Tag Archives: DHS

DHS makes sure terrorists don’t get access to chemical facilities

"IED Baghdad from munitions". Licensed under Public Domain via Commons - https://commons.wikimedia.org/wiki/File:IED_Baghdad_from_munitions.jpg#/media/File:IED_Baghdad_from_munitions.jpg

“IED Baghdad from munitions”. Licensed under Public Domain via Commons – https://commons.wikimedia.org/wiki/File:IED_Baghdad_from_munitions.jpg#/media/File:IED_Baghdad_from_munitions.jpg

WASHINGTON – Chemicals are an important part of modern society but, in the wrong hands, they can be deadly weapons. The government has recognized this danger and taken on the act of trying to protect the American people by protecting the stocks of chemicals across the country.

Since the 9/11 attacks the United States has collectively feared a repeat terrorist attack on domestic soil. In, then-President George W. Bush called for the creation of what is now called the Department of Homeland Security to address and attempt to resolve this very fear.

Part of that effort includes the work done by the Office of Infrastructure Protection, which has a mission to work with the chemical industry to protect critical infrastructure, including chemical facilities, from terrorist attacks.

A key piece of the critical infrastructure that needs to be protected is chemical facilities.

“We are talking about things where people could turn a facility into a weapon much like the terrorists in 9/11. They took something that we would not have expected to be used as a weapon and turned it into [a weapon]. And this presents a significant concern for the department,” said Todd Klessman, a senior policy advisor at the Department of Homeland Security.

He said there are two main concerns when it comes to chemical site facilities. The first is the prevention of an attack directly on the facility. Some of these sites are located in heavily populated urban areas. A release of a toxic gas or substance would result in many people injured or dead. Experts point to the Bhopal disaster in India in 1984, in which a gas leak at a pesticide plant killed at least 3,787 people and injured more than 550,000 others.

The second concern is a terrorist stealing chemicals to build a bomb elsewhere, Klessman said at a talk about chemical weapons and security at the Center for Strategic and International Studies, a Washington based think tank.

Acknowledging this infrastructure vulnerability, Congress authorized the creation of the Chemical Facility Anti-Terrorism Standards program in 2007 and reauthorized it for an additional four years in 2014. This legislation gave DHS regulatory authority over “high-risk chemical facilities.” The first task was to determine what that category meant.

“What we decided was that it didn’t really matter what type of facility these chemicals were at. The chemicals will present threats or risk based on their nature, not necessarily the type of facility,” said Klessman, in an interview.

The department developed a list of 325 chemicals of interest and set out to base their regulator efforts on this list, rather than on categories of facilities. Each of the chemicals on the list presented a security risk in at least one of three categories:

  • Release hazards – Toxics, flammables and explosives
  • Theft aversion hazards ­– Precursors to chemical weapons, explosives, improvised explosive devices (IEDs) or weapons of mass destruction
  • Sabotage hazards – Chemicals that when mixed with water will turn into toxic hazards

This results in DHS regulating a large swath of industry that is not just limited to what would traditionally be classified as chemical facilities. Alongside the many manufacturing facilities regulated are mines, education facilities, prisons and wineries.

Once the department has determined that a facility is within the highest risk category, it works with a company to implement an appropriate security plan. There are about 3,000 facilities in the high-risk category with only 111 falling into the highest risk group.

“Rather than give prescriptive standards and tell a facility that they must have this type of fence or they must have this type of camera system, we’ve identified 18 areas of security and asked the facility to tell us how they are going to address this,” said Klessman. This allows the facilities to build up on what they already have in place and recognizes that this is not a one size fits all security solution.

“It also makes it so that the terrorists cannot simply read our manual and determine how they can overcome our security,” he said. “If we had a requirement of a ten foot fence then the terrorist could just go build an 11-foot ladder.”

Nationwide federal agency tag-team leads to crackdown on gang activity in Utah

“Project Wildfire,” a collaborative, nationwide effort between Immigration and Customs Enforcement and the Department of Homeland Security, resulted in the arrest of 18 Utah-based gang members, according to an April 8 article by Bob Mims of the Salt Lake Tribune and published on SLTrib.com. Read the full story of how a national security initiative resulted in a quantifiable impact on state crime here.

