Skip to content

The Principle of the Marketization of Security

2014 July 11
by Jason Nairn, CPP, CISSP

In a series of posts, I am outlining three principles that I believe apply to working relationships in homeland security.  This is a thought experiment presented for discussion and review.  These principles are derived from my own experience as a homeland security practitioner and are presented to highlight issues within the homeland security enterprise that I believe are interesting for further study and discussion.

While future posts may flesh out the details and background associated with the Principles, they will be presented in brief initially.

The Principle of the Marketization of Security.

The Principle of Marketization of Security states that the changing role of security in the modern, networked society will require increased privatization of security services by virtue of the economic forces of the marketplace.

Essentially, security threats affect each individual in society in a much more direct way than prior to the digital age.  Cyber attacks, for example, target the identity and assets of individuals, compromising the security of families directly.  The increased prevalence of risk in the lives of individual citizens means that the responsibility for securing those citizens must be spread to more security professionals.  Privatization, by definition, gives ownership to more individuals in the population and also creates economic incentives for more efficient service (Filopovic, 2005).

As a result of these forces, governments will be unable to compete with the efficiency of the private sector in many (not all) areas of security, as the goals of government are generally political and less economic (Poole, 1996).  This principle dictates that more and more security-related services that are currently provided by government agencies will be privatized in the future.  In the absence of an understanding of these forces, the transition could stress relationships that are essential to the security of the homeland.


Poole, Robert W. “Privatization for Economic Development.” The Privatization Process. Ed. Terry L. Anderson and Peter J. Hill. United States of America: Rowman & Littlefield Publishers, Inc., 1996. 1-18.

Filopovich, Adnan. “Impact of Privatization on Economic Growth.” Issues in Political Economy, Vol 14, August 2005. 1-6.

The Principle of Collaborative Distinction

2014 July 10
by Jason Nairn, CPP, CISSP

In a series of posts, I am outlining three principles that I believe apply to working relationships in homeland security.  This is a thought experiment presented for discussion and review.  These principles are derived from my own experience as a homeland security practitioner and are presented to highlight issues within the homeland security enterprise that I believe are interesting for further study and discussion.

While future posts may flesh out the details and background associated with the Principles, they will be presented in brief initially.

The Principle of Collaborative Distinction.

The Principle of Collaborative Distinction states that there are a number of individual disciplines within homeland security, each of which is essential to the proper functioning of a networked homeland security system.  Because of the broadness and complexity of homeland security, these disciplines can be seen as competing, as in for resources or authority, or as redundant, when in fact they are often complimentary.

As an example, it is proposed that Security Management and Criminal Justice are distinct disciplines of homeland security.  Each requires specialized knowledge and expertise and each values experience and trust.  In a collaborative relationship, professionals in these two disciplines can, symbiotically, develop effective solutions to key issues such as jurisdictional authority, security of privately-owned infrastructure, and resource limitations.

How can homeland security leaders encourage collaboration between disciplines that have similar capabilities but distinct roles?  The answer may lie somewhere in emphasizing the value of the individual disciplines which support the security of the homeland, including those in the private sector.

Security Management, Law Enforcement and the Future of Homeland Security

2014 June 23
by Jason Nairn, CPP, CISSP

As mentioned in a previous post, I have been in a transition from a position of operational responsibility to one where I have greater opportunity to reflect upon the key issues that form the homeland security professional’s working environment.  As both a practitioner and observer within the homeland security enterprise, I have had the opportunity to observe a variety of public and private sector security programs.  In many of these programs, there was a necessary relationship between law enforcement, and non-law enforcement security practitioners.

As a result of my observations on this subject, I have developed three principles, which I believe apply to the working relationships that are necessary to secure our nation’s future.  In a series of posts, I will be presenting these three principles.

This is a thought experiment presented for discussion and review.

The principles are derived from my own experience as a homeland security practitioner and are presented as a way to establish a foundation for interactions between law enforcement, and non-law enforcement security professionals.  The goal is to enhance the power and effectiveness of the most significant force within homeland security, interagency personal relationships.


