October 1, 2008  

Incomplete security

Complacency and bureaucracy threaten DHS’ progress

Since its creation almost six years ago, the Department of Homeland Security has accomplished much in its efforts to protect the nation, but serious challenges lie ahead.

Several of those challenges will command the department’s attention for the foreseeable future. They include the continued need for immigration enforcement and reform, border security, secure identification, cybersecurity, a more integrated department, and an increasingly vigilant and resolute country and society.

How can these and other challenges best be met? DHS must continue to pursue a unified strategy of preventing or reducing America’s vulnerability to terrorism and natural disasters, one that protects the homeland and its infrastructure from dangerous people and items, while mitigating the consequences of disasters by strengthening the country’s emergency preparedness and response systems.

Screening out danger

To keep dangerous people out of the U.S., several key things must be done well. We must have advance information about who is coming here, confirm people’s identity with speed and accuracy and check them against watch lists, prevent the use of fraudulent travel documents, and locate unknown terrorists, meaning those whose names have yet to be identified.

Given the fact that last year alone, 414 million people came through U.S. ports of entry, this constituted a particularly daunting challenge. We have literally seconds to determine the level of risk posed by each of these individuals. Moreover, it must be done in a way that allows the vast majority of innocent travelers to pass without hindrance.

Definitive strides have been made to improve our ability to screen these incoming travelers. Last year, a landmark agreement was reached with our European counterparts to continue sharing advance information — Passenger Name Record (PNR) data — on visitors arriving in and departing from America, while strengthening privacy protections. As part of this effort, DHS implemented a new rule that lets it obtain PNR information from the airlines earlier than previously. This enables us to conduct security checks before flights take off and minimizes the risk of finding a person already on board who is dangerous and having to turn the flight around.

Another way of identifying people who pose a threat to the homeland is through the use of biometrics, including fingerprints. Through the US-VISIT program, we have for some time taken fingerprints of two index fingers from individuals. But to improve our ability to confirm identity and check visitors against watch lists, we’ve begun taking 10 fingerprints at our consulates and airports. Consulates overseas now require 10 fingerprints electronically as a precondition to providing a visa.

Not only is it more accurate to have 10 fingerprints than two fingerprints, it also enables travelers to be matched against the latent fingerprints collected across the globe at crime scenes, in safe houses where terrorists plan and even on battlefields.

As a result, we are acquiring an enhanced capability to identify unknown terrorists, those whose names are not on watch lists and whose biographical information may not tip us off to the threat, but who have left markings of themselves in times and places that suggest they receive a second look.

Working with US-VISIT, the Coast Guard is also leveraging biometrics at sea to capture fingerprints from individuals who attempt to enter our country between Puerto Rico and the Dominican Republic.

A third way in which dangerous individuals are being identified is through efforts to create secure documents that confirm people’s identity. We must be able to ascertain that people are who they say they are by creating secure travel documentation as the commission recommended and as Congress has mandated. That is being pursued through the Western Hemisphere Travel Initiative (WHTI).

The good news is that during the initial portions of WHTI, compliance has been approaching 100 percent.

However, it makes little sense to secure ports of entry if measures to secure the long stretches of border that lie between them are neglected. That is why a three-pronged border protection strategy is being pursued: installing tactical infrastructure, including pedestrian and vehicle fencing; hiring and training new Border Patrol agents; and deploying technology at the border, including cameras, sensors, unmanned aerial systems and ground-based radar.

Layers of security

It is also essential to prevent dangerous items, especially weapons of mass destruction, from entry. This priority is best served not by relying on a single, specific layer of protection, but on several.

This overall strategy begins with our outermost layer abroad. Last year DHS launched the Secure Freight Initiative at six foreign ports. Through this effort, inbound cargo is scanned for radiation before being loaded on U.S.-bound ships. The effect is to push America’s defenses and security outward.

As part of this initiative, DHS continues to require more information about the contents of cargo shipments and to collect more trade data from the private sector. This intelligence-based screening provides a clearer glimpse into the supply chain and a greater ability to identify those kinds of shipments that raise potential security questions. It constitutes another layer besides overseas scanning to help keep our homeland safe.

We also expanded our Container Security Initiative (CSI) to 58 foreign ports. Once again, through scanning and collecting intelligence-derived information, inspectors now work with their foreign counterparts to screen cargo before loading it onto ships. More than 85 percent of the containers shipped to the U.S. now pass through CSI ports and benefit from our overseas inspection. This year we are scanning nearly 100 percent of inbound cargo at our seaports for radiation.

