The 2017 Emerging Homeland Security Issues panel met in December to discuss the current challenges of today’s threats, review risk management practices, assess means of strengthening interagency relationships, and to consider future resource requirements.
DomPrep hosted the 2017 Emerging Homeland Security Issues Panel in conjunction with the Clean Gulf Conference in Houston, Texas, on 5 December 2017. The active discussion among panel members and over 80 attendees focused on the developing threat picture, current events, and leveraging technology to meet these emerging threats.
Panel members represented homeland security professionals, including:
- Lieutenant Commander Dan Crenshaw, USN (ret.), former Navy SEAL and now candidate for the U.S. Congress from Texas District-2;
- Steve Kastensmidt, CEM, CPEA, crisis and emergency manager with the Anadarko Petroleum Corporation;
- Captain Kevin Oditt, USCG, commanding officer, USCG Sector Houston-Galveston;
- Assistant Chief Robert W. Royall, Jr., assistant chief-operations, Harris County Fire Marshal’s Office;
- Mark Sloan, emergency management coordinator, Harris County Office of Homeland Security and Emergency Management, Texas;
- John Temperilli, senior consultant with Resilient Risk Management;
- Steve Weiss, CMS, CPCU, AMIM, president, Stephen P. Weiss Consultants; and
- Captain Marcus Woodring, USCG (ret.), CEM, TEM, chief of Health, Safety, Security, and Emergency Management with the Port of Houston Authority.
Woodring highlighted a key reason for gathering this panel, “As we get farther from 9/11, it is increasingly difficult to do things. “The price of freedom is eternal vigilance.” Preparedness specialists around the nation are constantly battling questions of complacency and budget shortfalls, while the current political climate is striving to ensure readiness.
With that said, the panel discussed if the country is as proactive as it needs to be and as proactive as it can be. “We look at a broad spectrum of risks and threats. We tend to chase things as they evolve and then we react to them as a nation,” stated Sloan.
That may seem reactive, but the professionals comprising this panel – who are among the most accomplished in each of their fields – are also among the most proactive, especially with regard to homeland security. As Royall said, “Every time we develop a playbook, our enemies and the folks who don’t like us find a way to defeat our play. INSPIRE magazine is a great playbook for us to figure out how to defeat them, but as we are trying to figure out how to defeat them, they are studying how to defeat us.” This is not a choice, being proactive is necessary to overcome the activities of those who seek to do harm.
The participants discussed an array of issues that keep them awake at night, including:
- Chemical attacks using toxic inhalation hazards materials,
- Innovative ways of conducting biological attacks,
- Vehicle-borne improvised explosive devices and ram attacks,
- Binary devices,
- The ever-expanding opioid epidemic,
- Magnetic car bombs that target individuals,
- Threats to cyber infrastructure,
- Chemical suicides (leading to potential responder exposures),
- Unmanned Aerial Vehicle (UAV) threats (weaponizing and/or swarms or use for intelligence gathering),
- Active shooter scenarios, and
- Other tactics that challenge the imagination.
When these issues are added to a mass gathering scenario – such as a parade, major sporting event, religious or political gathering, or an educational facility’s environment – the potential impact of these threats becomes apparent. As Sloan said, “It’s the unknown that keeps me up. What is their next tactic? What are they thinking about that we haven’t considered yet?”
In the 1700s, Frederick the Great said, “He who defends everything defends nothing.” Knowing that everything cannot be protected and that resources cannot be everywhere at once is the foundational concept of risk management. The goal is to do the most possible with limited resources and to protect people and critical infrastructure from adversaries causing irreparable damage.
The panelists mentioned many topics during the discussion, but the following four common themes emerged:
- Building and Sustaining Relationships and Capacity,
- Critical Infrastructure Interdependencies,
- Intelligence Analysis and Information Sharing, and
- Economic Challenges for Leveraging Emerging Technologies.
Building and Sustaining Relationships and Capacity
No organization has the budget to get all the trained personnel, equipment, and facilities needed to meet every safety and security mission that they face in today’s all-threat/all-hazard environment. Since 9/11, agencies and organizations have had to build and sustain active and engaged relationships among federal, state, local, tribal, nongovernmental organizations, as well as the private sector. These relationships enable better pooling of available resources and capabilities to more efficiently and effectively address today’s emerging threats.