Letter from the Editor: A New Direction in Homeland Security

2014 June 21
by Jason Nairn, CPP, CISSP

After almost 15 years in state government, I have decided to resign my employment at the State of Michigan and enter the academic world on a full time basis.  While I may reflect on this decision in future posts, I will only say here that I have gotten an enormous amount of satisfaction and pleasure from working as an instructor in Concordia University’s Homeland Security Program.  As such, I feel very fortunate that the university has made me a generous offer of a full time faculty position in which I can continue the fine work of teaching and pursue a terminal degree.

Additionally, I will have the great pleasure to direct the university’s new Homeland Security Simulation Lab!  The Sim Lab will provide a realistic training and exercising environment for homeland security professionals and lay persons in a variety of homeland security related disciplines.  The facilities and systems in which the university has invested will take the exercise to a new level that will render the standard tabletop obsolete.  I anticipate huge interest when the facility opens later this year.

I hope to write and post more here at the HLSR blog.  This past 6 months it has been difficult to find time to devote to blogging, as I have been teaching and finishing my work at the state. I look forward to developing this resource further as a service to my students, colleagues and to the wider audience that cares about homeland security as a field of study.

Very Respectfully,


Informal Meetings Encourage Professional Networks

2014 February 22
by Jason Nairn, CPP, CISSP

Several years ago, a building in our jurisdiction received a suspicious package.  The package contained a copper tube with wires and a switch.  When received in a political office, the aid opening the mail dropped the package, screamed, and ran.  The device was on the floor of the lobby, and an emergency was declared.  The call came in as a “credible code B” – bomb.

The response included a unified command consisting of state and local law enforcement authorities.  The bomb squad was called, the package x-rayed, and removed by robot.  During the procedure, the building was partially evacuated with the first two floors evacuating and the remainder of the building sheltering in place due to the fact that upper floor stairwells emptied into the danger zone.  After a couple of hours, the issue resolved.  The device was inert.

Later that day, while everyone was calming down, we received word that the same device had been delivered earlier to another building in the same city, and that the security team there had investigated the source and interviewed the sender. They had all of the information necessary to avoid the extensive response that occurred in our building, what was missing was the urge to communicate.

Immediately following this incident, our team established a group that we call a Regional Security Network.  The purpose of the group was to ensure that all security stakeholders in our area know each other, have each other’s contact information, and therefore have reason and capability of reaching out if something comes up.  This group was to meet quarterly, and originally included representatives from seven (7) law enforcement agencies.

That was in 2005, today the group has over forty (40) members and continues to meet quarterly.  As the purpose of the group is strictly networking, there is no agenda, ever. The meetings are held for the purpose of meeting colleagues new and old, and discussing whatever is on the mind of participants.  Today, the members range from state and local law enforcement to colleges and universities.  Corporate security and risk managers mix freely with police officers, chiefs and sheriffs.  Here are five reasons these meetings are successful:

  1. The Goal is Simple and Straightforward – Keeping the goal simple, to network, ensures that all members understand clearly the purpose of meetings.  There is no question of value or purpose, which, sadly, is not the case for most meetings these people attend.
  2. The Meetings are Kept Informal – The rule is “come if you want, don’t if you can’t, and come as you are”.  The groups members work various shifts.  Some come in plain cloths, some in suits, some in shorts, some even come on their day off!  They know that no matter what, their peers will not question them since it is made clear the meetings are informal and optional.
  3. There is Good Food, Always – Nothing lubricates the talk like good food.  Nothing fancy, Panera Bagel Packs work great for early morning meetings.  Make sure there is coffee and bottled water and you have everything you need to keep your guests comfortable.  When they are comfortable they share and get to know each other.
  4. We End on Time – If everyone has had the chance to talk, and there is nothing more to say, end the meeting.  Don’t keep busy people captive.  When the value is over, so is the meeting.  Always make time for the stragglers though because those tidbits that are mentioned on the way out are sometimes most important.  “Hey, by the way…”
  5. We Use A Big Screen – Often the group discusses things that have happened or things they have seen.  They like to share pictures or news articles and discuss them.  If you can, provide a way for your guests see pictures or news articles on a screen in the room.  It encourages the discussion and helps everyone understand the issues.  You can also put up helpful documents and reports that can be shared.  The next step is to develop easy ways for guests to share from their mobile devices.  We are not there yet but hope to be soon!

