Fusion Centers in the News

In May, the DOJ will release baseline standards for fusion centers' information-sharing capabilities, reports Federal Computer Week:

The Justice Department next month will release baseline standards for the information-sharing capabilities of the more than 50 state and local intelligence fusion centers nationwide.

John Cohen, a spokesman for the Office of the Director of National Intelligence’s Program Manager for the Information Sharing Environment, said the baseline capability requirements will incorporate the role in the federal information-sharing environment laid out in the 2007 National Strategy for Information Sharing (NSIS). He added that much of the guidance is not new and that state and local authorities were involved in developing the directions, which will include additional guidance on privacy issues.

Also, on April 17 there was a hearing before the Senate Committee on Homeland Security and Governmental Affairs Ad Hoc Subcommittee on State, Local and Private Sector Preparedness and Integration. A few highlights from the testimony.

The general drift of the testimony was that progress is being made in sharing information, but some systemic and programmatic hurdles remain. The most significant of these, from the perspective of the fusion centers themselves, is the uncertainty of future funding streams.

Captain Charles Rapp, Director of the Maryland Coordination and Analysis Center, said that centers are still having trouble dealing with the quantity of information received - too much, too disorganized, not the right kind:

One of our greatest challenges is to expeditiously process the profusion of information to determine what is useful to our consumers.

It is also imperative that we make our federal partners understand that access to information does not necessarily equate to sharing information.

Another facet of this process is to educate state and local managers about what information they need and what they can expect from the fusion centers. Many state and local managers narrowly seek only tactical information, while ignoring a broader strategic analysis that could benefit their agencies.

And yet, when dealing with familiar, well-established categories of crimes, the fusion centers are doing pretty good:

Fusion centers are sharing more time sensitive information about organized criminal activities, gang-related activities and other information that previously may have only been shared in response to a specific request.

But in their interface with Joint Terrorism Task Forces, the fusion centers are not being treated as significant partners:

The FBI’s Joint Terrorism Task Forces have been reluctant to integrate fusion centers into their intelligence gathering operations. Instead, they continue to rely on state and local task force members to relay information to their agencies. This compartmentalization of information gathering and sharing is counter-productive and counter-intuitive to the fusion center concept.

Once the JTTF opens a case and investigates the information, it can either move forward as a classified case or be closed. This information is generally not reported back to the fusion centers. Other bits of information may not fit anything and may only be entered into a database. The fusion center may never know whether any of the information played a significant role in an investigation. Thus most of the success stories from information sharing have been anecdotal. We can quantitatively measure factors like how many calls are received per day, how many information requests are processed daily, the number of products produced, etc. However, I am not convinced that these measures will give you the true value of the centers or provide an accurate picture of their capabilities.

What's needed, Rapp argues, is a better process for prioritizing information so that everyone from the local level on up knows what to look for:

Baseline capabilities require a statewide threat assessment listing vulnerabilities and gaps from which prioritized collection requirements can be derived. Once the centers develop prioritized information needs, they can clearly communicate that to collectors. Collectors will then report back to the fusion centers enhancing the capacity of the state to detect potential precursors to terrorist activity. This should then be the focal point for federal agencies to synthesize their intelligence with any intelligence gathered on a local level. This is not happening.

The point was echoed by Matthew Bettenhausen, Homeland Security Director for California, who said:

However, more work needs to be done to better define the requirements of the Intelligence Community from State and local public safety agencies. Locals need clearer direction on the types of information that should be shared.

And yet in some operational respects, Bettenhausen said, things are improving - including the implementation of the HSIN, which I've criticized in the past.

At the operational level, fusion center analysts have been pleased with the Department of Homeland Security's deployment of the Homeland Security Information Network (HSIN), a system for sharing sensitive analytical products. Under Mr. Charlie Allen's leadership, the Department has improved both the timeliness and the quality of the HSIN products.

Even in the absence of solid direction, fusion centers are trying to innovate. For instance, to better capture information from local agencies, Rapp said Maryland has developed a regional structure:

Collection of information is another challenge for the local jurisdictions. In Maryland we realized that we were not capturing information from areas that were not in the Baltimore Metropolitan region. To counter that lack of information flow, we developed a regional plan. We currently have three regional centers operating in Hughesville, Salisbury and Frederick Maryland. Control of these centers is maintained locally and they are networked into our main center. The value of these centers is collecting local information that will benefit the participating agencies. The regional centers add value to the agencies within their area by providing crime information and identifying local patterns. They are tracing criminal activity and participants and looking for travel patterns within their communities and helping solve criminal incidents by linking associates and acts.

Fusion centers have also developed a network (a type of desired "network of networks") to share information about what's working.

Over the past two years the development of a Homeland Security Information Network State and Local Intelligence Portal Community of Interest (HS SLIC) has become a vital link and extremely beneficial tool for the fusion centers. ... The connectivity of the states within this portal is very effective and allows members to exchange information within a secure environment.

DHS Under Secretary for Intelligence and Analysis Jack Tomarchio also had good things to say about HS SLIC:

DHS sponsors the Homeland Security State and Local Intelligence Community of Interest (HS SLIC), a virtual community of intelligence analysts from across the country -- currently, 1,000 members from 42 states, the District of Columbia, and six federal departments. Through the HS SLIC, intelligence analysts across the country collaborate via weekly threat conference calls, analytic conferences, and a secure Web portal for intelligence information sharing at the sensitive-but-unclassified level.

Federal agencies, to their credit, are trying to involve state and local officials, via pilot projects. GAO's Eileen R. Larence, Director of Homeland Security and Justice Issues, reported:

As of March 2008, four state and local law enforcement representatives had been detailed to the ITACG to provide a nonfederal perspective to the intelligence community in its situational and threat reporting and intelligence products, by, for example, requesting changes to report language to better address state and local needs. According to one of the representatives, these changes have involved requesting that specific tactical information be included in reports or that, where possible, the security classification of a report be lowered so that it could be disseminated more broadly to state and local officials. While these efforts to improve the quality and flow of information to state and local users are promising, it is too soon to determine the extent to which they will address the challenges in accessing and managing information reported to us by fusion center officials.

And DHS' Tomarchio added:

Over a six month period, DHS I&A undertook a pilot project, working with six of our fusion center partners to examine their day-to-day information needs. By working with I&A deployed personnel, assigned pilot personnel within I&A headquarters and most importantly our state and local partners, I&A was able to develop a precise set of information needs.

And yet, hanging over all of this is a concern about funding. As indicated above and by many other sources, the fear that fusion centers will become an unfunded mandate is a major concern. Rapp, Maryland's center director, is concerned:

However, without a consistent funding stream some centers may never attain the core capabilities. ... This year, my funding has not been released. Aside from funding contractual analysts, I have no funds to spend on operational needs. This makes planning and developing baseline capabilities difficult.

On the same point, California's Bettenhausen said:

[I]nconsistent guidance (Information Bulletins 235 and 281) regarding the use of federal funds under the State Homeland Security and Urban Area Security Initiative Grant programs has been extremely counterproductive and detrimental to State and local efforts to build and sustain a network of fusion centers.

And GAO's Larence added:

[S]ome fusion center officials raised concerns at the national fusion center conference [in Feb 2008] about how specifically the federal government was planning to assist state and local governments to sustain fusion centers. For example, whether federal funding for fusion centers would continue to be available through DHS’s homeland security grant program or whether in the future there would be fusion-center specific funding has yet to be determined.

On the contentious issue of security clearances, the hearing produced more confusion than clarity. On the one hand, DHS' Jack Tomarchio said the clearances backlog is, well, clear:

When I arrived at DHS from the private sector two and half years ago, the wait time to receive even a Secret-level clearance was nearly two years and the backlog of applicants was enormous. Thanks to the efforts of the DHS and I&A Offices of Security, we have dramatically reduced the amount of time it takes to grant those clearances and nearly eliminated the backlog.

