Forwarded with the permission of the Foreign Policy Research Institute http://www.fpri.org/enotes/200703.ervin.statuscounterterrorismhomelandsecurity.html Clark Kent Ervin March 2007 Clark Kent Ervin heads the Aspen Institutes Homeland Security initiative. Before joining the Institute, he served as the first Inspector General of the U.S. Department of Homeland Security. He has been an on-air analyst and contributor at CNN and is the author of Open Target: Where America is Vulnerable to Attack (St. Martins, May 2006). This enote is based on his presentation at Five Years After 9/11: What Needs to be Done? a conference sponsored by FPRIs Center on Terrorism, Counterterrorism, and Homeland Security, held December 4-5, 2006 in Philadelphia. The Center is supported by grants from the Department of Community and Economic Development and the Department of Education, Commonwealth of Pennsylvania. I am often asked whether, in my judgment, DHS has made America safer than we were on 9/11. My answer to that question is yes. But, whether we are safer today than we were on 9/11 is not the only question. The key questions are: are we really as safe as the government says we are, are we as safe we need to be, and, are we as safe as we can be. The answer to these questions, ominously, is no. Aviation Security Because we were attacked on 9/11 by and through this sector, it stands to reason that we have focused the lions share of our efforts since then on closing security gaps therein. In the past five years, cockpit doors have been hardened; some pilots are armed; the number of air marshals has increased significantly; and screeners are better trained and more sensitized to the critical role they play as the last line of defense before would-be terrorists board airplanes. Even in this sector, though, we are far more vulnerable to terrorism than we should be this many years after 9/11 and after the creation of a department created to prevent another such attack. One after another government investigation have shown that it is as easy as it was five years ago for terrorists to sneak deadly weapons past unsuspecting screeners. In the immediate aftermath of the attacks, the president asked the Transportation Departments Inspector General, in whose jurisdiction oversight of aviation security lay at the time, to undertake a series of undercover investigations at airports around the country to test the then privatized screeners ability to detect concealed weapons. This was intended to set a baseline against which progress going forward could be assessed. The results were devastating, even at a time of heightened alert. The concern, of course, was that if government investigators could still easily sneak weapons past screeners, so could hardened Al Qaeda operatives, who are more than willing to die trying. When I was appointed the first DHS Inspector General, I sent my own teams of undercover investigators to the very same airports to see whether two years later the federalization of the screener workforce and the transfer of the Transportation Security Administration from DOT to DHS had made any difference in screeners ability to spot deadly weapons. When our results came in, we found exactly the same failure rates as in 2001, to the decimal point. I sent the very same teams of investigators to the same airports in late 2004 and early 2005 to see whether the recommendations that we had made in early 2004, based on the first investigation, had been implemented, and, if so, whether screener performance had improved. We found exactly the same results as two years earlier. There had been literally no improvement in screeners performance in four years. It is not as if things are any better now. This past April investigators working for Congress investigative arm, the Government Accountability Office, were able to sneak bomb parts undetected through checkpoints at some 21 airports around the country. And, as recently as late October, screeners missed guns and bombs in 20 out of 22 tests at Newark International Airport, one of the airports transited by some of the 9/11 hijackers. And, of course, the nation was set on edge last summer when the British foiled a plot to blow up by means of liquid explosives multiple jetliners bound for our East Coast. What is most troubling about this near-miss attack is that we Americans had prior warning as to our vulnerability to liquid explosives. Arch-terrorist Ramzi Yousef successfully tested liquid explosives back in 1994, killing a man, in preparation for a plot to blow up multiple jetliners over the West Coast planned for the next year. So we had twelve years to develop technologies to counter the threat of liquid explosives, but we did nothing. As a consequence, lacking any alternative, TSA was forced to take the draconian step of briefly banning all liquids and gels from flights. Of course, the ban has since been relaxed a bit, but this smacks more of capitulation to pressure from the struggling airline industry than anything. (Business travelers especially, the lifeblood of the airline industry, complained bitterly about being forced to check essential toiletries on short-haul flights.) Now liquids can be brought onto planes if they are bought in airport shops past the screening checkpoint. But, the claim last summer was that otherwise innocuous liquids and gels can be combined to make deadly explosives. Either this is true or it is not. If it is true, what difference does it make if the liquids are purchased after travelers pass through screening if they can bring the liquids aboard airplanes and mix them on board? Another continuing vulnerability is air cargo. About a fifth of the airborne cargo is carried aboard passenger planes, as opposed to dedicated cargo planes. That means that at one time or another most Americans have probably been aboard a commercial flight with cargo in the hold. Most of the cargo is not inspected for explosives before it is loaded