That device was not a bomb, yet a notable amount of resources were deployed to respond.  Starting these meetings was a direct result and the reward has more than paid the expense of the original event.  Subsequent incidents have been more efficiently addressed or even avoided thanks to this group.

By the way, the device turned out to be a “healing device” designed to cleanse the blood using the copper and an magnetic current, similar to those golf bracelets.  It sure looked like a pipe bomb, fortunately the only explosion that resulted was in local agency cooperation.

What Has Been Accomplished? – The National Infrastructure Protection Plan

2014 February 18
by Jason Nairn, CPP, CISSP

I am starting a new category on this blog entitled “What has been accomplished?”  It is a question that I don’t believe we ask enough in the homeland security enterprise.  In this series, I intend to ask homeland security leaders and professionals at all levels, as directly as possible, what has been accomplished via the various HLS programs.  To kick off the new series, I asked a question that I have been wanting to ask since last year’s State of the Union when President Obama announced an update to the National Infrastructure Protection Plan (NIPP).  That is, “How has the NIPP made us safer?”  I was recently presented with the opportunity to ask the leadership of DHS’s Office of Infrastructure Protection.

DHS has been rolling out the updated NIPP and kicked off the roll-out with a national conference call.  During the call they had a question and answer session.  I queued up but was not able to ask my question during the live session.  However, they accepted email follow-up questions and I sent in mine.  I received a written response.  Here is a verbatim copy of my email to DHS:

Thank you for the call this morning, and congratulations on the completion of the NIPP 2013 update.

As a practitioner and professor of homeland security, my question is:

What do you believe is the most significant accomplishment of the NIPP thus far, in the enhancement of our national security?

Thanks in advance.

I felt it was important, rather than to ask what has been accomplished and get any number of broad and nebulous responses, to ask for one significant accomplishment.  I am not sure if that was a better plan or not.  Here is the response:

Thank you for your interest in NIPP 2013.

The most significant accomplishment of the NIPP program thus far has arguably been the establishment of the critical infrastructure public-private partnership and its subsequent activities to secure and strengthen the resilience of critical infrastructure.  The effort to reduce critical infrastructure risk has been a joint voluntary undertaking between critical infrastructure partners in all levels of government and the private sector. The critical infrastructure partnership is the primary mechanism for promoting and facilitating sector and cross-sector planning, coordination, collaboration, and information sharing to manage risks to critical infrastructure. A 2013 evaluation of the critical infrastructure partnership, conducted in response to Presidential Policy Directive 21, validated the current structure of the partnership at the national level and made recommendations to enhance and expand partnership activities at the regional and local levels.

I found this to be a very predictable, canned response, and one that makes little sense to me.  The first sentence basically says “all the meetings we had and all the stuff we did is our most significant accomplishment”.  Then they point out that the partnership “is the primary mechanism for facilitating sector and cross-sector planning, coordination, collaboration, and information sharing to manage risks”.  I understand the value of public-private partnerships, but did any of these things actually get accomplished?  I was hoping for tangible examples of risk reduction that are a direct result of the NIPP?  Surely the mechanism for accomplishing the goals isn’t the goal.  Is the greatest accomplishment of the NIPP the fact that the participants got to know each other?  Perhaps that is an accomplishment, as I am acutely aware of the importance of personal networks.  If so, is the NIPP and all of its associated complexity the best way to forge public-private partnerships?  As I mentioned the response seems scripted, which I should have expected.  But it raises more questions than it answers about the impact that the NIPP is having on our security.

What do you think?  Leave a comment and let me know.

Five Ways Homeland Security is All About Networks…

2014 February 15
by Jason Nairn, CPP, CISSP

I have not been sufficiently active in creating content for this blog, and working and teaching have left little room for blogging lately.  I was sensitive that (both of) my readers were likely giving up on HLSR, so I thought it was high time to get back to blogging, and to redesign the site to reflect what I think is a key to understanding homeland security in today’s world, understanding the importance of networks.

