|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: InfoSec News (alerts
infosecnews.org)
Date: Tue Apr 10 2007 - 01:29:49 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Forwarded with the permission of the Foreign Policy Research Institute
http://www.fpri.org/enotes/200703.ervin.statuscounterterrorismhomelandsecurity.html
Clark Kent Ervin
March 2007
Clark Kent Ervin heads the Aspen Institutes Homeland Security
initiative. Before joining the Institute, he served as the first
Inspector General of the U.S. Department of Homeland Security. He has
been an on-air analyst and contributor at CNN and is the author of Open
Target: Where America is Vulnerable to Attack (St. Martins, May 2006).
This enote is based on his presentation at Five Years After 9/11: What
Needs to be Done? a conference sponsored by FPRIs Center on Terrorism,
Counterterrorism, and Homeland Security, held December 4-5, 2006 in
Philadelphia. The Center is supported by grants from the Department of
Community and Economic Development and the Department of Education,
Commonwealth of Pennsylvania.
I am often asked whether, in my judgment, DHS has made America safer
than we were on 9/11. My answer to that question is yes. But, whether we
are safer today than we were on 9/11 is not the only question. The key
questions are: are we really as safe as the government says we are, are
we as safe we need to be, and, are we as safe as we can be. The answer
to these questions, ominously, is no.
Aviation Security
Because we were attacked on 9/11 by and through this sector, it stands
to reason that we have focused the lions share of our efforts since then
on closing security gaps therein. In the past five years, cockpit doors
have been hardened; some pilots are armed; the number of air marshals
has increased significantly; and screeners are better trained and more
sensitized to the critical role they play as the last line of defense
before would-be terrorists board airplanes. Even in this sector, though,
we are far more vulnerable to terrorism than we should be this many
years after 9/11 and after the creation of a department created to
prevent another such attack. One after another government investigation
have shown that it is as easy as it was five years ago for terrorists to
sneak deadly weapons past unsuspecting screeners.
In the immediate aftermath of the attacks, the president asked the
Transportation Departments Inspector General, in whose jurisdiction
oversight of aviation security lay at the time, to undertake a series of
undercover investigations at airports around the country to test the
then privatized screeners ability to detect concealed weapons. This was
intended to set a baseline against which progress going forward could be
assessed. The results were devastating, even at a time of heightened
alert. The concern, of course, was that if government investigators
could still easily sneak weapons past screeners, so could hardened Al
Qaeda operatives, who are more than willing to die trying. When I was
appointed the first DHS Inspector General, I sent my own teams of
undercover investigators to the very same airports to see whether two
years later the federalization of the screener workforce and the
transfer of the Transportation Security Administration from DOT to DHS
had made any difference in screeners ability to spot deadly weapons.
When our results came in, we found exactly the same failure rates as in
2001, to the decimal point. I sent the very same teams of investigators
to the same airports in late 2004 and early 2005 to see whether the
recommendations that we had made in early 2004, based on the first
investigation, had been implemented, and, if so, whether screener
performance had improved. We found exactly the same results as two years
earlier. There had been literally no improvement in screeners
performance in four years. It is not as if things are any better now.
This past April investigators working for Congress investigative arm,
the Government Accountability Office, were able to sneak bomb parts
undetected through checkpoints at some 21 airports around the country.
And, as recently as late October, screeners missed guns and bombs in 20
out of 22 tests at Newark International Airport, one of the airports
transited by some of the 9/11 hijackers.
