Why can’t we have T-Hackers stay ahead of potential breaches?

Metal detectors at an airport

Clark Kent Ervin, the former inspector general of the State Department (2001-2003) and of the Department of Homeland Security (2003 to 2004) who is currently the director of the Aspen Institute’s homeland security program recently wrote an op-ed for NYT excerpted below:

“Perhaps the biggest lesson for airline security from the recent incident is that we must overcome our tendency to be reactive. We always seem to be at least one step behind the terrorists. They find one security gap — carrying explosives onto a plane in their shoes, for instance — and we close that one, and then wait for them to exploit another. Why not identify all the vulnerabilities and then address each one before terrorists strike again?

Since the authorities have to succeed 100 percent of the time, and terrorists only once, the odds are overwhelmingly against the authorities. But they’ll be more likely to defy fate if they go beyond reflexive defense and play offense for a change.”

It’s hard to argue with his point, for we clearly are reactive.  It’s as if our enemies have found our magic buttons, and they know exactly which button would get the desired reaction.
On December 2001, shoe-bomber Richard Reid made an unsuccessful attempt to blow up American Airlines Flight 63 from Paris to Miami with PETN as explosive.   According to Wikipedia, pentaerythritol tetranitrate (PETN) is one of the most powerful high explosives known, with a relative effectiveness factor (R.E. factor) of 1.66. It is also used as a medical drug to treat heart conditions.
Soon after that, we all had to take off our shoes, get wand screenings and pat downs at security points in our airports and at airports overseas. Shoes have become weaponized; they might as well join those box cutters and a whole lot of items now enshrined in the list of prohibited items when we fly.  Some funnies and some not so funny stories here
In 2006, the transatlantic aircraft terrorist plot to detonate liquid explosives carried on board at least 10 airliners travelling from the United Kingdom was discovered which resulted in chaos on how much liquids one can carry onto commercial aircrafts.

Imagine if you were breastfeeding or pumping milk the day those restrictions took effect? TSA says air travelers may now carry liquids, gels and aerosols in their carry-on bag when going through security checkpoints but “all liquids, gels and aerosols must be in 3.4 ounce (100ml) or smaller containers. Larger containers that are half-full or toothpaste tubes rolled up are not allowed. Each container must be 3.4 ounces (100ml) or smaller.” Somewhere, some not so nice folks are laughing.   

What are they going to think of next?
According to this report from Stratfor, when suicide-bomber Abdullah Hassan al Asiri attempted to assassinate the Saudi Arabian Deputy Minister of Interior Prince Muhammad bin Nayef  this past August, al Asiri who was described as a human Trojan horse activated a small improvised explosive device (IED) he was carrying inside his anal cavity. (Eww!)  PETN was reportedly the explosives used. The minister survived, the bomber did not.
Then on 25 December 2009, PETN was also found in the possession of Underpants Bomber, Umar Farouk Abdulmutallab who attempted to blow up Northwest Airlines Flight 253 while approaching Detroit from Amsterdam. Abdulmutallab allegedly tried to detonate PETN sewn into his underwear, by adding liquid from a syringe.
In the aftermath of these recent failed attempts, especially the latter, it looks like we are now faced with the distinct possibility of 1) a full body security scan which uses high frequency radio waves to produce an image of the human body to determine if passengers are smuggling items (such as drugs, cash or diamonds) in or underneath their clothing or 2) a full body scan which uses X-rays that pass through the body to trace swallowed items. Here is a good article on what Spiegel Online calls “strip search scanners.”
What are they going to think of next?  What if they succeed in putting explosives in ….. um, never mind. 
Banks hire the best hackers money can buy to steal from them—and then show them the holes in their defenses; by compromising their systems, they are able to protect their systems.  Have we done that?  According to this September 2009 GAO report on aviation security, TSA has implemented activities to assess risks to airport perimeters and access controls but has not conducted vulnerability assessments for 87 percent of the nation’s approximately 450 commercial airports or any consequence assessments.  We’re talking just aviation here, what about the rest?

