Problems Crop Up During Deepwater Trials

Sea trials have found eight major concerns with the Coast Guard's new National Security Cutter, but service officials say they are confident the ship, christened Bertholf, will pass acceptance tests soon.

Northrop Grumman Corp. is building the Bertholf as part of the Coast Guard's Deepwater Modernization program, a $24 billion effort to upgrade the agency's ships, aircraft and communications gear. So far, it's been a bumpy ride -- the Coast Guard had to shelve one of its boat projects as too ambitious, while another project foundered after eight upgraded 123'-foot cutters proved unseaworthy.

Now the Coast Guard is hoping the Bertholf will change the project's momentum. The ship is a few months behind schedule, but Coast Guard officials say there haven't been any big hiccups this year. The mid-April acceptance trials were a big milestone -- the Coast Guard wants to accept the ship by the end of this month so it can start training its crew. The latest list of technical issues hasn't dented the agency's optimism.

"These acceptance trials are good news for the Coast Guard because the number of starred cards written for Bertholf is extremely low, considering this is a first-in-class ship. The Coast Guard is confident that the contractors will be able to resolve all materiel deficiencies aboard Bertholf in a timely manner," Coast Guard spokeswoman Laura Williams said Monday.

The Navy also put a good spin on the Bertholf's performance. The latest trials turned up about 2,800 "trial cards", which identify areas that need more work. That compares to between 6,000 and 16,000 cards for first-in-class Navy ship. In addition, about 1,360 of the Bertholf's trial cards dealt with previously identified issues. This led the Navy to commend the Coast Guard's "superb quality assurance" while managing the project, the Coast Guard said.

Here's the new ship's honey-do list of major things that need fixing, as identified by Coast Guard and Navy inspectors:

- Machinery Control Monitoring System: a computer system that enables automated or manual operation of main propulsion and electrical systems.

- Line Shaft Bearings-These bearings support and align the ship's propeller shafts. The bearings require maintenance and re-alignment.

- Starboard Anchor-The anchor machinery requires additional lubrication.

- Mooring Line Controllers-The Navy recommended modifying these line controllers for portable operation to improve crew safety.

- Gantry Crane Hoists-Designed to raise and lower the NSC's cutter boats (Short Range Prosecutor and Long Range Interceptor), the hoists require adjustment to the wire ropes and swivel hooks.

- 57mm Ammunition Hoist-The ammunition handling system's brake must be repaired for safe operation.

- Incinerator-Requires repair for testing.

- Flight Deck-The Navy wants the Coast Guard to correct 14 deficiencies before BERTHOLF earns certification for naval flight operations. These deficiencies include: removing hoses from the flight deck; installing sound power communications between stations on the flight deck; installing additional tie downs; correcting flight deck markings for the Aircraft Ship Integrated Secure and Traverse (ASIST) system, etc.

In addition to this major list, there are 78 other items that require additional safety-related adjustments, the Coast Guard said. The new ship also has started TEMPEST testing, a Pentagon protocol required for classified communications systems, the agency said.
Integrated Coast Guard Solutions, the Lockheed Martin-Northrop Grumman joint venture that is coordinating a big chunk of the Deepwater contracting, did not have comment on the acceptance trials when contacted Monday.

-- Rebecca Christie

Cash for the Mad Scientist in You!

In an effort to inject some competition for small businesses with innovative ideas in the defense and security arena, a small group of London Business School students put together a contest last year that awards a healthy chunk of cold hard cash to entrepreneurs with bright ideas.

Called the Global Security Challenge, this year judges will focus on “technology products that can be used to prevent, defend against, cope with or recover from terrorist incidents, other criminal acts, natural disasters, including identifying or locating perpetrators of these acts…Examples of our areas of interest are biometrics, detection sensors, network security, data storage, biotechnologies, and search software.”

In order to qualify, the company or entrepreneur can have zero income but no greater than $5 million USD in annual revenues. The competition is open to worldwide idea meisters and the winner could garner $500,000 to get their security innovation started.

The first round of entries closes on June 30. So if you have that new “ACME robo retna scanner terrorist ID detection array” that’s just been sitting in the garage waiting for some cash injection to get it off the ground, this may be your chance.

-- Christian

What's Next for Deepwater?

What began as an ambitious but mostly overlooked scheme to modernize the Coast Guard’s entire fleet of ships and aircraft over a 20-year period has, just five years after conception, turned into one of the most troubled and criticized U.S. military programs.

The $24-billion Deepwater initiative was launched in 2002 with a contract naming Integrated Coast Guard Systems -- a partnership between electronics maker Lockheed Martin and shipbuilder Northrop Grumman -- the “lead systems integrator” for the program, meaning the firms, rather than the Coast Guard, would be responsible for selecting subcontractors to handle the aircraft, electronics and shipbuilding work.

Integrated Coast Guard Systems hailed the unusual arrangement as revolutionary -- and the best way to leverage the firms’ shared expertise. But the service has terminated the lead-systems-integrator relationship, citing shoddy work on a $100-million effort to stretch and modernize eight 110-foot patrol boats -- the first major shipbuilding portion of Deepwater. Those boats are being decommissioned due to hull buckling, leaving the Coast Guard with a 15-percent gap in its patrol boat force, Commandant Thad Allen said while announcing the decommissioning and the Deepwater changes on April 17. Earlier, Allen had cancelled the so-called Fast Response Cutter being designed from scratch by Integrated Coast Guard Systems to eventually fill that gap, instead expressing his intention to seek off-the-shelf boat designs.

The stretched boats also suffered from incomplete electronics integration and poor network security, according to Michael DeKort, a former Lockheed Martin engineer who worked on the boats but was fired, allegedly for challenging his bosses over the problems. Two weeks ago DeKort testified before a House committee investigating Deepwater. A Justice Department probe is also reportedly underway, following on the heels of several Coast Guard Inspector General reports that were critical of Deepwater.

The long-term consequences of the Deepwater shakeup are far from clear -- and it’s possible that Lockheed Martin and Northrop Grumman will still do much of the work on the program, albeit strictly as contractors. According to Allen, all aspects of Deepwater that are already far advanced -- including work on patrol planes, helicopters, short-range boats and several large cutters -- will remain intact. But overall management of the program will pass from industry to the Coast Guard. That means the service will need more officers with acquisitions experience.

“I have already begun building my organic staff in the fiscal year 2008 budget request, and will combine that with other government assets as we transition to this new role,” Allen said.

But this might take years, so in the meantime, the Coast Guard will bring in experts from the American Bureau of Shipping and other third parties “to increase assurances that Deepwater assets are properly designed,” Allen said.

The Coast Guard’s renewal of its acquisitions forces comes hot on the heels of a similar initiative in the Navy, which has seen the price of its warships climb steeply, owing in part to poor contractor performance.

--David Axe, cross-posted at War Is Boring

Pharma Hearts Big BARDA

And who wouldn't love a seven-foot Amazonian woman leading the Female Furies to save the day? Oh, we're not talking about the DC comics book character "Big BARDA"? It's also the name of a new Department of Health and Human Service's (DHHS) effort? Well, we can talk about that, too.

Last Thursday, the Senate approved legislation within the "Pandemic and All-Hazards Preparedness Act" (S. 3678) to create a Biomedical Advanced Research and Development Agency (BARDA). This particular legislation has been in the works for about two years as Congress has tried to address industry gripes about Project BioShield, the DHHS effort intended to fastrack industry's development and fielding of medical countermeasures used in the response to a terrorist CBRN incident.

The biggest challenge to the U.S. government has been to encourage industry to make drugs that may never be used, and if given out in large quantities during an emergency, may be misused or abused by the general public and/or panicky emergency responders. Big Pharma took a look at the risks, the liability insurance needed, and the profit margin, and said "no thanks, we'll stick to curing male impotence issues." However, little brother Pharma (the small start-up labs struggling to break out) said "give us an indemnification agreement against future liability suits and make it worth our while and we'll talk." In short, that's what BARDA's role will be.

The legislation is much more pretty-sounding. It says the DHHS Secretary will “coordinate the acceleration of countermeasure and product advanced research and development” by:

- facilitating collaboration between DHHS and other agencies, industry, academia, and other persons, with respect to such advanced research and development;
- promoting countermeasure and product advanced research and development;
- facilitating contacts between interested persons and the offices or employees authorized by the Secretary to advise such persons regarding requirements under the Federal Food, Drug, and Cosmetic Act; and
- promoting innovation to reduce the time and cost of countermeasure and product advanced research and development

The legislation also authorizes BARDA to execute a $1 billion budget, and it limits any disclosure of “specific technical data or scientific information that is created or obtained during the countermeasure and product advanced research and development carried out under subsection (c) that reveals significant and not otherwise publicly known vulnerabilities of existing medical or public health defense against biological, chemical, nuclear, or radiological threats.” That means FOIA or FACA requests would not apply to BARDA working groups or the National Biodefense Science Board.

That part is a little controversial, and was one of the main reasons why it's taken Congress two years to actually try to improve Project BioShield. DHHS has awarded a few procurement contracts for anthrax vaccines, a botulinum toxin antiviral, and potassium iodide, but not much else. This legislation will enable BARDA to "help" industry through the long, expensive process of making other vaccines, ones that probably won't have too much use outside of emergency response to the very low probability of bioterrorism incidents. Needless to say, industry loves this idea and can't wait for the House to agree to the words and print this baby into law.

Passage by the U.S. Senate of this bill, which includes critical BARDA provisions and provisions to reauthorize bioterrorism grants, is an important and necessary step toward improving America's defenses against bioterrorism and pandemic diseases.

This legislation recognizes that the 'Valley of Death' remains a barrier to effective countermeasure product development, and authorizes the Biomedical Advanced Research and Development Authority (BARDA) within the Department of Health and Human Services. Through BARDA, contracts and grants for advanced research and development will be made to companies working on products to protect the American people. The bill also contains important contract reforms that improve upon the advances made under Project BioShield, by allowing, for example, milestone payments and surge capacity provisions to improve the viability and sustainability of biodefense product development and manufacture.

Significantly, the Senate-passed bill contains strong funding levels and important provisions to permit competing companies to cooperatively respond to government-declared emergencies without violating antitrust laws.

The "Valley of Death" refers to the time period between industry's drug development and the FDA's approval of the drug. The current BioShield legislation doesn't award any federal funds until the industry firm is producing the actual approved drug, and the small pharma firms just don't have the investments to make it that long. Thus, like a superhero racing to the rescue, comes Big BARDA!

- Jason Sigger

Getting Right with the 9/11 Commish

Since the elections in November, there's been plenty of talk about Democratic plans to implement the 9/11 Commission recommendations (or not). Advocates of the idea have touted it as a critical and timely response to issues left unaddressed in the last two years, with incoming House Speaker Nancy Pelosi making their implementation "one of the centerpieces of her 'first 100 hours' legislative agenda" according to the Washington Post. Skeptics have scoffed at this notion, with the Heritage Foundation's James Carafano telling the AP in late November that "I don't think there's a lot more to do there" and "I think we're done."

Amidst all of this rhetoric, there's an easy way to resolve this dispute: go to the source. That's what I've done over the last two weeks, going one-by-one through the each of the 41 recommendations in the 9/11 Commission Report, looking at what's been done to date, and analyzing what the 110th Congress could potentially do to make progress on each and every one of these recommendations.

You can read the complete analysis in this 25-page paper:

Implementing the 9/11 Commission Recommendations: An Analysis.

Overall, I think the analysis shows that there is a lot that the incoming Congress can do to respond to the 9/11 Commission's recommendations, not only in terms of authorizing legislation, but also in terms of funding, oversight, investigations, public communications, and personal outreach. These recommendations are neither a panacea nor a finish line (there is no finish line against a constantly evolving threat), but they are still a useful set of recommendations that can improve our counterterrorism, homeland security, and intelligence capabilities, and they are part of a credible security agenda for the next Congress.

-- Christian Beckner (cross-posted from Homeland Security Watch)

Free the Wonks!

For those who believe in transparent government and fact-driven legislation, the power shift in the U.S. Congress represents a unique opportunity to open up one important Congressional institution to the Internet and bring back another one twelve years after it was disbanded.

The Congressional Research Service publishes first-rate, succinctly-written analyses of policy issues, including hundreds of reports on homeland security issues over the last few years. But you wouldn't know that from looking at the CRS website, which contains none of the entity's content. This has been the situation with CRS reports dating back to the early days of the World Wide Web, largely at the behest of former House Administration Committee Chairman (and recently convicted felon) Bob Ney.

Congressional staffers are often willing to send out CRS reports to constituents, and as a result the reports eventually get out into the public domain, but sometimes after delays of weeks or months. I've made an effort to dig out every homeland security-related report I can over the past 7-8 months, as you can see here, and there are many other groups such as the Federation of American Scientists who have created excellent CRS report sites. But our yeoman's work is a poor substitute for direct, real-time access to new CRS reports at the crs.gov site. The new Democratic leadership in the House and the Congress should set the CRS free on day one of the 110th Congress.

A second important Congressional institution, the Office of Technology Assessment, has faded into a distant memory over the past decade, but it once played a critical role in advising Congress to make sense of technology issues. It was disbanded following the Republican takeover of Congress in 1994, a sacrificial pawn with a $20 million/year budget to the budget-cutting rhetoric of that election. But with the federal government today spending $135 billion/year on R&D today, the disbandment of OTA looks penny wise but pound foolish. It's not possible to prove a counterfactual, but I'm confident that there would be a better-informed Congressional allocation of R&D funding and much less waste if the OTA still existed today.

In particular, the homeland security domain has deeply needed the OTA over the past five years. DHS has frequently struggled to articulate an R&D agenda for key mission requirements, and Congress has too often provided only surface-level oversight of the Department's technology challenges.

