like 'We like you! Don't spit in our pizza!'" Phillips had a hard time believing it himself. "I was like, shouldn't you be looking for Osama Bin Laden?" said Phillips.
Hmm ... sounds like there are a couple of disconnects here: One between DHS and KCPD, and the other between DHS and its priorities.

Thursday, June 26, 2008

A Useful Terrorist Profile

There still isn't one.

A new joint security alert from the Department of Homeland Security and the FBI warns that terrorists are increasingly turning to women and teenagers to carry out suicide bombings.

The bulletin, obtained by CBS News, says “Female suicide bombers conducted more than twice as many attacks in Iraq in the first six months of 2008 than in all of 2007”.

US intelligence analysts also say Islamic radicals are enlisting greater numbers of teenagers for their deadliest missions.
It's not who they are; it's what they do.

Wednesday, June 25, 2008

DHS Targets Chemical Facilities

DHS has set its sights on U.S. businesses that manufacture, process, and store large amounts of chemicals, pointing out that such operations could be targets for terrorists (not to mention accidents):

The federal government will tell 7,000 businesses next week that they are considered high risk-terrorist targets because they house large amounts of chemicals.

The sites — which range from major chemical plants to universities, food processing centers and hospitals — will need to complete a vulnerability assessment so the government can decide how to regulate their security measures in the future.

U.S. intelligence officials say terrorist organizations, including al-Qaida, favor chemical attack methods because of the severe consequences they can inflict.

"This is never going to be an impregnable target set, but I want to introduce enough complexity into the mix that al-Qaida's going to go somewhere else," said Bob Stephan, assistant secretary of infrastructure protection at the Homeland Security Department.

As the department considers these 7,000 sites, it also will look at physical security; cyber security; insider threat potential; how hazardous a chemical release could be to the nearby communities; how dangerous the chemicals are if they are mixed with water; and whether the chemicals could be easily stolen from the sites and used to kill.
Sounds like purely protective intervention - harden the most potentially dangerous sites, thereby force the potential adversary to seek a softer target.

I like the move, because I've never been convinced that chemical facilities have been secured in proportion to the potential threat. The same goes for chemicals in transport via train and truck.

At the same time, it's important to contextualize this sort of action. No one should heave a sigh of relief, thinking that the possibility of a terrorist attack involving chemicals has just become vanishingly small. It remains necessary to fight terrorism at the source by complicating the efforts of potential terrorists to recruit, train, raise funds, organize into operational cells, and plan attacks. That sort of activity will do more to prevent a terrorist attack - via any attack mode - than any protection regime.

One point of fact in correction of the above: Historically, terrorist organizations have not favored chemical attacks. The overwhelming choice of attack is with conventional explosives. For a while in early 2007, al Qaeda in Iraq experimented with combining conventional explosives and chemicals (usually chlorine but also nitric acid in at least one instance), but that attack mode didn't seem to be much more deadly than the conventional explosives alone.

Friday, June 20, 2008

Disaster Preparedness: Status Update

Shameless linking:

HSToday does a good job summarizing a number of recent reviews of the federal disaster preparedness system.

Shameless quoting of a few key points:

DHS “needs to better integrate stakeholders in its revision of key policy documents, particularly the National Response Framework,” stated William O. Jenkins, Jr., director of GAO homeland security and justice issues.

[In] the National Pandemic Strategy and Implementation Plan, [GAO] found that there are numerous shared leadership roles and responsibilities, leaving uncertainty about how the federal government would lead preparations for and response to a pandemic.

[G]iven what a good many authorities – including federal preparedness insiders – have told about preparedness problems throughout the federal government (see’s reporting on emergency medical care, pandemic planning, and FEMA disaster preparedness), the ability of the federal government to adequately respond to a major and catastrophic disaster or crisis clearly is in doubt - despite the fact that the government's readiness today is clearly far, far better than it was just a few years ago.

"There is a real concern among the state homeland security directors around the country that there are people in the federal government who want to put the interests of the accountants ahead of the interests of our citizens. That would be a grave mistake," the subcommittee was told by Alabama Department of Homeland Security Director, James M. Walker, Jr.
It's not all bad news, though it may seem so from the excerpts above. DHS is moving forward slowly, slowly...

Thursday, June 12, 2008

Defining Resilience Isn't Enough; It Must Also Be Facilitated

Rich Cooper at Security Debrief points out that the flooding in the Midwest provides a good example of resilience:

If you are looking for real-life resiliency happening today, pay close attention to what is happening right now in the heartland of America. Over the past several days, the citizens of Cedar Falls, Iowa, have filled hundreds of thousands of sandbags to save their City from the rising waters of the Cedar River. Thousands of volunteers of every age and walk of life have stepped forward to fill bag after bag and put them in place to save their ‘homeland’ and preserve the ‘security’ that it brings to them.