Why can’t we do the equivalent of hackers when it comes to terrorism and stay one step ahead of potential breaches? The thing is we can’t pretend to seal the holes in the boat when we don’t know where we are leaking.  Until we know which parts of “us” are vulnerable, we will always play catch up.  And while we are stuck with protecting ourselves for the next shoe-bombing or underpants assault, the enemy may have already imagined other more creative ways to do us harm. The attack may not even have to blow anything up — just throw us into chaos; at significant costs to our peace of mind and sense of security, and to the taxpayers’ pockets.

You’re going to start thinking Domani Spero has gone bat crazy …

Well, okay, maybe – but hiring T-hackers, for lack of a better word, would be no more expensive than what was already spent on security screenings since 2002, or the inevitable body scanners.  For all that expense and inconvenience, we only get the perception of security.  The shoe bomber was the reason we now take off our shoes at security checkpoints in airports but PETN is a plastic explosive that is not picked up by metal detectors. So… why are we  taking off our shoes, again?
According to another GAO report, the Transportation Security Administration (TSA) and the Department of Homeland Security (DHS) have invested over $795 million in technologies to screen passengers at airport checkpoints since fiscal year 2002. News reports indicate that the cost of body scan machines range from 175,000-250,000 each. 
How many airports are there?  According to the Airports Council International, the United States has over 19,847 airports based on the Department of Transportation’s 2007-2011 National Plan of Integrated Airport Systems (NPIAS). More than 3,364 of those airports are recognized by the Federal Aviation Administration (FAA) as being open to the public.  382 are Primary Airports, defined as having more than 10,000 annual passengers.

I don’t even want to do the math. My head already hurts.

See what I like about those T-hackers? A squad of dark rangers, brainiacs who can imagine the most dastardly attacks, the most unimaginable chaos and destruction, the dark days we do not want to see in the future – they could poke holes at our security portals and blankets now before a lone wolf or some real bad guys get lucky with poking around. 


Related articles by Zemanta

US Embassaurus Baghdad Plans to Go Double Whopper

Windows7 Whopper - Burger King JapanImage by avlxyz via Flickr

No End in Sight for the Iraq Tax …

The Cable’s
Josh Rogin had an exclusive interview with Robert S. Ford, the deputy chief of mission at the US Embassy in Baghdad. Ambassador Ford (former ambassador to Algeria) on supersizing the embassy, quote: “If Congress gives us the money we are asking for, this embassy is going to be twice the size it is now. It’s not going down, it’s getting bigger.”  
Rogin writes that the Obama administration has prepared a budget request for a program that would vastly increase the number of people working on police training when the military draws down. That request, if granted, could increase the overall U.S. diplomatic presence in Baghdad from around 1,400 to more than 3,000 total personnel, including contractors.

“My biggest problem here is figuring out where are these people going to live, how are we going to get the security for them, how are we going to get food for them, and how are we going to get their mail delivered,” he said.

Rogin points out that our Baghdad embassy is already the largest in the world and “bursting at the seams with people and equipment.”
The report also says that the new police training will focus more on “middle management,” to include human resources, operational planning, and building institutional capacity, “rather than showing a new recruit how to wear a uniform and how to shoot a gun.”
Read the whole thing here.
Funding for US Embassy Iraq
Extracted from OIG/MERO August 2009 Report