Another priority is to strengthen the protection of the nation’s critical infrastructure against threats. Tough new security regulations are helping protect chemical facilities from attack and to prevent the theft of chemicals that could be deployed as weapons. As part of this effort, DHS worked closely with the chemical industry to devise performance-based standards, which, instead of micromanaging these industries, allows them to choose ways in which they can best meet these requirements.

We also accelerated our IED awareness campaign, boosted science-and-technology research into explosives and expanded participation in our information-sharing portal to raise awareness of the threat posed by improvised explosive devices.

At seaports, we began enrolling port workers in our Transportation Worker Identification Credential program. We also published a final rule that will allow our Transportation Security Administration (TSA) to take control of domestic passenger watch lists from the airline industry under our Secure Flight program. This will make the watch list system more accurate and secure.

Besides operating watch lists and performing a traditional screening function, TSA has deployed officers to more than 40 U.S. airports to identify potentially threatening passengers based on their behavior. We’ve learned lessons, for example, from the Israelis and the Europeans in how to train our screeners to spot certain kinds of conduct that suggest a possible threat or an uneasiness that warrants closer inspection. Such programs reflect our determination to move beyond the static, inflexible model of checkpoint screening, to a more dynamic and multilayered security environment that includes, apart from behavioral detection, such tools as whole-body imaging and a focus on IEDs.

In protecting our infrastructure, we must be concerned not just with the threat posed by IEDs but by biological agents as well. The Office of Health Affairs was established, along with its National Biosurveillance Integration Center, to provide common awareness and early detection capability with respect to biological events and trends. This includes BioWatch, our deployment of biological detection sensors in dozens of cities.

Strengthening partnerships

Since most of America’s key infrastructure is privately owned, protecting it necessarily involves partnering with the business community. The department has completed the sector-specific plans of our National Infrastructure Protection Program that defines roles and responsibilities and sets security priorities across 17 sectors of our economy.

We have also continued to strengthen our partnerships with grass-roots government by increasing our participation in state and local intelligence fusion centers and deploying more analysts and further distributing our Homeland Security Data Network, our secure information-sharing portal.

Promoting information-sharing between Washington and local law enforcement across the nation is a particularly effective way of protecting against threats to infrastructure. States and localities are in many ways our eyes and ears on what is happening in communities throughout the U.S. They are in an especially advantageous position to detect threats posed by homegrown terrorists. Concerning homegrown threats, the Office of Intelligence and Analysis works closely with the Office of Civil Rights and Civil Liberties to study the risk of radicalization in the U.S.

While the U.S. government remains committed to guarding our nation and infrastructure against threats posed by dangerous people and things, complete protection from all threats is not possible. Natural disasters such as hurricanes, wildfires and tornadoes cannot be prevented. Moreover, while the risk of man-made disasters can be reduced substantially, it cannot be removed entirely. That is why we seek to build an emergency response system that is fit for the 21st century.

Last year, as part of an effort since Hurricane Katrina to retool and transform the Federal Emergency Management Agency (FEMA), some new policies and procedures were tested regarding FEMA that we had put into place in response to that hurricane. These included better tracking of commodities, prearranged mission assignments with the Defense Department that lets us deploy resources faster, and improved disaster registration.

To protect our nation and infrastructure from dangerous people and cargo and respond effectively to disasters when they occur, ensuring a truly cohesive and unified department operating at full potential remains absolutely critical. It is our final priority, and none is more important.

To that end, we have been unifying our information technology services; creating a robust and multidisciplinary training and education template for our employees; proceeding with our plans to move the department’s headquarters to the St. Elizabeths Hospital compound in Washington, D.C., so we can bring together employees in the same physical space; unifying information technology budgets under our chief information officer; and attempting to foster career development and a congenial workplace for the nearly 216,000 men and women of the department.

As the nation looks to the future, one of our challenges continues to be immigration, and the most efficient and humane response is a comprehensive one. The defeat of comprehensive reform in Congress last summer underscored the fact that the American people want evidence of Washington’s total commitment to enforce current law before embracing fundamental change. Clearly, Washington has to make a down payment on credibility with the American people by proving it is prepared to use every tool at its disposal to get the job done. Congress has given us a mandate to do precisely that.

One example of how this is being implemented is the progress in building a fence along our southwestern border. The goal is to have a total of 670 miles of such fencing by the end of this year. The construction of fencing can only help our Border Patrol do its job. Border Patrol staffing was increased by 35 percent, from 12,349 agents in fiscal 2006 to more than 16,700 agents and is well on the way to more than 18,000 agents, doubling in size since January 2001.

These men and women need effective tools in addition to the border fence that is being built. That is why we have added new technology at the border in the form of ground-based radar and UAVs. Four UAVs have been deployed, while two more are on the way.