onto the plane. There are supposed to be random inspections from time and time. And, if there is specific intelligence indicating that a particular package or container is high-risk, it is supposed to be opened and inspected. But any inspections that are done are done not by our government, but by the airlines. Yet, the whole point of creating TSA was that, left to their own devices, airlines would put profit ahead of security concerns. And, whether the airlines actually do any inspections is unknown, because TSA does not require them to report whether they are conducting them. There is 100 percent inspection of air cargo in Britain, Israel, and the Netherlands, and there is no reason why we cannot do the same here in the United States. So, again, even in the area where we have done the most to make ourselves more secure, we are still dangerously vulnerable. Port Security During the course of the hard-fought 2004 presidential campaign, President Bush and Senator John Kerry disagreed about every single issue, except one. Each agreed that the number one threat facing the nation is nuclear terrorism. All the experts agree that the likeliest way for terrorists to smuggle WMD into the country are in one of the 11 million cargo containers that come into our 361 seaports each year. Though the technology exists to screen all cargo containers for radiation at a reasonable cost and without unduly slowing down commerce (the worlds busiest port, the Port of Hong Kong, does just that, at a cost of about $20 per container), we inspect only 6 percent of containers. This figure is based on an "Automated Targeting System" (ATS) that is less sophisticated than it sounds. It is based essentially on: (1) the cargo manifest, a list of a containers contents that can be as general as "merchandise," and which can be legally amended for up to 60 days after the container arrives in port in the U.S.; and (2) the cargos shipping route, which likewise can easily be fabricated. My team of auditors at DHS found that dangerous items smuggled aboard cargo were likelier to be found by random inspections than by ATS. So, we inspect a wholly arbitrary percentage of cargo containers on the basis of essentially no criteria at all. Moreover, we have too few radiation detection machines, and the ones we have cannot distinguish between deadly radiation and harmless radiation that naturally occurs in products like bananas, ceramic tiles, and kitty litter. DHS touts as accomplishments maritime security programs that wind up making the nation less safe than no programs at all. It maintains that if we wait to inspect cargo containers when they arrive at our seaports, it might well be too late. So, ideally, we should "push the borders" out by stationing our cargo inspectors abroad to ensure that foreign ports inspect cargo bound for the U.S. that our intelligence analysts believe may be high-risk. The Container Security Initiative (CSI) is intended to do just that, and we have CSI agreements with 50 ports around the world representing about 90 percent of seaborne cargo bound for the United States. The problem, according to GAO, is that more than 80 percent of the time, foreign inspectors refuse to inspect cargo that our intelligence indicates is potentially dangerous, and, for reasons of sovereignty, our inspectors stationed abroad cannot do the inspections themselves. The likelihood that this cargo will be inspected once it gets to an American port is low, because its originating from a CSI port creates the presumption that it is probably safe. And even if the cargo were inspected at an American port upon arrival, the whole point of CSI is that waiting until then to do inspections may be too late. The other chimerical DHS maritime security program is the Customs Trade Partnership Against Terrorism (CTPAT). In exchange for simply submitting paperwork claiming that it has a rigorous security regime in place to guard against terrorist penetration, a company can decrease the chance that its cargo will go through the relatively costly and time-consuming process of inspection. DHS attempts to validate that the claimed security programs are in fact in place, but only after companies benefit from reduced inspections, and any audits that are done are limited to whatever features of security programs companies permit DHS to check. This is the state of our counterterrorism efforts in the sector where a successful terrorist attack is likely to have the severest consequences. A 10- to 20-kiloton nuclear weapon detonated in a major seaport would kill between 50,000 and one million people, and would result in direct property damage of $50-500 billion, losses due to trade disruption of $100-200 billion, and indirect costs of $300 billion to $1.2 trillion. Border Security The 9/11 hijackers all chose to come to this country through legal ports of entry. Given the ease with which people can slip across our northern and southern borders undetected, one wonders why the hijackers increased their chances of being caught by subjecting themselves to inspection. It is surely because it was so ridiculously easy five years ago to evade the scrutiny of border inspectors. It is much harder to do that today, especially if a terrorist is a national of a country whose citizens need visas to visit the U.S. Now, visa applicants are likelier to be interviewed by an American consular officer, and a much more extensive "watch list" of known and suspected terrorists is checked. The U.S. VISIT system that takes two finger scans and digital photographs of international visitors at ports of entry is a huge advance since 9/11 in terms of getting a handle on who is visiting our country legally and whether a given visitor is a known or suspected terrorist. But, instead of cutting back on the number of countries (27) whose citizens can travel to the United States without a visa, in November 2006 the president announced plans to expand it. Terrorists prize passports