Skip to content

Security Management, Law Enforcement and the Future of Homeland Security

2014 June 23
by Jason Nairn, CPP, CISSP

As mentioned in a previous post, I have been in a transition from a position of operational responsibility to one where I have greater opportunity to reflect upon the key issues that form the homeland security professional’s working environment.  As both a practitioner and observer within the homeland security enterprise, I have had the opportunity to observe a variety of public and private sector security programs.  In many of these programs, there was a necessary relationship between law enforcement, and non-law enforcement security practitioners.

As a result of my observations on this subject, I have developed three principles, which I believe apply to the working relationships that are necessary to secure our nation’s future.  In a series of posts, I will be presenting these three principles.

This is a thought experiment presented for discussion and review.

The principles are derived from my own experience as a homeland security practitioner and are presented as a way to establish a foundation for interactions between law enforcement, and non-law enforcement security professionals.  The goal is to enhance the power and effectiveness of the most significant force within homeland security, interagency personal relationships.


Letter from the Editor: A New Direction in Homeland Security

2014 June 21
by Jason Nairn, CPP, CISSP

After almost 15 years in state government, I have decided to resign my employment at the State of Michigan and enter the academic world on a full time basis.  While I may reflect on this decision in future posts, I will only say here that I have gotten an enormous amount of satisfaction and pleasure from working as an instructor in Concordia University’s Homeland Security Program.  As such, I feel very fortunate that the university has made me a generous offer of a full time faculty position in which I can continue the fine work of teaching and pursue a terminal degree.

Additionally, I will have the great pleasure to direct the university’s new Homeland Security Simulation Lab!  The Sim Lab will provide a realistic training and exercising environment for homeland security professionals and lay persons in a variety of homeland security related disciplines.  The facilities and systems in which the university has invested will take the exercise to a new level that will render the standard tabletop obsolete.  I anticipate huge interest when the facility opens later this year.

I hope to write and post more here at the HLSR blog.  This past 6 months it has been difficult to find time to devote to blogging, as I have been teaching and finishing my work at the state. I look forward to developing this resource further as a service to my students, colleagues and to the wider audience that cares about homeland security as a field of study.

Very Respectfully,


Informal Meetings Encourage Professional Networks

2014 February 22
by Jason Nairn, CPP, CISSP

Several years ago, a building in our jurisdiction received a suspicious package.  The package contained a copper tube with wires and a switch.  When received in a political office, the aid opening the mail dropped the package, screamed, and ran.  The device was on the floor of the lobby, and an emergency was declared.  The call came in as a “credible code B” – bomb.

The response included a unified command consisting of state and local law enforcement authorities.  The bomb squad was called, the package x-rayed, and removed by robot.  During the procedure, the building was partially evacuated with the first two floors evacuating and the remainder of the building sheltering in place due to the fact that upper floor stairwells emptied into the danger zone.  After a couple of hours, the issue resolved.  The device was inert.

Later that day, while everyone was calming down, we received word that the same device had been delivered earlier to another building in the same city, and that the security team there had investigated the source and interviewed the sender. They had all of the information necessary to avoid the extensive response that occurred in our building, what was missing was the urge to communicate.

Immediately following this incident, our team established a group that we call a Regional Security Network.  The purpose of the group was to ensure that all security stakeholders in our area know each other, have each other’s contact information, and therefore have reason and capability of reaching out if something comes up.  This group was to meet quarterly, and originally included representatives from seven (7) law enforcement agencies.

That was in 2005, today the group has over forty (40) members and continues to meet quarterly.  As the purpose of the group is strictly networking, there is no agenda, ever. The meetings are held for the purpose of meeting colleagues new and old, and discussing whatever is on the mind of participants.  Today, the members range from state and local law enforcement to colleges and universities.  Corporate security and risk managers mix freely with police officers, chiefs and sheriffs.  Here are five reasons these meetings are successful:

  1. The Goal is Simple and Straightforward – Keeping the goal simple, to network, ensures that all members understand clearly the purpose of meetings.  There is no question of value or purpose, which, sadly, is not the case for most meetings these people attend.
  2. The Meetings are Kept Informal – The rule is “come if you want, don’t if you can’t, and come as you are”.  The groups members work various shifts.  Some come in plain cloths, some in suits, some in shorts, some even come on their day off!  They know that no matter what, their peers will not question them since it is made clear the meetings are informal and optional.
  3. There is Good Food, Always – Nothing lubricates the talk like good food.  Nothing fancy, Panera Bagel Packs work great for early morning meetings.  Make sure there is coffee and bottled water and you have everything you need to keep your guests comfortable.  When they are comfortable they share and get to know each other.
  4. We End on Time – If everyone has had the chance to talk, and there is nothing more to say, end the meeting.  Don’t keep busy people captive.  When the value is over, so is the meeting.  Always make time for the stragglers though because those tidbits that are mentioned on the way out are sometimes most important.  “Hey, by the way…”
  5. We Use A Big Screen – Often the group discusses things that have happened or things they have seen.  They like to share pictures or news articles and discuss them.  If you can, provide a way for your guests see pictures or news articles on a screen in the room.  It encourages the discussion and helps everyone understand the issues.  You can also put up helpful documents and reports that can be shared.  The next step is to develop easy ways for guests to share from their mobile devices.  We are not there yet but hope to be soon!

That device was not a bomb, yet a notable amount of resources were deployed to respond.  Starting these meetings was a direct result and the reward has more than paid the expense of the original event.  Subsequent incidents have been more efficiently addressed or even avoided thanks to this group.

By the way, the device turned out to be a “healing device” designed to cleanse the blood using the copper and an magnetic current, similar to those golf bracelets.  It sure looked like a pipe bomb, fortunately the only explosion that resulted was in local agency cooperation.

What Has Been Accomplished? – The National Infrastructure Protection Plan

2014 February 18
by Jason Nairn, CPP, CISSP

I am starting a new category on this blog entitled “What has been accomplished?”  It is a question that I don’t believe we ask enough in the homeland security enterprise.  In this series, I intend to ask homeland security leaders and professionals at all levels, as directly as possible, what has been accomplished via the various HLS programs.  To kick off the new series, I asked a question that I have been wanting to ask since last year’s State of the Union when President Obama announced an update to the National Infrastructure Protection Plan (NIPP).  That is, “How has the NIPP made us safer?”  I was recently presented with the opportunity to ask the leadership of DHS’s Office of Infrastructure Protection.

DHS has been rolling out the updated NIPP and kicked off the roll-out with a national conference call.  During the call they had a question and answer session.  I queued up but was not able to ask my question during the live session.  However, they accepted email follow-up questions and I sent in mine.  I received a written response.  Here is a verbatim copy of my email to DHS:

Thank you for the call this morning, and congratulations on the completion of the NIPP 2013 update.

As a practitioner and professor of homeland security, my question is:

What do you believe is the most significant accomplishment of the NIPP thus far, in the enhancement of our national security?

Thanks in advance.

I felt it was important, rather than to ask what has been accomplished and get any number of broad and nebulous responses, to ask for one significant accomplishment.  I am not sure if that was a better plan or not.  Here is the response:

Thank you for your interest in NIPP 2013.

The most significant accomplishment of the NIPP program thus far has arguably been the establishment of the critical infrastructure public-private partnership and its subsequent activities to secure and strengthen the resilience of critical infrastructure.  The effort to reduce critical infrastructure risk has been a joint voluntary undertaking between critical infrastructure partners in all levels of government and the private sector. The critical infrastructure partnership is the primary mechanism for promoting and facilitating sector and cross-sector planning, coordination, collaboration, and information sharing to manage risks to critical infrastructure. A 2013 evaluation of the critical infrastructure partnership, conducted in response to Presidential Policy Directive 21, validated the current structure of the partnership at the national level and made recommendations to enhance and expand partnership activities at the regional and local levels.

