Adfero Group HSPI

Security Debrief contributor Rich Cooper is in Colorado for the Aspen Security Forum. Admiral Michael Mullen, the Chairman of the Joint Chiefs of Staff, provided the forum’s opening remarks. Here’s what Cooper told Government Security News after the Admiral’s talk.

It is perhaps poetic that many of the “successful” cyber criminals can be and are being hacked in the same ways they attack their legitimate targets. We tend to attribute near god-like cyber powers to these miscreants, when in reality, they write into their software the same kind of weaknesses that they are so good at exploiting. One wonders why law enforcement is not doing more “reverse hacking.” In the same way cops “sting” drug dealers, unscrupulous government officials, and other criminals, they should be attacking cyber criminals.

Earlier this week, the House Homeland Security Committee marked up the WMD Prevention and Preparedness Act of 2010 in an effort to implement recommendations from the Commission on the Prevention of Weapons of Mass Destruction Proliferation and Terrorism (the so-called Graham-Talent WMD Commission). Despite the clearly recognized threat of another terrorist attack on U.S. soil, congressional leadership still had not recognized that its failure to defragment congressional oversight of homeland security matters is contributing to our lack of preparedness for when this attack occurs. Shame on them if they don’t pay attention to the warnings from Representatives Bill Pascrell (D-NJ) and Peter King (R-NY) at the time of the WMD bill markup.

This morning by voice vote, the US Senate confirmed the nomination of John Pistole to be the next Administrator of DHS’ Transportation Security Administration (TSA). In what has been a grueling odyssey for everyone involved, from former nominees and their families, the White House Office of Personnel, US Senate Members and staff, the people of TSA, and many more, permanent leadership is now in place at TSA.

The domestic market for homeland security products is quite different than for defense products. While the Department of Defense completely controls the latter, the homeland security market is very fragmented. Recognizing the fragmented nature of the market, DHS’s Commercialization Office created an innovative “commercialization process” to help the private sector develop and sell homeland security products. While not a panacea for every company, the commercialization process can play a critical role for some companies and products.

In what I can only call a solid piece of researched commentary, Dan Kaniewski of GWU’s Homeland Security Policy Institute and Jim Carafano of the Heritage Foundation have put together a great article, “Flooded with Help – But Still Flailing” on the forgotten and unlearned lessons of Hurricane Katrina and how they are impacting the on-going Gulf Oil Spill. Give it read and I guarantee you that you’ll shake your head in frustration. But it’s truth that must be faced if we are ever going to improve how we deal with disasters when international assistance is offered to us.

Cyber Crime comes in lots of flavors. It is diverse, sophisticated and expanding everyday. It includes Internet fraud, online banking fraud, a highly developed cyber underground, a growing number of targeted areas, and the “advanced persistent threat,” a term that until recently was classified. It is almost impossible to accurately determine the “cost” of cyber crime, but if we do not get hold of this threat, we are in deep trouble.

The Supreme Court decision this week defining and clarifying “material support” as it relates to aid to designated terrorist organizations is a huge victory in this continuing war. In a 6 to 3 decision, the Court rejected a First Amendment challenge from humanitarian aid groups claiming the support is intended to move the terrorist groups toward peaceful and legal activities. The Court ruled that such support was illegal even if its intention was to support “non-violent” elements within such terrorist organizations.

Before a packed audience at CSIS, DHS Secretary Janet Napolitano delivered what can only be described as a pointed and aggressive defense of the Obama Administration’s border security efforts. The Obama Administration rolled out their most experienced border expert to take on its critics and declare what had been done. Pointedly saying, “the numbers tell a story and don’t lie,” the Secretary detailed increases in border patrol hiring and deployments, increases in enforcement and deportations, and in technology deployments. The numbers were impressive and they do tell a positive story, but sitting in the audience, I and a number of other attendees noted that many of the investments and numbers she heralded were initiated by her predecessor, Michael Chertoff and the previous Administration. The “facts also tell a story.”

At day two of the AFCEA STRATCOM Cyber Security Symposium, I was a member of the Industry Panel. I took a breath and issued my challenge. Our moderator had asked each of the four panelists to make brief opening remarks on the state of industry in the cyber security issue space and to end with a “memorable” bumper sticker. It was my turn to make opening remarks. I went with my strong suit: directness, passion and leadership. I issued a challenge directly to Commanding General of StratCom with the bumper sticker “Make the Public-Private Partnership Real.”