An August 2009 report from the OIG’s MERO Office on Embassy Baghdad’s transition planning for reduced US military in Iraq says  that the embassy’s mission strategic plan indicates a gradual reduction in PRTs from 16 teams in August 2010 to six teams by December 2011.  Wow! But there is also this:
Department budget officials are identifying costs associated with the U.S. military drawdown as requirements are identified, and they believe sufficient funds have been budgeted through FY 2011 to meet projected embassy operational requirements as currently defined. However, OIG has identified several areas in which the military drawdown may result in additional costs. These areas include requirements for: (1) enhanced security around the new embassy compound; (2) convoy security for fuel, food, and other supplies; (3) commercial air travel as an alternative to military transport; and (4) private sector design, contract preparation, and contract oversight to replace U.S. Army Corps of Engineers’ support services.
Embassy Baghdad stated that there are two program areas that will greatly impact the embassy platform in 2011 and beyond: (1) a Department program to take over training Iraqi police from the U.S. military, and (2) the possible stand-up of an Office of Military Cooperation under chief of mission authority to assume some of the support and assistance now provided by U.S. military units. Embassy Baghdad noted that neither of these two programs has yet been defined in terms of scope, numbers of personnel and their deployment to different Iraqi sites, or the duration of their missions or support needs.
How could budget officials say in mid-2009 that sufficient funds have been budgeted through FY 2011 when the embassy did not yet know at that time how many additional personnel were needed for the police program?
Since Ambassador Ford is now talking about a staffing increase from “around 1,400 to more than 3,000 total personnel,” I’m presuming they have now identified personnel requirements for the Iraqi Police training program that the Department will take over from DOD. 
Ah yes, no good deed will go unpunished.  And just when I started to believe that the new hiring authority will begin to close the staffing gaps especially at the mid-levels – sigh!
The largest bump in recent years that the Foreign Service got in terms of staffing happened during Secretary Powell’s Diplomatic Readiness Initiative (DRI). That bump was quickly swallowed by a dinosaur with an almost bottomless appetite.  The State Department had recently received authority to hire 724 new officers. But with the surge in Afghanistan and a still hungry embassaurus in Baghdad, can you really expect a break in staffing gaps in diplomatic missions not located in Iraq, Afghanistan, or Pakistan?  What — or Yemen?.
You may need to start bringing your own pencil to work, before long. The estimated funding for US Embassy Baghdad in FY2010 was $1.865B.  If its request for over 1600 additional personnel is approved, the estimated funding of $1.875B for FY2011 will most certainly skyrocket.   
With these kind of numbers, would talk on directed  assignments be too far behind?.    
Related Item: 

On Abdulmutallab: The Dots Were Never Connected

Wayward Polka Dots ATCImage by Mel’s ATCs via Flickr

The White House released yesterday the preliminary review of the December 25 attempted terrorist attack of flight 253 from Amsterdam to Detroit. Excerpted below.

The preliminary White House review of the events that led to the attempted December 25 attack highlights human errors and a series of systematic breakdowns failed to stop Umar Farouk Abdulmutallab before he was able to detonate an explosive device onboard flight 253. The most significant failures and shortcomings that led to the attempted terror attack fall into three broad categories:
  • A failure of intelligence analysis, whereby the CT community failed before December 25 to identify, correlate, and fuse into a coherent story all of the discrete pieces of intelligence held by the u.s. Government related to an emerging terrorist plot against the U.S. Homeland organized by al-Qa’ida in the Arabian Peninsula (AQAP) and to Mr. Abdulmutallab, the individual terrorist;
  • A failure within the CT community, starting with established rules and protocols, to assign responsibility and accountability for follow up of high priority threat streams, run down all leads, and track them through to completion; and
  • Shortcomings of the watchlisting system, whereby the CT community failed to identify intelligence within u.S. government holdings that would have allowed Mr. Abdulmutallab to be watchlisted, and potentially prevented from boarding an aircraft bound for the United States.
The most significant findings of our preliminary review are:
  • The U.S. Government had sufficient information prior to the attempted December 25 attack to have potentially disrupted the AQAP plot-i.e., by identifying Mr. Abdulmutallab as a likely operative of AQAP and potentially preventing him from boarding flight 253.
  • The Intelligence Community leadership did not increase analytic resources working on the full AQAP threat.
  • The watchlisting system is not broken but needs to be strengthened and improved, as evidenced by the failure to add Mr. Abdulmutallab to the No Fly watchlist.
  • A reorganization of the intelligence or broader counterterrorism community is not required to address problems that surfaced in the review, a fact made clear by countless other successful efforts to thwart ongoing plots.
Although Umar Farouk Abdulmutallab was included in the Terrorist Identities Datamart Environment (TIDE), the failure to include Mr. Abdulmutallab in a watchlist is part of the overall systemic failure. Pursuant to the IRTPA, NCTC serves “as the central and shared knowledge bank on known and suspected terrorists and international terror groups.,,4 As such, NCTC consolidates all information on known and suspected international terrorists in the Terrorist Identities Datarnart Environment. NCTC then makes this data available to the FBI-led Terrorist Screening Center (TSC), which reviews nominations for inclusion in the master watchlist called the Terrorist Screening Database (TSDB). The TSC provides relevant extracts to each organization with a screening mission.
Hindsight suggests that the evaluation by watchlisting personnel of the information contained in the State cable nominating Mr. Abdulmutallab did not meet the minimum derogatory standard to watchlist. Watchlisting would have required all of the available information to be fused so that the derogatory information would have been sufficient to support nomination to be watchlisted in the Terrorist Screening Database. Watchlist personnel had access to additional derogatory information in databases that could have been connected to Mr. Abdulmutallab, but that access did not result in them uncovering the biographic information that would have been necessary for placement on the watchlist. Ultimately, placement on the No FIy List would have been required to keep Mr. Abdulmutallab off the plane inbound for the U.S. Homeland.
Mr. Abdulmutallab possessed a U.S. visa, but this fact was not correlated with the concerns ofMr. Abdulmutallab’s father about Mr. Abdulmutallab’s potential radicalization. A misspelling of Mr. Abdulmutallab’s name initially resulted in the State Department believing he did not have a valid U.S. visa. A determination to revoke his visa, however, would have only occurred ifthere had been a successful integration of intelligence by the CT community, resulting in his being watchlisted.
Read the whole thing here.
A couple of senior State Department officials also conducted a background briefing yesterday following the release of the WH security review. You can read it here
I’m sure this is not the end of it. There will be hearings on Capitol Hill.  This being an election year, well — who knows what surprises are in the cookie jar for us.  But I expect we’ll see some of the following officials over State’s role on this and the visa angle before too long.