But Larence reported:

Both DHS and the FBI have provided security clearances for state and local personnel and set timeliness goals for granting clearances. However, officials cited challenges obtaining and using clearances. Obtaining and using security clearances represented a challenge for 44 of the 58 centers we contacted, which could limit their ability to access and use some information. In addition, while law and executive order provide that a security clearance granted by one federal agency should generally be accepted by other agencies, officials in 19 of the centers encountered difficulties with federal agencies, particularly DHS and the FBI, accepting each others’ clearances. DHS and DOJ officials reported that they were not aware of recent fusion center challenges with reciprocity of clearances.

And California's Bettenhausen added:

Security clearances - both in terms of availability and proper level - remain an issue for State and locals. Perhaps the most recent and best example I can provide you with, is the classification of the new Presidential Homeland Security Directive regarding cyber security at the Top Secret level. Unfortunately, the Department has not recognized the need to issue Top Secret clearances to State and local public safety officers - even those whom bear the responsibility of implementing national security directives.

All things considered, it's a mixed bag. The biggest concern still seems to be a clear demonstration of a level of commitment to the concept and to the centers.

Charlie Allen Sells the National Fusion Center Network

In a speech yesterday before the annual conference of the International Association of Law Enforcement Intelligence Analysts (IALEIA) and Law Enforcement Intelligence Unit (LEIU), DHS Under Secretary for Intelligence and Analysis (I&A) Charlie Allen once again took up the task of explaining how federal, state, and local agencies will share information.

Allen has been in the news recently, taking some heat from key members of Congress who charge his unit with dragging its feet on the effort to share information (also see these posts).

But in prepared speeches, of course, everything is always sweetness and light. Let's see if we can read between the lines.

Perhaps the most significant focus of Allen's speech is his commitment to creating a National Fusion Center Network, which was called or in the National Strategy for Information Sharing (my post here). On previous occasions I've questioned whether fusion centers would essentially become funnels for federal agencies to move information down to the state and local levels. State officials have questioned the federal government's commitment to the fusion centers, revealing an anxiety that the centers could become an unfunded mandate.

But on these questions, Allen says the right things in his speech, committing to the fusion center concept as well as two-way sharing through the National Fusion Center Network:

Fully incorporating the analytic function into the law enforcement (sic) is essential to a true implementation of intelligence-led policing, a concept which is being adopted far and wide.

My goal is to support the implementation of a National Fusion Center Network working with our colleagues in the FBI, DOJ, DNI and the PM-ISE.

Working together – leveraging Federal as well as State and Local networks; moving relevant information and intelligence quickly; enabling rapid analytic and operational judgments – that is what this National Fusion Center Network is all about.

In addition, information once only available in cities and states can be used to protect the nation as a whole.

Funding isn't discussed directly, and frankly, Allen doesn't have full control over whether funds are allocated to fusion centers.

But in Allen's comments about two-way sharing, there was one comment I found odd:

[I]nformation which may fit into the bigger picture of national security, but means nothing to the local police officer or analyst who comes across it, now has an avenue to get where it can become part of the national, or even international, intelligence picture.

So the information gathered by state and local law enforcement "means nothing" to the officers and analysts there (and presumably at the fusion center). If so, then how or why would this information move from local and/or state to the national level? If the local/state analyst can't recognize its importance, why would they pass it on? You can't share everything, and even if you could, you couldn't sift it effectively.

To me this gets to a fundamental objective of information sharing - to provide everyone, at all levels, an improved understanding of the context in which potential threats may appear. The goal is to reduce the "unknown unknowns," so that even if a given analyst doesn't have full information on a given threat, he or she can at least recognize it as a "known unknown" - i.e., something that has significance, even if complete information is either unavailable anywhere or unavailable to him/her.

I don't know why Allen would imply that there could be situations in which state and local analysts or officers are in the dark, when it's the point of information sharing to provide light.

Open-Source Intelligence and the Importance of Information-Sharing

This morning's USA Today reports on the increasing value of open-source intelligence in the fight against terrorism.

[T]he President's Daily Brief and other crucial intelligence reports often rely less on secrets from risky espionage missions than on material that's available to just about anyone.

Intelligence officers have gleaned insights on Iran's nuclear capabilities from photos on the Internet. They've scooped up documents, including a terrorist training manual, at international conferences and public forums. They've found information in foreign university libraries and newscasts.

And why not? Open-source intelligence is what the other side uses. The challenge, in the information age, is in finding the valuable info amid the junk:

It's a challenging task, given the mountains of material to sift through. Every potentially useful nugget must be vetted because enemy states and terror groups, such as al-Qaeda, sometimes use the Internet and other open channels to put out misleading information.

Yet officials say agencies are overcoming such obstacles and unearthing increasingly valuable troves of intelligence.

"It's no longer unusual to see open-source material in the President's Daily Brief … (and) it's often a very important component of the information that's incorporated into our intelligence analyses," says Frances Townsend, who until January was President Bush's assistant national security adviser for homeland security and counterterrorism.

Open sources can provide up to 90% of the information needed to meet most U.S. intelligence needs, Deputy Director of National Intelligence Thomas Fingar said in a recent speech.

Since it can be relatively time-intensive work to sift through all the available information, most local agencies don't have the resources to do this.

That's where aggregated resources, such as fusion centers, can play a role. Fusion centers are already making use of open-source intelligence - an important point, since they are so central to the U.S. effort to share information on terrorism and other hazards. Chicago's fusion center is using open-source intelligence. Other fusion centers do as well, as this 2007 CRS report described (my post here).

But the value of open-source intelligence is limited. You don't find smoking guns in open-source intelligence. Instead, you find background information that can fill in the context for the classified information:

[O]pen-source information does not often lead to "eureka" moments in the intelligence world, says Wayne Murphy, assistant director in the FBI's Intelligence Directorate. More often, its main use is to "add perspective and context" to material gathered through classified means.

The implication of this is clear. You're not going to find the holy grail through open-source; you're only going to be able to marry the open-source intelligence with the classified intelligence. For this reason, there needs to be a strong information-sharing system to allow cross-talk between the open-source and classified sides.

Whether an analyst is operating in a fusion center or at an intelligence agency, they need to understand what they're providing context for. And someone working in classified intelligence will be all the better informed if they have a full appreciation of the context that can be discovered through open-source.

Unless there is reliable information-sharing between the open-source and classified sides, there's a risk that open-source analysis will never amount to its full potential.

Second Fusion Center Conference Held

Breaking the rules of Journalism 101 - simply noting that "a meeting was held":

More than 900 federal, state, and local law enforcement and homeland security officials attended this week the National Fusion Center Conference here to further the U.S. government's plans to create a seamless network of these centers.

Participants discussed how to best incorporate fusion centers at the state level and in major urban areas into national plans to improve the sharing of information related to terrorism...

Harman Criticizes DHS Again on State-Local Information Sharing

Rep. Jane Harman, chairwoman of the Homeland Security Committee’s intelligence subcommittee, is criticizing DHS again, as she did a few weeks ago at a congressional hearing (my post here). The issue is sharing information among federal, state and local officials:

The Homeland Security Department is at risk for losing support for funding because it is not doing a good enough job of sharing information with state, local and federal homeland security officials, the chairwoman of the House subcommittee that oversees information sharing and intelligence gathering said March 18.

Speaking at the National Fusion Center Conference in San Francisco this week, Rep. Jane Harman (D-Calif.), said DHS’ Intelligence and Analysis Office (OIA) needs to improve its relationships with and understanding of the needs of state and local authorities to make its fusion center initiative successful.

DHS is making some gradual progress but not quickly enough for Harman, or with a clear enough commitment:

[DHS] has more than 20 representatives at fusion centers and has committed to having 35 employees deployed to them by the end of the fiscal year. FBI officials already work in almost all centers.