The Houston-Galveston area is home to the largest petrochemical complex in the Western Hemisphere. Weiss summed up the critical regional relationships:
The key to successful homeland security is active and sustained relationships that enable open and effective communications. The best vehicles for that are the Area Maritime Security Committees and Area Committees in each Captain of the Port Zone. These forums bring together federal, state, local, tribal, and private sector partners to address prevention, preparedness, mitigation, response, and recovery strategies [within the Marine Transportation System]. This is all done ideally before an incident with the goal of preventing an attack or minimizing the impact of an event. They provide great opportunities for networking across the agencies that exercise together, exchange lessons learned and best practices, and address a wide array of issues to keep the marine transportation system safe and secure.
These robust committees with active subcommittees can address a wide array of issues for federal, state, local, tribal, and private sector stakeholders. They look at not only regional strategic issues, but also address the needs of first responders through training, exercises, and available grant programs.
Temperilli agreed, “When the veil of security is breached, the responders are called, so there has to be relationships. We try to address these linkages so that when the veil of security is breached, there are notifications, shared information, and the relationship pieces that help us know what we are getting into.” When one looks at the preparedness continuum, it is readily obvious that interagency relationships should be well developed before any incident. More often than not, though, these relationships are not cultivated or maintained in such a way as to ensure long-term benefit. It is incumbent upon preparedness leaders to ensure these relationships are active, dynamic, and sustained, as well as developed within the next generation of preparedness leaders.
Kastensmidt seconded that, “The big take away is relationships. We need to be not only talking to, but talking with, and learning from.” This is not a “one and done” activity, but one that requires active involvement by all key agencies and their leaders to be effectively maintained in the long-term.
One way to understand “regional capacity” is to use critical thinking based on prior incidents. Sloan related some local history and failing to appreciate prior shortfalls. Hoping an incident will not happen again and not addressing lessons learned are not helpful. Preparedness leaders need to document gaps and build relationships to help fill them. “During Tropical Storm Allison, we recognized our EOC [emergency operations center] was too small; during Hurricane Ike, we had 525 persons from 119 agencies occupying a 22-seat EOC. If you stood up, you lost your seat. Today, I have 109 seats. During Hurricane Harvey, 935 persons from 140 agencies wanted to play.” The key is to identify and document gaps, then keep working on them. “Since 1953, Harris County has averaged a presidentially declared disaster, on average, every nine months, so if you want to practice, you are in the right location. Use your relationships (federal, state, local, private sector, etc., regardless of location) to help fill your gaps. Be honest with yourself on where those gaps are.”
Royall mentioned capabilities with regards to radiation detection as a good example of some of the challenges associated with capacity building. “Right now, it’s not on the radar screen, being overshadowed by fentanyl, botulinum, bombs in cars. We are doing a good job saturating our environment, the maritime environment, our law enforcement brethren, and our HazMat responders, with lots of radiation detection equipment and decent training. That’s the good news. The bad news is, we don’t have enough.” In preparation for the 2003 Super Bowl, federal, state, and local radiation detection resources were pooled to sweep Reliant Stadium. Teams consisted of a bomb technician, an explosive detection K-9 team, and a third individual with the then-available backpack detectors. That was the readily available and viable means available to ensure safety for the game. It worked. With shortages of trained personnel and resources, there is a continued need for the whole-of-government approach, coupled with support from the private sector, to continue to build and expand the capacity needed to meet emerging threats.
Weiss pointed out that maritime and border security and combating transnational criminal organizations are two other examples of where there is a need for increased capacity, especially since resource shortfalls are making it easier for those seeking to harm the United States and its interests. Almost daily, there are news reports regarding border security and immigration concerns, especially with regard to divergent policies put in place by elected officials. Crenshaw concurred that people at the federal level need to work together on this. In addition, elected officials at all levels of government need to work together to ensure security. He further pointed out that nation states having adversarial relationships with the United States – such as North Korea, Iran, Syria, Russia, and China – “speak the language of realism, and we need people in our government who speak that as well.”