These combined efforts are having a remarkable impact on illegal border crossings. Apprehensions at the border were down more than 20 percent for fiscal 2007. This is one of several indicators that fewer people are attempting illegal entry and that the strategy is working.

Part of the strategy also includes stepped-up interior enforcement. Last year was a record one for Immigration and Customs Enforcement in this arena. Its agents made 863 criminal arrests in worksite enforcement cases last year, exceeding the prior year’s record total. And this year, ICE has already exceeded that total, making 875 criminal arrests as of July. And we expanded training programs for state and local law enforcement officials in 30 agencies to help in these efforts.

We also expanded tools to help employers determine whether employees are authorized to work in this country, and participation in our electronic E-Verify system more than doubled last year.

This year, however, we have been attracting particularly intense opposition. I am sometimes asked why, for more than a generation, the U.S. government has had difficulty enforcing its own rules against illegal immigration. Based on my own experience, I believe the answer is evident. When the TV cameras turn off and the spotlight moves on, a host of interest and advocacy groups moves in and challenges the government at nearly every turn, making its job of enforcing the law a much more difficult task than it would ordinarily be.

To cite one example, DHS supports a regulation to help employers clear up instances where a worker’s name and Social Security number don’t match. A number of business groups objected by explaining quite candidly that many if not most of their workers are illegal aliens and that to the extent that this regulation would uncover such workers, it would hurt their businesses. While that could undoubtedly be the case, the right answer to this dilemma is to lobby for changes in the law in order to address the alleged labor need. The wrong answer is to ask those who are sworn to uphold the law to turn a blind eye to those who break it, creating what amounts to a silent amnesty.

Such businesses, along with other opponents, succeeded in tying up this “no-match” regulation in court. There have been other instances in which DHS has had to go to court in order to remove other impediments to enforcing immigration law.

Again, the long-run solution to our immigration challenges remains a comprehensive one. That is why, even as we continue to enforce the law, we will continue to ask Congress to consider enacting an immigration policy that treats the matter in all of its aspects, and in a way that genuinely serves this nation and its people.

Besides pursuing an immigration policy that strengthens the rule of law, national sovereignty and homeland security, DHS must continue to press ahead with one of the best defenses against terrorism: secure identification. In the words of the 9/11 Commission: “Sources of identification are the last opportunity to ensure people are who they say they are and to check whether they are terrorists.”

Simply stated, identity document standards must be brought into the 21st century to prevent terrorists and criminals from using fraudulent identification, and to protect the public from identity theft. That is why the department is moving this year on three fronts to create a robust set of security standards.

As previously noted, one such front concerns secure travel documentation. Through WHTI, the goal is to replace an antiquated system which long allowed 8,000 kinds of documentation to be presented by people who want to cross our land borders, making border inspection a needlessly complex job.

A second example concerns the enhanced driver’s license. DHS has invited a number of states, along with provinces in Canada, to convert their driver’s licenses into the kinds of documents that will satisfy WHTI requirements. This will create a less expensive way for regular travelers to cross the border without having to get a passport, while enhancing the nation’s security by improving the security of the affected licenses.

The final example is the REAL ID requirement, issued earlier this year, which stems from the REAL ID law that Congress passed in response to another key 9/11 Commission recommendation that driver’s licenses be made into more secure, reliable forms of ID across the nation.

REAL ID regulations directly addressed some of the key concerns of states, such as the costs of implementation. Beyond that, objections continued to be raised in some quarters based not on dollars and cents but on ideology.

Specifically, a number of opponents argued that the creation of more secure driver’s licenses would violate privacy rights or other civil liberties. I have yet to hear how it advances privacy to retain a system in which driver’s licenses can be readily forged or counterfeited. None of these opponents appear able to explain how citizens fare well under a system where any determined person can obtain another’s identity, create a bogus driver’s license and pretend to be that other person. Creating more secure driver’s licenses — issued when appropriate underlying documents are produced and protected against being counterfeited — will clearly enhance privacy as well as security. It will do so by making it tougher to commit the crime of identity theft, which is surely one of the most common and egregious privacy violations a person is likely to encounter in his lifetime.


In addition to immigration enforcement and reform and secure identification, a third area of focus for the future is cybersecurity. In the 21st century, the economic well-being of this nation depends on our ability to utilize the Internet and data systems to perform work.

To strengthen the security of our networks, a National Cyber Security Division was created to help lead an interagency effort. We also established the U.S. Computer Emergency Readiness Team (US-CERT) to provide a 24-hour watch, warning and response center. Last year, it issued more than 200 actionable cyberalerts and notices on vulnerabilities and incidents.