from "visa waiver" countries because such travelers are checked only at the port of entry. They do not undergo what can be lengthy and thorough interviews at embassies and consulates abroad by consular officers who often know the local language, are familiar with local customs, and are trained in detecting fraud and deception. Instead, they are simply given the once-over by under-trained and harried port of entry inspectors who are under pressure to clear international visitors through as quickly as possible. The U.S. VISIT system is also incomplete. It is operational only "in secondary" at land crossings, meaning that border inspectors have to be suspicious of a given traveler before scrutinizing him. Mexicans and Canadians, who constitute the bulk of people who come to the United States by land, are exempt from the system. Late last year the department announced that it was abandoning efforts to add an exit feature to the program. So, if we subsequently find out that we have admitted a terrorist into the country, we will have no way of knowing whether he is still here. And, though Secretary Chertoff has promised to fix this soon, the U.S. VISIT system is still not compatible with the FBIs database of 47 million fingerprints, among which are the prints of at least 40,000 known or suspected terrorists. Finally, it is, of course, still as easy as ever for terrorists to sneak into the country among the throngs (about half a million) of illegal aliens who come into this country each year. In his final congressional testimony as DHS Deputy Secretary Jim Loy acknowledged that this is a real threat. Mass Transit Security We have had a number of wake-up calls since 9/11 as to the vulnerability of our mass transit systems to terrorist attackthe March 2004 Madrid attack, the July 2005 London Underground attacks; and various real and alleged plots aimed at New York City. The good news is that, in partnership with the relevant state and local officials, DHS did all the right things after those scares. In various cities around the country, especially those in the Northeast most dependent upon mass transit and most often targeted by terrorists, we saw increased armed police patrols; the use of bomb-sniffing dogs and the deployment of bomb detection technology; the greater use of surveillance cameras; public awareness campaigns; and, in some places, like New York City, random bag searches. The bad news is that all these measures were either scaled back or done away with altogether as soon as the scares faded from the headlines. If I were a terrorist, I would simply wait until these measures were relaxed or repealed and strike then. What needs to happen, of course, is for these measures to be institutionalized on an ongoing basis. But this is exceedingly costly, and DHS has been reluctant to subsidize states and localities recurring security costs. Critical Infrastructure and "Soft" Targets A number of sectors and sites in our country (the food industry, the energy sector, telecommunication networks; financial systems, etc.) are so critical to the vitality of our economy that a devastating terrorist attack against them would endanger the national security. Complicating the challenge of protecting them, about 85 percent of the nations critical infrastructure is owned and/or operated by private companies. Our nation has traditionally been relatively reluctant to regulate industry. These two factors, plus the lack of an attack on critical infrastructure, and, of course, industrys understandable unwillingness to regulate itself, have had the effect of limiting severely the degree to which critical infrastructure has been hardened since 9/11 to deter or defend against a terror attack. Fortunately, a bipartisan consensus is emerging that the chemical sector is so vulnerable, and the consequences of an attack against it would be so deadly, that some degree of regulation is required. But the chemical sector is not unique in this regard. It is to be hoped that the new Congress will make regulating critical infrastructure a priority, recognizing that an appropriate balance must be struck between enhancing security and preserving private sector vitality and dynamism. However, DHS is in no position to know which sectors and sites are most critical and which are most vulnerable to terrorism. That is because it has yet to create a creditable list of the nations most critical infrastructure prioritized in this fashion. Various versions of the list have included ludicrous things like amusement parks and petting zones, while omitting sites that are clearly potential terror targets like iconic buildings and monuments in major cities. As for "soft" targets (shopping malls, sports arenas, movie theaters, restaurants, etc.), the reason that they're call "soft" is because by their very nature they tend to be less well protected than critical infrastructure. Because they are so easy to attack, because they have never been attacked in this country, and because an attack against them would probably terrorize average Americans more than an attack on a site thought likely to be attractive to terrorists, it is probably only a question of time before terrorists strike. And, paradoxically, the harder we harden already relatively hard targets like critical infrastructure, the more tempting soft targets becomes. Absent an attack on a soft target, it is safe to say that the public is unwilling to put up with the kind of draconian countermeasures (heavy police patrols, bomb sniffing dogs, bag searches) that are routine in Israel and tolerated here occasionally for clear terrorist targets like mass transit systems. Emergency Preparedness and Response If there was any doubt as to whether America was better prepared for another terror attack than it was on 9/11, Hurricane Katrina removed that doubt. If terrorists rather than Mother Nature had targeted the levees, the result would have been the same in terms of loss of