Thanks to its stronger commitment, the FBI has developed a pretty good relationship with fusion centers, because co-location of local, state, and federal officials is critical to developing an information-sharing network based on trust, as this CRS report suggested last summer (my post here).

Here's the big red flag, though:

Harman added that the president’s 2009 budget request does not include money specifically to sustain the centers despite calls for it by the administration in its National Strategy for Information Sharing, which was released last year. The strategy placed fusion centers as the cornerstone for information sharing among the state, local and federal governments.

State officials voiced the concern that fusion centers would essentially become an unfunded federal mandate in a GAO report last December (my post here). Seen in this light, is it any wonder that state and local officials are feeling uncertain about their level of commitment and involvement in the fusion center process?

Harman is getting impatient:

“Once we get past the agendas, games and turf wars involving fusion centers and the ITACG, once we start working on solutions, we’ll soon look back on ourselves and ask ourselves, ‘What took so long?’ ” she said in her prepared remarks.

I'm overgeneralizing and speculating here, but some of the more successful fusion centers I'm aware of (e.g., NYC, LA) have been established purely on the basis of local need, when communities have decided that they cannot adequately perform their homeland security mission without them. Perhaps the imposition of a fusion center - either by mandate or by suggestion - begins to raise questions about whose turf is whose, and that's where the squabbling comes in.

A Look Inside Chicago's Fusion Center

Not exactly hard-hitting journalism here, but Government Technology runs a complimentary piece, examining the capabilities of Chicago's fusion center, the Crime Prevention Information Center (CPIC).

Unlike many other fusion centers, Chicago's center eschews the all-hazards approach and focuses only on violent crime and terrorism. There's some collaboration with suburban police departments in the collar counties:

Approximately 30 full-time staff members - detectives, police officers and supervisors - work at CPIC. As events warrant, each of the 35 suburban departments that work with the center lends officers to help field calls for information. In addition, representatives from the Cook County, Ill., Sheriff's Chief and other federal agencies also provide liaison personnel to the center as needed.

Not surprisingly in a world awash in information, the CPIC's primary value is in filtering information that's already available and giving it to police officers when they need it:

Chicago Police Commander David Sobczyk adds that much of the intelligence needed to combat terrorism - perhaps more than 90 percent - is really open-source information. It's putting the right pieces together in a timely fashion that makes the difference.

Much of the information flowing through CPIC, such as access to local and national crime databases, is something a tech-savvy police officer can access without the fusion center. But previously it would have taken multiple searches and a deliberate effort to search each source. CPIC has automated the process, for what databases are searched, and it adds some artificial intelligence to determine information that might be relevant.

Prior to CPIC, officers would arrive at an incident scene with virtually no other information than what was given in a call. They would then return to the police station, often the next day, to gather other information on file that might be relevant. Now through CPIC, as soon as police officers are dispatched to a home or street intersection, they immediately have relevant information at their fingertips about the location - who called the police from there in the last few days, recent arrests in the area, other reported incidents and even traffic tickets given recently on the block.

The CPIC says it's sharing information with state and federal officials:

Sobczyk also points out that the CPIC operation isn't simply drawing in the information needed to facilitate investigations or to respond better to public safety threats; CPIC also sends out information to both federal and state agencies. "It's a two-way flow," he said.

I wish there were more information about this, because other studies of fusion centers have suggested that there isn't enough two-way information sharing.

Appropriately, the system is set up to examine incidents rather than personal profiles. As I've argued before, you can't detect a terrorist based on who they are. The "terrorist profile" - that is, a young disaffected person who's looking for something to provide meaning and purpose in their life - is far too broad to be useful. You have a better chance if you examine what they do - especially other criminal activity:

[T]he entire CPIC system is incident-based. It takes an incident of some kind to launch a query or investigation. In other words, there must be justifiable cause to initiate the investigation.

Not only does this help avoid potential civil-rights problems, it's also likely to be more effective as a preventive measure.

ITACG: Beneficial or Boondoggle?

The fur flew around the Cannon House Office Building on Feb. 26, when Charlie Allen, DHS Under Secretary - Intelligence and Analysis (I&A), testified before the House Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment.

The subject that caused all the sniping was the Interagency Threat Assessment Coordination Group (ITACG), which is supposed to "coordinate the production and timely issuance of the following interagency products intended for distribution to State, local, and tribal officials."

But is the ITACG working? If you listen to Allen's testimony, ITACG is working just great:

A major emphasis of the Office of Intelligence and Analysis has been the establishment of the Interagency Threat Assessment Coordination Group (ITACG), which has been stood up under the management of the National Counterterrorism Center (NCTC) to help us meet the information needs of our State, local, and tribal partners. I have provided two senior officers from the Office of Intelligence and Analysis, along with two officers provided by the FBI, to lead the stand-up of this organization. I am extremely pleased to report that the ITACG achieved Initial Operating Capability (IOC) on 30 January 2008 and that current staffing requirements have been met. In total, four federal and four state personnel, as well as contractor officers, are working in dedicated spaces with essential systems connectivity in NCTC.

The ITACG has already begun providing valuable input to intelligence products disseminated to State and local organizations, and its personnel regularly attend NCTC meetings and are engaged in NCTC production processes and activities critical to serving non-Federal customers. Since stand-up operations began on 23 October 2007 under DHS day-to-day leadership, the ITACG has reviewed more than 25,000 finished intelligence products. From that review, the ITACG identified products that meet State and local needs, and has already disseminated many of them to State and local officials. Since 23 October, the ITACG also has reviewed 1,576 separate reports on worldwide threats to U.S. interests, identifying 69 of these as possible threats to the Homeland. Further review by the ITACG revealed five reports of questionable credibility, two of which required better characterization of the threat or source. As a direct result of the ITACG’s efforts, DHS and the FBI refined our characterization of the threat and released joint reports on the two cases noted above requiring further threat detail.

I am confident that DHS, FBI, and NCTC in collaboration with the ITACG Advisory Council and ITACG personnel will work closely together – not only to ensure that the ITACG meets the letter and spirit of statutory obligations vis-à-vis State, local, and tribal needs, but also to synchronize and harmonize Intelligence Community support to our State, local, and tribal partners.

Sounds great. But Allen's testimony is directly challenged by the statements of Homeland Security Committee Chairman Bennie G. Thompson and Intelligence Subcommittee Chair Jane Harman. Harman writes:

[I]t seems that the only stovepipe left standing is yours...

I have a major issue with I&A’s endless refusal to take the ITACG seriously and to build a robust State, local, and tribal presence at the National Counterterrorism Center (NCTC) that makes the intelligence production process for State and locals better.

Although you promised last year that your staff would make a full effort to ensure the ITACG’s success, and although you told us you were proud to be leading the ITACG effort, you did not have it going in a few weeks as you had described.

DHS [has] made two things clear: First, it wants to control what homeland security information should be disseminated to State and locals. Second, it wants the ITACG to “go away” once the Information Sharing Environment “matures organizationally and culturally.”

Let me be clear. The ITACG is NOT going away.

I&A should be hungry for the State and local input that the ITACG offers – whether products created for those communities are produced at the NCTC, the FBI, or by your staff at the Nebraska Avenue Complex.

I was also disappointed to learn that your office is still debating about when State and locals detailed to the ITACG should become involved in preparing analytic products.

Effective information sharing is a major focus of this Subcommittee, and I have hoped that you would build an I&A that makes that happen.

Our hearing record, however, is full of testimony from State and local entities that tells us that they aren’t getting the products they need.

Bottom line, Charlie: you are not effectively serving the State and locals who are the people who will prevent the next attack.

Thompson adds:

I join with the Chair in here concern about the Department’s progress with the ITACG. The message, Mr. Allen, is clear: get the ITACG done right and get it done right now.

With your new authorities and influence, we expect nothing less than your total commitment to the success of the ITACG.