Take the example of R&D on explosive detection systems for aviation security. After 9/11, Congress moved quickly to invest billions of dollars in new machines, and start R&D efforts for a next generation of technology. Those decisions were made, as best I can tell, without any long-run plan for how TSA would migrate from this first-generation of technology to the next-generation. This is exactly the kind of guidance that the OTA could have helped to provide upfront. In the absence of such strategic advice, the migration path to a new generation of technology continues to be informed too much by reactions to the news of the day (e.g. the UK plot and liquid explosives detection) and competing industry pressures, and not enough by a long-term strategy.

For this reason, and countless others, it would be an excellent investment to bring back the Office of Technology Assessment. It will undoubtedly take some time to bring it back to its prior level of competence, but it's a project worth undertaking.

p.s. For those interested in the work of the OTA as it applies to homeland security, check out its excellent report from 1992 entitled "Technology against Terrorism: Structuring Security" which serves as a prescient guide to many of the challenges still facing DHS today.

-- Christian Beckner (cross-posted from Homeland Security Watch)

Homeland security after the midterms

The final results of the 2006 midterm elections are now all but in, and it's clear that the Democratic party will have a 30 seat majority in the House and a 51-49 majority in the Senate. This will lead to a number of key changes in the Congressional agenda for homeland security. Here are seven that are likely to be near the top:

1. Implementing the 9/11 Commission recommendations. In the aggregate, this idea is an oversimplification, because a number of the recommendations are not amenable to legislative fixes. But many of them can be addressed by legislation, e.g. resolving emergency spectrum issues and making grant allocations completely risk-based. On this latter issue, the barrier to date hasn't been a Dem-Rep divide; it's been a big state vs. small state divide, and nothing in the current realignment changes that. I also think there's a lot of work to be done on the recommendation concerning how the "U.S. border security system should be integrated into a larger network of screening points."

One other important recommendation by the 9/11 Commission concerned the creation of permament homeland security committees. I've written repeatedly about this issue over the last two years, arguing that while the arrangement in the House is more or less sufficient, the Senate did not go far enough in empowering the HSGAC. If the Democratic leadership in the Senate is concerned about implementing the 9/11 Commission recommendations, the first thing that they need to do is give the HSGAC broader authority over transportation security (which is at Commerce now), chemical facility security (which EPW has claims some authority over), and border security (which is now at Judiciary) at a minimum. Perhaps the "government affairs" part of the HSGAC should be spun off to the Senate Budget Committee as part of this realignment, since it's the other Senate committee that has a government-wide focus. For more on this issue, see this post from September.

2. Rail and transit security. According to a story in CQ (subscription req'd), HSC Chairman-elect Bennie Thompson is already planning to bring up rail and transit security language that had been removed from the port security bill during the final conference as a new piece of legislation early in the 110th. While there are limits to what can be done to counter rail and transit threats, I think we are clearly not doing enough today - see this post from July for more on this topic - and movement on such legislation is warranted.

3. Chemical plant security. The language that was attached to FY 2007 DHS appropriations on chemical plant security was a sham, and made a mockery of the comprehensive legislation that had been passed by the HSC and HSGAC on a bipartisan basis earlier in the year. Hopefully one of the first things that the Democratic leadership in the House and the Senate will do is go back to these bills, fix a couple of the small flaws in them, and get this passed and to the President's desk. I'd be surprised if he would veto such a bill.

4. Border security and immigration reform. As the President admitted in his press conference yesterday, the likelihood of passing comprehensive border security and immigration reform legislation has increased with the election of a Democratic Congress. I think there now will be a window of time in 2007 to revisit this issue, and pass a bill along the lines of the Senate's version of the legislation in 2006.

Whatever passes will likely be much less punitive than what would have emerged if the House Republicans had decided to actually negotiate with the Senate this summer rather than playing games with amateurish field hearings and insisting that they needed a "majority of the majority" to move forward. This turned out to be a strategic miscalculation of the first order. And contrary to their notion that demagoguing this issue would help Republicans to protect seats, the opposite was in fact true, as vocal anti-immigration hardliners in the House such as John Hostettler and J.D. Hayworth were booted out of office on Tuesday.

5. Revisiting lost 'party-line' votes. On a number of occasions in 2005 and 2006, there were party-line votes in committees or on the floor on contentious homeland security issues. Examples include votes on 100% scanning of inbound maritime cargo, 100% screening of domestic cargo, and the relationship between C-TPAT validation and risk targeting scores. In some cases, the Democrats lost votes on these issues by 1 or 2 votes in committee. I'd expect each of them to be revisited at some point in the coming year, most likely in the context of the FY 2008 DHS appropriations bill and/or a DHS authorization bill.

6. DHS authorization legislation. As mentioned in the last sentence, I think we're likely to see more progress on DHS authorization legislation than we've seen in the last two years. This has been a secondary priority in the House to date, and not even on the agenda in the Senate.

Any authorization bill would and should likely focus on the management and governance of DHS, focused on ways to strengthen its core capabilities. For example, an authorization bill should have a section on DHS workforce issues, focusing perhaps on the creation of a new multi-agency career track of 'Homeland Security Officers' who could be the robust core of the DHS workforce. (See this post from March for more on this). And it should have a section on the education and professional development of that workforce. (See this post for more).

I'd also expect an authorization bill to revisit some of the issues concerning the way that DHS handles classification; for example, modifying the rules concerning 'Sensitive But Unclassified' (SBU) information.

7. Increased oversight. One consequence of the congressional power shift is that we're likely to see increased congressional oversight of the executive branch, including DHS. I actually think that DHS has been subject to a fairly solid amount of oversight to date; I often can barely keep up with all of the GAO reports, DHS IG reports, congressional investigations (e.g. the post-Katrina reports), and media investigations of DHS. But there has been something missing from these multiple streams of investigations - the willingness to use subpoena power to compel answers when there has been truculence at DHS and elsewhere in the federal government, as was the case during the Senate's investigation of the response to Hurricane Katrina.

This list is only a starting point; there are a number of other homeland security issues that might also pop up on the Congressional radar screen in the 110th Congress. I hope (and feel initially confident) that this work will be driven by a responsible assessment of threat and vulnerability, weighed against broader societal and economic impacts, and be constantly focused on improving our protection and preparedness of the nation against the serious threats that we still face.

-- Christian Beckner (cross-posted from Homeland Security Watch)

The Fake Boarding Pass Saga

Last week Christopher Soghoian, a 24 year-old Ph.D. student in information security at Indiana University, whipped together a website that allowed anyone to create a fake Northwest Airlines boarding pass. He hoped to bring attention to a security hole that allows anyone, including someone on the No-Fly list, to enter the security line with a fake document. Instead he got another kind of attention.

For those unfamiliar with the story, it's one I've been following in my blog and in a proper news story for Wired News since Soghoian told me about his site Wednesday night.

Soghoian, a security researcher who has done work at Google, Apple and IBM, told me the site's purpose was to demonstrate the futility of the No-Fly list:

I want Congress to see how stupid the TSA's watch lists are. Now even the most technically incompetent user can click and generate a boarding pass. By doing this, I'm hoping [Congress] will see how silly the security rules are. I don't want bad guys to board airplanes but I don't think the system we have right now works and I think it is giving us a false sense of security.

Even without his generator, the No-Fly list can be avoided:

If you can purchase a ticket over the internet with a pre-paid debit card and can fly without I.D., then for domestic flights the No-Fly list doesn't work.

On Friday, Congressman Ed Markey (D-Mass) called for the site to be shut down and arrested, and later that day, the FBI shuttered the site and met with Soghoian. Whatever he said must not have been convincing, since the FBI raided his house with a search warrant signed by a judge at 2 a.m. Saturday morning and seized his computers, though they didn't arrest him. Markey then retracted his call for Soghoian's arrest on Sunday and in fact, suggested the government hire him instead (though Markey called the site a 'lousy way' of publicizing the problem).

Since Sunday, the story has slowed considerably. Soghoian has lawyers now and isn't talking to reporters, though is occasionally updating his blog.

Soghoian's site exploited a well-known security hole, one first publicized by security expert Bruce Schneier in 2003, given the full-on Slate treatment in 2005, and, according to security blogger Adam Shostack, was explained to high-level Homeland Security officials in 2004.

That doesn't mean all security researchers applaud Soghoian's method. Indeed, Avi Rubin, who's best known for his voting security work, told Xeni Jardin that his former teaching assistant should have shown this to the government privately.

So what's the upshot? Will the government ban boarding passes ticketed at home? Will they prosecute Soghoian for building this site? Won't other hackers put their own version online? Will this prompt reconsideration of the use of notoriously ineffective watch lists for domestic travel?

The short anwsers, in my opinion, are No, No, Maybe but not as many as you'd expect, Definitely Not.

The long answers are here at 27BStroke6, which despite Noah's dig, is a great name for a blog. (Think Brazil).

- Ryan Singel
Photo: VeganStraightEdge

Los Alamos Getting Sloppy (Updated)

Why should we bother putting radiological detectors in the ports when it's easier to get the stuff within the United States? The AP has this article on a drug raid at a New Mexico trailer park, which turned up classified documents from the Los Alamos National Laboratory (LANL).

Local police found the documents while arresting a man suspected of domestic violence and dealing methamphetamine from his mobile home, said Sgt. Chuck Ney of the Los Alamos, N.M., Municipal Police Department. The documents were discovered during a search of the man's records for evidence of his drug business, Ney said.

Police alerted the FBI to the secret documents, which agents traced back to a woman linked to the drug dealer, officials said. The woman is a contract employee at Los Alamos National Laboratory, according to an FBI official who spoke on condition of anonymity because of the sensitive nature of the case.

The official would not describe the documents except to say that they appeared to contain classified material and were stored on a computer file.

While the FBI won't comment, the Project on Government Oversight (POGO) has some insights.

According to unconfirmed sources, the information was classified as Secret Restricted Data which means it would involve nuclear weapons data and may have concerned detection of underground nuclear weapons testing. Also unconfirmed, the person in possession of the information worked either in Technical Area 55 where all of the Lab’s plutonium is stored or in the X Division which handles nuclear weapons design data for a maintenance subcontractor of the Lab.

POGO also notes six previous security incidents at LANL since 9/11. No wonder that many of the DHS exercises feature dirty bomb scenarios - they must be worried about domestic terrorists getting too much National Lab material...

-- Jason Sigger, crossposted at Armchair Generalist

UPDATED 10:20 AM: It should be noted that this isn't Los Alamos' first drug-related incident. Back in 2004, local authorities evicted a man who had lived for years in a cave on lab property. from a cave on Los Alamos National Laboratory land where they say he apparently lived for years with the comforts of home — a wood-burning stove, solar panels connected to car batteries for electricity and a satellite radio. Ten marijuana plants were found outside the cave, and the fellow inside was charged with possession of a controlled substance and possession of drug paraphernalia.

UPDATED 4:15 PM: Whatever you do, be sure to check in regularly at the POGO blog, where they've got all kinds of fun rumors floating in. Police docs, too.

UPDATED 10-26: J. here - let me clarify that I believe the combination of classified LANL documents and potential theft of radioactive isotopes from domestic sources (universities, medical labs) is what ought to get people excited about this incident. Obviously we don't know what's in the documents that makes them classified, and I am not suggesting that LANL might be the source of loose plutonium material. But unless LANL tightens up their security procedures and trains/screens its employees and contract support better, its leadership ought to be on notice.

Homeland Security Blues

When I scan the papers for how the feds, state and locals are dealing with terrorist CBRN [Chemical Biological Radiological Nuclear] incidents, I cringe. We seem to swing from pandering to our worst fears to get a few more bucks to blind rote repetition in hazard response that doesn't match logic to the threat. Here's a few examples that I hope are not typical, but I wonder...

In Denver, there was a "white powder" scare on Sunday - actually, it wasn't even a powder scare, it was a number of capsules holding a yellow powder which were delivered to a bank. It tested positive for a biological organism (protein) but not anthrax. There was no threat in the envelope, no return address, no visible signs of ill effects on the employees handling the mail. So of course the locals did the routine thing - quarantine the seven bank employees and the police officer who answered the 911 call, call the feds, let the WMD Civil Support Team confirm it's not anthrax, and strip and wash the employees in the bank's parking lot. Yep - routine.

But as a precaution, the employees were scrubbed in a puffy orange tent and sent home in a hazardous- materials suit because the substance was still unknown Sunday evening. One of the female employees cried on her way out of the decontamination tent, where she was required to strip naked and get scrubbed down by a hazardous-materials team.

The police officer also was decontaminated because he came in contact with the employees when he answered the 911 call.

Okay, is it asking too much for someone - between FEMA, the FBI, the Army (assuming the 20th SUPCOM), the WMD CST, and the Denver firefighters and hazmat team - to think, hmmm, doesn't test out as a BW agent or any typical white/yellow powder, no weird messages in the envelope, maybe we don't have to recreate the decon scene from "Silkwood" for what is probably a false alarm and obviously not a chemical or radiological hazard that might cause an acute lethal reaction. Idiots.

Let's flash over to Kansas City, where Kansas State University is planning to open up a Bio-Security Research Institute, which will study food safety. About $54 million is being invested in the facility. The university has a program called "Making America Safer" which includes several projects funded by DHS. They're looking forward to helping...

Now, under the center’s purview, hundreds of researchers and students are engaged in projects aimed at keeping America safe. The center works with the departments of Agriculture, Defense and Justice and other federal, state and local agencies “to facilitate an effective strategy for rapid response to emerging agricultural threats,” Vanier said.

The center is even developing plans for training police and firefighters who would be early responders in the event of a bioterrorist attack.