And, of course, the nation was set on edge last summer when the British
foiled a plot to blow up by means of liquid explosives multiple
jetliners bound for our East Coast. What is most troubling about this
near-miss attack is that we Americans had prior warning as to our
vulnerability to liquid explosives. Arch-terrorist Ramzi Yousef
successfully tested liquid explosives back in 1994, killing a man, in
preparation for a plot to blow up multiple jetliners over the West Coast
planned for the next year. So we had twelve years to develop
technologies to counter the threat of liquid explosives, but we did
nothing. As a consequence, lacking any alternative, TSA was forced to
take the draconian step of briefly banning all liquids and gels from
flights. Of course, the ban has since been relaxed a bit, but this
smacks more of capitulation to pressure from the struggling airline
industry than anything. (Business travelers especially, the lifeblood of
the airline industry, complained bitterly about being forced to check
essential toiletries on short-haul flights.) Now liquids can be brought
onto planes if they are bought in airport shops past the screening
checkpoint. But, the claim last summer was that otherwise innocuous
liquids and gels can be combined to make deadly explosives. Either this
is true or it is not. If it is true, what difference does it make if the
liquids are purchased after travelers pass through screening if they can
bring the liquids aboard airplanes and mix them on board?
Another continuing vulnerability is air cargo. About a fifth of the
airborne cargo is carried aboard passenger planes, as opposed to
dedicated cargo planes. That means that at one time or another most
Americans have probably been aboard a commercial flight with cargo in
the hold. Most of the cargo is not inspected for explosives before it is
loaded onto the plane. There are supposed to be random inspections from
time and time. And, if there is specific intelligence indicating that a
particular package or container is high-risk, it is supposed to be
opened and inspected. But any inspections that are done are done not by
our government, but by the airlines. Yet, the whole point of creating
TSA was that, left to their own devices, airlines would put profit ahead
of security concerns. And, whether the airlines actually do any
inspections is unknown, because TSA does not require them to report
whether they are conducting them. There is 100 percent inspection of air
cargo in Britain, Israel, and the Netherlands, and there is no reason
why we cannot do the same here in the United States. So, again, even in
the area where we have done the most to make ourselves more secure, we
are still dangerously vulnerable.
Port Security
During the course of the hard-fought 2004 presidential campaign,
President Bush and Senator John Kerry disagreed about every single
issue, except one. Each agreed that the number one threat facing the
nation is nuclear terrorism. All the experts agree that the likeliest
way for terrorists to smuggle WMD into the country are in one of the 11
million cargo containers that come into our 361 seaports each year.
Though the technology exists to screen all cargo containers for
radiation at a reasonable cost and without unduly slowing down commerce
(the worlds busiest port, the Port of Hong Kong, does just that, at a
cost of about $20 per container), we inspect only 6 percent of
containers. This figure is based on an "Automated Targeting System"
(ATS) that is less sophisticated than it sounds. It is based essentially
on: (1) the cargo manifest, a list of a containers contents that can be
as general as "merchandise," and which can be legally amended for up to
60 days after the container arrives in port in the U.S.; and (2) the
cargos shipping route, which likewise can easily be fabricated. My team
of auditors at DHS found that dangerous items smuggled aboard cargo were
likelier to be found by random inspections than by ATS. So, we inspect a
wholly arbitrary percentage of cargo containers on the basis of
essentially no criteria at all. Moreover, we have too few radiation
detection machines, and the ones we have cannot distinguish between
deadly radiation and harmless radiation that naturally occurs in
products like bananas, ceramic tiles, and kitty litter.
DHS touts as accomplishments maritime security programs that wind up
making the nation less safe than no programs at all. It maintains that
if we wait to inspect cargo containers when they arrive at our seaports,
it might well be too late. So, ideally, we should "push the borders" out
by stationing our cargo inspectors abroad to ensure that foreign ports
inspect cargo bound for the U.S. that our intelligence analysts believe
may be high-risk. The Container Security Initiative (CSI) is intended to
do just that, and we have CSI agreements with 50 ports around the world
representing about 90 percent of seaborne cargo bound for the United
States. The problem, according to GAO, is that more than 80 percent of
the time, foreign inspectors refuse to inspect cargo that our
intelligence indicates is potentially dangerous, and, for reasons of
sovereignty, our inspectors stationed abroad cannot do the inspections
themselves. The likelihood that this cargo will be inspected once it
gets to an American port is low, because its originating from a CSI port
creates the presumption that it is probably safe. And even if the cargo
were inspected at an American port upon arrival, the whole point of CSI
is that waiting until then to do inspections may be too late.