Private sector advises Obama’s cybersecurity proposal

WASHINGTON —President Barack Obama’s cybersecurity information sharing proposal – with its focus on sharing only targeted threat information between private firms and the government is a better approach than “ill-advised” widespread sharing, a former top privacy official for homeland security said Wednesday.

The Committee on Homeland Security’s Cybersecurity, Infrastructure Protection and Security Technologies subcommittee heard from industry, privacy and academic experts regarding what they think cyber threat information sharing should look like. The previous week, Department of Homeland Security representatives went before the entire committee to explain how this legislation could protect Americans from increasing cybersecurity threats.

Obama’s three-part proposal includes increased sharing among private sector companies and between them and the government. It also encourages the formation of Information Sharing and Analysis Organizations and creates certain guidelines for both the private and federal sectors regarding personal information retention and sharing.

Under the legislation, businesses would share information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, which would pass it onto relevant federal agencies and ISAOs. Participating businesses would receive targeted liability protection in return.

Mary Ellen Callahan, former Department of Homeland Security chief privacy officer, agreed with this targeted sharing approach, calling immediate widespread sharing of threats “ill-advised.” According to Callahan, private sector threats–usually IP addresses and URLs–are reported to the DHS, and then distilled to remove any personal information.

In the end, government security professionals only have information on the threat, its source and target, and how to combat it.

Subcommittee Chairman John Ratcliffe, R-Texas, referred to recent breaches at companies such as Anthem, Sony Pictures, Target and J.P. Morgan as examples of why the legislation is needed. “We need to pass legislation that facilitates the sharing of cyber threat indicators and contains robust privacy protections to improve collaboration between federal civilian agencies, like DHS, and the private sector,” he said.

Many companies choose not to share cyber threat indicators or breaches with one another or the government for fear of legal liability, or having their names in the media as companies with poor cybersecurity. Without this sharing of information, hackers can use the same tactics repeatedly with multiple companies.

Private companies want to see a bill that would allow them to voluntarily share cyber threats with other organizations, but have flexibility in what they share with the government, according to Matthew Eggers, senior director of National Security and Emergency Preparedness for the U.S. Chamber of Commerce.

“This is a bill trying to convince them to participate in a voluntary program that makes their lives more difficult. For folks like me saying ‘I’m not fond of government being in my cell or ERP (Enterprise Resource Planning–software for data management),’ that’s going to be a neat trick,” Eggers said.

The key will be convincing companies that Obama’s proposal would better protect everyone in the long run.

“We need a federated sharing community, not a competitive one,” Greg Garcia,
executive director of the Financial Services Sector Coordinating Council, said. “Withholding info to get ahead… Balkanizing or siloing information–that defeats the purpose.”

This is not the first time Obama has proposed legislation to safeguard America from cyber attacks. In 2011, he rolled out his Cybersecurity Legislative Proposal in an effort to give the private sector and government the tools they need to combat cyber threats. In 2013, he issued the Executive Order on Improving Critical Infrastructure Cybersecurity, which established cybersecurity framework standards that were developed in tandem with the private industry.

DHS wants to move faster on Big Data analytics

WASHINGTON – Cyber threats are growing daily and the U.S. has technological advantages in combatting those threats, but is too slow in using them, according to Department of Homeland Security researcher Stephen Dennis.

“We’re going to have to move as fast as the threat,” Dennis said. He said the government moves too slowly to capitalize the U.S. role as an international leader in technology. The U.S. has vast amounts of data, he said, and analysts need to be able to understand it so they can identify potential threats indicated by the patterns.

As the innovation director of Homeland Security Advanced Research Projects Agency, Dennis highlighted a few key pattern analytic programs DHS is working at a “Big Data” conference last week. Among the programs are natural disaster responses and cross-language border security data.

Last July, DHS Undersecretary Tara O’Toole, who heads science and technology efforts, detailed the urgency of improving such software to a Senate hearing of the Committee of Homeland Security and Government Affairs.

“Over the past three years alone, we have witnessed several highly complex and consequential disasters ranging from the Deepwater Horizon explosion and subsequent oil spill, to the Fukushima Daiichi nuclear disaster and Super Storm Sandy,” O’Toole said. “Our nation must improve its capacity to predict, prevent, and rapidly respond to and recover from such catastrophes.”

By hiring people who understand the data and how to use it, Dennis told the gathering of industry professionals, the Department of Homeland Security could better hone responses to natural disasters and protect the borders.