No, it's not the scientists' job to limit or halt bioterrorism attacks, contrary to the article's cheery tone. Intelligence professionals find out where the terrorists are and counterterrorism units grab the bad guys. All the scientists do is preach how deadly the bugs are and why they need more money to research the hazards. Although I should take it easy on K-State's associate vice provost for research and compliance, Jerry Jaax - he paid his dues as an Army MRIID doc working at the Reston Ebola breakout in 1989 - he's still a typical medic: "a bioterrorism attack could cripple the agricultural-based economy of the [Kansas] region. Jaax said a 'significant risk' of such an attack does exist." Yadda yadda. Where's the intel assessment?

Last, let's jump up to the Fed level. ABC News gets Richard Clarke (its paid consultant) and the FBI's WMD Division to hype up the spinach E. coli incident into a potential agro-terrorism incident.

Government investigators say there's no evidence linking the current E. coli outbreak — in which tainted spinach has caused at least 171 known cases in 25 states, according to the FDA — to terrorism. But those same investigators are keenly aware that America's food supply is vulnerable to attack. An international meeting on how to fight agro-terrorism starts Monday in Kansas City.

Government agencies have held mock exercises to see what would happen if the food supply was compromised. The results were catastrophic.

"What happened was utter chaos," said Sen. Patrick Roberts, R-Kan. "We lost almost the entire livestock herd of the United States, all export stock. We had panic at the grocery stores."

What a shock. A national exercise which went for the "worst case scenario" route to test the leadership responses, despite all lack of any evidence of a current terrorist threat and the complete lack of any past history of agro-terrorism. But it justifies the USDA's research bills.

Is it too much to ask for some sanity? Some logic and common sense? Natural disasters, accidents and indigenous diseases are still the major killers out there, people. I'm not against some funds for countering CBRN terrorism - it pays my bills - but certainly we could be spending it smarter, and more importantly, talking about the topic more intelligently.

UPDATE: Offices in Denver got four "anthrax" envelopes Monday - some copycat with a sick sense of humor. We need FEMA or the state EOCs to develop procedures that will minimize panic and not automatically go to four-alarm mode, assuming that every white powder is anthrax unless otherwise proven. These hoaxes and false alarms are going to continue - better figure out a sane way to face that fact.

-- Jason Sigger, crossposted at Armchair Generalist

Drones, Blimps Lose Out in Border War

For those of you hoping for hordes of drones and blimps to start patrolling the Mexican and Canadian borders, there's bad news this morning. "After a face-off among large military contractors, the Boeing Company was picked by the Homeland Security Department to lead a high-tech effort to secure borders," the Times reports. And unlike proposals from Lockheed Martin, Northrop Grumman, and others, Boeing's plan for the Secure Border Initiative, or SBInet, doesn't rely that much on unmanned aerial vehicles (UAVs) or airships.

"Boeing's proposal relied heavily on a network of 1,800 towers, most of which would need to be erected along the borders with Mexico and Canada. Each tower would be equipped with a variety of sensors, including cameras and heat and motion detectors," the Washington Post notes. Boeing teamed up for the project with an Israeli company that built a bunch of the imaging equipment used in Israel's controversial fence along the West Bank. That gear, Boeing said, would be less risky and expensive than UAVs or airships -- even though both have been used to watch over southern Arizona for illegals.

But, not to worry: the Times says that there are still a few drones in the Boeing plan -- "small, relatively inexpensive unmanned aerial vehicles that can be launched from a pickup truck by an agent in the field and then fly for, perhaps, 90 minutes." I'm guessing the paper means these drones here.

"Homeland Security has been criticized harshly in recent years for initiatives that have either failed or far exceeded their budgets. In one case, cameras that the department installed on the borders broke down in bad weather," the Post observes.

"The administration has spent $429 million of the taxpayer's money to try and secure our borders with two already-abandoned border security programs," said Rep. Bennie Thompson (D-Miss). He expressed concern that the same thing will happen to SBInet.

Mindful of that record, Boeing emphasized that all its technology has been proven to work. "The low-risk approach is probably going to carry weight here."

"The contract will at least initially be much more limited than some industry officials had expected, valued at $80 million instead of the $2 billion estimate given for the six-year deal," the Times writes.

Don't You Dare Forget

How We Let Osama Get Away

"We will prosecute these men and send a clear message to those who kill Americans: No matter how long it takes, we will find you and bring you to justice."

-- George W. Bush, 9/9/06

Five years ago tomorrow, three thousand people were killed in my home town. And the bastards who masterminded this mass murder have gotten away with it, thanks in part to the actions of our government and its allies. Sure, hunting for a single, clever man in a vast world is an extremely difficult task. It gets even harder, when there's anything less than 100% commitment and focus to catching him.

By now, you probably know that Pakistan has signed a "truce" with the militants who many believe are harboring bin Laden. You know that the CIA has shut down its Osama-hunting shop. But what you may not know -- and what the Washington Post reveals today -- is that there hasn't been a "credible lead" on the Al-Qaeda chieftain's whereabouts in "more than two years. Nothing from the vast U.S. intelligence world -- no tips from informants, no snippets from electronic intercepts, no points on any satellite image -- has led them anywhere near the al-Qaeda leader."

In an exhaustive article, the paper shows how the trail for bin Laden grew so cold. The story starts not long after the President promised that the terrorist would be caught "dead or alive."

[In a December, 2001] videotape obtained by the CIA, bin Laden is seen confidently instructing his party how to dig holes in the ground to lie in undetected at night. A bomb dropped by a U.S. aircraft can be seen exploding in the distance. "We were there last night," bin Laden says without much concern in his voice...

Only two months later, Bush decided to pull out most of the special operations troops and their CIA counterparts in the paramilitary division that were leading the hunt for bin Laden in Afghanistan to prepare for war in Iraq...

Although the hunt for bin Laden has depended to a large extent on technology, until recently unmanned aerial vehicles (UAVs) were in short supply, especially when the war in Iraq became a priority in 2003...

Bureaucratic battles slowed down the hunt for bin Laden for the first two or three years... In early November 2002, for example, a CIA drone armed with a Hellfire missile killed a top al-Qaeda leader traveling through the Yemeni desert. About a week later, Rumsfeld expressed anger that it was the CIA, not the Defense Department, that had carried out the successful strike.

"How did they get the intel?" he demanded of the intelligence and other military personnel in a high-level meeting, recalled one person knowledgeable about the meeting.

Gen. Michael V. Hayden, then director of the National Security Agency and technically part of the Defense Department, said he had given it to them.

"Why aren't you giving it to us?" Rumsfeld wanted to know.

Hayden, according to this source, told Rumsfeld that the information-sharing mechanism with the CIA was working well. Rumsfeld said it would have to stop...

In 2004, Rumsfeld finally won the president's approval to put SOCOM [the Defense Department's Special Operations Command] in charge of the "Global War on Terrorism..."

Today, however, no one person is in charge of the overall hunt for bin Laden with the authority to direct covert CIA operations to collect intelligence and to dispatch JSOC [Joint Special Operations Command] units. Some counterterrorism officials find this absurd. "There's nobody in the United States government whose job it is to find Osama bin Laden!" one frustrated counterterrorism official shouted. "Nobody!"

The President and his team rightly deserve credit for deflecting any attacks on the homeland since 9/11. They deserve credit for catching Al-Qaeda bigwigs like Khalid Sheikh Mohammed. But to let their hard-ons for Iraq and their petty infighting distract them from nailing America's number one enemy is more than frustrating. It's dangerous. They've shown would-be Osamas all over the world that you can attack America, and get off scot-free. And I'm afraid that more of my neighbors will one day pay the price for sending that awful message.

Could it Happen Again?

Could 9/11 happen another time? I'm not talking in general about another surprise terrorist attack in the States. Literally, could a group of jihadists "board four airplanes, subdue their passengers, and fly the planes right over the heads of the nation's leaders, right past the ferocious firepower of the U.S. military, just as they did five years ago?"

That's the provacative question Defense Tech contributor Shane Harris asks in the current National Journal. He examines the 9/11 plot, step-by-step, and looks at which ones could -- and couldn't -- still be pulled off today. Bottom line: There have been improvements. But it just could happen, all over again.

Then: Months before he piloted American Airlines Flight 11 into the north tower of the World Trade Center, Mohamed Atta had come to the attention of U.S. authorities. In January 2001, he persuaded an inspector with the Immigration and Naturalization Service to let him into the country so that he could continue pilot training at a U.S. school, even though he presented no student visa.

Now: ...stricter regulations for issuing student visas are in place. Any foreigner entering the United States on a student visa must be registered in a government computer system. However, the schools themselves have generally been responsible for entering the data, and have borne the burden of alerting federal officials when students don't show up for classes. In that case, federal officials are supposed to track them down. In August, several Egyptian students who were granted visas to attend a summer program in Montana never showed up at their assigned school, and the FBI launched a nationwide manhunt to apprehend them...

Then: Early on the morning of September 11, Mohamed Atta and a fellow hijacker flew from Portland, Maine, to Boston's Logan Airport, where the two men were to board American Airlines Flight 11 bound for Los Angeles. When Atta checked in at Portland, the government's Computer Assisted Passenger Prescreening System flagged him for additional inspection, which consisted of holding Atta's checked bags off the aircraft until it was confirmed that he was aboard...

Now: CAPPS has undergone at least three iterations. The Transportation Security Administration is trying to launch the Secure Flight System to screen airline passengers. But deployment has been beset by delays, management problems, and unresolved concerns about how the system would protect passenger privacy. The current screening system, which relies on antiquated technologies, has kept some suspicious passengers off planes, officials say, but not all of them. The system has also flagged individuals who were clearly not terrorists, calling into question its efficacy...

Then: All of [the Boston-based hijackers] walked through metal detectors set up to react to items with at least the metallic content of a .22-caliber handgun.

Now: Metal detectors have been recalibrated to react to smaller metal objects.

Then: If any one of them had set off the detector, he would have been screened by hand using a more sensitive, metal-detecting wand.

Now: Passengers who trip the metal detectors are patted down by a TSA screener.

Then: Also, the hijackers' bags were run through an X-ray machine to examine their contents; nothing suspicious was found.

Now: TSA screeners have color monitors that help them distinguish objects of different density, which can help the screeners find explosives. But the machines do not detect explosives. Screeners can search for trace explosives using separate equipment...

Surely, would-be terrorists could enter the country legally, and presumably they have done so. When actually boarding flights, however, they would face increased scrutiny... Any attempted hijacking would be met with potentially lethal resistance from passengers. This may be the single best insurance that another 9/11 couldn't happen -- at least, not the same way.

Disaster Tech Pushes Ahead

So many things went wrong in the government's sucktastic response to Hurricane Katrina, it's hard to know where to begin to make fixes. One place might be the basics -- communicating, and getting a sense of the scene.

In the days after the storm, while the feds and local officials floundered, ham radio operators and teams of guerrilla geeks took it upon themselves to keep Katrina survivors informed. Drone-makers sent unmanned spotters into the skies above New Orleans, to get a look at the devastation.

The efforts -- and so many others like them -- were beyond inspirational. But the impact of these self-starters was muted, because they couldn't share information or resources all that well. The infrastructure (both hardware and soft) just wasn't in place.

That's the problem a disaster response drill, conducted last week in San Diego, aimed to correct. Everyone from IBM to Sprint to Google to U.S. Joint Forces Command participated in the test, called Strong Angel III. And everything from inflatable antennas to high-speed wireless networks to text-message news feeds to games for humanitarian aid was tried out.

It didn't all work perfectly, as the New York Times notes.

Last Monday, the group began to assemble a makeshift command center at an abandoned building near the San Diego airport. But a state-of-the-art wireless network, intended to route video images, satellite map coordinates and other data — from an impressive array of mobile computers, software analysis tools and command programs — failed to come to life.

"Finally I said, 'Lights out! Everyone turn everything off and let’s start over,'" said Brian D. Steckler, a computer scientist at the Naval Postgraduate School in Monterey, Calif., who was in charge of more than a dozen interlocking networks at the heart of the command center.

Hundreds of computers and even cellphones were shut down, and then the network was slowly turned back on, segment by segment. Too many high-bandwidth applications had clogged the network, including a powerful video camera and "rogue" transmitters set up by participants intent on creating their own mini-networks.

But Strong Angel did meet its #1 goal -- to "mapping and developing" relationships for disaster response. Programmers from Microsoft and Google, for example, teamed up "to allow sharing [of] a single set of digital satellite maps seamlessly and to overlay event data relayed from emergency workers throughout the San Diego area," the Times said.

Most observers, like Defense Tech pal John Scott, agreed if these projects take the main lessons of the drill to the heart -- by keeping collaboration tools simple, low-bandwidth, and platform-agnostic -- they should be "hugely helpful for the next disaster."

UK reduces terror threat level

The British government reduced their threat level from Critical to Severe on Sunday, an indication that the UK officials no longer think that "an attack is expected imminently." The Department of Homeland Security matched this change shortly thereafter by reducing the threat level on flights bound from the UK to the US from Red to Orange. The rest of the aviation sector remained at Orange.

Other news from the last 24 hours related to the UK aviation plot:

1. British Home Secretary John Reid said on Sunday that the UK had disrupted four major terror plots in Britain since the July 7, 2005 transit attacks, and said that police were investigating two dozen current plots.

2. This Sunday Times story takes a close look at the events that triggered the UK's response on Thursday morning, telling how MI5 and Scotland Yard sprung into action following the arrest of plot mastermind Rashid Rauf in Pakistan. And it provides new biographical information on the plotters.

3. The Guardian reports on Monday that the suspected ringleader of the aviation plot, Rashid Rauf, is providing details "that directly link the conspiracy to al-Qaida in Afghanistan."

4. Sec. Chertoff made the rounds of the Sunday morning talk shows, clarifying that no U.S. links to the plotters have been found. In related news, this story in the New York Times describes how Sec. Chertoff and a small cadre of DHS officials prepared for the response prior to Thursday's arrests.

