Adfero Group HSPI

The images from Hurricane Sandy are jaw dropping. From flooded subway stations, waterfalls into the Ground Zero area, destroyed piers, boardwalks and homes, Hurricane Sandy – “The Frankenstorm” – was a big one that Mid-Atlantic States, New Jersey and NYC have long feared. Right now, we don’t know the full costs in lost lives or destroyed infrastructure and homes, but we do know this – it’s going to take some time to get things back to any sense of normal in the affected regions.

Senate Majority Leader Harry Reid and his congressional colleagues’ proposed Cyber Security Act of 2012 is the wrong solution for America’s cybersecurity problem. The split is not between Democrats and Republicans; it is between competing views of the way to better security. The main reason these efforts are wrong is that they are based on a regulatory model. This sort of solution is a 19th-century answer for a 21st-century problem.

Many companies are examining the possibility of switching to Bring Your Own Device (BYOD) as a method of significantly reducing their IT infrastructure capital costs. Here is but another example of how short-term versus strategic thinking is creating havoc in American business. The dangers associated with BYOD far outweigh the short-term benefits. Convenience and a perception of cost reductions appear to again be trumping sound security practices.

The White House’s 2009 Cyber Review estimated the loss of intellectual property from companies as a result of cyber-based hacking in 2008 alone exceeded $1 trillion in value. FBI Director Mueller said in 2009 that his Bureau was aware of 3200 Chinese front companies operating in the United States. Kudos to House Intelligence Committee Chairman Mike Rogers for telling the American public about the significant efforts of countries like China to utilize every means available to spy on American companies – something the National Economic Security Grid has designated as the “Advanced Persistent Asymmetrical Threat.”

After twenty years of rapid growth, we now stand with an unregulated and uncontrolled Internet vulnerable to attack and disruption from anywhere and by anyone on the planet. We have minced around the edges of doing something about this essential part of our daily lives for years. The time has come to declare reality. It is a public utility. It affects all Americans lives. It needs to be regulated by the government.

On the day before the Labor Day weekend, the White House released the President’s latest “National Preparedness Month” Proclamation. Like last year’s, the proclamation employs the term “resilience.” Yet, the White House remains unwilling to act to establish resilience as the nation’s preparedness objective and daily operating condition. Rhetoric is not results.

In a recent op-ed, Christine Todd Whitman, the former head of the EPA, proposed greater regulation of the U.S. chemical sector because the current regulations aren’t working. Gov. Whitman is right on one thing: the current system isn’t working, but it is not because of a lack of regulation. Chemical companies have tried, but DHS isn’t keeping up

Yesterday, the New York Times ran an editorial by Christine Todd Whitman, titled “The Chemical Threat to America.” In the op-ed, the author calls on the Administration to expand and implement chemical security regulations in the water sector as a means to protect America. She advocates that the federal government should be able to mandate chemical processes and force water systems to use so-called Inherently Safer Technologies. Ms. Whitman is smart and capable, but on this issue she is wrong, wrong, wrong.

Like most Americans, I found the news this weekend of the passing of Neil Armstrong saddening. An immensely private man, Armstrong’s accomplishments are the stuff of jaw-dropping legends. Yet, I was disappointed as I drove into Washington this morning, noticing that none of the U.S. flags were at half-staff. Here’s a guy who took our flag and planted it on the surface of the Moon, and now we’ve forgotten him by ignoring the very simple honor of flying the flag at half staff.

The Smart Grid is the way of the future in electricity management, but it also presents cybersecurity challenges. A recent report on Smart Grid Cyber Security from the Government Accountability Office cautioned against using regulation to bolster security. There is a “default setting” on businesses and government entities that seems to drive them toward regulatory solutions. It is a harmful tendency in our modern world, and it is not the right approach for improving U.S. cybersecurity.

The Aspen Institute’s Security Forum, held at the end of July, proved why it has become, in only three years, a “must-attend” event for those of us working in the homeland and national security space. The four-day program was packed with insight from leading thinkers and past and present policy makers and influencers on the subject of national and homeland security. There was not a single bad panel, but three sessions stood out in my mind as being a slight cut above the rest.

I recently wrote a piece for the Washington Examiner’s monthly education section. Using the recent East Coast storms as an example, I highlight how education can make the nation more resilient for future disasters.

With the recent heat waves and storms that have impacted millions of people throughout the United States, much is being written about the nation’s inability to prevent and recover quickly from destructive events. I am not yet ready to start placing blame – there are lots of things I should have done to be prepared. Individual responsibility leads to community preparedness. Here are some thoughts the disruptions bring to mind.

A week ago, with a heat wave bearing down on the eastern United States, heavy storms left millions of homes without power, mine being one of them. Homeland security has morphed from being just about protecting the homeland from madmen to something more like civil defense, which includes protecting critical infrastructure. While we seem to be doing OK against the most egregious threats, our vulnerability to infrastructure disruption remains a problem. We need no more excuses about how bad the thunderstorms were; we have a problem that makes us vulnerable.

Information travels through America’s cyber networks at the speed of light. The legislation that will be used to govern some aspects of network security is traveling at the speed of bureaucracy. The Senate has been debating two cybersecurity bills that will impact U.S. cybersecurity standards, but whatever Congress eventually decides, the onus is on U.S. citizens and businesses to step up their individual security efforts.

One issue that receives too little public attention is the blatant use of hackers by China to steal U.S. intellectual property, defense technology, and other data critical to national security and competitiveness. China is one of America’s biggest competitors, and they (hackers, Chinese corporations and the Chinese government) clearly have no problem penetrating U.S. public and private sector networks to leapfrog over the years of hard work and innovation. Are we not outraged?

By Rob Strayer
Two hundred years ago today, the United States declared war against Great Britain, beginning the War of 1812. At that time, the British Navy was the aggressor, boarding U.S. commercial vessels. Today, the United States faces a digital threat to its national security and commercial interests. Like their nineteenth century counterparts conducting flagrant piracy on the high seas, cyber attackers openly and notoriously exploit U.S. commercial networks. How does the United States develop a national cyber security policy that is tailored to the problems that private sector companies face (avoiding the mistakes of 1812)?

I’ve been writing about the use Predator UAVs and their exorbitant cost for some time. It would seem there are many far better (and far cheaper) ways to patrol U.S. borders and other areas from above. The Center for Investigative Reporting has taken note and recently cited one of my posts in their article, “At U.S. border, expensive drones generate lots of buzz, few results.”

In 2007, Congress passed a mandate to screen all cargo on passenger planes. It was an enormous demand of industry and the Transportation Security Administration (TSA), one that shows a clear lack of understanding for real-world issues like business models and a functioning supply chain. Five years later, TSA and industry are still working to meet an unrealistic mandate. Put bluntly, 100 percent screening was a stupid idea that has not made America more secure.

The House Homeland Security Subcommittee on Transportation Security held a hearing today: “TSA’s Efforts to Fix Its Poor Customer Service Reputation and Become a Leaner, Smarter Agency.” The sole witness was TSA Administrator John Pistole. Subcommittee Chairman Rogers lectured Administrator Pistole – yes, lectured him – about TSA’s terrible public image. Since when does Congress have the temerity to lecture anyone, much less an agency that Congress itself created on how to improve its poor reputation?