Abdulmutallab Radicalized in London, Sana’a, where else?

The Sunday Times last week reported that Abdulmutallab had come onto MI5’s radar because of his “multiple communications” with extremists in the UK, including several radical figures at mosques.  The report quotes one Whitehall official: “This was a young man who while he was in the UK was starting his journey and was exploring an interest in radical Islam. He was making contact and reaching out to people who were MI5’s targets of interest.”

Apparently UK’s MI5 concluded that Abdulmutallab did not pose a threat to national security.  The report also says that British officials believe Abdulmutallab decided to become a suicide bomber only after leaving UCL last year and travelling to Yemen. They also think that up to a dozen young British Muslims are receiving terrorist training in that country.
The Associated Press reported yesterday that Rashad al-Alimi, Yemen’s deputy prime minister for defense and security has told reporters that Abdulmutallab was first recruited by Al-Qaida when he lived in London from 2005-2008: “During the period he was living in Britain, I believe he was recruited by radical groups in Britain.”
What do we make of this?
If what the Yemini minister says is true, Abdulmutallab joins UK-born, Richard Reid, the shoe bomber who was also radicalized in London. Which makes one wonder — how did MI5 miss these two and how many more young men starting their “journeys” have also been missed across the pond.
If what MI5 says is true, then we are faced with an equally disturbing truth – Al Qaeda could recruit, train and deploy a suicide bomber in 3-4 months.
Various documents on USA v. Umar Farouk Abdulmutallab including the 12/26/09 complaint and the 1/6/10 indictment have now been posted in cryptome.org.   

Snapshot: USDA Boots on the Ground in Afghanistan

Seal of the United States Department of Agricu...Image via Wikipedia

QUESTION: Alan Bjerga from Bloomberg News. Yesterday, the Administration said that it was going to be increasing civilian presence in Afghanistan. I’m wondering, from a USDA and USAID standpoint, how many more boots on the ground do you expect to be putting down?

SECRETARY VILSACK: We currently have 54 people in country and another 10 are on their way. And we’ll have an opportunity after this visit not only to thank those workers, but also to evaluate what additional assistance may be necessary. It isn’t just necessarily government boots on the ground; it’s also ways in which we can partner with the many land grant universities and other universities that are providing assistance and help, as well as working with USAID.
So we’re going to have a significant presence. I suspect and know that over the short time, all it’s going to increase. And I also know that there’s already significant work being done, from planting additional trees, up to 3 million additional trees in a forestation effort, to building storage facilities, to improving productivity, there’s good work being done.
from U.S. Government Agriculture Sector Programs in Afghanistan and Upcoming Travel to the Region Briefing with Agriculture Secretary Tom Vilsack, USAID Administrator Rajiv Shah, and SRAP Richard C. Holbrooke Washington, DC | January 7, 2010 (link)