5. TSA amended its travel rules slightly on Sunday, clarifying that baby formula and medications would be allowed on flights, and that shoe removal would now be mandatory for all passengers at all airports. The transport authorities in Britain also relaxed their carry-on rules today, now allowing passengers to take on one small bag (but no liquids or gels).

6. This AP story describes different types of explosives detection equipment that are relevant for the liquid/gel explosives threat.

7. Interpol's Ron Noble criticizes British officials in a NY Times op-ed for not using Interpol's international information-sharing mechanism's in the aftermath of the arrests, and makes the case for the value of this type of information-sharing.

-- Christian Beckner, cross-posted from Homeland Security Watch

UK terror plot: links to 7/7?

The pace of reporting on the UK terror plot has slowed down somewhat in the last 24 hours, but there have been a number of interesting developments today:

1. The Times of London reports today on potential links between this plot and the July 7, 2005 transit attacks in London:

....Scotland Yard is investigating possible links between the men arrested on Thursday and other British terrorists, including the July 7 bombers. They are concerned that some of those now in custody visited Pakistan last year at the same time as two of the London bombers. Pakistani intelligence sources are examining whether any of those arrested on Thursday attended the same madrassa, or religious school, as the 7/7 bombers.

2. MSNBC is reporting this afternoon on a disagreement between US and UK officials earlier this week on the timing of efforts to roll up the plot. According to MSNBC, the UK officials wanted to wait, and see where the threads of the plot led; the US officials wanted to act, fearing that an attack could take place. The report asserted that US officials threatened to act on their own against the Pakistani suspects, prompting the British officials to move faster to arrest the individuals in the UK. No word yet from official sources on this report.

3. Fox News was reporting earlier that the terrorist group Lashkar-e-Jhangvi is potentially connected to the plot. A story in The Hindu looks at a broader net of Pakistan-based terror groups that might be connected to the plot.

4. The situation is improving but still problematic at airports in the UK, with many cancellations and extensive delays. Insurance companies in the UK refuse to insure valuables checked in the cargo hold, raising a new set of concerns about the UK's emergency measures. The aviation system in the United States returned to a state of relative normalcy yesterday, as travellers were prepared for the new policies. NPR reports here on Sec. Chertoff's press conference at National Airport on Friday afternoon.

5. New questions are being raised about the Department of Homeland Security's efforts to develop explosive detection technology over the past several years. See my detailed post here.

-- Christian Beckner (cross-posted from Homeland Security Watch)

Image source: Flickr

UK Terror Plot: American Connections?

ABC News is reporting this morning that the FBI is looking into potential connections between the plotters in the UK and people in the United States:

U.S. law enforcement sources tell ABC News the FBI is investigating new leads that involve a possible connection between people in the United States, in major east coast cities, and the London bomb plotters.

In an interview with ABC News this morning, White House Homeland Security Advisor Fran Townsend said while there is currently no indication of any plotting in the United States, she confirmed, "There are leads that the FBI is running."

There's also new information today on the depth of the connections to al-Qaeda and Pakistani militant groups to this plot, at the link above and in this Times of London piece.

Other developing news over the last few hours:

1. The US Embassy in India released an advisory warning American citizens of a pending al-Qaeda attack in Delhi and/or Mumbai. No evidence so far of a direct connection to this plot.

2. The NSA was apparently involved with intercepting the group's communications. (Note to those who think this has anything to do with recent NSA controversies: it doesn't. This is what the NSA has always done. The NSA does surveillance on British subjects with the British government's consent, and the UK's GCHQ returns the favor when necessary. The new NSA terrorist surveillance program is controversial primarily because it is the NSA directly conducting domestic surveillance on U.S. persons.)

3. British transport authorities are debating about how to transition the emergency aviation security measures into sustainable policies.

4. DHS gets good marks for its initial response yesterday in a WaPo story.

For more updates, check my usual site, Homeland Security Watch. And keep tabs on ABC News, the Times of London, TIME, and the Guardian, which have provided the best media coverage of the story so far.

UPDATE 3:37 PM EST 8/11: This ABC News piece updates their earlier post, and suggests that there are actually no real U.S.-based leads:

In the last several weeks, the FBI dispatched over 200 agents from FBI Headquarters and had agents in every FBI field office running down leads and looking for any angle or connection to the U.K. plot and suspects, according to FBI and Justice Department officials.

As part of this effort, MI-5 and British security services provided a list of the suspects' names to U.S. officials. The FBI, ICE (Immigration and Customs Enforcement) and other agencies spread around the intelligence community ran the names through all of their various databases looking for any information drawing a nexus between the U.K. suspects and any U.S. individuals or other U.S. connections. There were some hits for phone calls made to relatives who live in the U.S., but so far none of these leads has developed any evidence of terrorism or plotting inside the United States.

According to one Justice source, as the FBI looked for leads, there was a spike in the number of FISA applications submitted to the Foreign Intelligence Surveillance Court to establish court-approved secret wiretaps and surveillance on potential terrorism suspects.

As noted yesterday, at this time, counter-terrorism officials have not been able to find any links inside the U.S. associated with this plot.

-- Christian Beckner

Countering Liquid Bombs

Screening for liquid bombs isn't possible with existing scanners, The New York Times reports:

Since September 2001, the federal government has hired tens of thousands of government screeners and upgraded its metal detectors and X-ray machines. But most of the equipment is still oriented toward preventing a metallic gun or other easily identifiable weapon from being carried aboard; it cannot distinguish shampoo from an explosive.

But the feds knew this as far back as 1995, when the Manila bomb plot was thwarted:

James Jay Carafano, senior fellow at Heritage Foundation in Washington and an expert on domestic security, said that in the last year, officials at the highest levels of the department recognized the seriousness of the threat posed by liquid explosives and had been pushing aggressively to introduce equipment that could help.

But no such devices are ready to be rolled out.

“This is not a case of them being caught like a deer in the headlights and saying, ‘Oh my God we never expected this,’ ” Mr. Carafano said. “In fact they expected this threat.”

--David Axe

Mining for Terrorists

The difficulty of scanning for liquid bombs makes detection and early intervention of terrorist networks even more urgent. Lucky for us, British intel agency MI5 was on top of its game, The Scotsman reports:

Based on the information from Pakistan, MI5 began its watching operation last year. The BBC last night reported the operation began in July, but The Scotsman understands it started several months earlier.

In the initial stages, counter-terrorism officers watched from a distance. By sifting telephone records, e-mails and bank records, the MI5 officers built up what insiders call "concentric circles" of information, gradually connecting each suspect to others and building up a detailed picture of the conspiracy.

Score one for Big Brother.

In an excellent piece in the August Popular Science, Defense Tech daddy Noah Shachtman shines a light on the kinds of data-mining MI5 and U.S. agencies use to bust terrorists ... and to keep tabs on us:

Who’s the most important player in a group? Who’s merely peripheral? Data crunchers find out by plotting people as “nodes” on computerized graphs, forming web-like networks. The links between nodes are then weighed and analyzed using matrix algebra and other tools.

Valdis Krebs digs into a legal alternative to data-mining -- so-called "Social Network Analysis" -- in an excellent piece at orgnet.com. His case study is 9/11:

Early in 2000, the CIA was informed of two terrorist suspects linked to al-Qaeda. Nawaf Alhazmi and Khalid Almihdhar were photographed attending a meeting of known terrorists in Malaysia. After the meeting they returned to Los Angeles, where they had already set up residence in late 1999.

What do you do with these suspects? Arrest or deport them immediately? No, we need to use them to discover more of the al-Qaeda network. Once suspects have been discovered, we can use their daily activities to uncloak their network. Just like they used our technology against us, we can use their planning process against them. Watch them, and listen to their conversations to see...

--David Axe

Terror Plot Deja Vu

The just-foiled airline bomb plot has precedents, The New York Times reminds us:

The plot to blow up several airliners flying between Britain and the United States bears a striking resemblance to a plot hatched by al Qaeda operatives 12 years ago to simultaneously blow up airliners over the Pacific.

That plot was hatched in Manila by Khalid Sheikh Mohammed, who was starting his climb to be a top lieutenant to Osama bin Laden, and by Ramzi Yousef, who was the mastermind of the first bomb attack on the World Trade Center in 1993. It was financed by bin Laden.

Which is perhaps why U.S. officials are saying the current plot bears Al Qaeda's fingerprints. But remember, it's open-source terrorism we face. That this plot looks like the Manila plot means only that the terrorists are drawing from the same well of tactics and philosophy, not that there's any formal Al Qaeda command and control in place.

Does it even mean anything any more to invoke Al Qaeda?

--David Axe

UPDATE 8/11/06: Sure enough, officials have told Time that there is no evidence of Al Qaeda command and control:

Though the plot has all the hallmarks of an al Qaeda operation, U.S. officials cautioned that there isn't yet evidence of a direct link between the plotters and the organization's top leaders. "We're not convinced this particular operation is connected to the al Qaeda chain of command," Charles Allen, Chief of Intelligence for the Department of Homeland Security, told reporters on Thursday afternoon. As for whether the attack was being timed for the fifth anniversary of Sept. 11, Allen said he thought the attack would simply be launched when it was ready. "I am a long standing believer that terrorist plotters or planners execute when they have all of the plot together," said Allen. "We have no evidence this was timed to any particular holiday or special event."

UK aviation terror plot disrupted

A major terrorism plot was disrupted overnight in the United Kingdom, involving plans to blow up multiple flights from the UK to the United States. At least 21 people arrested by UK counterterror agencies. The plot appears to involve a device assembled onboard, using otherwise benign liquids and equipment - comparable to the mid-1990s Bojinka plot hatched by Khalid Sheikh Mohammed. The UK immediately imposed a ban on carry-on luggage on all flights leaving the United States and went to CRITICAL (the highest level, equivalent to 'Code Red') in their threat advisory system. The United States government has gone to 'Code Red' for all flights departing the UK (the first time Red has been used by the Homeland Security Advisory System), and 'Code Orange' for the rest of the aviation sector. The commercial aviation system is in chaos all over the world today.

Check my regular site, Homeland Security Watch, for more detailed analysis and frequent updates throughout the day as the facts emerge. And the Counterterrorism Blog is naturally on top of the story with commentary and analysis.

-- Christian Beckner

AOL Leak: Toward Searchcrime?

A research site at America Online posted three months of search records for 500,000 people (over 20 million searches) on the Internet recently. The data was discovered over the weekend and news of it has quickly spread across the blogosphere and into the mainstream media. AOL rapidly removed the data from its site, but the cat's already out of the bag - the files were copied, and have been replicated all over the Internet.

Anyone can download the 439mb file, just like I did last night. People are already poring through the data, finding some very disturbing search patterns among a number of AOL's users. In theory, there is no personally-identifiable information on the database, but if people ran searches that identify things about themselves, it often becomes easy to figure out who they are. In many ways, this is a worse privacy loss than the laptop stolen from the Veterans Administration employee earlier this spring, if it had been compromised.

This inadvertent disclosure of data forces the need for a public debate on the retention and use of search data by private companies, and the propriety of its use by government agencies. In January we learned that Google refused a DOJ subpoena to supply the government with exactly this kind of data - a request with which Yahoo!, AOL and MSN complied. These companies are compiling petabytes of search data on their servers, effectively archiving the collective subconscious of hundreds of millions of people.

This information clearly has value from a marketing and business intelligence perspective, which is why the search companies are retaining it. But this data then becomes an overly tempting target for homeland security and counterterrorism officials. Should they able to access it? Under what conditions? By whom? And what is the actual value of the search information? We need to answer these questions, and in doing so develop a clear framework to guide how and when such information should be available to government officials, rather than continuing along in the legal and policy vacuum that the United States is in today.

We need a framework that allows narrow access to this search data in cases where a person or group is under investigation for activities related to terrorism, counterintelligence, and/or WMD proliferation. But I would forbid access to this search data for the purpose of conducting wide-ranging analysis of search data - looking for needles in the haystack - because the benefits would not be nearly commensurate with the massive privacy hit. And the search companies need to be more responsible in their utilization of this data, and develop policies and systems for destroying data after a finite period of time (1-2 years), and give users the ability to clear and remove personally-identifiable search histories from company servers.

This assessment is based in part on some cursory analysis of the AOL data last night. In cases where I found "suspicious" searches, I could never be certain about the actual intent of the search. This inability to divine intent from searches will naturally lead to high percentages of false positives. For example, anyone who works in the homeland security field, as I do, is likely to run searches related to terrorist tactics, infrastructure protection, etc. These searches are all false positives, and likely will drown out any "real" terrorist search activity. Efforts to investigate these searches would therefore be expensive, and less productive than traditional means of intelligence and investigation.

If the federal government is allowed unfettered access to this data, we run the risk of creating a new Orwellism - Searchcrime - that is an inefficient response to the war on terror.

-- Christian Beckner, cross-posted from Homeland Security Watch.

DHS "Critical Infrastructure": Amish Popcorn, Trees of Mystery

As the New York Times notes, the Department of Homeland Security inspector general released an important and timely report on Tuesday, entitled "Progress in Developing the National Asset Database." The report chronicles the difficulties that DHS has faced in developing a usable national inventory of critical infrastructure. It also helps explain some of the shortcomings in the recent homeland security grant allocation decisions -- remember New York's big cut? -- which were based to a certain degree on the information in this database.