Houston Ship Channel Security District – An unusual entity in this region was formed in 2007 to manage security initiatives within the Houston Shop Channel Region. Oditt pointed out, “This port (Houston) does not wait for government solutions, but what impresses me most is they have the Houston Ship Channel Security District where stakeholders approached the state government and asked to be taxed to facilitate regional security problem solving.” The mission statement of the Houston Ship Channel Security District is:
The Houston Ship Channel Security District will endeavor to provide an integrated strategy to increase the level of security for both the waterside and landside facilities within the District. The goal of the District strategy and services is to increase the preparedness and response to potential security threats by providing reliable, cost effective security systems. The District will promote projects to deter future security threats as identified in ongoing vulnerability and threat assessments. The District will carry out its mission in accordance with Chapter 68 of the Texas Water Code and other applicable laws.
Woodring, who was serving as the deputy sector commander of Sector Houston-Galveston at the time the Houston Ship Channel Security District stood up, stated that, “an interesting model of a funding mechanism designed to support local and regional initiatives … supported Harris County Sheriff’s Office, Harris County Hazardous Materials Response Team, Houston Police Department, and others. Money is used to support grant requests. It is managed by those entities that are assessed.” Here is another model that other port communities around the nation can look at as a model to help enhance relationships and build regional capacity.
Critical Infrastructure Interdependencies
Presidential Policy Directive-21 (PPD-21) identified “16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.” These sectors include:
- Chemical Sector
- Commercial Facilities Sector
- Communications Sector
- Critical Manufacturing Sector
- Dams Sector
- Defense Industrial Base Sector
- Emergency Services Sector
- Energy Sector
- Financial Services Sector
- Food and Agriculture Sector
- Government Facilities Sector
- Healthcare and Public Health Sector
- Information Technology Sector
- Nuclear Reactors, Materials, and Waste Sector
- Transportation Systems Sector
- Waste and Wastewater Systems Sector
The Houston-Galveston area is not only home to a vital petrochemical infrastructure, but is the only region in the United States with all 16 sectors. The nation depends on the Houston-Galveston region, and the region depends on each of these 16 sectors to support the nation as a whole.
Since the landfall of Hurricane Katrina in August 2005, preparedness leaders have learned (and sometimes “relearned” or “failed to learn”) how much the different sectors that comprise the nation’s critical infrastructure depend on one another. Each major natural disaster that has struck since then has reinforced the knowledge that an impact on one of the 16 sectors typically has a negative impact on one or more other sectors, thus further stressing national capabilities and resilience. Oditt commented, “We need to focus on resiliency. However, the biggest challenge we continue to face is complacency.” Although the word “resilience” was not widely used 15 years ago, it has become part of everyday vocabulary.
Communications Resilience – The emerging concern here is specifically related to cybersecurity. There are lots of plans on how to prevent an incident, and many others on how to recover from an incident, but there seems to be a lack of details on how to respond to a cyber incident. Sloan said, “It’s that thing that’s behind everything. How do you protect something that you are not that familiar with? The biggest threat I see is internal.” When someone seeking to do harm already has ready access to IT systems, it can prove difficult to protect them unless significant safeguards are built into systems to ensure resilience.
Oditt agreed that there are “collective gaps in our cybersecurity regime and systems,” adding it is, “unlikely that a cybersecurity incident will affect our physical security. It might affect our access control or monitoring systems, but the reality is that those are things we can mitigate and overcome. The MAERSK cyberattack was a wake-up call and it showed us how companies’ business operations can definitely be impacted globally as well.” The “NotPetya” ransomware attack in June 2017 took advantage of Windows vulnerabilities and threatened data access unless $300 million in Bitcoin was paid to the perpetrators.
Transportation Systems Resilience – Temperilli compared homeland security efforts for critical infrastructure to a soccer goalie:
No one pays attention until a shot gets thru. We are all goalies trying to plug holes. We engage in a discussion with the industries that manufacture and transport (chemicals) to get their best input as well on the front end to figure out what we can do best and what we can do that makes sense from a cost standpoint. If you raise the regulatory bar exceedingly high or with an unfunded mandate, it falls to the consumers to pay, which can sometimes make the economic engine falter.
Transportations systems throughout the United States are used to some degree by almost the entire population on a daily basis. The immediate impact was seen during major hurricanes such as Katrina, Ike, Sandy, Harvey, Irma, and Maria, with many people both inside and outside the affected areas noticing some impact on their daily lives.