I don’t see how the proposed 9% increase in new funding for your office and the Office of Operations Coordination will help you satisfy those new obligations...

In my mind, the most disturbing part of this discussion is the assertion that DHS is not fully engaging the participation of state and local personnel in creating analytic reports. That means that information-sharing is seen as a one-way street, in which intelligence is parceled out and funneled down to state and local agencies.

A vibrant information-sharing system has to be a two-way street.

Update 03-18-08: Congresswoman Jane Harman weighs in at HLS Watch.

ODNI Releases Info-Sharing Standards

The Office of the Director of National Intelligence (ODNI) has released standards for sharing information about potential terorrist-related activity among local, state, and federal law enforcement. Federal Computer Week reports:

John Cohen, a spokesman for PM-ISE, said the standards establish functional criteria to provide general categories of behavior that can be seen as suspicious and a map for how information and intelligence should be shared among fusion centers.

“It provides a definition that is communicated and understood across all communities,” he said.

He also added that the hope is that by giving law enforcement more intelligence or information about what they should be looking for they can avoid relying on profiling.

The key concept is "observable behavior." It's not who you are; it's what you do. Looking at the standards themselves, which are downloadable here, provides a clearer picture:

Suspicious activity is defined as “observed behavior that may be indicative of intelligence gathering or pre-operational planning related to terrorism, criminal, or other illicit intention.”

Not surprisingly, the CTISS continues the general trend of emphasizing the importance of fusion centers:

The State or major urban area fusion centers shall act as the key conduit between the State, local, and tribal (SLT) agencies and other ISE participants. It is also important to note the ISE Shared SpaceF5F implementation concept is focused exclusively on terrorism related information, however many suspicious activity report (SAR) originators and consumers have responsibilities beyond terrorist activities and beyond the scope of the ISE.

Of special note, there is no intention to modify through this ISE-SAR Functional Standard or otherwise affect the currently supported and/or mandated direct interactions between State, local, and tribal law enforcement and investigatory personnel and the Joint Terrorism Task Force (JTTF) or Field Intelligence Groups (FIGs).

Not sure what this last bit means - could mean that the JTTFs and FIGs will remain their own information silos, which would be unfortunate.

In any case, it sounds at first like the new standards for suspcious activity reporting (SAR) will cast a wide net and take advantage of a significant vulnerability of potential terrorist groups - the nexus between "ordinary" crime and potential terrorism:

It is also important to acknowledge that many terrorist activities are now being funded via local or regional crimes organizations. This places law enforcement and homeland security professionals in the unique, yet demanding, position of identifying suspicious activities, behavior, or materials as a byproduct or secondary element to a criminal enforcement or investigation activity. This means that, while some ISE-SARs may document activities or incidents to which local agencies have already responded, they are being shared to facilitate aggregate trending or analysis.

Illicit money-making activities present a lot of opportunities for law enforcement to detect these groups. And yet, when you look at the specific categories of observable behaviors, they're almost entirely operational and target-centric:

Eliciting Information: Questioning facility personnel about facility/infrastructure/ personnel: this includes individuals probing employees in person on or off-site, over the phone, or via the Internet about particular structures, functions, and personnel procedures at the facility/infrastructure.
Breach/Attempted Intrusion: Unauthorized personnel attempting to or actually entering a restricted area or protected site. Impersonation of authorized personnel (e.g. police/security, janitor).
Misrepresentation: Presenting false or misusing insignia, documents, and/or identification, to misrepresent one’s affiliation to cover possible illicit activity.
Photography: Taking pictures/video of facility/infrastructure/personnel or surrounding environment.
Observation: Showing unusual interest in facility/infrastructure/personnel; for example, observing it through binoculars, taking notes, drawing maps, or drawing structures of the facility.
Surveillance: Monitoring the activity of people, facilities, processes or systems.
Theft/Loss/Diversion: Stealing or diverting something associated with a facility/infrastructure (e.g., badges, uniforms, identification, emergency vehicles, technology or documents {classified or unclassified}, which are proprietary to the facility).
Sabotage/Tampering/Vandalism: Damaging, manipulating, or defacing part of a facility/infrastructure or protected site.
Testing of Security: Interactions with, or challenges to installations, personnel, or systems that reveal physical, personnel or cyber security capabilities.
Cyber Attack: Compromising, or attempting to compromise or disrupt an organization’s information technology infrastructure.
Expressed or Implied Threat: Communicating a spoken or written threat to damage or compromise a facility/infrastructure.
Flyover: Suspected over flight of a facility/infrastructure; this includes any type of flying vehicle (e.g., airplanes, helicopters, unmanned aerial vehicles, hang gliders).
Materials Acquisition/Storage: Acquisition of unusual quantities of precursor material (e.g., cell phones, pagers, fuel, timers), unauthorized/unlicensed individual/group attempts to obtain precursor chemicals/agents, or toxic materials, and rental of storage units for the purpose of storing chemicals or mixing apparatus.
Acquisition Of Expertise: Attempts to obtain or conduct training in security concepts; military weapons or tactics; or other, unusual, capabilities, such as specialized transport or handling capabilities.
Weapons Discovery: Discovery of weapons or explosives.
Sector-Specific Incident: Actions associated with a characteristic of unique concern to specific sectors (such as the public health sector), with regard to their personnel, facilities, systems or functions.
Recruiting: Building of operations teams and contacts, personnel data, banking data or travel data.
Other: Incidents not fitting any of the above categories.

By the time someone is doing most of these activities, they may have already put an organization together, raised funds, etc. Also, it's possible to put together many elements of an attack without a specific target in mind. In fact, some potential modes of attack, such as a "dirty bomb" attack or some types of biological attacks, wouldn't require access to a particular target. Close enough would do. So the target-centric focus is a bit puzzling. Also, many important activities that would provide good opportunities for detection would fall into just a couple of categories: Acquisition of Expertise and Recruiting.

Everything seems to be there; it just seems odd that the emphasis is on observations that are tied so closely to reconnaissance and/or exploiting the vulnerability of a specific target.

The State of State Homeland Security

Some interesting findings in the National Governor's Association's (NGA) recent survey of state homeland security directors.

The NGA got responses from 44 of 56 state and territorial homeland security advisors who comprise the Governors Homeland Security Advisors Council. They identified their top priorities for 2007 as:

Developing interoperable communications

Coordinating state and local efforts

Protecting critical infrastructure

Developing state fusion centers

Strengthening citizen preparedness

The only new priority is the last one, "strengthening citizen preparedness," which replaced "preparing for natural disasters," the popular choice in the aftermath of the 2005 hurricane season. Unfortunately the 2007 survey didn't ask for any details about the new goal of strengthening citizen preparedness; it will be interesting to see what progress is made in 2008.

Here are a few notes on what the survey revealed about the other priorities:

Interoperability

On interoperable communications, the more things change, the more they stay the same. Federal leadership and funding remain significant hurdles to interoperability.

[N]early every state now has a statewide interoperable communications governance structure in place, and nearly three quarters (about 70 percent) report having a full-time interoperability coordinator at the state level. However, achieving interoperability has, until recently, been hampered by a lack of clear guidance from the federal government and an associated lack of designated funding to develop interoperable systems.

The same argument was made last March, in this report by the First Response Coalition (see also my post).

Coordination with Local Efforts

Good news here. As I've noted anecdotally on a few previous occasions, some states are doing a good job of working with local agencies to coordinate response efforts:

In the 2007 survey, states were asked specifically about their interaction with local governments, tribal governments, the private sector, and other states. More than half—54 percent—said they “significantly” involved local governments in the development of strategic plans, including grant funding allocation plans. Roughly one third of the states, or 32 percent, said local involvement in those activities was “fair,” while 14 percent reported local involvement as “minimal.”