Cedar Falls and others like her in the Midwest that are fighting the ‘battle’ for survival represent the personification of resilience. They are offering us all a teachable moment and we all have a lot to learn.

There was no legislative mandate that made the citizens of Cedar Falls step forward to fill sandbags and stack them atop one another. Nor were there FEMA checks handed out to make them come downtown to save the City streets from more ruin. They just showed up and did it. They were business owners, employees, parents, students, etc. – all citizens committed to the survival of what is important to them. That is what resilience is: action that enables survival. Before we allow the word to become so overused that it loses its meaning (e.g. interoperability), we need to remember that people focused on a mission are at the center of resilience.
True enough, but it leaves out a crucial point: It's not enough to rely on the willingness of citizens to step forward, pitch in, and try to save their own communities. Citizens have always done so, and will continue to do so. And this sort of activity has always been more organized and effective in localized disasters such as the Midwest flooding than in widespread, catastrophic disasters.

The key to resilience, especially for catastrophic disasters, is to create systems that facilitate those efforts - by citizens, by businesses, by public agencies - so that they are as effective as possible. I'm talking about communications systems, logistical systems, healthcare systems, etc.

In a catastrophe, these systems will spontaneously organize themselves through whatever means are available, even if no planning is done. But it's the job of homeland security professionals to ensure that the planning is done, and that when the disaster happens, the systems that support citizen action are as robust as possible.

So while the activity of "people on a mission" is at the heart of resilience, it's only a necessary but not sufficient condition. The engine that makes resilience go is the creation of reliable systems that facilitate the actions of those responders.

Preventing Vandalism = Homeland Security?

Santa Rosa, California, will spend some of its Homeland Security money on surveillance cameras, in part to prevent vandalism:

Sonoma County transit agencies will buy surveillance cameras with the first installment of voter-approved state Homeland Security funds announced Wednesday.

The county and the city of Santa Rosa will get a combined $57,000 of the $21 million that went to 14 Bay Area bus, train and ferry operators.

Brian Albee, head of Sonoma County Transit, said the agency's $31,800 portion will be used to mount cameras at its West Robles Avenue bus yard. The project is expected to cost about $50,000, he said.

Mona Babauta, Santa Rosa's deputy director of transit, said the city will spend its $25,100 on cameras at some bus stops plagued with vandalism.
Unless they're integrated into a real-time information-reporting system, surveillance cameras are not tools for prevention. They'll help you identify perpetrators after the damage has been done.

The larger question is, is this really a homeland security issue? Just what are we protecting ourselves from? Vandalism may be a problem, but unless it's sabotage, it's not a security threat.

Wednesday, June 11, 2008

Lone Wolves = Good News?

The risk of Islamist "lone wolf" terrorism may be on the rise:

A newly declassified Canadian intelligence report is warning about the emerging threat posed by "lone wolf" Islamist terrorists who operate completely on their own.

Terrorists inspired by al-Qaeda have, in the past, tended to work in cells, but the report says they are beginning to use the solo strategy once associated with the militant far right.
Lone wolves such as Timothy McVeigh can do damage, of course. But they're not going to pull off an attack on the scale of 9/11 or the East Africa embassy bombings. So in a sense, this could be seen as good news. If they don't feel secure gathering together, that's a victory for our counterterrorism efforts.

But there's another view: The idea that this is all a great strategic distraction, to keep us chasing our tails:
Terrorism expert Bruce Hoffman said he believes the Canadian assessment is correct and that the shift is part of a larger strategy to distract and exhaust Western counterterrorism agencies.

"I think it's right but I think this is yet another example of the strategic sophistication of our adversaries in that by encouraging lone wolves, I think they're trying to suck the resources from our security and intelligence services and police departments," he said.

"In other words, if there's a homegrown threat, which is one thing, now there's a lone wolf threat. And I think they're both legitimate. I think part of al-Qaeda's strategy, the jihadi strategy, is to get everyone so consumed with these grassroots threats that it gives greater scope to the real professionals to operate."
Such a view is in harmony with what bin Laden himself said in 2004:
All that we have to do is to send two mujahidin to the furthest point east to raise a piece of cloth on which is written al-Qaida, in order to make the [American] generals race there to cause America to suffer human, economic, and political losses ...
So, what to do? Spend energy on the risk of lone wolves, or continue focusing on preventing the emergence of more organized operations? My vote is for the latter.

Lone wolf attacks, even in a series, would be localized and unlikely to have a lasting effect on the U.S. From a risk-management perspective, the better option may be to continue focusing on preventing the formation of operational cells that could inflict greater damage.