“You got to have the people who know how to work this technology,” Dennis said. “Not people with badges and guns.”

At the committee hearing last year, O’Toole told the Senate committee that continuing to attract these types of employees would “require reasonably predictable funding levels, the ability to recruit and retain specialized expertise as needed, and congressional and departmental support of the S&T mission.”

Dennis told the conference that all the programs under DHS science and technology were vetted for privacy protections and that certain types of data were heavily regulated and could not be comingled.

As an example of the enormity of the data, he outlined the job facing DHS every day at U.S. airports — 1.8 million passengers moving through 448 airports. DHS places an emphasis on perfecting name-matching software for airport security because “shaking down the wrong people at the airport is bad press for DHS,” he said.

DHS: Ten years old, feeling growing pains

WASHINGTON – The Department of Homeland Security has some growing to do and holes to fill.

That’s according to lawmakers on the Senate Committee on Homeland Security and Government Affairs, after they heard testimony from witnesses expressing concern about the structure of the department, which is made up of 22 different agencies.

“But the Department still has a way to go to fully realize the vision that we set for it in the Homeland Security Act,” said Chairman Joseph Lieberman, ID-Conn at the hearing.

“Its operational components are still not adequately integrated with the department’s headquarter offices and with each other, leading to suboptimal use of the department’s resources,” he continued.

Admiral Thad Allen was a key witness on the panel and stressed that the quick birth of the Department forced it to grow too much too fast.

“The time period between enactment of the legislation until the department was formed, there was a little over three months,” Allen said. “While this could be considered government at light speed, little time was available for deliberate planning and thoughtful consideration of available alternatives.”

At the time of the formation of the department, Allen was the Coast Guard chief of staff. He was challenged with the task of moving the Coast Guard into the vast new agency from its former home within the Department of Transportation.

Allen’s biggest concern 10 years ago, and still today, is the lack of planning within the support functions of the department.

Support functions, like accounting and human resources for the Department of Homeland Security, remain in the hands of the individual agencies. Funding for these functions then comes from the agencies and not from the Department of Homeland Security, Allen said.

That means there is no one person or committee within the department that handles all off the staff.

Allen described the differences in the appropriation structure of the components, or agencies, from legacy departments, or those departments that existed before the creation of the department.

“There is a lack of uniformity, comparability and transparency in budget presentations across the department,” he said.

By that, he means you can’t tell where money is going. It’s not easy to see if the money is being used to pay for the cost of employees or operational cost or investments in technology.

The Homeland Security Act required a five-year Future Years Homeland Security Plan outlining a planning, programming and budget framework. But this plan has never been effectively implemented, Allen said in his prepared testimony.

Allen also talked about an issue that witness, former California Democratic representative, Jane Harman made note of in her testimony; redefining our borders.

“As with ‘borders’ we must challenge our existing paradigm regarding ‘case-based’ investigative activities… It takes a network to defeat a network,” Harman said. Utilizing the advances in technology is key to building a strong information-sharing network, she said.

Information sharing and connecting the dots is something the Department hasn’t gotten right, said Harman, the former chairwoman of the House intelligence committee.

“First, the intel function has never fully developed. Part of the reason is that President George W. Bush stood up the Terrorist Threat Integration Center – now the National Counterterrorism Center – that put the mission of fusing intelligence outside of the Department,” she said.

State fusion centers sprung up across the country as part of the Homeland Security Act. Harman said law enforcement agencies report that even though these centers are a part of DHS, the centers provide better, timelier information than DHS itself.

“Intelligence reports are meant to be consumed by state and local law enforcement, but many of those entities consider DHS ‘spam’, cluttering inboxes,” Harman said.

Harman said that good information is flowing from ports of entry via Suspicious Activity Reports.  But when asked whether this information can be packaged in a way that is helpful for state and local law enforcement, she said, “At this point in time, the answer is no.’’

Admiral Allen and Harman agreed the federal government’s role and responsibilities within the department must be clearly defined.

“Congress has shortchanged the department,” by having so many congressional committees with oversight of it Harman said. “By failing to reorganize its committee structure, the homeland jurisdiction remains anemic. So the Department still has to answer to more than 80 committees and subcommittees.”

Harman stressed that Congress still hasn’t made a “single, principal point of oversight and review for homeland security issues and problems.”

Allen suggested that there be a law defining the government’s role in the Department and that better outlines the oversight of the Department.