By Bob Connors
The 9/11 Commission found that the Private Sector wasn’t adequately prepared to respond to or recover from a catastrophic disaster, and DHS officially launched the Private Sector Preparedness Program. There are many opinions about whether a voluntary private sector preparedness certification is necessary. The thought of business continuity/crisis management (private sector preparedness) being “regulated” through standards makes practitioners shudder, but it’s been my experience that many companies believe they have adequate preparedness programs in place, but truly aren’t ready for a significant incident (and may not even know it).

As every person knows, words have consequences. They can raise someone up or tear them down. Depending on how they are used, words can change the meaning and significance of events. They can also ruin someone’s career, and the past days and weeks have given us example after example of just that. In each of these instances, prominent people have essentially opened their respective mouths and inserted their feet with such speed that everyone around them is in a collective gasp of shock, saying, “What did you say?” When the wrong words are used in moments of stress and crisis (e.g., Gulf oil spill, Afghanistan conflict), the consequences can be grave.

Folks who want to ruin their lives have the right to do so, I guess. More of us have probably come closer than we’d like to admit. But we don’t have the right to ruin the lives of others — especially children, who aren’t given the chance to make their own decisions in life and must suffer the awful choices made by others. And that’s what the Legalization Lobby – comprised of those who want to legalize drugs in America – fails to understand.

Leaders at every level of government continue to ignore the obvious, and dare I say, “inconvenient” truth about water: We need to raise rates. Either that or get used to being thirsty, stock up on Pepto-Bismol, and get ready for a mean tutorial on what Cholera feels like. U.S. water systems are the best in the world, but the fight to maintain water quality may be lost if utilities remain hamstrung by requirements to under charge for services.

A couple weeks ago, air cargo industry representatives came together in Washington, DC, to hold an informational roundtable on the upcoming Congressional deadline mandating that 100 percent of all cargo carried on passenger aircraft be screened for explosives. Talking with the aviation security leaders who participated in the roundtable, we delivered the message that time is of the essence, and over 10,000 people logged on to view the webcast. TSA has seen applications for CCSP quadruple over the last month, and industry participation will determine the viability of the voluntary CCSP. But if industry fails or refuses to participate, it can expect a boot on its throat in the not too distant future.

After what can only be described as months (if not years) of delays, bureaucratic inertia, internal turf battles and outright bewilderment if the program would ever finally come to be, DHS formally released its selected standards for the voluntary private sector program. Whether because of bureaucratic exhaustion or because they couldn’t find another reason to delay it, the formal announcement about the standards has finally been made. It is long past due. While there is no surprise as to the selected standards, given they were identified more than a year ago, the fact that it has taken this long to formally issue them is a powerful message by itself.

At the Defense Daily Cyber Summit today, Dawn Meyerricks, Deputy Director for Science and Technology at NSA stated without hesitation that cyber security is NOT the same as Information Assurance (IA). Many of us gave her hearty “amens.” Meyerricks made numerous other important points, and when questioned on differences between government agency perspectives on cyber, she said differences between various experts were in dire need of resolution.

By Michael T. Dougherty
It is an open question whether Congress will address comprehensive immigration reform legislation this year or find time to work on smaller immigration packages such as the DREAM Act or AgJOBS. Immigration reform poses many difficult issues for Congress, and if any legislation includes a pathway to citizenship for some or all the 10.8 million illegal immigrants that DHS estimates reside in the United States, Congress should ensure that U.S. Citizenship and Immigration Services has the resources that it needs to promptly and accurately enroll that population.

If you can’t see a threat, or describe it in terms that the average person can understand or appreciate, is it really a threat? That was the challenge put before 200+ scientists, physicists, meteorologists and other very technical specialists at the Space Weather Enterprise Forum. This highly unique assembly gathered to discuss the emerging concerns regarding increasingly dramatic changes in our universe’s space weather. This is not about meteor showers, alien invasions or Texas-sized asteroids colliding with the Earth; it is about how our sun and planet interact with one another.

By Steve Serrao
Having visited and worked in many fusion centers across the nation, I often wonder how much attention is given to a basic question: Are we conducting analysis or not? The answer to the question of whether the centers conduct analysis varies widely, and it is partly dependent on whether the fusion center’s goal is to provide strategic-intelligence analysis or serve as a tactical operational data-sharing operation. Fusion centers that have decided to perform both data fusion and analysis need the appropriate staff and resources assigned. There must be a division of analytical labor.