Public Health Resilience – The ongoing and emerging opioid crisis is an example where preparedness leaders need to better assess what this means for homeland security practitioners, how to best approach the crisis as it grows, and how to share valuable information among response stakeholders. Royall specifically highlighted this as one of his most significant concerns when he discussed the current state of affairs regarding this crisis, “We have absolutely forgot everything we learned from the Ebola experience in this country.” Information on potential involvement of opioids needs to be shared from the initial dispatch in order to effectively protect and prepare responders (fire, police, emergency medical services, public health, etc.). In addition, response protocols and resources may need to be pooled and shared to enhance regional capacity, especially if there is a significant increase in calls for assistance.
In addition to the opioid epidemic, Royall also highlighted growing concerns with threat actors using Ebola, as highlighted by chatter picked up by Spanish intelligence along the U.S. southern border. The World Health Organization also fears an upcoming resurgence of Ebola in the coming years. The weaponizing of ricin or botulinum is another growing concern. On botulinum, Royall said, “There is too much interest about it. Botulinum is the new concern, it’s growing interest in the Middle East with ISIS. It is very easy to produce. I can produce it with some chicken, sunshine, and water and let it decay. Properly used, it can make a lot of people sick. Undetected, it can cause a lot of deaths.” The nation has been fortunate that those seeking to do harm have not been more successful in carrying out a biological attack.
The Ebola crisis of 2014, which began with a single victim in the United States, significantly affected nationwide health networks. A greater number of victims would have overwhelmed them. Resources – such as funding, medicines, training, facilities, etc. – are required to effectively combat potential outbreaks and protect the population. Effective protocols and procedures also much be in place to enable a rapid whole-of-government response; and this response needs to include input from the private sector.
Active Shooter Scenarios – One scenario that seems to touch on almost every critical infrastructure sector is the active shooter scenario. With small arms being the weapon of choice of terrorists – as well as average criminals and deranged individuals – talk of this threat permeates the news cycle. As the vast majority of active shooter scenarios are conducted by either a single individual or a small team, Crenshaw asked, “How do we defend against the new wave of lone-wolf attacks that seem to be the new normal with respect to terrorism?”
Turning facilities into fortresses is neither practical nor desirable, but safeguards are needed to protect workers and visitors. Finding the right balance can be a challenge, but risk mitigation techniques, such as those promulgated by the National Institute of Standards and Technologies can aid preparedness professionals in assessing a wide variety of measures to minimize the impact of an active shooter scenario. Few would argue that more effective and timely background checks on those wishing to purchase small arms would detract from the spirit of the Second Amendment. All panelists agreed that plans should be developed and tested, personnel should be trained in the “Run, Hide, Fight” concept, and first responder agencies should conduct realistic exercises to enhance their preparedness.
Intelligence Analysis and Information Sharing
Without downplaying the importance of gathering information, it is important to understand that, until those details are analyzed by professionals, it is not much more than an accumulation of raw data – sometimes, a lot of raw data. Only after effective analysis does information become intelligence that can be used to plan and prepare for incidents and events, respond to potential threats, or strengthen resilience. Even then, this information must be shared with appropriate stakeholders across the whole of government and the private sector in a timely manner. The vast majority of the United States’ critical infrastructure as well as its capabilities are contained within the private sector. As such, the private sector must be a full partner in the development and analysis of intelligence as well as a recipient of appropriate intelligence.
A perfect example of the need for effective information sharing was pointed out by Temperilli with regard to hazardous cargoes such as liquified petroleum gas (LPG), liquified natural gas (LNG), anhydrous ammonia, ammonium nitrate, and chlorine. “We need intel on where it’s carried, how it’s carried, etc. The biggest piece of the puzzle is the brown water fleet [barges along the major rivers that comprise the nation’s inland waterways]. While they know what they carry internally, that information is not shared very well with regulators and responders.” This is something that the Chemical Transportation Advisory Committee is working on at the national level, while the Texas Department of Public Safety Industrial Liaison Officer program performs similar activities at the state level. Other states should consider adopting this model to improve information sharing between the public sector and the private sector.