Of course terrorist networks are important in homeland security, but they are just one example of the role of the network in the lives of homeland security professionals.  Here are five ways that homeland security is all about networks:

  1. Informal Personal Networks – If there is one thing I have learned in my years as a homeland security practitioner, it’s that things get done, emergencies are responded to efficiently, and intelligence is shared through informal networks.  Understanding the importance of the informal network is key to the success of any HLS professional.  Find ways to encourage informal networks and it will pay when it counts…
  2. Computer Networks – If you follow the money and energy in homeland security, and I know you do, then you know that both are currently in cyber security.  Terrorists and others are attacking the homeland in many sectors via computer networks.  To stay in the game, every homeland security professional must have at least a basic knowledge of computer networks.
  3. Critical Infrastructure Networks – Everything in the world that matters is now part of a network, linked together via the Internet and controlled remotely via SCADA or other systems.  Understanding the threat and vulnerability of critical infrastructure means understanding the networks that control that infrastructure.  Additionally, many CI/KR are networks themselves.  Homeland security professionals must focus on the critical nodes of these networks, since we don’t have the resources to protect it all.
  4. Social Networks – Homeland security professionals no longer have to wait for a national intelligence estimate to find out what is going on around the world.  Operations centers in the public and private sector now have active social network monitoring capabilities to provide leaders with real time information about issues that matter to them.  Understanding social networks and tapping into them provides the professional with tools we could only have dreamed of even a decade ago.
  5. Criminal and Terrorist Networks – Law enforcement officers now have tools on their smart phones that provide them with real time information about individuals and their network affiliations.  These tools are changing the face of law enforcement.  Intelligence analysis formerly done at headquarters behind closed doors is now being done in the field instantly.   Intelligence and information is readily available in apps downloaded and shared among officers, sometimes informally.  These technologies provide new tools for crime fighters, but also push the envelope in the area of constitutional rights and privacy.  Understanding these trends and the associated legal, moral and civil rights  issues is essential for current and future agency leadership.

Successful homeland security professionals will understand the role of networks, and therefore will study tools to better leverage them.  There are tools available that take advantage of the power of the network.  Homeland security professionals that are students of networks will lead us to a secure future.

On the Need for a New Diplomatic Dimension for Cyberspace

2013 September 15
by Jason Nairn, CPP, CISSP

In the wake of Mandiant’s APT1 report and in the midst of the Edward Snowden affair, it has become increasingly apparent that cyber diplomacy is something different than traditional international statecraft, and that the current diplomatic model is not sufficient.  Countries of the world, including and especially the United States, are attempting to manage cyber-related issues via existing diplomatic fora, using existing diplomatic resources.  The results are predictably disappointing, since cyberspace rarely conforms to the traditional business models of the 20th Century and before.

In June (2013) the State Department issued a press release to announce the United States’ conformation to the findings of the United Nations’ Group of Governmental Experts on Cyber Issues regarding the effective applicability of the UN Charter and international law to cyberspace.  Little attention was paid to the announcement, but its significance should be noted.  The overlay of existing international law and pre-cyber landscape charters is convenient (easy), but will not conquer the wicked problems of today and certainly not tomorrow.  The ability to be engaged in a cyber war with a country in the virtual world while simultaneously maintaining “normal” diplomatic relations in the “real world” cannot be addressed by current standards.  This is the state of affairs today as the Mandiant report illustrates.  Yet, as normal diplomatic procedures require careful rapprochement,
 diplomats dance the dance and each party avoids discussing the issue directly while business interests are drained of their intellectual property like a water park after Labor Day.

The answer is not the United Nations or governments, which is why the problem may never be solved adequately in the current generation.  What matters in the networked world is data and infrastructure, and threats and vulnerabilities.  Nations are data owners (or at least holders), but so are companies, groups and individuals (like Snowden (he’s currently a holder)).  Nations also own infrastructure, but so do the private sector entities which own, for instance, the end user interface and telecommunications infrastructure.  A forum must be established where these stakeholders can operate on more of an equal footing, where countries are considered stakeholders just like the companies that own the networks on which they ply their trade.  The solution lies in a new dimension, one that is not formed in the crucible of the United Nations but is rooted in the networked world in which it must operate.  The management of our global network must be something complex and wonderful like the internet itself.  Where the power is held in the hands of those with the knowledge, information and interest to influence the direction of the global network.  It must be dependent on self-organized criticality.