Nearly all the respondents reported having completed or being in the process of developing coordinated response plans with local agencies for a range of disasters. In addition, coordination of security plans and procedures with the private sector also remains a priority, with 100 percent of states reporting that they either have or are in the process of developing security plans with the privately owned infrastructure in their states.

But efforts are more mixed for prevention and preparedness:

Despite the success of EMAC and its proven utility in large-scale events such as Hurricane Katrina (97 percent of states surveyed in 2007 said EMAC was very or somewhat efficient), the coordination of pre-event planning—or, the “prevention and preparedness” phase of emergency management—remains a work in progress.

Critical Infrastructure

There was some measured good news regarding critical infrastructure, in that more than half of the states have joined in interstate (i.e. regional) efforts to protect infrastructure sectors.
Fusion Centers

Fusion centers are critical elements of the National Strategy for Information Sharing, yet the NGA survey indicates that fusion centers "remain a work in progress." The information that flows into the centers is improving:

The 2007 survey results also reflect an improvement in the federal-state information-sharing relationship. More than half of the states (56 percent) said they were satisfied with the timeliness of the intelligence they are receiving; 47 percent said they were satisfied with the specificity of that intelligence; and 50 percent said they were satisfied with the “actionability” of that intelligence.

And yet, leadership is lacking from the federal government on funding and systems development:

Nonetheless, nearly two-thirds of the states said they will be unable to sustain their fusion center operations without federal funding.

About half the states (48 percent) said they had little participation in key information-sharing initiatives such as the Homeland Security Information Network (HSIN), DHS Alert, and the Disaster Management Information System.

Federal-State Coordination

Overall, DHS is still doing a bad job collaborating with the states:

If there is an area where states are reporting unsatisfactory progress, it is in their relationship with the federal government, specifically with DHS. More than half the states (57 percent) reported being dissatisfied or somewhat dissatisfied with their overall communications with DHS, and 60 percent said the quality of their communications with the department had either not changed or had deteriorated since 2006.

States did provide some recommendations on how the federal-state relationship in homeland security could be improved. The majority, about 88 percent, said DHS should coordinate policies with the states before the release or implementation of those policies; 79 percent said there should be more coordination among DHS and other key federal agencies, including the departments of Justice and Health and Human Services; and 71 percent said the relationship could be improved with additional grant funding.

Secretary Chertoff always emphasizes involving state and local agencies, but it doesn't seem to happen at ground level. The interesting thing is, states seem to be doing a better job of this, in collaborating with local agencies. Without a collaborative effort, the work will be fractured. Even the vaunted fusion centers could slip by the wayside unless there is a coordinated effort to make them work.

Fusion Centers: Status and Challenges

Just a relatively brief note on the new GAO report, which discusses the development of state fusion centers, along with the challenges they're facing.

First, a note on the current status of fusion centers:

Officials in 43 of the 58 fusion centers we contacted described their centers as operational as of September 2007. Specifically, officials in 35 states, the District of Columbia, and 7 local jurisdictions we contacted described their fusion center as operational, officials in 14 states and 1 local jurisdiction considered their centers to be in the planning or early stages of development, and 1 state (Idaho) did not have or plan to have a fusion center. In 6 states we contacted, there was more than one fusion center established.

The "all-hazards" focus has been maintained:

[O]fficials in 41 of the 43 operational centers we contacted said that their centers’ scopes of operations were broader than solely focusing on counterterrorism. For example, officials in 22 of the 43 operational centers described their centers’ scopes of operations as all crimes or all crimes and counterterrorism, and officials in 19 operational centers said that their scopes of operations included all hazards.

And it is particularly encouraging to hear that they're exploring the link between terrorism and precursor crimes:

Officials provided two primary explanations for why their fusion centers have adopted a broader focus than counterterrorism. The first explanation was because of the nexus, or link, of many crimes to terrorist-related activity. For example, officials at one fusion center said that they have an all-crimes focus because terrorism can be funded through a number of criminal acts, such as drugs, while another said that collecting information on all crimes often leads to terrorist or threat information because typically if there is terrorist-related activity there are other crimes involved as well.

As the CRS recently noted, it's important for fusion centers - which, it's important to remember, are always state or local entities - to have a close relationship with federal agencies. Without collocation and collaboration, the working relationship suffers. Fortunately, this collocation is proceeding:

Nearly all of the operational fusion centers GAO contacted had federal personnel assigned to them. For example, DHS has assigned personnel to 17, and the FBI has assigned personnel to about three quarters of the operational centers GAO contacted.

[T]he centers varied in their staff sizes and partnerships with other agencies. At least 34 of the 43 operational fusion centers we contacted had federal personnel assigned to them. For example, officials in 17 of the operational centers we contacted reported that they had DHS intelligence officers, and officials in about three quarters of the operational centers told us that they had FBI special agents or intelligence analysts assigned to their centers.

The FBI's engagement is particularly robust:

While the FBI’s role in and support of individual fusion centers varies depending on the interaction between the particular center and the FBI field office, FBI efforts to support centers include assigning FBI special agents and intelligence analysts to fusion centers, providing office space or rent for fusion center facilities, providing security clearances, conducting security certification of facilities, and providing direct or facilitated access to the FBI.

FBI personnel assigned to fusion centers are to provide an effective two-way flow of information between the fusion center and the FBI; participate as an investigative or analytical partner uncovering, understanding, reporting, and responding to threats; and ensure the timely flow of information between the fusion center and the local JTTF and FIG.

Still, there are challenges, including managing the many information systems that feed into fusion centers and the ability (or not) to get security clearances:

[F]usion center officials cited challenges accessing and managing multiple information systems. For example, officials at 31 of the 58 centers we contacted reported challenges obtaining access to federal information systems or networks.

[O]btaining and using security clearances represented a challenge for 44 of the 58 fusion centers we contacted.

More signficantly, there is apprehension on the part of state fusion center directors that the federal government has not made clear its long-term commitment for fusion centers - and that the result would be that eventually fusion centers will become, essentially, an unfunded mandate:

The federal government, through the ISE, has stated that it expects to rely on a nationwide network of fusion centers as the cornerstone of information sharing with state and local governments, but ISE plans or guidance to date do not articulate the long-term role the federal government expects to play in sustaining these centers, especially in relation to the role of their state or local jurisdictions. It is critical for center management to know whether to expect continued federal resources—such as grant funds, facility support, personnel, and information systems—over the long term.

This concern is magnified because a clear commitment to long-term sustainability has not come from the National Fusion Center Coordination Group:

[T]he PM-ISE has established a National Fusion Center Coordination Group (NFCCG), led by DHS and DOJ, to identify federal resources to support the development of a national, integrated network of fusion centers. ... However, to date, the efforts of the NFCCG have not included delineating whether such assistance is for the short-term establishment or long-term sustainability of fusion centers.

It's worth recalling that in the National Strategy for Information Sharing, the federal government pledged to assign personnel to fusion centers "where practical" and to integrate and collocate resources "to the extent practicable. It's this kind of tepid support that makes state and local officials jittery.

It certainly doesn't appear that fusion centers are in any short-term danger. There are too many resources being poured into them, and they're too central to our national strategies. But it's clear that the effort to establish and maintain them could be more coordinated and collaborative. The anxiety of state and local fusion center officials about the federal government's level of commitment is a clear sign that inter-governmental relationships are not yet built on trust.

The National Strategy for Information Sharing

Recently the White House released the new National Strategy for Information Sharing, which tries to bring together many existing government efforts (e.g., the Information Sharing Environment, state and urban area fusion centers, etc.) under a strategic umbrella. I've had a chance to review the document in some detail and can provide some thoughts on it.

Much of the language in the strategy is relatively bland. You can't take issue with it, but neither do you get a strong sense of direction from it. For example, regarding information sharing at the federal level, the strategy says:

Today’s ISE consists of multiple sharing environments designed to serve five communities: intelligence, law enforcement, defense, homeland security, and foreign affairs.