The other chimerical DHS maritime security program is the Customs Trade
Partnership Against Terrorism (CTPAT). In exchange for simply submitting
paperwork claiming that it has a rigorous security regime in place to
guard against terrorist penetration, a company can decrease the chance
that its cargo will go through the relatively costly and time-consuming
process of inspection. DHS attempts to validate that the claimed
security programs are in fact in place, but only after companies benefit
from reduced inspections, and any audits that are done are limited to
whatever features of security programs companies permit DHS to check.
This is the state of our counterterrorism efforts in the sector where a
successful terrorist attack is likely to have the severest consequences.
A 10- to 20-kiloton nuclear weapon detonated in a major seaport would
kill between 50,000 and one million people, and would result in direct
property damage of $50-500 billion, losses due to trade disruption of
$100-200 billion, and indirect costs of $300 billion to $1.2 trillion.
Border Security
The 9/11 hijackers all chose to come to this country through legal ports
of entry. Given the ease with which people can slip across our northern
and southern borders undetected, one wonders why the hijackers increased
their chances of being caught by subjecting themselves to inspection. It
is surely because it was so ridiculously easy five years ago to evade
the scrutiny of border inspectors.
It is much harder to do that today, especially if a terrorist is a
national of a country whose citizens need visas to visit the U.S. Now,
visa applicants are likelier to be interviewed by an American consular
officer, and a much more extensive "watch list" of known and suspected
terrorists is checked. The U.S. VISIT system that takes two finger scans
and digital photographs of international visitors at ports of entry is a
huge advance since 9/11 in terms of getting a handle on who is visiting
our country legally and whether a given visitor is a known or suspected
terrorist.
But, instead of cutting back on the number of countries (27) whose
citizens can travel to the United States without a visa, in November
2006 the president announced plans to expand it. Terrorists prize
passports from "visa waiver" countries because such travelers are
checked only at the port of entry. They do not undergo what can be
lengthy and thorough interviews at embassies and consulates abroad by
consular officers who often know the local language, are familiar with
local customs, and are trained in detecting fraud and deception.
Instead, they are simply given the once-over by under-trained and
harried port of entry inspectors who are under pressure to clear
international visitors through as quickly as possible.
The U.S. VISIT system is also incomplete. It is operational only "in
secondary" at land crossings, meaning that border inspectors have to be
suspicious of a given traveler before scrutinizing him. Mexicans and
Canadians, who constitute the bulk of people who come to the United
States by land, are exempt from the system. Late last year the
department announced that it was abandoning efforts to add an exit
feature to the program. So, if we subsequently find out that we have
admitted a terrorist into the country, we will have no way of knowing
whether he is still here. And, though Secretary Chertoff has promised to
fix this soon, the U.S. VISIT system is still not compatible with the
FBIs database of 47 million fingerprints, among which are the prints of
at least 40,000 known or suspected terrorists. Finally, it is, of
course, still as easy as ever for terrorists to sneak into the country
among the throngs (about half a million) of illegal aliens who come into
this country each year. In his final congressional testimony as DHS
Deputy Secretary Jim Loy acknowledged that this is a real threat.
Mass Transit Security
We have had a number of wake-up calls since 9/11 as to the vulnerability
of our mass transit systems to terrorist attackthe March 2004 Madrid
attack, the July 2005 London Underground attacks; and various real and
alleged plots aimed at New York City. The good news is that, in
partnership with the relevant state and local officials, DHS did all the
right things after those scares. In various cities around the country,
especially those in the Northeast most dependent upon mass transit and
most often targeted by terrorists, we saw increased armed police
patrols; the use of bomb-sniffing dogs and the deployment of bomb
detection technology; the greater use of surveillance cameras; public
awareness campaigns; and, in some places, like New York City, random bag
searches. The bad news is that all these measures were either scaled
back or done away with altogether as soon as the scares faded from the
headlines.