I found this to be a very predictable, canned response, and one that makes little sense to me.  The first sentence basically says “all the meetings we had and all the stuff we did is our most significant accomplishment”.  Then they point out that the partnership “is the primary mechanism for facilitating sector and cross-sector planning, coordination, collaboration, and information sharing to manage risks”.  I understand the value of public-private partnerships, but did any of these things actually get accomplished?  I was hoping for tangible examples of risk reduction that are a direct result of the NIPP?  Surely the mechanism for accomplishing the goals isn’t the goal.  Is the greatest accomplishment of the NIPP the fact that the participants got to know each other?  Perhaps that is an accomplishment, as I am acutely aware of the importance of personal networks.  If so, is the NIPP and all of its associated complexity the best way to forge public-private partnerships?  As I mentioned the response seems scripted, which I should have expected.  But it raises more questions than it answers about the impact that the NIPP is having on our security.

What do you think?  Leave a comment and let me know.

Five Ways Homeland Security is All About Networks…

2014 February 15
by Jason Nairn, CPP, CISSP

I have not been sufficiently active in creating content for this blog, and working and teaching have left little room for blogging lately.  I was sensitive that (both of) my readers were likely giving up on HLSR, so I thought it was high time to get back to blogging, and to redesign the site to reflect what I think is a key to understanding homeland security in today’s world, understanding the importance of networks.

Of course terrorist networks are important in homeland security, but they are just one example of the role of the network in the lives of homeland security professionals.  Here are five ways that homeland security is all about networks:

  1. Informal Personal Networks – If there is one thing I have learned in my years as a homeland security practitioner, it’s that things get done, emergencies are responded to efficiently, and intelligence is shared through informal networks.  Understanding the importance of the informal network is key to the success of any HLS professional.  Find ways to encourage informal networks and it will pay when it counts…
  2. Computer Networks – If you follow the money and energy in homeland security, and I know you do, then you know that both are currently in cyber security.  Terrorists and others are attacking the homeland in many sectors via computer networks.  To stay in the game, every homeland security professional must have at least a basic knowledge of computer networks.
  3. Critical Infrastructure Networks – Everything in the world that matters is now part of a network, linked together via the Internet and controlled remotely via SCADA or other systems.  Understanding the threat and vulnerability of critical infrastructure means understanding the networks that control that infrastructure.  Additionally, many CI/KR are networks themselves.  Homeland security professionals must focus on the critical nodes of these networks, since we don’t have the resources to protect it all.
  4. Social Networks – Homeland security professionals no longer have to wait for a national intelligence estimate to find out what is going on around the world.  Operations centers in the public and private sector now have active social network monitoring capabilities to provide leaders with real time information about issues that matter to them.  Understanding social networks and tapping into them provides the professional with tools we could only have dreamed of even a decade ago.
  5. Criminal and Terrorist Networks – Law enforcement officers now have tools on their smart phones that provide them with real time information about individuals and their network affiliations.  These tools are changing the face of law enforcement.  Intelligence analysis formerly done at headquarters behind closed doors is now being done in the field instantly.   Intelligence and information is readily available in apps downloaded and shared among officers, sometimes informally.  These technologies provide new tools for crime fighters, but also push the envelope in the area of constitutional rights and privacy.  Understanding these trends and the associated legal, moral and civil rights  issues is essential for current and future agency leadership.

Successful homeland security professionals will understand the role of networks, and therefore will study tools to better leverage them.  There are tools available that take advantage of the power of the network.  Homeland security professionals that are students of networks will lead us to a secure future.

On the Need for a New Diplomatic Dimension for Cyberspace

2013 September 15
by Jason Nairn, CPP, CISSP

In the wake of Mandiant’s APT1 report and in the midst of the Edward Snowden affair, it has become increasingly apparent that cyber diplomacy is something different than traditional international statecraft, and that the current diplomatic model is not sufficient.  Countries of the world, including and especially the United States, are attempting to manage cyber-related issues via existing diplomatic fora, using existing diplomatic resources.  The results are predictably disappointing, since cyberspace rarely conforms to the traditional business models of the 20th Century and before.