A continued insistence on the application of current diplomatic technology in cyberspace is likely to diminish the progress of the human race.  The evolution of the networked human will be slowed by the Dickensian chains of nation-based world order.  The so-called “Arab Spring” provides evidence that the youth of the world with access to today’s technology cannot be satisfied when burdened by the constraints of national governments unwilling to free them to take full advantage of a networked Earth.  While the former generation’s power brokers attempt to make these disturbances about political and religious issues (because that is what they know), the heart of the issue is really growing pains.  We are evolving as a species faster than our organizational structure will allow.

A positive first step would be the recognition that national sovereignty is not a major factor in the future paradigm, and that the United Nations, which has failed to act promptly and responsibly to address conventional issues, is simply not equipped to manage the complexity of a networked solar system.

TSA’s Behavioral Profiling Program Takes a Hit

2013 June 6
by Jason Nairn, CPP, CISSP

Screen Shot 2013-06-06 at 10.28.40 PM

Securing the homeland has its challenges, and few agencies are as maligned as the Transportation Security Administration (TSA).  Unfortunately, just as many security programs are judged by the first impression given by a security guard, TSA is often judged by its screening of shoeless airline passengers.  But TSA’s impact on homeland security is significant in many modes of transport.  TSA employs a number of technologies and techniques to ensure that individuals travel safely everyday.  One of the more interesting and controversial is behavioral profiling.

In the media, profiling is often associated with traffic stops and ethnic groups.  But the use of behavioral profiling is a proven technique for early detection of potential bad actors.  Officers trained in the observation and detection of signs of suspicious behavior are deployed to observe patrons and single out suspicious persons for additional screening.  The technique is used in airports and other facilities around the world, and the Israelis are often cited as the experts in this field.  But TSA has, since 2007, been employing behavioral profiling techniques in some of the country’s largest and busiest airports, and thousands of passengers have been selected for additional screening using these methods.

A fascinating report was released this week by the Office of the Inspector General.  It is chocked full of very interesting information about the program, with a few redactions that deal mostly with force levels and screening selection criteria.  The report states that TSA has done a less than stellar job in managing the program.   According to the OIG, TSA has not effectively measured the effectiveness of the program, developed structured training, nor has it created a strategy for further implementation or financial support.  The report got some attention and may hurt the program’s support in Congress.

This is a setback for this passenger screening technique.  Behavioral profiling is a force-multiplier.  It provides early detection, intercepting threats before they reach critical areas of critical infrastructure.  Further, Behavioral Detection Officers ease the burden on screeners, who have to manage long lines of impatient travelers, and cannot be as observant in their production environment.  The wider deployment of this technique could improve airport security without zapping every passenger with more non-ionizing radiation.  Now that all these details of the program are out on the web, and the media is perusing the report, perhaps TSA will commit the appropriate resources to managing the program effectively before Congress loses interest in funding it.


The Origin of “Terrorism”

2013 May 5
by Jason Nairn, CPP, CISSP

“Terror is nothing but justice, prompt, severe and inflexible; it is therefore an emanation of virtue.”

Maximilien Robespeirre, Report on the Principles of Political Morality, 5 February 1794

Robespierre made the case that his regime de la terreur of 1793-94 was “virtuous” in its restoration of order after the French Revolution.  And it is from these beginnings, the “Reign of Terror”, that the term, “terrorism” has its roots.  Since that time, the word has become a useful moniker to attach to those individuals, groups, or organizations that use fear and violence for political purposes or that for political reasons need to be vilified.*

Robespierre believed that terror was the most effective method of ensuring virtue, and he would have defended his tactics eloquently and with an argument based in a scholarly study of government.  This is not meant as a defense of the Reign of Terror, but is intended to illustrate that as then, there is today little agreement on the concise definition of the word “terrorism”.  One man’s terrorist is another man’s freedom fighter, as they say.

Similarly, there is little agreement on the definition of “homeland security”.  While the federal act of the same name enacted in 2002 does provide a framework for defining the word in terms of the federal department,  like “terrorism”, “homeland security” can mean different things to different people.  It is important to understand the meanings (or potential meanings) of words used in the homeland security enterprise not because they explain homeland security, but because they expose some of the wicked problems of homeland security.

* – For more on the origins of “terrorism”, I recommend Bruce Hoffman’s book Inside Terrorism, available here.