If I were a terrorist, I would simply wait until these measures were
relaxed or repealed and strike then. What needs to happen, of course, is
for these measures to be institutionalized on an ongoing basis. But this
is exceedingly costly, and DHS has been reluctant to subsidize states
and localities recurring security costs.
Critical Infrastructure and "Soft" Targets
A number of sectors and sites in our country (the food industry, the
energy sector, telecommunication networks; financial systems, etc.) are
so critical to the vitality of our economy that a devastating terrorist
attack against them would endanger the national security. Complicating
the challenge of protecting them, about 85 percent of the nations
critical infrastructure is owned and/or operated by private companies.
Our nation has traditionally been relatively reluctant to regulate
industry. These two factors, plus the lack of an attack on critical
infrastructure, and, of course, industrys understandable unwillingness
to regulate itself, have had the effect of limiting severely the degree
to which critical infrastructure has been hardened since 9/11 to deter
or defend against a terror attack.
Fortunately, a bipartisan consensus is emerging that the chemical sector
is so vulnerable, and the consequences of an attack against it would be
so deadly, that some degree of regulation is required. But the chemical
sector is not unique in this regard. It is to be hoped that the new
Congress will make regulating critical infrastructure a priority,
recognizing that an appropriate balance must be struck between enhancing
security and preserving private sector vitality and dynamism.
However, DHS is in no position to know which sectors and sites are most
critical and which are most vulnerable to terrorism. That is because it
has yet to create a creditable list of the nations most critical
infrastructure prioritized in this fashion. Various versions of the list
have included ludicrous things like amusement parks and petting zones,
while omitting sites that are clearly potential terror targets like
iconic buildings and monuments in major cities.
As for "soft" targets (shopping malls, sports arenas, movie theaters,
restaurants, etc.), the reason that they're call "soft" is because by
their very nature they tend to be less well protected than critical
infrastructure. Because they are so easy to attack, because they have
never been attacked in this country, and because an attack against them
would probably terrorize average Americans more than an attack on a site
thought likely to be attractive to terrorists, it is probably only a
question of time before terrorists strike. And, paradoxically, the
harder we harden already relatively hard targets like critical
infrastructure, the more tempting soft targets becomes. Absent an attack
on a soft target, it is safe to say that the public is unwilling to put
up with the kind of draconian countermeasures (heavy police patrols,
bomb sniffing dogs, bag searches) that are routine in Israel and
tolerated here occasionally for clear terrorist targets like mass
transit systems.
Emergency Preparedness and Response
If there was any doubt as to whether America was better prepared for
another terror attack than it was on 9/11, Hurricane Katrina removed
that doubt. If terrorists rather than Mother Nature had targeted the
levees, the result would have been the same in terms of loss of life,
injury, and economic damage. If we were so manifestly unprepared for a
foreseen event like a hurricane, how prepared can we possibly be for a
terror attack for which there is rarely precise warning?
We still lack viable evacuation plans for major cities. We still lack
pre-positioned supplies of food, water, medicine, and pre-fabricated
housing that can be dispatched quickly to devastated areas. We still
lack a clear chain of command among and between different levels of
government in the event of a crisis. And first responders are still
unable to communicate efficiently when disaster strikes.
Making matters worse, counterterrorism funds that could be used to
prepare communities that are most at risk of attack are still doled out
to some degree on the basis of pork barrel politics. Indeed, in the last
round of counterterrorism funding, money for acknowledged top terror
targets like New York City and Washington, D.C. were actually cut by 40
percent, while funds for less at risk cities like Omaha, Nebraska and
Louisville, Kentucky were increased by more than 60 percent.