In June (2013) the State Department issued a press release to announce the United States’ conformation to the findings of the United Nations’ Group of Governmental Experts on Cyber Issues regarding the effective applicability of the UN Charter and international law to cyberspace.  Little attention was paid to the announcement, but its significance should be noted.  The overlay of existing international law and pre-cyber landscape charters is convenient (easy), but will not conquer the wicked problems of today and certainly not tomorrow.  The ability to be engaged in a cyber war with a country in the virtual world while simultaneously maintaining “normal” diplomatic relations in the “real world” cannot be addressed by current standards.  This is the state of affairs today as the Mandiant report illustrates.  Yet, as normal diplomatic procedures require careful rapprochement,
 diplomats dance the dance and each party avoids discussing the issue directly while business interests are drained of their intellectual property like a water park after Labor Day.

The answer is not the United Nations or governments, which is why the problem may never be solved adequately in the current generation.  What matters in the networked world is data and infrastructure, and threats and vulnerabilities.  Nations are data owners (or at least holders), but so are companies, groups and individuals (like Snowden (he’s currently a holder)).  Nations also own infrastructure, but so do the private sector entities which own, for instance, the end user interface and telecommunications infrastructure.  A forum must be established where these stakeholders can operate on more of an equal footing, where countries are considered stakeholders just like the companies that own the networks on which they ply their trade.  The solution lies in a new dimension, one that is not formed in the crucible of the United Nations but is rooted in the networked world in which it must operate.  The management of our global network must be something complex and wonderful like the internet itself.  Where the power is held in the hands of those with the knowledge, information and interest to influence the direction of the global network.  It must be dependent on self-organized criticality.

A continued insistence on the application of current diplomatic technology in cyberspace is likely to diminish the progress of the human race.  The evolution of the networked human will be slowed by the Dickensian chains of nation-based world order.  The so-called “Arab Spring” provides evidence that the youth of the world with access to today’s technology cannot be satisfied when burdened by the constraints of national governments unwilling to free them to take full advantage of a networked Earth.  While the former generation’s power brokers attempt to make these disturbances about political and religious issues (because that is what they know), the heart of the issue is really growing pains.  We are evolving as a species faster than our organizational structure will allow.

A positive first step would be the recognition that national sovereignty is not a major factor in the future paradigm, and that the United Nations, which has failed to act promptly and responsibly to address conventional issues, is simply not equipped to manage the complexity of a networked solar system.

TSA’s Behavioral Profiling Program Takes a Hit

2013 June 6
by Jason Nairn, CPP, CISSP

Screen Shot 2013-06-06 at 10.28.40 PM

Securing the homeland has its challenges, and few agencies are as maligned as the Transportation Security Administration (TSA).  Unfortunately, just as many security programs are judged by the first impression given by a security guard, TSA is often judged by its screening of shoeless airline passengers.  But TSA’s impact on homeland security is significant in many modes of transport.  TSA employs a number of technologies and techniques to ensure that individuals travel safely everyday.  One of the more interesting and controversial is behavioral profiling.

In the media, profiling is often associated with traffic stops and ethnic groups.  But the use of behavioral profiling is a proven technique for early detection of potential bad actors.  Officers trained in the observation and detection of signs of suspicious behavior are deployed to observe patrons and single out suspicious persons for additional screening.  The technique is used in airports and other facilities around the world, and the Israelis are often cited as the experts in this field.  But TSA has, since 2007, been employing behavioral profiling techniques in some of the country’s largest and busiest airports, and thousands of passengers have been selected for additional screening using these methods.

A fascinating report was released this week by the Office of the Inspector General.  It is chocked full of very interesting information about the program, with a few redactions that deal mostly with force levels and screening selection criteria.  The report states that TSA has done a less than stellar job in managing the program.   According to the OIG, TSA has not effectively measured the effectiveness of the program, developed structured training, nor has it created a strategy for further implementation or financial support.  The report got some attention and may hurt the program’s support in Congress.

This is a setback for this passenger screening technique.  Behavioral profiling is a force-multiplier.  It provides early detection, intercepting threats before they reach critical areas of critical infrastructure.  Further, Behavioral Detection Officers ease the burden on screeners, who have to manage long lines of impatient travelers, and cannot be as observant in their production environment.  The wider deployment of this technique could improve airport security without zapping every passenger with more non-ionizing radiation.  Now that all these details of the program are out on the web, and the media is perusing the report, perhaps TSA will commit the appropriate resources to managing the program effectively before Congress loses interest in funding it.