Economic Challenges for Leveraging Emerging Technologies
The pace of science, research and development, and overall innovation is changing and enhancing the technology used on a daily basis. The pace is so fast at times that many people struggle to keep up with all the improvements in capabilities. Although government is a key player in the development of some of this emerging technology, the vast majority of it actually comes from the private sector. In a manner similar to the analysis of information to make it useful intelligence, the value of emerging technology must be effectively assessed to determine what it can do to improve capacity. To do so requires an investment in personnel and methodologies that can evaluate how effective this technology is, where and when it can be best utilized (as well as where and when it cannot be utilized), and the best means to integrate it in with current capabilities.
Kastensmidt pointed out, “We went to the moon on slide rules and now we have all this technology. And this technology can be used for whatever. It’s the intent for which we use these tools. Technology is moving faster than regulations.” Many look at how to best utilize emerging technology in their homes on a regular basis – for example, cellphones, computers, and televisions. The same should be true at every level of government, “How can we best utilize available technology that we can afford to enhance our preparedness and/or our resilience?”
Royall reminded participants that there are economic factors in play as well that have to be factored into risk management analysis:
There are concerns about cutting funding that has helped us secure the right kind of equipment and training to respond to and prevent terrorist activities in this country. If that funding goes away, it will be very difficult for our communities to sustain what we already have, because technology is changing so quickly and there are new, nontraditional agents that are emerging in our environment that we have to prepare for. There are only a handful of instruments that we can detect fentanyl with. If you don’t have those instruments, you are making an educated guess, betting your life and other people’s lives on whether it is or isn’t. If not 2% by volume or greater, instruments will not detect – A missed detection can cost people their lives.
Royall stressed the ongoing need to work closely with those in the private sector involved in technological developments to ensure that their products are meeting ongoing needs. He also pointed out that new technology must be field tested by actual users to ensure it meets the current and developing demands.
Woodring agreed on the economic factors, “Balance what you can afford, what is required by law, what is regulated versus what I’d like to have. There is a constant battle to weigh the alternatives. You have to manage security to the threat at hand. Do I have the resources to put into it or do I put that towards making money?” Safety and security risk management enhancements are rarely the means to ensure higher profitability. Security and preparedness managers are challenged with convincing executives (and sometimes shareholders and other stakeholders) to commit greater funds for security enhancements, often at the expense of potential profits.
There does have to be a balance. Physical security has come a long way since 9/11. Risk management plans and security plans need to be evergreen documents (with emphasis on sustainment). We all look for better ways to do things and how we can improve the way to do things. We need to be right every time. The bad guys are looking for chinks in our armor, and this is where they are going to pick at it.
This year’s distinguished panelists have made it clear that, although Americans in general and homeland safety and security professionals in particular have done much to improve the nation’s security posture, intelligence and information sharing, as well as response capacity, a lot can still be done to further enhance the nation’s capabilities. As 9/11 gets farther in the past, there has been a drop in funding provided by the federal government to support local initiatives. Port Security Grants that provided $400 million in 2002 are now funded at only $100 million. The original cost split started as a 50-50 split between the federal government and the local or private sector recipients and is now at 75-25. With increased contributions required from local governments and private sector entities to obtain grant funding, requests are down.
Crenshaw highlighted the need for national and political will to support these homeland security and national security endeavors. Only in this way can preparedness leaders build and sustain the capabilities needed to keep the nation safe and secure. He pointed out that, “We need people in office who understand these threats with relevant experience dealing with these threats. We need coherent whole-of-government strategies. We all need to get on the same page.” And these people need to work together across all levels of government and the private sector to best mitigate the current and emerging threats that communities and the nation face.
Weiss agreed, “It’s not just folks at conferences like this, but folks everywhere need to become part of the solution.” Perhaps “whole of government” should become “whole of nation.”
Kastensmidt also considered the need to address these topics with the next generation in mind, “How do we speak to that next generation? How do we peak their interest to help with homeland security issues?” That is definitely something that homeland security professionals need to address sooner rather than later. The seasoned veterans comprising this panel, as well as their counterparts around the nation need to start mentoring the next generation to develop the same level of drive and determination to achieve exceptional readiness with regard to homeland security and national security.
In closing, Woodring challenged all attendees. “You are all outstanding in your field. You are all professionals. You need to be that lone voice. You need to not forget 9/11. You need to go back to that eternal vigilance.” It is incumbent upon all homeland security stakeholders – as individuals, groups, or organizations – to heed this advice from learned professionals and to see what can be done to improve the nation’s safety and security over the coming years.