Our objective is to establish a framework for Federal agencies in the fulfillment of their individual roles and responsibilities and forge a coordinated and trusted interagency partnership and process across all five communities. This collaborative approach at the Federal level will in turn drive the manner in which terrorism-related information is shared with non-Federal partners.

Well...yes. This is the sort of thing that everybody has been saying all along. It's a nice vision - and the correct one - but the test of this strategy will be in how well it achieves the vision, not whether it can correctly articulate the vision.

It's perhaps not too surprising, but a little disappointing, that the strategy so strongly emphasizes continuance of the status quo. The strategy introduces little that's new, but instead attempts to coalesce existing programs and projects into a coherent whole, as explained in the section titled "The Need for a National Strategy":

Memorializing the Strategy in a single document not only provides information to others about the Administration’s plans and outlook, but also guides our efforts as we continue to implement many programs and initiatives designed to advance and facilitate the sharing of terrorism-related information.

[W]hile this Strategy describes the vision that has guided the Administration for the past six years, it also sets forth our plan to build upon progress and establish a more integrated information sharing capability ...

The only section of the strategy that does bring some new ideas is the annex on fusion centers, which I'll give extended treatment in a future post.

In short, the creation of the new strategy has not involved asking, "Where are we?" and "Where do we need to go from here?" but has instead involved asking, "How can we strategically explain everything that's been done so far and extend it into the future?"

The underlying message is that we're confident that we're on the right track.

And I would agree that, at least on the big, sweeping ideas, we are on the right track. Everyone has the right intentions. We are very good at saying the right things. For instance, here are the core principles and understandings as enumerated by the new strategy:

Effective information sharing comes through strong partnerships among Federal, State local, and tribal authorities, private sector organizations, and our foreign partners and allies;

Information acquired for one purpose, or under one set of authorities, might provide unique insights when combined, in accordance with applicable law, with seemingly unrelated information from other sources, and therefore we must foster a culture of awareness in which people at all levels of government remain cognizant of the functions and needs of others and use knowledge and information from all sources to support counterterrorism efforts;

Information sharing must be woven into all aspects of counterterrorism activity, including preventive and protective actions, actionable responses, criminal and counterterrorism investigative activities, event preparedness, and response to and recovery from catastrophic events;

The procedures, processes, and systems that support information sharing must draw upon and integrate existing technical capabilities and must respect established authorities and responsibilities; and

State and major urban area fusion centers represent a valuable information sharing resource and should be incorporated into the national information sharing framework, which will require that fusion centers achieve a baseline level of capability to gather, process, share, and utilize information and operate in a manner that respects individuals’ privacy rights and other legal rights protected by U.S. laws.

Anybody want to take issue with that?

Importantly, the strategy acknowledges the importance of state, local, and tribal governments as parterns for sharing information:

[T]he nature of the global threat, as well as the emergence of homegrown extremists, require that State, local, and tribal governments incorporate counterterrorism activities as part of their daily efforts to provide emergency and non-emergency services to the public.

These partners are now a critical component of our Nation’s security capability as both “first preventers” and “first responders,” and their efforts have achieved concrete results within their communities, as the following examples illustrate:

• A narcotics investigation – conducted by Federal, State, and local law enforcement officials and resulting in multiple arrests – revealed that a Canadian-based organization supplying precursor chemicals to Mexican methamphetamine producers was in fact a Hezbollah support cell.
• A local police detective investigating a gas station robbery uncovered a homegrown jihadist cell planning a series of attacks.
• An investigation into cigarette smuggling initiated by a county sheriff’s department uncovered a Hezbollah support cell operating in several States.

One thing about the strategy that worries me a bit is its unstated assumption that the Information Sharing Environment - which is really just getting off the ground - is going to be a success.

The ISE Implementation Plan, among other things, delineates how the President’s guidelines and requirements will be implemented by drawing upon recommendations developed pursuant to those guidelines. It also incorporates the perspectives of representatives from State, local, and tribal governments who reviewed the ISE Implementation Plan Report during its development.

Since the Plan’s submission to the Congress, many of its action items have been implemented.

True enough, as we learned in this status report from the ISE Program Manager in September (also see my post). But at this point the development of the ISE is far too preliminary to assume that it will be a rousing success. My eyebrows always wrinkle whenever I hear language that implies, "If we say it, it must be so."

Now a few notes on the four major sections of the strategy, dealing with information-sharing with federal, state-local-tribal, private-sector, and international partners.

Federal Information Sharing

The section on Federal information sharing is remarkably brief. Its basic message is, "Stay the course, implement the ISE, go through the National Counterterrorism Center (NCTC)." The focus on NCTC is almost single-minded:

NCTC has the primary responsibility within the Federal Government for analysis of all intelligence and information pertaining to terrorism, and supports the Department of Justice (DOJ), DHS, and other appropriate agencies in the fulfillment of their responsibilities to disseminate terrorism-related information.

All Federal departments and agencies that possess or acquire terrorism-related intelligence and information provide access to such information to NCTC for analysis and integration unless prohibited by law or otherwise directed by the President. As the “Federal Fusion Center” responsible “for analyzing and integrating all intelligence pertaining to terrorism and counterterrorism,” NCTC works with appropriate Federal departments and agencies to enable the development of “federally coordinated,” terrorism-related information products tailored to the needs of Federal entities.

All this attention to the NCTC begs the question, however, of whether information-sharing is relevant to all-hazards, or only to counterterrorism. How do we share information on the risk of and/or preparedness for, say, earthquakes or pandemic flu? Surely the NCTC doesn't want this information - nor should they.

And what if a state or local government, through its all-hazards fusion center, provides such information to a federal agency or agencies? What then? It's not clear to me.

State, Local, and Tribal Information Sharing

By contrast to the concise, one-page section on federal information sharing, the state-local-tribal section is positively expansive, rolling along for 4 pages. Which is nice to see, as it reflects the idea that state, local, and tribal partners are important partners for information sharing.

The strategy accurately describes the needs at the SLT level:

The informational needs of State, local, and tribal entities continue to grow as they incorporate counterterrorism and homeland security activities into their day-to-day missions. Specifically, they require access to timely, credible, and actionable information and intelligence about individuals and groups intending to carry out attacks within the United States, their organizations and their financing, potential targets, pre-attack indicators, and major events or circumstances that might influence State, local, and tribal preventive and protective postures.

In the above quote, the words "access to" bother me a bit, as they seem to imply that the information exists somewhere outside the state, local, or tribal government - and the SLT entity needs to be able to reach it. In fact, much valuable information exists within these entities, and it needs to be pushed out.

So I'd add one more critical need: State, local and tribal agencies need reliable systems for sharing information with one another and with federal agencies. So it's good to see the strategy acknowledging this.

Authorities at all levels of our federal system must share a common understanding of the information needed to prevent, deter, and respond to terrorist attacks. The common understanding will be achieved through a framework that enables:

• Federal entities to work together to provide information in ways that better meet the needs of State, local, and tribal partners; and
• Information gathered at the State and local level to be processed, analyzed, disseminated, and integrated with information gathered at the Federal level.

We will have an integrated approach that allows Federal agencies to work together to produce and disseminate a federally-validated perspective on available threat information and relies on the efforts of consolidated fusion environments at the State and regional levels.

That last bit bothers me. Is information valid only after it has been run through the NCTC?

And again, what about all-hazards information? Many fusion centers have an all-hazards focus (a concept I support). Do they share this information? How? Surely we can understand that many potential natural disasters and accidents - especially catastrophic ones - can have regional or even national impacts.