The Origin of “Terrorism”

2013 May 5
by Jason Nairn, CPP, CISSP

“Terror is nothing but justice, prompt, severe and inflexible; it is therefore an emanation of virtue.”

Maximilien Robespeirre, Report on the Principles of Political Morality, 5 February 1794

Robespierre made the case that his regime de la terreur of 1793-94 was “virtuous” in its restoration of order after the French Revolution.  And it is from these beginnings, the “Reign of Terror”, that the term, “terrorism” has its roots.  Since that time, the word has become a useful moniker to attach to those individuals, groups, or organizations that use fear and violence for political purposes or that for political reasons need to be vilified.*

Robespierre believed that terror was the most effective method of ensuring virtue, and he would have defended his tactics eloquently and with an argument based in a scholarly study of government.  This is not meant as a defense of the Reign of Terror, but is intended to illustrate that as then, there is today little agreement on the concise definition of the word “terrorism”.  One man’s terrorist is another man’s freedom fighter, as they say.

Similarly, there is little agreement on the definition of “homeland security”.  While the federal act of the same name enacted in 2002 does provide a framework for defining the word in terms of the federal department,  like “terrorism”, “homeland security” can mean different things to different people.  It is important to understand the meanings (or potential meanings) of words used in the homeland security enterprise not because they explain homeland security, but because they expose some of the wicked problems of homeland security.

* – For more on the origins of “terrorism”, I recommend Bruce Hoffman’s book Inside Terrorism, available here.

New Presidential Policy Directive 21 (PPD 21) “Kicks the Can” on Critical Infrastructure Protection

2013 February 20
by Jason Nairn, CPP, CISSP

On February 12th President Obama released Presidential Policy Directive 21 in conjunction with his State of the Union Address.  PPD 21 directs the Department of Homeland Security to work with critical infrastructure owners and operators, federal agencies that oversee critical sectors (SSA’s or sector-specific agencies), and State, Local, Tribal and Territorial governments (SLTT’s) to protect critical infrastructure from attack or disruption.  The new policy recognizes the importance of cybersecurity in critical infrastructure protection, which the 2009 National Infrastructure Protection Plan does not address as vigorously.  It also establishes “national critical infrastructure centers” in the physical and cyber space designed to promote information sharing and collaboration.  Additionally, the policy orders the State Department to be engaged with DHS on issues of international interdependencies and multi-national ownership, growing concerns of the global economy.

But PPD 21 is just as interesting for what it includes that isn’t new, and much of it is not new.  It raises several questions about what progress has been made over the past 5-10 years, and why the Obama Administration feels the need to reset the timer.

For example, PPD 21 requires DHS to “identify and prioritize critical infrastructure” as an “additional role and responsibility”.  But DHS has been doing this for years.  In 2003 I received a phone call from a DHS contractor.  As coordinator of state-owned infrastructure, I must have made some list of contacts given to a (probably Booz Allen) contract DHS employee.  I was asked a series of questions regarding critical infrastructure in my jurisdiction.  The information was needed, according to the contractor, because the Department of Homeland Security was compiling a state-by-state list of critical infrastructure.  In the years since, I have submitted revisions and updates to my “Tier 1 and Tier 2” lists of sites.  The Government Accountability Office (GOA) describes this process this way in a 2010 report:

“The process of identifying these nationally significant assets and systems is conducted on an annual basis and relies heavily on the insights and knowledge of a wide array of public and private sector security partners. CIKR categorized as Tier 1 or Tier 2 as a result of this annual process provide a common basis on which DHS and its security partners can implement important CIKR protection programs and initiatives, such as various grant programs, buffer zone protection efforts, facility assessments and training, and other activities. DHS has other tiered categories of infrastructure whose destruction or disruption would not have a significant national or regional impact, though local impacts could be substantial.”
GAO-10-296 Critical Infrastructure Protection: Update to National Infrastructure Protection Plan Includes Increased Emphasis on Risk Management and Resilience

DHS’ “additional roles and responsibilities” also includes the development of vulnerability assessments on CI/KR, which they have also done for years via their Protective Security Advisors.  These efforts are aimed at meeting the risk management goals of prioritization and the establishment resource allocation priorities via programs such as the Buffer Zone Protection Program.  The list of “additional roles” within PPD 21 for DHS goes on to include providing informational support, coordination with Federal departments on prosecutorial issues, and mapping.  All of which are old news.