Intelligence
DHS intelligence unit, "Information Analysis," was intended to collate
and synthesize all threat information from across government concerning
threats against the homeland and to consolidate the dozen different
terrorist watch lists that different government agencies maintained
before 9/11. The lack of a central clearinghouse for homeland security
related threat information and the lack of a consolidated watch list
prevented the government from being aware of and acting upon the
indications before 9/11 that such an attack was imminent.
However, the administration essentially strangled IA in its cradle by
giving the job of synthesizing threat information to a CIA-led entity
(initially known as the "Terrorist Threat Integration Center"; now known
as the "National Counterterrorism Center"), and by giving the job of
consolidating the terrorist watch lists to an FBI-led entity (the
Terrorist Screening Center). Though DHS has representation at both the
NCTC and the TSC, it is still the case that the CIA and the FBI
occasionally keep "hot" information from DHS, according to the report of
the Silberman-Robb commission on the nations recent intelligence
failures. So the next time there are indications of a terror attack,
chances are DHS will be the last agency to know about it, even though it
is nominally in charge of the governments efforts to prevent such
attacks and to respond to them.
Conclusion
In brief, then, more than five years after 9/11 and four years after the
creation of the massive DHS, the nation remains an open target for
another terror attack. To be sure, we have not been attacked in five
years. But, this says more about terrorists ambitions and timelines than
our preparedness. From everything we know about Al Qaeda, they want the
next attack to be even more spectacular than the last one. The more
spectacular the attack, the longer it takes to plan, the more it costs
to carry out, the greater the number of operatives needed to execute it,
and the greater the chances that something will go awry. If the good
news in this is that we are unlikely to see many future attacks, the bad
news is that any future attack will likely be huge in scale and
devastating in effect.
To be sure, we can never make ourselves invulnerable to terrorism. The
nature of terrorism is such that the odds will always be against us.
Terrorists have to get things right only once; our counterterrorism
efforts have to work perfectly every time. If one adds to this the wide
range of targets in a country like the United States, and our proper
high regard for civil rights and civil liberties, the odds against us
only increase. But while we cannot reduce the threat of terrorism to
zero, we can and should be significantly safer than we are.
To make ourselves as safe as possible under the circumstances, we need
three things. First, a significant increase in homeland security
spending, coupled with rigorous controls to ensure that additional
dollars are not misspent the way all too many of them already have been.
It may be possible to do certain things in government on the cheap, but,
if so, defending the nation against terrorism is not among them. Second,
we need leadership at every level of DHS that is expert in both
counterterrorism and managing huge, dysfunctional bureaucracies. It is
not just Michael "Brownie" Brown who was in over his head at DHS' FEMA.
The department has been hampered from the very beginning by the lack of
expert leadership at all levels. Finally, there needs to be a culture of
openness and accountability. Only if government acknowledges problems
can it get about the task of solving them. All too often the departments
leaders have dug in their heels by insisting that obvious security gaps
have been closed or, worse, that these gaps are not gaps at all.
Terrorists know very well where we are vulnerable, and we can be assured
that they are working overtime to exploit these vulnerabilities.
There is, fortunately, some good news on the horizon. The new Congress
promises vigorous oversight over DHS and significantly more funding for
homeland security initiatives. Finally, it has promised to move
aggressively toward 100 percent inspection of air cargo for explosives
and sea cargo for radiation, and toward allocating scarce homeland
security dollars on the basis of risk rather than pork barrel politics.
Of course, the proof will be in the pudding, but there is reason to
expect that America is now on the road to becoming safer. There is,
however, considerable work yet to do, and there is not a moment to
waste.
-=-
You may forward this email as you like provided that you send it in its
entirety, attribute it to the Foreign Policy Research Institute, and
include our web address (www.fpri.org).
__________________________
Subscribe to InfoSec News
http://www.infosecnews.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]