Here are a few of the things SLT governments are supposed to do. These are good and reasonable, but again there is a terrorism-centric aspect to the plan:

To implement recommendations developed pursuant to Guideline 2 of the President’s Guidelines, and as key participants in the information sharing mission, State, local, and tribal entities are encouraged to undertake the following activities, in appropriate consultation and coordination with Federal departments and agencies:

• Foster a culture that recognizes the importance of fusing information regarding all crimes with national security implications, with other security-related information (e.g., criminal investigations, terrorism, public health and safety, and natural hazard emergency response);
• Support efforts to detect and prevent terrorist attacks by maintaining situational awareness of threats, alerts, and warnings, and develop critical infrastructure protection plans to ensure the security and resilience of infrastructure operations (e.g., electric power, transportation, telecommunications) within a region, State, or locality; and
• Develop training, awareness, and exercise programs to ensure that State, local, and tribal personnel are prepared to deal with terrorist strategies, tactics, capabilities, and intentions, and to test plans for preventing, preparing for, mitigating the effects of, and responding to events.

On the federal side, the NCTC's Interagency Threat Assessment and Coordination Group (ITACG) is critical to the information-sharing effort with SLT entities:

Specifically, the group [ITACG] will coordinate the production and timely issuance of the following interagency products intended for distribution to State, local, and tribal officials, the private sector, as well as the general public when appropriate:

• Alerts, warnings, and notifications of time-sensitive terrorism threats to locations within the United States;
• Situational awareness reporting regarding significant events or activities occurring at the international, national, State, or local levels; and
• Strategic assessments of terrorist risks and threats to the United States.

As will be discussed in more detail in a future post, fusion centers continue to be a major emphasis in information-sharing. It has become virtually impossible to find a significant government information-sharing initiative that does not involve fusion centers. Accordingly, the strategy says:

State and major urban area fusion centers are vital assets critical to sharing information related to terrorism. They will serve as the primary focal points within the State and local environment for the receipt and sharing of terrorism-related information.

As a part of this Strategy, the Federal Government is promoting that State and major urban area fusion centers achieve a baseline level of capability and become interconnected with the Federal government and each other, thereby creating a national, integrated, network of fusion centers to enable the effective sharing of terrorism-related information.

Federal departments and agencies will provide terrorism-related information to State, local, and tribal authorities primarily through these fusion centers. Unless specifically prohibited by law, or subject to security classification restrictions, these fusion centers may further customize such information for dissemination to satisfy intra- or inter-State needs.

Fusion centers will enable the effective communication of locally generated terrorism-related information to the Federal Government and other fusion centers through the ISE. Locally generated information that is not threat- or incident-related will be gathered, processed, analyzed, and interpreted by those same fusion centers—in coordination with locally based Federal officials—and disseminated to the national level via the DoD, DHS, FBI, or other appropriate Federal agency channels.

A couple of thoughts:

1. Again, the single-minded focus on terrorism.

2. It's good to see the emphasis on networking the fusion centers. Regional partnerships can really be a strength. But it's a bit concerning that the flow of information - even information that's not relevant to threats or incidents - has to flow through the federal government before it can be shared with others. Given this, it's not clear how the fusion centers will be "networked" together. Is state-to-state sharing really possible? (See the "federally-validated" comment above.)

One weakness of this approach - if it in fact is the approach - is that someone at the federal level has to recognize the information as important before it can be shared with other states. But can't we imagine a situation where state officials in a given region understand their own risks better than federal agencies and are in a better position to decide what information ought to be shared with their counterparts in other states?

I recognize the balance that must be struck here. You can't assume that all information is important, and share everything; because if everything is important, nothing is. But at the same time, you don't want to create bottlenecks where one gatekeeper gets to decide what's important and what isn't.

I hope these concerns are unfounded. It may be that interagency collaboration may be able to allay some of these concerns - that is, if many agencies have a voice in deciding what gets shared, in a truly collaborative environment, there's a better chance that important information will go through.

But on the other hand, I was surprised to find the following sentence in the strategy. It had earlier appeared in the SE Program Manager's status report in September 2007, and it bugged me then, as evidenced in my post on the status report:

Where practical, Federal organizations will assign personnel to fusion centers and, to the extent practicable, will strive to integrate and collocate resources.

If you're really intending to create a collaborative environment, you don't agree to integrate and collocate "where practical" and "to the extent practicable." You make a commitment to do it, and you do it. This is an important concern, if we remember that the CRS recently reported, "In general, fusion centers collocated with a federal agency reported favorable relationships with that agency. This was often in stark contrast to the views of other fusion centers not collocated with a federal agency(s)."

Private Sector Information Sharing

Like the "Federal" section of the Strategy, the "Private Sector" section can be roughly paraphrased as, "We'll keep doing what we're doing to try to share information with the private sector, and we'll get even better."

[A]s we improve efforts to share terrorism-related information with the private sector we must continue to:

• Build a trusted relationship between Federal, State, local, and tribal officials and private sector representatives to facilitate information sharing;
• Ensure that Federal, State, local, and tribal authorities have policies in place that ensure the protection of private sector information that is shared with government entities;

Etc. Etc. Etc.

International Information Sharing

This section is sort of out of the bounds of my interests, but on international sharing the emphasis is on laying the diplomatic groundwork to develop solid relationships with other countries, to ensure that any information that's shared is safeguarded and handled correctly.

In summary, strong partnerships and trusted collaboration with foreign governments are essential components of the war on terror. Effective and substantial cooperation with our foreign partners requires sustained liaison efforts, timeliness, flexibility, and the mutually beneficial exchange of many forms of terrorism-related information.

Protecting Privacy and Other Legal Rights

The strategy also discusses the necessity to protect privacy. I won't go into this much, except to say that respecting privacy is essential to effective information gathering and sharing. As citizens we must have confidence that our rights are respected and that any information that is gathered and shared has been done so legally and with appropriate oversight. The strategy says:

At the direction of the President, the Attorney General and the Director of National Intelligence developed a set of Privacy Guidelines to ensure the information privacy and other legal rights of Americans are protected in the development and use of the ISE. The Privacy Guidelines provide a consistent framework for identifying information that is subject to privacy protection, assessing applicable privacy rules, implementing appropriate protections, and ensuring compliance.

Looking back on this post, it's already pretty long. I'll cover the Appendix on fusion centers in another post, which it really deserves anyway.

Overall, my thoughts on the new strategy are that it's good at sounding good; but it generally just codifies the status quo. There's a lot of assumptions here: That the ISE will work, that Fusion Centers are the best means for sharing information with state and local entities, that federal, state and local agencies will trust one another to share information without getting bogged down in turf battles, etc.

Information sharing is always a delicate process, and the stakes are high. I thought one passage from the strategy eloquently - if unwittingly - expressed both the risks we face from terrorism and from trying to develop a reliable, trustworthy system of sharing information:

[T]he Untied States will continue to face ideologically committed extremists determined to attack our interests at home and abroad.

Untied States? Let's hope not.

New Massachusetts State Homeland Security Strategy

Massachusetts has released a new state homeland security strategy. It's an all-hazards strategy, which reflects the experience of Hurricane Katrina and the risk of other natural hazards such as pandemic flu.

The strategy lists three major goals:

Our obligations, from the state’s perspective, whether we are planning for response to a terrorism incident, detecting a potential influenza outbreak, managing a major fire, or preparing for a potential hurricane, are guided by three major goals:

1) to create a common operating picture among all homeland security and public safety stakeholders;
2) to strengthen and expand partnerships across assets and capabilities; and
3) to focus efforts on private sector and public participation in prevention and preparedness.

These are laudable goals - it's especially welcome to see the explicit focus on private sector involvement (more on that later). It covers the whole range of preparedness activities, from prevention to response and recovery:

[T]he state is ultimately responsible for ensuring both effective prevention and effective response and recovery.

Prevention primarily relies on intelligence that's funneled through the state's Fusion Center:

The intelligence aspect of prevention, in terms of securing critical infrastructure, maintaining resource databases, and all aspects of the Commonwealth Fusion Center, contributes to prevention by informing law enforcement and public safety officials about vulnerabilities. Once vulnerabilities are recognized, we can begin to find solutions to prevent incidents.