The report provides a detailed breakdown of the 77,069 assets in the database by type, as shown in this chart. It then discusses some of the limitations of the current database, noting that it does not assign criticality rankings to the assets in the database; in other words, the Brooklyn Bridge or Hoover Dam have the same value to the nation as the least significant asset included in the database. And what are some of those low-caliber assets? The report provides a sampling, and oh what a list it is. Some highlights:

Old MacDonald’s petting zoo
Bean Fest
Nix’s Check Cashing
Amer. Society of Young Musicians
Trees of Mystery
Kennel Club and Poker Room
Historical Bok Sanctuary
4 Cs Fuel and Lube
Kangaroo Conservation Center
Bourbon Festival
Jay’s Sporting Goods
Groundhog Zoo
Sweetwater Flea Market
High Stakes Bingo
Frontier Fun Park
Mule Day Parade
Beach at End of [a] Street
Amish Country Popcorn
[a] Pepper and Herb Company
Order of Elks National Memorial
Donut Shop
Casket Company
Muzzle Shoot Enterprise
Several Wal-Marts
Apple and Pork Festival
Yacht Repair Business
Anti-Cruelty Society

These were assets which were submitted by states as lists of their critical infrastructure in 2004 and 2005, with little quality control to date. And they aren't anomalies. The report notes that the state of Indiana has 8,591 assets on the list - 50% more than New York (5,867) and nearly triple the number of assets that California submitted (3,457). The state of New Mexico apparently contains 73% of the critical assets in IT sector nationwide, according to the database. New York has only 2% of the nation's banking and finance assets - trailing North Dakota & Missouri. Indiana has more tall buildings than Illinois, home to skyscraper city Chicago. And so on. The chart on page 51 of the report provides the complete state-by-state breakdown.

The report also notes an equally serious problem: the fact that the database does not adequate account for distributed, system-level assets (e.g. food supply systems, energy & telco grids, etc.), which creates the risk of a bias in favor of protecting fixed assets in the nation's infrastructure protection activities.

It mentions that efforts are underway to improve the database and prioritize assets within it, but these efforts are incomplete. And it concludes with a set of recommendations about how to improve the database.

I've described the DHS grant system as being at risk to the "garbage-in, garbage-out" problem in its allocation processes since the beginning of the year. This report provides another point of confirmation that the quality of the data used to make DHS grant decisions is subpar, and perhaps explains some of the oddities in the funding decisions for the State Homeland Security Grant Program in 2006. Some of the states who were apparently "asset inflators" made out very well in the discretionary segment of the State Homeland Security Grant Program (money left over after the allocation of state minimums) this year, notably Nebraska, North Dakota, and Missouri. Perhaps this is a coincidence; but given the black box nature of this allocation process, and the well-documented flaws in the UASI allocations, I'm inclined to think that it's not until shown otherwise.

-- Christian Beckner, cross-posted from Homeland Security Watch.

London, Post-7/7: Business As Usual

A year ago today, as I walked into London’s Liverpool Street Station, I saw dozens of police officers converging on it. I expected just another security alert. A bomb had just exploded on an underground train leaving the station, instead. That bomb killed seven people. A few days later, I snapped these floral tributes at the station’s entrance. If they seem low-key, perhaps it’s because Londoners are no longer shocked by such attacks.

In 1993, the Liverpool Street underground station was damaged – along with many of the surrounding buildings – by a huge IRA truck bomb. Only person was killed as a warning had been given and the area was being evacuated, but forty were injured.

In 1940, the station’s roof was shattered by bombing during the Luftwaffe’s Blitz on London. It escaped lightly, given that over 18,000 tons of bombs were dropped with 29,000 killed in London alone.

But the station’s most infamous bombing was in 1917. On June 13, 1917, twenty German Gotha bombers evaded defending fighters and attacked London. They hit Liverpool Street Station, killing sixteen and injuring thirteen. The raids killed over a hundred people around London, including many children, and the nation was horrified. For the first time, the capital of a powerful Empire had been attacked from the air, and civilians had not been spared. The Great War had arrived on the home front.

With ninety years experience, it’s not surprising that Londoners seem hardened to the bombing. Few would expect this to be the last attack either. A docu-drama called Dirty War released in April 2005 used Liverpool Street Station as the site of a dirty bomb attack by terrorists.

While the media may try to play up fears of further terrorism, sites like the wonderful We're Not Afraid capture the public mood. For most people, the signs put up on bomb-damaged shops in the Blitz really do sum it up: "Business As Usual."

-- David Hambling

Damn It! '24' Stars Meet Homeland Security Bigs

The Heritage Foundation hosted an event this morning on "'24' and America's Image in Fighting Terrorism" that was probably as close as the homeland security policy community will ever get to the world of the glitterati, bringing together think tankers with the producers and cast members of '24.' The auditorium at the Reagan Building was packed with an overflow crowd (which included Justice Clarence Thomas) for the event. Homeland Security Watch was there.

Sec. Chertoff kicked things off with a few remarks before heading off to the DOJ press conference on the Miami terror plot (and adding a non-subtle jab at NYC and DC leaders that this plot proves that terrorism is a "national problem"). Turning to the show, he noted that it reflected real life in its portrayal of the decisions that leaders must make, constantly forced to choose "a best choice among a series of bad options" in an environment of imperfect information that always seems more orderly in hindsight. But he added that in real life, you can't resolve problems in 24 hours, and that perseverance is the real key to winning the war on terror. And he noted that in reality successed depended not on the extraordinary feats of a Jack Bauer, but on the quiet, resolute work of thousands of "real heroes," doing their jobs behind the scenes each day, at DHS, other agencies, and at the state & local level.

When asked how '24' compared to reality, he noted that "DHS doesn't have an operations center like the CTU," (although later it was pointed out that the set designer for '24' also helped design the operations center at the National Counterterrorism Center) and that unlike in '24', "we don't get information using measures that violate the law." And he wistfully noted that the governments' technologies often paled in comparison to '24', commenting that he had never seen a computer crash on the TV show.

The event then shifted to a panel session moderated by Rush Limbaugh, featuring think tankers Jim Carafano from Heritage and my former boss David Heyman from CSIS (described by Limbaugh as the "token moderate" on the panel), along with producers Howard Gordon, Joel Surnow, and Robert Cochran, and actors Mary Lynn Rajskub (Chloe), Carlos Bernard (Tony), and Gregory Itzin (President Logan). (Click here for a group pic.)

The session was weighed down at times by Limbaugh's tendentious and leading questions; he was constantly striving to get the panelists to confirm his notions that Hollywood, foreigners, and liberals don't like the show and/or aren't hip to the war on terror, rather than acting as a neutral, inquisitive moderator of the discussion. But in spite of that, the panel session was very interesting, and at times quite funny.

A lot of the discussion focused on the relationship between art and reality, looking at the extent to which '24' looks to the real war on terror for ideas and conversely, how government officials might consciously or unconsciously model their own decisions after the show. The producers noted that Seasons 2 and 4 were consciously drawn upon real events in the war on terror. And Limbaugh pointed out that a number of senior government officials - including Cheney and Rumsfeld - are fans of the show.

Is the conduct of the war on terror influenced by the show? The evidence was inconclusive, but Carafano made the point that it would be bad idea to execute the war on terror based on the show, commenting that "this is not how you stop terrorism." Instead, he argued (echoing Chertoff's earlier comments) that fighting terrorism involves a lot of unglamorous, mundane work over months and years, quietly taking place outside of the political and media cycle. He wistfully noted that he wished more people in the general public would spend as much time learning about and researching real homeland security and counterterrorism efforts as they do watching '24' - a sentiment with which I heartily concur.

The producers were asked a few times what sources they used for their plot lines. Their answer, by and large: "we make it up." Carafano noted that he hoped would-be terrorists would use the show for the purposes of developing terrorist tradecraft; if they did, he said, they would likely fail miserably.

The discussion also touched upon the public reaction to the show. Surnow commented that "everybody from Rush to Barbra Streisand likes the show." Heyman suggested a potential reason why the show resonates across the political spectrum: it allows the viewers to have both "justice" (nabbing the bad guys) and "process" (action within a legally-accepted system) - when in the real world it's often difficult to have both. Carafano pointed out that most of the non-Americans with whom he's discussed '24' enjoy the show, because of its quality, adding that people take away things from it based on their preconceived notions.

Some other interesting or humorous tidbits:

-- Surnow noted that when he original came up with the idea for a show that takes places over 24 hours, his first thought was to do a romantic comedy that chronicles a wedding over the course of the day. Needless to say, it was a good move not to go with that.

-- One of the producers joked that next season the bad guys will be "Swedish terrorists." A joke perhaps - but then again, perhaps he hasn't heard of surströmming.

-- When asked how '24' has changed her life, Rajskub wrily commented that "strangers touch me now," and that "people think I'm a better person." Later, apropos of nothing (and perhaps somewhat freaked out to be speaking at the Heritage Foundation with Clarence Thomas and Rush Limbaugh 10 feet away) she pointed out that she wasn't wearing a bra.

Overall, a very interesting and fun event, the likes of which we're unlikely to see again in the homeland security policy world for a long time to come. The full program is archived already on C-Span's website as a video clip, and I imagine it'll be re-airing on their stations over the weekend.

-- Christian Beckner (cross-posted from Homeland Security Watch)

Chertoff ♥s NY

Sec. Chertoff has an op-ed in the New York Times today headlined "New York, You're Still No. 1" that defends the Department of Homeland Security's decisions on homeland security grants. In the column, he makes the same litany of points that he's been making since last week:

• NYC is still #1 in funding;

• Total funding was cut this year by Congress;

• This isn't really a cut, since it's consistent with the three-year average for NYC;

• UASI funds are really for investment, not operating expenses;

• Helping other cities helps NYC;

• The 'NYC has no monuments' line is somewhat misleading; and

• We peer-reviewed the results with outside experts.

All these talking points are factually correct - but they're also largely beside the point. I've expressed concern about the decisions that DHS made primarily based on three complaints: (1) material problems with data quality, (2) the need for subjectivity when you're talking about NYC and DC, given the extent to which they are vastly more at risk than any other American cities; and (3) the way in which the DHS explanation for NYC belittles the world-class capabilities of the NYPD. As Brookings scholar Michael O'Hanlon noted in the WSJ over the weekend, "rather than blame New York for a purportedly poor grant application, as some DHS officials have done this week, we should be praising the city for progress in homeland security efforts to date -- and asking other cities to emulate the Big Apple."

Sec. Chertoff doesn't really address these issues in his piece. I like Chertoff, and I know that he's in a difficult spot on this issue, stuck between the wrath of the NY congressional delegation if he stands firm and charges of politicization and a negative reaction from other cities if he changes the allocation. Nevertheless, I think he needs to get out of PR mode and acknowledge that this decision did not live up to his own high standards for risk management, discuss the unique nature of NYC and DC in the nation's risk profile, and listen to constructive criticism about how to improve the allocation process.

-- Christian Beckner, cross-posted from Homeland Security Watch

Homeland Cash: More Trash (Updated)

CQ Homeland Security (subscription only) provides two more examples of the "garbage-in, garbage out" phenomenon for the homeland security grant allocation process:

By the department’s account, there are zero military bases in the Las Vegas region. But Nellis Air Force base is within the 10-mile buffer zone the department considers the Las Vegas region. In addition, the Hoover Dam is 30 miles outside Las Vegas city limits, but the department does not include it as a critical asset in its assessment of the Las Vegas region. However, if something happens at the Hoover Dam, the Nevada Highway Patrol and the Las Vegas Metropolitan Police Department will be the agencies to respond, said Nevada’s homeland security adviser Giles Vanderhoof. “It may not be within the 10 miles, but guess who is going to have to respond if something is going on there,” he said. The department Friday would not respond to requests for explanations.

In the department’s assessment of San Diego’s geographic risks, it says the city has more than 500,000 border crossers a year. However, that number is slightly off, said the city’s Homeland Security Director Jill Olen — there are more than 500,000 border crossers a month — 62 million a year, Olen said. The San Ysidro border crossing happens to be the busiest in the nation, she said.

Both Las Vegas and San Diego were dropped from the department’s urban area funding list for 2006 and were only eligible to receive “sustainment” funds. But both Nevada’s Vanderhoof and San Diego’s Olen say they expect the department to reconsider their status in 2007 now that DHS has accurate information.

These anecdotes add to the impression that there are serious flaws in the analytical process for homeland security grants - which creates a need for both better data and greater subjectivity (although not politically-influenced subjectivity - which is admittedly difficult) in the decision-making process.

UPDATE 2:12 PM: Here are links to the full DHS grant explanations for New York City, Washington, DC, Las Vegas, and San Diego.

-- Christian Beckner (cross-posted from Homeland Security Watch)

UPDATE 2:28 PM: Noah here. Wanna read some of the some really choice bureaucrat doublespeak? Then do be sure to read those docs that Christian linked above. "Based on the DHS comparative risk analysis, the New York City Area placed in the top 35 areas," DHS' team of geniuses tell us. However, the "following Investments proposed by the New York City Area scored among the bottom 15% of all 478 Urban Area Investments."

• FDNY Critical Infrastructure Protection and Recovery
• NYPD Counter-Terrorism Equipment and Training
• FDNY Strategic Management and Planning
• Department of Environmental Protection: Critical Infrastructure Protection & HazMat
• NYPD Counter-Terrorism Bureau and Operation Atlas
• FDNY Critical Resource Logistics and Grant Program Management

Yup, all sounds downright useless to me.

UPDATE 06/06/06 3:07 PM: The NYPD hasn't exactly been waiting around for federal handouts, of course. Check out this killer Pop Mech story on the Big Apple's "Anti-Terror Super Cops."

Al-Qaeda Attack Omaha? Fat Chance!

Some ordinarily smart people are saying some extraordinarily silly things, to try and spin some sense into the Homeland Security Department's decision to cut funds for New York and DC. The argument goes like this:

If I were a terrorist... I’m not sure I’d hit New York or Washington. Too obvious. Been done. Besides, both probably are reasonably well fortified. Therefore, I could easily imagine a scenario in which the next terror attacks occur in, say, Wichita.