PPD 21 does little to enhance the CI/KR resilience programs already in existence.  And while movement toward cybersecurity and a nod to the national continuity directives are helpful, they are also kind of obvious.  These are simple adjustments not grand new (State of the Union announcement!) plans.  It will be interesting to see what comes of the “national critical infrastructure centers”, and we look forward to reading the annual reports.  But in the end, PPD 21’s most significant contribution to improving the National Infrastructure Protection Plan might be the removal of the National Monuments and Icons and Postal and Shipping sectors.  No one was quite sure what to do with those.  Make Mount Rushmore more resilient or teach UPS how to manage emergencies?

New Congressional Report: Homeland Security Still Not Defined

2013 January 28
by Jason Nairn, CPP, CISSP

We have said here that we are not quite sure what “Homeland Security” is, particularly at the local level.  Now a new report from the Congressional Research Service (CRS) says that ten years after the 9/11 attacks the federal government still does not have a concise definition for homeland security. The brief report is unambiguous as it points out the strategic repercussions of the lack of agreement on the scope and function of homeland security. Consider this passage from the report’s summary:

“Varied homeland security definitions and missions may impede the development of a coherent national homeland security strategy, and may hamper the effectiveness of congressional oversight. Definitions and missions are part of strategy development. Policymakers develop strategy by identifying national interests, prioritizing goals to achieve those national interests, and arraying instruments of national power to achieve the national interests. Developing an effective homeland security strategy, however, may be complicated if the key concept of homeland security is not defined and its missions are not aligned and synchronized among different federal entities with homeland security responsibilities.” (p. 2)

The report discusses the evolution of the homeland security enterprise in the various strategies and reports that have been published since 2001 and discusses the implications of the lack of consistency on the nation’s overall homeland security strategy. A highlight of the report is a useful table on page 8 entitled “Summary of Homeland Security Definitions”. It provides an overview of the pertinent homeland security strategic plans and their associated definitions for “homeland security”. This table should be required reading in every Introduction to Homeland Security course.

An opportunity exists to augment this report by discussing the implications of homeland security ambiguity to state and local governments, universities and the private sector. States and local governments must implement programs related to homeland security in support of the national effort. State and local government officials need a thorough understanding of the stated goals of homeland security in order to provide that support. Further, colleges and universities are developing programs that provide degrees in homeland security. Without a clear understanding of what homeland security means, it will be difficult to fully prepare the next generation to fill strategically important roles in the enterprise. And businesses across the country are developing products and services to serve a discipline that could stimulate the economy. But to be successful these businesses need clarity of the mission.

The essential problem is summarized very concisely in the following passage from the analysis section of the report:

“Homeland security is essentially about managing risks. The purpose of a strategic process is to develop missions to achieve that end. Before risk management can be accurate and adequate, policymakers must ideally coordinate and communicate. That work to some degree depends on developing a foundation of common definitions of key terms and concepts. It is also necessary, in order to coordinate and communicate, to ensure stakeholders are aware of, trained for, and prepared to meet assigned missions. At the national level, there does not appear to be an attempt to align definitions and missions among disparate federal entities. DHS is, however, attempting to align its definition and missions, but does not prioritize its missions; there is no clarity in the national strategies of federal, state, and local roles and responsibilities; and, potentially, funding is driving priorities rather than priorities driving the funding.” (p. 13)

Our compliments to the CRS and analyst Shawn Reese for a hard-hitting report that doesn’t mince words. We at Homeland Security Roundtable hope it gets the attention it deserves.