Follow Malena @mcaruso2 on Twitter

US-VISIT uses biometric tools, identifies international visitors

WASHINGTON — The United States Visitor and Immigrant Status Indicator Technology is a Department of Homeland Security program that uses biometric tools in a series of steps to identify those who enter the country without a U.S. passport or visa, analyzes the risk of having the international visitor cross the border, and shares the gathered data with government agencies.

“The US-VISIT program is the centerpiece of the U.S. government’s efforts to establish identity management capability that supports border management and immigration systems to meet the demands of the 21st century,” according to DHS’s website.

Created in 2004, the program helps determine whether international visitors pose a risk to the United States by matching biometric data of fingerprints and photographs to databases and watch lists. Biometric data looks at “physical characteristics that can be used for automated recognition,” according to the DHS US-VISIT web page on biometric services. “Unlike names and dates of birth, which can be changed, biometrics are unique and virtually impossible to forge.”

When visitors arrive in the United States, they must show their identification documents and entry forms. If the visitor is between the ages of 14 and 79 and lacks a U.S. passport or visa, the US-VISIT system is implemented in five steps, as stated by a guide DHS provides international visitors. The visitor has to scan all fingers for fingerprints, and then has his or her picture taken. Once the biometric data is taken, the officer at the gate will ask questions pertaining to the traveler’s trip, such as “What is the nature of your visit to the U.S.?”

This way, the system can “protect our nation by providing biometric identification services to federal, state and local government decision makers,” DHS’s US-VISIT website states.

US-VISIT is used by several government agencies, including the Immigrations and Customs Enforcement, Coast Guard, Citizenship and Immigration Services, Customs and Border Protection, Department of Defense and the Intelligence Community, Department of Justice and State and Local Law Enforcement, and the Department of State.

Finally, the DHS US-VISIT website on biometric services states that US-VISIT “has helped stop thousands of people who were ineligible to enter the United States,” and is now the go-to source for all biometric data needs.

Privacy concerns arise over DHS’ monitoring of social media

WASHINGTON— Social media sites like Facebook and Twitter have a new audience: the Department of Homeland Security.

After a Freedom of Information Act request by the Electronic Privacy Information Center revealed that the government has hired a contractor to monitor social media for potential threats and public opinion, privacy advocates and government officials are butting heads on the implications on whether the program oversteps privacy boundaries.

The documents obtained by EPIC, which total nearly 300 pages, center around a Department of Homeland Security contract with General Dynamics to provide information on “potential threats” as well as “media reports that reflect adversely on DHS and response activities.”  The company will monitor content from social media websites such as Facebook, Twitter, Youtube and MySpace as well as comments posted on news websites such as Drudge Report, Newsweek and The New York Times blogs.

In an interview with The Washington Post, officials of EPIC highlighted their concerns about the program’s legality, saying it does not meet the DHS’s mission to “secure the nation.”

“This is entirely outside the bounds of the agency’s statutory duties, and it could have a substantial chilling effect on legitimate dissent and freedom of speech,” Ginger McCall, director of EPIC’s open government program, told The Washington Post.

The Republican chairman and top Democrat onf the House Subcommittee on Counterterrorism and Intelligence —  Reps. Patrick Meehan of Pennnsylvania and Jackie Speier of California, respectively —  submitted a letter to the DHS stating that they “believe it would be advantageous for DHS and the broader Intelligence Community to carefully parse the massive streams of data from various social media outlets to identify current or emerging  threats to our homeland.”  The letter did, however, include the representatives’ privacy concerns, explaining that any actions must have oversight “stringent enough to protect the rights of our citizens.”

The documents requested by EPIC include a section titled “Privacy Compliance Review,” which outlines steps General Dynamics must take to protect individuals’ privacy.  The section’s newest revisions from January 2011 state that personally identifiable information can be collected only in explicit circumstances.  These include extreme situations involving “potential life or death circumstances,” government and private sector officials who make public statements, members of the media who “use traditional and/or social media in real time to keep their audiences informed, anchors and on-scene reporters, and terrorists or “other persons known to have been involved in major crimes of Homeland Security interest who are killed or found dead.”

According to the memo, DHS will not collect personally identifiable information on those suspected or charged in crimes, private citizens in any capacity and high-profile people “such as celebrities, sports figures or media members who are victims” unless they served as public officials.