Okay, sure. You can imagine all kinds of doomsday scenarios. Let your mind roam free. But if you want figure out where Osama & Co. might attack in the future, your best bet is to look at what they've done in the past, not daydream darkly. Because terrorism is an evolutionary art. Al-Qaeda doesn't hatch brand new types of strikes out of the blue; it develops them slowly, over time, taking what it learned in one attack and applying to the next. Even seemingly "out of the box" plans, like 9/11, were test-marketed years and years before.

So let's look at the record. Have Al-Qaeda and its affiliates hit any cornfields? Any small towns? Any exurbs? No, no, and no, actually. Instead, they've focused on three main types of targets:

* Big cities (New York, London, Madrid, Istanbul, Amman, Riyadh, DC)

* Military and government installations (Pentagon, USS Cole, East African embassies)

* Resorts (Sharm-el-Sheikh, Bali, Kenya)

Once it's tried an attack in a given place, does Al-Qaeda give up on it, and move somewhere else? 'Fraid not. In fact, they tend to revisit the same sites, over and over again. Take my home town, for example. As Police Commissioner Ray Kelly notes in today's New York Post:

New York remains a target-rich environment nonetheless, as a cursory review of terrorist acts here would indicate.

The iconic Brooklyn Bridge caught al Qaeda's eye after 9/11 when its operative Iyman Faris was tasked to see if it could be taken down. Another Islamic radical, Rashad Baz, was drawn to the Brooklyn Bridge in 1994 to shoot up a van with Hasidim occupants, including 16-year-old Ari Halberstam, who was killed. A like-minded radical picked the Empire State Building to spray the observation deck with gunfire, killing one tourist and wounding six others there in 1997.

The terrorists' first attempt to destroy the World Trade Center resulted in the deaths of six innocent people in 1993. Al Qaeda returned in 2001 to finish the job.

Then there was the al Qaeda "landmark" plot of 1993 to destroy the George Washington Bridge, the Lincoln and Holland Tunnels and the United Nations. The New York Stock Exchange and the Citigroup Center in Midtown made al Qaeda's list of inviting targets in another plot exposed after 9/11.

More recently, a federal grand jury convicted the suspect in a plot, foiled by the NYPD, to bomb the Herald Square subway station in 2004. A terrorist bombing of the Atlantic Avenue subway complex in Brooklyn was narrowly averted by police intervention in 1997. Then there were the anthrax attacks against The Post and NBC in New York...

We had hoped that DHS would rely on the intelligence community to assess the threat and make funding decisions accordingly. Instead, DHS abdicated its responsibility.

For a while now, we've been focusing way too much on what security guru Bruce Schneier calls "movie-plot threats" -- scenarios that sound completely scary, but are beyond unlikely. So countless millions get poured into protecting cows from Al-Qaeda and stopping jihadist cropdusters. When he first took the Homeland Security gig, Michael Chertoff promised to end the farce, and protect the places that Al-Qaeda might actually attack, no matter how, well, hum-drum, that might seem. Unfortunately, he -- and others -- can't seem to resist the Tinseltown draw.

UPDATE 5:28 PM: Here is Rep. Peter King's letter to Chertoff, asking how this risk-analysis process went FUBAR.

Homeland Grants: Garbage In, Garbage Out

On Wednesday the Department of Homeland Security announced the FY 2006 state & local homeland security grant allocations, an announcement that provoked an immediate firestorm of anger in New York City and Washington, DC, due to the drastic funding cuts to the two cities that were attacked on 9/11. Homeland Security Committee chairman Peter King (R-NY) said that DHS had "declared war on New York," and today noted (acc. to CQ) that his conversation with DHS Under Secretary George Foresman was "the most heated conversation I’ve ever had with an appointed official" and that he "smelled incompetency" and DHS middle-managers were "phonies." An editorial in the New York Daily News called for Sec. Chertoff to be fired.

That firestorm continued to grow the next day, coming to a boil at an event at the Brookings Institution on homeland security at which Sec. Chertoff was speaking this afternoon. I attended the event, and a large share of his prepared remarks were a defense of these grant allocation decisions. His key argument was that last year's funding of $207 million for NYC was a "make-up year" for 2004, when NYC received only $47 million - and the new funding level of $125 million was not a cut, but a regression to the mean.

But Chertoff was called to task by a reporter to explain the one-page memorandum that was sent to New York explaining its funding cut - a memo that states that there are zero "national monuments and icons" in New York City - a pronouncement that has raised the ire of New Yorkers (but also inspired some humor). Chertoff tried to rationalize the decision, stating that key icons like the Statue of Liberty and Empire State Building were counted in different categories, but his defense on this point was unconvincing. At the very least, it's a management failure that this memo was sent to NYC officials with a statistic that is so glaringly off-base at face value.

I think this decision on NYC could be another example of the garbage-in, garbage-out (GIGO) problem, which I argued in April was a factor in the decision to cut Las Vegas from the list of high-risk cities. Some of the metrics on the one-page fact memo seem flawed in one way or another; for example, using the "quantity" of various asset types in these calculations fails to quantify their symbolic values, and using the quantity of threat reports from cities fails to account for different levels of discernment across cities about what constitutes suspicious activity.

I don't think that these decisions were political; if you believe this, then you have to explain why Dallas-Fort Worth's funding was cut drastically and North New Jersey's funding skyrocketed. And I think it's a wise move on the part of DHS to require states and cities to develop detailed spending plans prior to funding, which could have been the cause of NYC's funding cut; according to news reports, NYC's funding was slashed in part because of the salary & overtime requests in their proposal. States and cities who were shortchanged are certainly likely to take this process more seriously next year - which can only improve the effectiveness with which these funds are spent.

But I also think that DHS's processes and methodologies for assessing risk are still immature, and they have become over-fixated on data (cf. Sec. Chertoff's Mother of All Spreadsheets) of questionable value, and insufficiently focused on the holistic, qualitative elements of threat assessment. You can run the numbers in any which way, but that shouldn't change the fact that NYC and DC are the top two terrorist targets in the United States - by far - and deserve to be treated as exceptional cases when these funding decisions are made.

UPDATE 11:42 AM: Sec. Chertoff's remarks at Brookings are now available here. The criticism of DHS continued in Friday's papers, with one story in the Washington Post noting that Washington, DC was in the bottom tier of risk for the state grant program (which is different from the Urban Area Security Initiative, where the DC region was ranked highly), and another Post story criticizing DHS Asst. Secretary Tracy Henke for favoring her home state of Missouri in the allocation process, and the New York Daily News skewering DHS with the headline "Chertoff His Rocker". Some of these criticisms might be unfair or out-of-context, but until DHS opens the kimono on the grant decision-making process, it looks like "garbage-in, garbage-out."

UPDATE 2:57 PM: A New York Times story quotes anonymous federal officials saying that NYC has itself to blame, in part because it "mishandled the application itself, failing to file it electronically as required, instead faxing its request." More here.

-- Christian Beckner, cross-posted from Homeland Security Watch

Coast Guard vs. Small Boats

In an interview today with Reuters, new Coast Guard Commandant Thad Allen discussed an item that he intends to have at the top of his agenda: countering the threat from explosive-bearing small boats. From the story:

The United States must close security gaps that could let small boats packed with explosives slip into ports and stage attacks like the one that killed 17 men on the U.S. warship Cole in Yemen, the new Coast Guard chief said on Wednesday.

Adm. Thad Allen, who took over as commandant of the Coast Guard last week, said officials had to do more to help thwart such stealthy strikes, which could cause massive damage to ports, oil facilities, ports, cruise ships or tankers.

"Our own threat analysis and vulnerability analysis tell us there is a significant threat by vessel-borne improvised explosive devices," Allen told Reuters in an interview.

"We haven't put nearly as much thinking in science and technology and (general) thought into the small-vessel threat as we need to, and I think that's where we need to go next."

....As one of his first goals in office, Allen is devising a new security strategy over the next few months which will look at issues such as the small-boat threat, as well as the feasibility of licensing a broader range of boats or imposing exclusion zones around some high-risk areas.

Current shipping regulations, such as the United Nations International Ship and Port Facility Security code and related U.S. Maritime Transportation Security Act, focus on large commercial ships, not the roughly 60 million U.S. recreational vessels.

There is no national registry or national system of operator licensing for recreational boats.

This decision to focus on the small-vessel threat represents a change of tack for the Coast Guard, which has largely focused, at least by all public appearances, on large vessels and seaport facility security. Addressing this threat will not be easy, given the large number of recreational boats in the nation's waterways and their relative anonymity, but I'm glad to see that Allen is not deterred by the challenge. And I'm curious to hear what he has in mind in terms of new technologies that might address this threat. The development of the Nationwide Automatic Identification System will certainly play a role. But many of the technologies that have been developed to address this threat are designed to be used in a military context and aggressively prevent a USS Cole-type attack - but these technologies are not necessarily appropriate in a domestic context. There are a few technologies out there that seem suited for the domestic environment, but a lot more R&D is needed to address this threat.

-- Christian Beckner (cross-posted from Homeland Security Watch)

Homeland Security Cuts for NYC, DC

Just when you thought the Homeland Security department couldn't possibly get any dumber...

The two cities attacked on Sept. 11, 2001, will receive far less antiterrorism money under plans unveiled today by the Department of Homeland Security, which has designated more money for many smaller cities throughout the country.

Washington and New York will receive 40 percent less in urban grant money compared to last year, with Washington dropping from $77 million to $46 million and New York falling from $207 million to $124 million, DHS officials said. The combined total means that the two areas bear almost the entire brunt of a $120 million cut in the overall budget for the program, the statistics show.

Chris Beckner has a more charitable view. But I'm with House Homeland Security Committee chairman Peter King on this one: "This is indefensible."

Border Tech Upgrade?

When I drove into Ft. Huachuca, Arizona last year, one of the first things I noticed was the aerostat lingering above the horizon, keeping track of the Mexican border, just a few miles away. A couple of days later, I visited with a pair of Border Patrol agents, who showed me how their new flying drone had helped them catch illegals crossing into the country. They couldn't wait to get another.

Now, the Times tells us, the Bush administration wants to expand the use of techno-goodies like these along the border -- at a cost of $2 billion.

Lawmakers are skeptical. "We've been presented with expensive proposals for elaborate border technology that eventually have proven to be ineffective and wasteful," Representative Harold Rogers, Republican of Kentucky, said. So are some of my favorite homeland security analysts, like Christian Beckner. He notes that the Border Patrol's Predator B robotic spy plane, which crashed last month, sucked up about $7,808 per apprehension -- compared to a $1,166 per-catch average cost for the rest of the Patrol's budget.

So, clearly, there needs to be big-time oversight of this "Secure Border Initiative" -- especially if companies like Northrop are going to come up with hare-brained schemes like watching for coyotes from 65,000 feet. And, obviously, no technology is going to beat boots on the ground -- trained boots, that is.

But still, I'm inclined to give the administration the benefit of the doubt here. The Border Patrol -- especially in the Tuscon sector, around Ft. Huachuca -- has a nearly impossible job, trying to catch millions of illegals with just a few thousand agents. The least we can do is equip 'em right.

Bush's Border Security Theater

Pres. Bush gave a primetime speech tonight on immigration and border security (here's the full text of the speech, and here's the fact sheet on it). A lot of the speech covered familiar ground for those who have followed the immigration and border security debate closely; but he did provide some new specifics on his plan for border security, the most newsworthy element of which is the proposal to deploy up to 6,000 members of the National Guard on the southern border as a stopgap measure.

Bush discussed this plan in the context of a proposal to increase the number of Border Patrol agents to 18,000 by the end of 2008, from a current level of 12,000. In essence, this proposal is simply fulfilling existing law in the Intelligence Reform and Terrorist Prevention Act of 2004 which mandated a doubling of the size of the Border Patrol over five years. As a stopgap measure leading up to 2008, Bush would deploy a rotation of 6,000 National Guard troops as a temporary measure, commenting in his speech:

One way to help during this transition is to use the National Guard. So in coordination with governors, up to 6,000 guard members will be deployed to our southern border. The Border Patrol will remain in the lead. The guard will assist the Border Patrol by operating surveillance systems, analyzing intelligence, installing fences and vehicle barriers, building patrol roads, and providing training. Guard units will not be involved in direct law enforcement activities -- that duty will be done by the Border Patrol.

This initial commitment of guard members would last for a period of one year. After that, the number of guard forces will be reduced as new Border Patrol agents and new technologies come online. It is important for Americans to know that we have enough guard forces to win the war on terror, to respond to natural disasters, and to help secure our border.

To paraphrase Bruce Schneier, this idea is "border security theater" - a political proposal designed to grease the legislative skids in Congress, but one that will have little impact on border security, and even worse, is operationally flawed and quite likely to be a costly diversion from other border security priorities. Consider the following questions:

1. How are these Guardsmen going to be trained? Guarding and patrolling the border requires many types of specialized training: language skills, driving skills, legal knowledge, cultural training, etc. The Border Patrol currently spends about $160 million per year on training to develop and maintain its skilled workforce. Members of the National Guard have not been trained in many of these areas, nor will they immediately possess the skills needed to conduct the activities outlined in the speech - intelligence, surveillance - in a domestic context. Does it really make sense to train them, and then throw away all of this knowledge after a year?

2. Where are they going to live? Unlike with Border Patrol agents, the federal government will be responsibility for providing temporary housing for members of the National Guard deployed at the border. How much is this going to cost? (Although on the other hand, perhaps we've just found a use for the 11,000 FEMA trailers that are sitting in Hope, Arkansas).

3. Can they communicate with each other? Do the National Guard units and the Border Patrol have the same types of radios and other communications devices? If not, does that mean that this decision requires a massive new investment in equipment that will have short-term value?