life, injury, and economic damage. If we were so manifestly unprepared for a foreseen event like a hurricane, how prepared can we possibly be for a terror attack for which there is rarely precise warning? We still lack viable evacuation plans for major cities. We still lack pre-positioned supplies of food, water, medicine, and pre-fabricated housing that can be dispatched quickly to devastated areas. We still lack a clear chain of command among and between different levels of government in the event of a crisis. And first responders are still unable to communicate efficiently when disaster strikes. Making matters worse, counterterrorism funds that could be used to prepare communities that are most at risk of attack are still doled out to some degree on the basis of pork barrel politics. Indeed, in the last round of counterterrorism funding, money for acknowledged top terror targets like New York City and Washington, D.C. were actually cut by 40 percent, while funds for less at risk cities like Omaha, Nebraska and Louisville, Kentucky were increased by more than 60 percent. Intelligence DHS intelligence unit, "Information Analysis," was intended to collate and synthesize all threat information from across government concerning threats against the homeland and to consolidate the dozen different terrorist watch lists that different government agencies maintained before 9/11. The lack of a central clearinghouse for homeland security related threat information and the lack of a consolidated watch list prevented the government from being aware of and acting upon the indications before 9/11 that such an attack was imminent. However, the administration essentially strangled IA in its cradle by giving the job of synthesizing threat information to a CIA-led entity (initially known as the "Terrorist Threat Integration Center"; now known as the "National Counterterrorism Center"), and by giving the job of consolidating the terrorist watch lists to an FBI-led entity (the Terrorist Screening Center). Though DHS has representation at both the NCTC and the TSC, it is still the case that the CIA and the FBI occasionally keep "hot" information from DHS, according to the report of the Silberman-Robb commission on the nations recent intelligence failures. So the next time there are indications of a terror attack, chances are DHS will be the last agency to know about it, even though it is nominally in charge of the governments efforts to prevent such attacks and to respond to them. Conclusion In brief, then, more than five years after 9/11 and four years after the creation of the massive DHS, the nation remains an open target for another terror attack. To be sure, we have not been attacked in five years. But, this says more about terrorists ambitions and timelines than our preparedness. From everything we know about Al Qaeda, they want the next attack to be even more spectacular than the last one. The more spectacular the attack, the longer it takes to plan, the more it costs to carry out, the greater the number of operatives needed to execute it, and the greater the chances that something will go awry. If the good news in this is that we are unlikely to see many future attacks, the bad news is that any future attack will likely be huge in scale and devastating in effect. To be sure, we can never make ourselves invulnerable to terrorism. The nature of terrorism is such that the odds will always be against us. Terrorists have to get things right only once; our counterterrorism efforts have to work perfectly every time. If one adds to this the wide range of targets in a country like the United States, and our proper high regard for civil rights and civil liberties, the odds against us only increase. But while we cannot reduce the threat of terrorism to zero, we can and should be significantly safer than we are. To make ourselves as safe as possible under the circumstances, we need three things. First, a significant increase in homeland security spending, coupled with rigorous controls to ensure that additional dollars are not misspent the way all too many of them already have been. It may be possible to do certain things in government on the cheap, but, if so, defending the nation against terrorism is not among them. Second, we need leadership at every level of DHS that is expert in both counterterrorism and managing huge, dysfunctional bureaucracies. It is not just Michael "Brownie" Brown who was in over his head at DHS' FEMA. The department has been hampered from the very beginning by the lack of expert leadership at all levels. Finally, there needs to be a culture of openness and accountability. Only if government acknowledges problems can it get about the task of solving them. All too often the departments leaders have dug in their heels by insisting that obvious security gaps have been closed or, worse, that these gaps are not gaps at all. Terrorists know very well where we are vulnerable, and we can be assured that they are working overtime to exploit these vulnerabilities. There is, fortunately, some good news on the horizon. The new Congress promises vigorous oversight over DHS and significantly more funding for homeland security initiatives. Finally, it has promised to move aggressively toward 100 percent inspection of air cargo for explosives and sea cargo for radiation, and toward allocating scarce homeland security dollars on the basis of risk rather than pork barrel politics. Of course, the proof will be in the pudding, but there is reason to expect that America is now on the road to becoming safer. There is, however, considerable work yet to do, and there is not a moment to waste. -=- You may forward this email as you like provided that you send it in its entirety, attribute it to the Foreign Policy Research Institute, and include our web address (www.fpri.org). __________________________ Subscribe to InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Apr 09 2007 - 23:48:14 PDT