Initial thought - this is focused on vulnerabilities, but risk is not just vulnerability. Calculating a threat involves not just vulnerability, but likelihood and consequence as well.

To organize the effort, they're using not only the Fusion Center. For coordination of recovery efforts, Massachusetts is using a new, collaborative organization:

[W]e have launched the Massachusetts Recovery Alliance that will convene all relevant parties to ensure that all efforts – from building inspections, to federal support, to workforce replacement – are properly integrated after a disaster.

They also have an Implementation Team that oversees state support of HSPD-8, "National Preparedness":

The HSPD-8 Implementation Team is charged with assessing the ability of the Commonwealth to respond to catastrophic events. Since its inception in 2006, the team has identified and ranked existing gaps in capacity and compiled them into a matrix that aids in establishing funding priorities and gives direction and focus to state and regional capability improvement plans.

For implementation purposes, the state has been divided into 5 geographic regions:

Liaisons from EOPSS Homeland Security Division provide guidance and oversight to each of five geographically designed regions - the Northeast, Southeast, Central, Western, and Metro Boston (UASI) - which were created to support strategic planning and operational coordination at the local level. Regional Planning Councils for each region are responsible for developing and guiding the implementation of regional homeland security plans described in this document. ... Five Regional Homeland Security Advisory Councils serve as the governance body (both policy-making and administrative) for each of the regions.

Each region is responsible for developing local relationships (very good) and is relatively autonomous in setting priorities:

Substantial state and local collaboration and coordination have resulted from the working partnerships of the regions. In furtherance of SHSS activities, each region has individually dedicated homeland security resources to collaboration, planning, equipment, training, and evaluation.

• The Northeast Region has utilized homeland security funding to procure a variety of emergency supplies, coordinate first responder activities, and implement school safety mechanisms.
• The Southeast Region has made significant strides in improving interoperability and incident command training.
• The Central Region has expanded the capability of communities to recover from large scale incidents through the procurement and deployment of emergency equipment.
• Major accomplishments of the Western Region include interoperability and information sharing projects.
• The Metro Boston Homeland Security Region (MBHSR) has improved intelligence and information sharing, as well as communications interoperability.

In terms of implementing the states three major goals, the strategy briefly outlines some of the implementation activities that should go on statewide. Under the first goal of Creating a Common Operational Picture, the initial emphasis is on the fusion center:

Pursue effective prevention efforts through analysis of risks: In order to understand the strategic threats that face the Commonwealth and take the proper and appropriate protective measures, public safety and public policy officials need access to timely, accurate, and actionable intelligence and information. The Commonwealth Fusion Center is at the center of the state’s efforts to receive, produce, and share intelligence assessments and reports with our local, state, and federal partners. To that end, the Fusion Center has recently incorporated personnel and systems from the Federal Bureau of Investigation (FBI) and the U.S. Department of Homeland Security (DHS) to support the seamless exchange of information and intelligence regarding threats to the nation and the Commonwealth. These assessments and related products are regularly shared with key stakeholders for tactical support, situational awareness, and strategic planning purposes.

The top-down emphasis is a bit worrying - they're incorporating federal personnel into the fusion center. Let's not forget threat information that comes up the chain as well. Hopefully the threat information won't come mostly from "above."

However, it's nice to see that the info on vulnerability of particular assets will come from the local level, because locals know that best. Locals can also provide important info that helps determine likelihood and consequences:

Among the Commonwealth Fusion Center’s intelligence assessments and alerts agenda, a present primary focus is the recent adoption of the Automated Critical Asset Management System (ACAMS), a statewide inventory tool to categorize and prioritize critical infrastructure. The process of assessment includes leveraging existing state and local partnerships with public safety stakeholders and other subject matter experts to collect critical asset data by training and providing them access to ACAMS. These teams will bring together public safety professionals with other subject matter experts (e.g. structural engineers) to produce in-depth, robust vulnerability assessments of critical infrastructure and key resources. When joined with the ongoing assessment of potential threats conducted by the Commonwealth Fusion Center, a clearer assessment of risk in the Commonwealth will emerge.

Seems to me that if the fusion center gets information on threats and vulnerabilities from local personnel, as well as relevant info regarding likelihood and consequences, and really fuses it with the information on threat (as well as info relevant to likelihood and consequences) that comes from the FBI and DHS, then the fusion center will really be doing its job - fusing information from all levels to create an accurate picture of the threat. That's a good approach.

Moving on to some of the other objectives of the strategy...you don't always see this one:

Prepare the Commonwealth for Mass Evacuation and Shelter: To date, there are numerous local and state plans. However, they can not each stand alone and succeed. We need to ensure that the plans are fully integrated, that the expectations of one jurisdiction merge with another, and that the state, through the Massachusetts Emergency Management Agency (MEMA), is able to understand and assist in those efforts. ... This overall state and local effort has three interrelated parts – traffic plans, sheltering capacity assessments, and focus on individuals requiring specific assistance.

Next, a few notes on the second major goal, Strengthen and Expand Partnerships for Prevention and Preparedness. This is good to see:

Integrate Public Health Preparedness into Homeland Security Efforts: Protecting public health is an integral part of an all hazards approach to homeland security, whether it be detecting a naturally occurring or man-made public health threat, or protecting our first responders during a potential chemical, radiological, or biological incident.

But ... is there enough capability built into the public health system to accommodate a catastrophe? (See these two posts.) As for distributing medicines their plan is:

The foundation of the Boston plan is the staffing and operation of large dispensing clinics, located in schools and community centers all over the city, where residents would be able to pick up medications for themselves and their families.

On port security, just an interesting factoid:

[W]e continue to work with affected localities and the state of Rhode Island to oppose the proposed LNG terminal in Fall River. The Commonwealth opposes the proposed terminal based on the potential dangers associated with the storage and transfer of LNG and the U.S. Coast Guard report that expresses safety concerns regarding the transfer of LNG through the proposed waterway.

The risk of LNG to surrounding communities is somewhat unclear. Interesting that Massachusetts is taking this stand.

On Goal #3: Focus on Private Sector and Public Participation in Prevention and Preparedness, it's interesting how many of the specific implementation activities under this goal relate to personal preparedness:

Enhance Personal Preparedness: Help Us Help You Campaign - EOPSS is planning a wide variety of events for September, all of which will reinforce the idea that doing a little advance preparation on an individual level will help the government help you in a time of emergency.

Address the Needs of Individuals Requiring Specific Assistance: Statewide Individuals Requiring Specific Assistance Task Force on Emergency Preparedness: The intention is to enhance emergency preparedness planning for people with specific and/or functional needs and to include them in the planning process as well as exercises and drills.

Continue Community Outreach Efforts: Engage and empower immigrant populations. In order to change the pattern of exclusion, outreach efforts have been employed to engage and empower isolated groups.

I'd actually like to see more detail on how large private sector entities will be incorporated into the planning and preparation process (other than the very welcome involvement in ACAMS noted above). Often, critical businesses such as chemical plants, oil refineries, utilities and so on, are reticent to share information because of proprietary concerns.

While it is certainly important for individual citizens to be prepared, it's even moreso for the owners and operators of critical infrastructure elements to be coordinated with the state's preparation and response.

Update Sept. 26, 2007: I'd forgotten about this audit from last year that found Massachusetts unprepared (also see my post). The state Senate committee that oversaw the audit found four areas of concern:

• The state’s insufficient oversight of homeland security planning by cities, towns and the state’s agencies and authorities;
• The state’s failure to provide first responders with the proper means to protect against terrorist activity and natural disasters;
• The state’s inadequate communication of the statewide strategy; and
• The state’s unsuccessful implementation of its homeland security plan.