4. How do the Border Patrol and National Guard work together? Can two very different organizations be integrated? What is going to be done to prevent organizational clashes between the National Guard and the Border Patrol? How will questions of decision-making and resource allocation be handled?

Overall, this proposal has all the marks of being costly and ineffective. And this analysis doesn't even cover the issue of the National Guard already being overstretched as a result of the war in Iraq and the Guard's disaster management responsibilities, which is also a concern. If border states want to spend their own money sending their National Guard forces to the border, fine. But the federal government shouldn't pay for it. Instead of wasting money on stopgap measures, we should accelerate the increase in Border Patrol agents, technology investment, or what is probably the best bet strictly from a cost standpoint (although detestable for symbolic reasons), building a complete border fence.

UPDATE 05/16/06 12:45 AM: Below are remarks by Sec. Chertoff last December from an interview with Bill O'Reilly on the idea of sending the National Guard to the border:

Chertoff: Well, the National Guard is really, first of all, not trained for that mission. I mean, the fact of the matter is the border is a special place. There are special challenges that are faced there....

Chertoff: I think it would be a horribly over-expensive and very difficult way to manage this problem.

He was exactly right, and still is.

-- Christian Beckner (crossposted from Homeland Security Watch).

UPDATE 05/17/06 9:52 AM: Here's a handy stat, courtesy of the National Security Round Table: 6,000 guardsmen "comes out to one soldier for every mile of border broken down into three 8 hour shifts."

TSA Wants to Pump (Clap) You Up

The Transportation Security Administration is looking for managers to supervise the fitness center in its Pentagon City headuqarters. The request notes that the fitness center currently has only 220 dues-paying members; the annual membership fee is $312/year, which implies that total annual revenue is $68,640. Nevertheless, the request notes that TSA's goal is for the fitness center "to be self-sustaining"...something that won't be easy at that revenue level.

According to this DHS Inspector General report, the initial cost of this fitness center was $650,000. At least that expense was fully vetted by DHS -- as opposed to the contrast with the gym at the Transportation Security Operations Center (TSOC) in Herndon, which, the Washington Post notes, was chastised in the same IG report.

I don't have any objection in principle to government offices having their own fitness centers; it's a good investment to the extent that it increases employee productivity and allows them to utilize their time effectively. But with only 220 dues-paying members at the TSA gym, it needs to be asked: might couldn't they use the Bally's Total Fitness, a block-and-a-half from TSA headquarters, instead?

- Christian Beckner

Watch List Snags Fellow Feds

How bad are the feds' enemy-of-the-state databases? So bad, they can't even keep fellow terror-hunters off their blacklists, Ryan Singel reports.

The Transportation Security Administration's airline screening system "tends to mistake government employees and U.S. servicemen for foreign terrorists," he writes in today's Wired News. "Newly released government documents show that even having a high-level security clearance won't keep you off the Transportation Security Administration's Kafkaesque terrorist watch list, where you'll suffer missed flights and bureaucratic nightmares."

According to logs from the TSA's call center from late 2004 -- which black out the names of individuals to protect their privacy -- the watch list has snagged...

* A high-ranking government employee with a better-than-top-secret clearance who is also a U.S. Army Reserve major...

* An active-duty Army officer who had served four combat tours (including one in Afghanistan) and who holds a top-secret clearance.

* A retired U.S. Army officer and antiterrorism/force-protection officer with expertise on weapons of mass destruction who was snared when he was put back on active-duty status while flying on a ticket paid for by the Army.

Now, I'm sure there have been improvements to the watch lists since 2004. But, as
Justice Department Inspector General Glenn Fine told Congress earlier this week, database managers still "had not ensured that the information in that database is complete and accurate. For example, the OIG found instances where the consolidated database did not contain names that should have been included on the watch list and inaccurate or inconsistent information related to persons included in the database."

The OIG's June 2005 report offered 40 recommendations to the TSC [Terrorist Screening Center] to address areas such as database improvements, data accuracy and completeness, call center management, and staffing. The TSC generally agreed with the recommendations and in some cases provided evidence that it has taken action to correct the weaknesses that the audit identified.

Since issuance of the audit, the TSC has initiated a record-by-record review of the terrorist screening database to ensure accuracy, completeness, and consistency of the records. TSC staff informed the OIG it is focusing first on the records deemed most important. According to the TSC, review of the entire database, which contains more than 235,000 [uh, make that 325,000] records, will take several years.

UPDATE 9:57 AM: Slashdot sez, "The Guardian newspaper has a great story about how the gathering of information for 'anti-terrorist' passenger screening databases allowed a reporter and security guru Adam Laurie to lay the groundwork for stealing the identity of a business traveller by using his discarded boarding-pass stub."

Top G-Men: Terror Ignorance is Bliss

A few weeks back, I wrote about the seemingly unshakeable culture of technophobia at the FBI -- and how nearly a third of Bureau employees still don't have e-mail accounts, as a result.

But that's not the only bad habit that the G-Men are having trouble breaking. As Jeff Stein reports in his must-read CQ Weekly cover story, there's still a willful ignorance about terrorists and their methods -- even at the FBI's highest levels.

Now listen to the testimony of Gary M. Bald, the FBI’s top counterterrorism and counterintelligence official, in a legal deposition last year. Questioned under oath in a whistleblower lawsuit brought by an Arab- American FBI agent, Bald was asked whether he knew the difference between Sunni and Shia, the two strains of Islam at war with each other as much as with the United States.

Bald waved off the question. “You don’t need subject matter expertise,” he said. “The subject matter expertise is helpful, but it isn’t a prerequisite. It is certainly not what I look for in selecting an official for a position in the counterterrorism [program].” In other words, he didn’t know the answer: that a 1,400-year-long schism over who should lead Islam, originating in fierce succession battles after the death of Mohammed in 632 A.D., is still being played out between nuclear aspirant and Shi’ite Iran and Sunni Saudi Arabia, not to mention the armed factions battling for control of U.S.-occupied Iraq. The religious passions that drive the different branches of the Islamic world — and the fervor that leads some to violence against the West — was not on his radar screen.

Nor could Bald, or other top FBI counterterrorism officials questioned last summer, explain the web of relationships of Osama bin Laden and his al Qaeda terrorist organization with other key fundamentalist figures and groups…

hat its techniques for recruiting informants change on the basis of a person’s ethnic background, culture or language, according to testimony by John E. Lewis, another top counterterrorism official at the bureau. “It doesn’t make any difference whether somebody’s from the Middle East or a white supremacist or from Australia,” Lewis said, meaning that Middle Eastern terrorists rat out their brethren for the same reason Klansmen do: for money, revenge and disenchantment with the cause.

That the FBI’s American recruits spoke the Klan’s language in Mississippi and understood its culture and politics was not seen as any kind of special advantage that’s being lost in the battle against foreign terrorists. Under further questioning, Lewis also admitted that he had no previous counterterrorism experience himself.

UPDATE 1:48 PM: "The salient fact is that, approaching five years after 9/11, we still do not have a domestic intelligence service that can collect effectively against the terrorist threat to the homeland or provide authoritative analysis of that threat," John Gannon, a former CIA Deputy Director for Intelligence, told the Senate Judiciary Committee today. "It is not enough to say these things take time. It could not be clearer from the Intelligence Community’s experience over the past 25 years that it is extraordinarily difficult to blend the families of intelligence and law enforcement, and that the Bureau’s organizational bias toward the latter—for deep-seated historic reasons--is powerful and persistent."

Read more testimony here.

loving the bomb detector pt. 2

Vehicle and Cargo Inspection Systems (VACIS) do more than scan cargo entering the borders. "There are a large number of our products deployed to military bases where they are concerned about sensitive material entering or leaving certain facilities," says SAIC executive Terry Gibson.

Mr. Gibson wouldn't reveal whether these bases include FOBs in Iraq or Afghanistan but the move towards non-intrusive inspection (NII) technology has been underway at the larger facilities since 2004. In January of that year Central Command requested twelve Mobile Vehicles Inspection Systems (MVIS) platforms for Iraq and four for Afghanistan. And with good reason: MVIS platforms like the Mobile VACIS greatly improve the quality of checkpoint searches (especially at night) while reducing the risk to soldiers.

--Geoff Edwards, crossposted at Eephus.

How I Learned to Stop Worrying and Love the Bomb Detectors

Hey, everybody -- say hi to Geoff Edwards. He's a former Army medical service officer, an Iraq veteran and a grad student in urban policy at Georgia State University. He's also a new single-issue blogger focusing on trafficking at www.eeph.us. Give him some clicks to thank him for this post, okay?

When undercover teams from the Government Accountability Office (GAO) used rental cars to smuggle nuclear material into the United States last December, it wasn't because they foiled detection technology. Instead they used phony shipping documents, ”the fake ID of traffickers worldwide”, to slip past human inspectors alerted to the nuclear material by radiation portal monitors (RPM).

Given seemingly effective radiation monitors and ineffective document verification systems, it's no surprise that a GAO report released last month warns that the deployment of the former has fallen behind schedule. "As of December 2005," the report states, "DHS had deployed 670 of 3,034 radiation portal monitors -- about 22 percent of the portal monitors DHS plans to deploy." In order to meet the program's goals by the September 2009 completion date, "monthly deployments would have to increase by almost 230 percent." At the current pace, Customs and Border Protection will install the final RPM sometime in late 2014. By then the current generation of portal monitors will be ineffective against the ingenuity of rapidly adaptive traffickers. But are they effective now?

When available, yes.

SAIC produces the most effective solution in current use, the Integrated Container Inspection System (ICIS). ICIS brings together several complementary technologies including an RPM and a gamma ray imaging system known as VACIS, which produces a clear radiographic image of a container's interior.

This image is often overlayed with container information gathered by the RPM. "By fusing the information from the two devices together, we get a lot of helpful data," explains SAIC executive Terry Gibson, "It takes a whole lot of lead shielding to prevent the RPM from finding nuclear material and the VACIS will find that shielding for us."

ICIS is the architecture that allows information about the container to be put together like this. But once all the information is assembled, a skilled human operator still needs to examine the shipping manifest for discrepancies. For instance, she might see that tennis shoes are on the manifest but the radiographic image shows a container full of watermelons. Bam, the container receives a secondary inspection.

In another container the RPM may detect the signature radiation for Cobalt-60, a potential dirty-bomb ingredient. If the container manifest declares medical waste and the VACIS image indicates medical waste, the customs officials might decide there is no reason to inspect the container since Cobalt-60 is commonly used to sterilize medical equipment.

And don't get me started on bananas.

So should we worry? Well, yeah. Uranium, the baddest of radioactive materials, emits gamma rays that are easily absorbed by wood shielding, making it almost undetectable to current technologies. New devices such as those using Passport Systems' nuclear resonance fluoresce imaging (NRFI) will detect contraband at the elemental level. It's virtually impossible to hide uranium in a container that will eventually be sifted through, atom by atom.

The Department of Homeland Security is watching. Last year it awarded Passport Systems a $1.6 million research contract to further develop NRFI technology.

--Geoff Edwards

Drones Over L.A.

Whadya get when geek diva (and Defense Tech shooting partner) Xeni Jardin meets up with exotic weapons godfather Sid Heal? Well, that's when then drones start flying over L.A.

For years, Sid, a commander in the L.A. Sheriff's Department, has been pushing novel means for fighting crime and controlling crowds. We're talking everything from super sonic blasters to slippery foams. Naturally, he's into UAVs, too. "Just this week, the [LASD] began using a drone called SkySeer for rescue operations and tracking 'persons of interest' during foot pursuits," Xeni writes.

On board the SkySeer's four-pound body is a GPS tracking system and tiny cameras that shoot digital video, then send it wirelessly back to the ground. Heal says the plan is to send that footage back to a networked command and control center, where deputies can monitor the footage remotely. Video may also be introduced as evidence in criminal trials.

Check out Xeni's pics from the scene, and her radio report of the meet-up, too.

Federal Bureau of Luddites

Most of you have probably heard about the FBI's technology problems: The field offices that still aren't connected to the 'Net. The 8,000 employees who don't have fbi.gov e-mail addresses. The case management database that's straight out of the leisure suit era.

But what's not as widely known is why the bureau is so behind the times. The big culprit is FBI culture, it turns out. Until very recently, being computer-savvy hasn't been considered much of an asset in the FBI, and clues were something you kept to yourself.

My story in Slate explains. Check it out -- it's my first one for 'em.

UPDATE 6:03 PM: Slate is more of an essay-driven operation. So I didn't get to use some of the juicier quotes that I squeezed from folks in researching this story. Here are a few:

*"Compar[ing] with the FBI is like comparing the Neanderthal system of 'one bang club on cave mean yes, two mean no,' to the futuristic Star Trek vision of intergalactic communications that transcend time and distance. If Captain Kirk found himself in... the FBI headquarters building in D.C., he surely would tap the communicator on his chest with the comment 'Scotty, beam me up, there is no intelligent life in this rectangular cave.'"
-- former NSA officer

* "Guys would write their notes on legal pads, and lock them in a safe at night when they went home."
-- former FBI agent

* Every SAC [Special Agent in Charge of an FBI office] is his own king. And they don't like people from other divisions coming into their kingdoms... If I'm working on an L.A. case, and I've got leads in Chicago, the attitude is, 'Why Go?' Everyone gets tied in knots."
-- former FBI agent

* "Everything the Bureau has been talking about, they’ve had here for years... You can’t believe how far ahead they are here."
-- U.S. Strategic Command analyst, formerly with the FBI.

(And before you ask: Yeah, I talked to current agents, too. They just weren't as snarky as the exes.)