We are developing and expanding the capability of the Einstein Program, which detects malicious patterns in computer network traffic. Moreover, we continue to work with our interagency partners and with Congress on an enhanced cybersecurity strategy, which will set the template for the next decade on dealing with this emerging, escalating threat.

Among the security challenges America faces in the future, there is none greater than the problem of complacency. The fact that there has not been a Sept. 11-style attack on this country in more than seven years should not be a cause for complacency or a reason to celebrate the end of the struggle. The threat is not going away. The enemy has not lost interest.

Terrorists want to remake the world in their own image, one that is completely intolerant of the kinds of institutions that we cherish.

Is it any accident that last year, for example, terrorists in Algeria chose to blow up a court and the United Nations Development Agency? What they attacked was the rule of law and efforts to bring relief and development and peaceful activity to people who needed help in North Africa.

So the threat persists and our goal must remain the frustration of the aims of these terrorists and ideologues. But this can only happen to the extent that DHS continues to act increasingly as a single, unified organization specifically created to deal with terrorism and other threats in a truly comprehensive way.

Fortunately, the U.S. has witnessed some of the benefits of institutionalizing our capabilities. Through TSA’s Viper teams, DHS had brought together federal air marshals, transportation security officers and canine teams to conduct security measures in America’s ports and transit stations. Through the Coast Guard’s Deployable Operations Group, multiagency rapid-response teams work together during emergencies and heightened-threat periods to boost security.

Our Border Enforcement Security Task Forces (BEST) bring together Border Patrol and Immigration and Customs Enforcement agents, as well as state and local law enforcement, to fight crime at the border and prevent the entry of contraband. Last year, for example, these BEST task forces made more than 500 criminal arrests, and in June, a BEST team arrested one of Mexico’s 10 most wanted criminals, who had been on the lam since 2002.

Yet despite these successes, the department continues to face serious obstacles in furthering our progress. Among them is the current structure of our congressional oversight.

The 9/11 Commission challenged Congress to streamline its oversight. Unfortunately, this vital recommendation has gone largely unheeded. Granted, we appreciate the need for oversight. Moreover, we have good relations with oversight and appropriations committees. The problem is simply that there are far too many of them, and the result is oversight run amok.

DHS reports to 86 congressional committees. Since the Department’s creation, DHS officials have testified 761 times, provided roughly 7,800 written reports and answered more than 13,000 questions for the record.

Obviously, this is a drain on time and resources, but that is the proverbial tip of the iceberg. There’s a more serious problem at hand. Since 86 committees and subcommittees hold some level of jurisdiction over the department, they tend to view us through the prism of their own particular interests. They don’t see the big picture in terms of a single, integrated DHS pursuing a thoughtful, comprehensive set of strategies designed to strengthen homeland security as a whole.

One unfortunate result is that as each one of these dozens of committees demands that its concerns become top priority, everything becomes a priority. Of course, once everything becomes a priority, nothing can be prioritized. In the real world, there are tradeoffs. For example, spending decisions must be based on what is risk-appropriate and cost-effective. That means some things must take precedence over others.

The main authorizing and appropriating committees have the responsibility and authority to help DHS assess and analyze such tradeoffs. But with more than 80 committees, each with a narrow slice of jurisdiction, and each seeking input, the result is a recipe for confusion and conflict, characterized by conflicting direction and constant fighting about who has jurisdiction over what part of homeland security. And what comes with this confusion is a predilection on the part of committees to fiddle with the organizational structure of DHS, hampering its ability to integrate its operations further.

So Congress must streamline its oversight, giving DHS officials a reasonable number of points of contact, enabling them to engage Congress in a disciplined dialogue so that joint decisions can be more easily made on the big-picture issues pertaining to the overall security of this nation.

When people say that the terrorist threat has diminished enough that it no longer needs to be taken seriously, or reflexively deem any security measures taken as too inconvenient or costly, my response is that these excuses or complaints will ring hollow if we’re attacked again. This is not to argue for absolute security at the cost of everything. It is, however, to insist on a clear-eyed, hard-headed look at the trade-offs we must make and the money we must spend to reduce the risk of a catastrophic attack in a significant and meaningful way.

From where we stand today, the U.S. government, along with our allies across the world, has a better set of capabilities and tools than ever before to deal with this threat. But they cannot sufficiently protect society if it lacks the will to use them appropriately. Along with our enhanced capabilities must come a resolve to be vigilant and not succumb to complacency. If we maintain our resolve, we can continue to implement a strategy that has served us well and will likely do so in the coming years.

Michael Chertoff is secretary of the Department of Homeland Security.