Highway Watch Revisited

As I mentioned the other day, over the next couple of weeks, a bunch of new voices are going to join the chorus here at Defense Tech. The first to take a solo is IBM homeland security analyst Christian Beckner, who runs my favorite domestic defense blog, Homeland Security Watch.

Since 9/11, there's been a ton of attention paid to airport security. The job of locking down ports and rail yards has drawn attention, too. But what about trucks? After all, truck and car bombs have long been terrorist favorites. That's the topic Christian takes on in his first post.

Fleet Owner magazine has an article today that interviews the departing director of the American Trucking Association's Highway Watch program, cites the program's accomplishments, and highlights some of the challenges that it faces:

To date, Highway Watch has trained nearly 250,000 transportation professionals to identify and report emergencies and suspicious activities. [Don] Rondeau noted that although many large carriers have been trained and developed security protocols, he believes vulnerabilities remain in many medium and small trucking companies.

"I think that it will be difficult but we must do it," Rondeau said. “We have to recognize that the owner-operator and the mid-sized trucking companies make up the bulk of the industry. They make up a significant portion of the risk associated with any potential event. If you’re a bad guy would you take advantage of a large corporation, or a guy that’s driving in his office? At the end of the day…we’d be remiss if we didn’t make sure that all members that are elements of the transportation sector could harden their security."

I agree that these are real risks. The security of an open system like trucking is in a sense only as good as its weakest link. That's why I worry that we haven't done enough to secure the trucking sector, especially hazmat trucks, and the 770,000 shipments of hazardous materials that are moved on trucks each day. As I noted in a post in December 2005, the only two significant things that DHS has really done on trucking security are fund Highway Watch and conduct background checks on hazmat drivers. And while useful, that is not enough.

Does the trucking sector need the same degree of security as the aviation system? Absolutely not, since the threats and consequences are different, and the system is inherently difficult to protect. But we know that terrorists have used trucks dozens of times to carry out attacks. MIPT's terrorism database includes 432 incident documents that include the word "truck." And we know that there are scenarios where a truck can be used to cause substantial damage, both from painful experience and from hypothetical scenarios such as an intentional BLEVE. (See this video of an accidental LPG tanker truck BLEVE).

The threats and needs for trucking security are without a doubt greater than the level of funding that DHS has provided to address them. Instead, the DHS FY 2007 budget request shows little interest in trucking security; funding for Highway Watch (via the trucking industry security grant program) is nowhere to be found, and the TSA wants to eliminate funding for a hazardous materials truck tracking pilot project which is funded at $4 million this year. And there are no new initiatives to supercede these programs, as far as I can tell.

More thought needs to be given to a strategic, layered approach to trucking security - one that has a role for Highway Watch, but doesn't end there, and includes activities such as better training and enhanced information-sharing for state Highway Patrols, incentives for the voluntary inclusion of security tools in truck telematic systems, a more direct role for security investment in the Intelligent Transportation Systems funding stream, and integration with air and maritime security activities.

-- Christian Beckner, cross-posted from Homeland Security Watch.

No I.D.? No Sweat!

You know all those people at the airport who tell you that you've got to have ID to get on a flight? They're wrong. "You don't need identification to travel on an airplane," Defense Tech pal Ryan Singel discovers.

"Who says? The TSA [Transportation Security Administration]. 'Passengers are allowed to enter screening area without identification,' TSA spokeswoman Amy Kudwa told this humble reporter today."

The TSA has told the [U.S.] Ninth Circuit [Court of Appeals] in two separate cases (John Gilmore & Daniel Kuualoha Aukai) that airport policy was to let people enter security areas without identification.

Gilmore's Identity Project has been asking for volunteers to see if that was true... [if people really could get through airport security without ID.]

Results, currently mixed. Dog-ate-my homework excuse with contrition gets you less hassle than a flat-out refusal seems to be the pattern, according to folks at the I.D. Project.

So, if you want to fly without identification without telling any white lies, I recommend taking a hearty amount of fortitude and a copy of at least one of the rulings from the Ninth Circuit.

(Big ups: Bill)

Chameleon Weapons Defy Detection

Since 9/11, all kinds of new technologies and new techniques have popped up for detecting concealed weapons.

But they won’t catch everything; far from it. Last week I talked to Anthony Taylor, managing partner of an outfit which makes weapons which can be hidden in plain sight. You can be looking right at one without realizing what it is.

One type is the exact size and shape of a credit card, except that two of the edges are lethally sharp. It's made of G10 laminate, an ultra-hard material normally employed for circuit boards. You need a diamond file to get an edge on it.

Taylor suggests that the card could easily be camouflaged as an ID card or one of the many other bits of plastic that clutter up the average wallet. Each weapon is individually handmade so they can be tailored to the user’s requirements.

Another configuration is a stabbing weapon which is indistinguishable from a pen. This one is made from melamine fiber, and can sit snugly inside a Bic casing. You would only find out it was not the real thing if you tried to write with it. It's sharpened with a blade edge at the tip which Defense Review describes as “scary sharp.”

I asked about more elaborate weapons. If modern synthetic materials are strong and hard enough to make a knife out of, how about a gun, like the non-metallic gun assembled by John Malkovich’s assassin character in In the Line Of Fire? According to one gun magazine, the CIA has had a ceramic handgun firing caseless non-metallic ammo for years.

Taylor certainly doesn’t rule out such a weapon, but points out the obvious flaw: how do you disguise it? Even a ceramic gun still looks like a gun, and anyone patting you down will find it. (James Bond fans might remember the golden gun used by Scaramanga which broke down into a fountain pen, cigarette case and lighter, but this is pure Hollywood fantasy)

In the real world, Taylor is more interested in supplying something that undercover narcotics agents can carry as a last-ditch weapon. In that sort of situation it can make the difference between life and death. And if you’re thinking of buying one, you should know that he only sells to law-enforcement and government agencies. This policy has him cost a lot of business, but being from a law-enforcement background himself, Taylor is not about to help the other side.

Of course there could be someone out there manufacturing chameleon weapons for the bad guys. That’s why some of Taylor’s business is with the various government agencies both in the US and in other countries whose job it is to detect such things, and who want to see the state of the art.

So how do you prevent someone from taking this sort of weapon through security checks? “Take everything off them and examine every item individually,” advises Taylor. “That’s the only reliable way.”

-- David Hambling

PS My book Weapons Grade is coming out in paperback next week! More later.

UPDATE 12:28 AM: The FBI's extensive Guide to Concealable Weapons has 89 pages of weapons intended to get through security. These are generally variations of a knifeblade concealed in a pen, comb or a cross - and most of them are pretty obvious on X-ray.

Chem Plant Security Gets Serious

There are 15,000 chemical plants scattered around the country. A third of them are near major population centers. The estimated casualty counts if any of them were struck are utterly catastrophic. And there's no federal plan -- not even federal guidelines -- to secure these facilities. The chemical industry has been "reluctant to accept... security requirements" from Washington, Global Security Newswire notes. And, for the longest time, Washington didn't want the power to do so. "Unlike EPA, for example, which requires drinking water facilities to improve their security," notes a recent Congressional report, "DHS [Department of Homeland Security] does not have the authority to require chemical facilities to assess their vulnerabilities and implement security measures."

But there's been an "unusual turnabout by the Bush administration," the Times reports. "It is now lobbying for regulations that senior administration officials worked privately to block shortly after the 2001 attacks, saying then that voluntary measures would be sufficient."

In his speech Tuesday, at a forum sponsored by George Washington University and the American Chemistry Council, a trade group, [DHS secretary Michael Chertoff] said the regulations should be most stringent for plants that, because of the amount and danger of their chemical stockpiles or their proximity to urban areas, pose the greatest risks.

But he said the nation should have uniform standards, strongly implying that states should not be allowed to adopt their own rules, as New Jersey did late last year, particularly if those rules were more stringent.

He also said private-sector, "third party" inspectors could check on compliance, similar to the way accountants certify corporate financial compliance for the government.

Chertoff used the speech to endorse a chemical security bill, backed by Senator Susan Collins, that's currently making its way through Congress. According to IBM homeland security analyst Christian Beckner -- who's my go-to guy on these matters -- it's "sensible legislation that requires all parties to make compromises and can deliver the level of security that we need."

That is, if it can get passed. Beckner "walked away from the event feeling less confident about whether the key parties are actually ready to actually make these compromises, or whether they would rather hold out for legislation that meets more or all of their key demands."

Hopefully my gut intuition is wrong here, and we will instead see a sensible compromise in the weeks ahead and a bill signed into law in the next few months. Any failure to move forward on this legislation is unacceptably dangerous for our national security.

UPDATE 10:22 AM: Read the AP's account of Chertoff's talk, and you'll get the feeling that the wire service's reporter was at an entirely different speech.

He said the government would not set minimum standards for chemical companies to follow, allowing the industry to tailor its own "so we can go about the objective of raising our security in a way that doesn't destroy the businesses we're trying to protect."

"There are a lot of ways to skin a cat, and we're going to let chemical operators figure out the right way, as long as the cat gets skinned," Chertoff said...

Critics said the proposal relies too much on the chemical industry to police itself.

"It's a lot like putting a 'Beware of dog' sign out in the yard but not actually buying a guard dog," said Rep. Edward J. Markey, D-Mass. He said federal regulations should spell out minimum protections against different kinds of terror attacks, adding that the use of outside auditors was like "having the private sector grade the industry's homework."

Katrina Smoking Gun (or Not)

Remember when the President said he didn't think "anybody anticipated the breach of the levees"? Never mind.

"In dramatic and sometimes agonizing terms, federal disaster officials warned President Bush and his homeland security chief before Hurricane Katrina struck that the storm could breach levees, put lives at risk in New Orleans' Superdome and overwhelm rescuers, according to confidential video footage" obtained by the AP.

Bush didn't ask a single question during the final briefing before Katrina struck on Aug. 29, but he assured soon-to-be-battered state officials: "We are fully prepared."

The footage - along with seven days of transcripts of briefings obtained by The Associated Press - show in excruciating detail that while federal officials anticipated the tragedy that unfolded in New Orleans and elsewhere along the Gulf Coast, they were fatally slow to realize they had not mustered enough resources to deal with the unprecedented disaster.

Watch the tape, if you can. It's absolutely gut-wrenching.

UPDATE 10:45 PM: Some of you are already asking, "What does Katrina have to do with defense?" It's pretty self-evident to me. But click here for an explanation.

UPDATE 03/04/06 5:09 PM: The AP issued this clarification to the story yesterday:

In a Wednesday story, The Associated Press reported that federal disaster officials warned President Bush and his Homeland Security chief before Hurricane Katrina struck that the storm could breach levees in New Orleans, citing confidential video footage of an Aug. 28 briefing.

The Army Corps of Engineers considers a breach a hole developing in a levee rather than an overrun. The story should have made clear that Bush was warned about floodwaters overrunning the levees, rather than the levees breaking.

The day before Katrina, Bush was told there were grave concerns the levees could be overrun.

It wasn’t until the next morning, as the storm made landfall, that Michael Brown, then head of the Federal Emergency Management Agency, said Bush had asked about reports of breaches. Bush did not participate in that briefing.

To me, the "top" versus "breach" argument is largely semantic; what matters here is that the folks at the top were told in advance how bad Katrina was looking. But, check out the comments, and you'll read a lot of people telling you otherwise.

DHS Budget, Broken Down

Homeland security analyst Christian Beckner obviously didn't sleep too much last night. Or he played hooky from his day job. Or both. Those are the only explanations I can come up with for the exhaustive, five part analysis he put together of the DHS budget, just 18 hours after the thing was released.

Border security was the biggest "winner," Christian tells us. Domestic nuclear detection gets a bunch more cash, too. Click through the links to see how DHS local grant programs, infrastructure protection, and analysis and operations did, too.

UPDATE 02/08/06 11:11 AM: Now he's got breakdowns of the aviation and maritime security budgets, too.

Northcom Negs New Powers

After the Katrina debacle, there was a need for action -- or, at last, a need for the appearance of action. So President Bush went down to Jackson Square in New Orleans, and "called for a vastly expanded military role in disaster relief, including 'reconsideration' of a century-old law banning the active-duty military from law-enforcement duties," Defense Tech pal Spencer Ackerman notes in this week's New Republic.

That law, the Posse Comitatus Act (PCA) of 1878, is widely considered to be a cornerstone in the development of U.S. liberty. Enacted after Reconstruction, when much of the South was under military occupation (and federal troops monitored political rallies and stood guard at polling places), it sought to prevent any subsequent use of the military to perform traditional police duties.

There's a number of strange things about Bush's request to reconsider PCA. First off, "there's no evidence that the PCA had anything to do with the administration's bungled response to Hurricane Katrina," Ackerman observes. Second, there doesn't seem to be anyone in the military's upper echelons who thinks PCA is getting in their way.

When I asked Bush's senior Pentagon official for homeland defense, Assistant Secretary Paul McHale, whether the PCA is a relic of an outmoded era, he immediately responded "absolutely not." And, last week, Admiral Timothy Keating, who heads U.S. Northern Command, told The New York Times that "I'm not at all convinced that we need to go back and revise Posse Comitatus..."

The real obstacle to more effective disaster relief isn't the PCA; it's the composition of the military itself. Three years after its establishment, NORTHCOM -- the regional military command responsible for the continental United States -- still doesn't have much in the way of designated military assets, such as aircraft or ships, that can facilitate rapid deployment of troops or civilian aid workers in the event of a catastrophic disaster. (To his credit, Keating is working on a plan to create a rapid-response active-duty force to assist Guardsmen in a domestic crisis...)

"If we expect [Defense] to arrive on the scene in large numbers 24 hours after an event," says McHale, "we're going to have to significantly alter our force structure, training, and equipping of this department, and significantly reduce our expectations of response normally tasked to state and local governments under our federal system."