Chapter 7

Homeland Security

Rahul Bhaskar, Ph.D. and Bhushan Kapoor,    California State University

The September 11, 2001, terrorist attacks, permanently changed the way the United States and the world’s other most developed countries perceived the threat from terrorism. Massive amounts of resources were mobilized in a very short time to counter the perceived and actual threats from terrorists and terrorist organizations. In the United States, this refocus was pushed as a necessity for what was called homeland security. The homeland security threats were anticipated for the IT infrastructure as well. It was expected that not only the IT at the federal level was vulnerable to disruptions due to terrorism-related attacks but, due to the ubiquity of the availability of IT, any organization was vulnerable. Soon after the terrorist attacks, the U.S. Congress passed various new laws and enhanced some existing ones that introduced sweeping changes to homeland security provisions and to the existing security organizations. The executive branch of the government also issued a series of Homeland Security Presidential Directives to maintain domestic security. These laws and directives are comprehensive and contain detailed provisions to make the U.S. secure from its vulnerabilities. Later in the chapter, we describe some principle provisions of these homeland security-related laws and presidential directives. Next, we discuss the organizational changes that were initiated to support homeland security in the United States. Then we highlight the 9-11 Commission that Congress charted to provide a full account of the circumstances surrounding the attacks and to develop recommendations for corrective measures that could be taken to prevent future acts of terrorism. We also detail the Intelligence Reform and Terrorism Prevention Act of 2004 and the Implementing the 9-11 Commission Recommendations Act of 2007. Finally, we summarize the chapter’s discussion.

Keywords

homeland security; intelligence; terrorism; terrorist; terrorist attacks; statutory authorities; patriot act; aviation security; transportation security; border security

1 Statutory Authorities

Here we discuss the important homeland security-related laws passed in the aftermath of the terrorist attacks. These laws are listed in Figure 7.1.

image

Figure 7.1 Laws passed in the aftermath of the 9/11 terrorist attacks.

The USA PATRIOT Act of 2001 (PL 107-56)

Just 45 days after the September 11 attacks, Congress passed the USA PATRIOT Act of 2001 (also known as the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001). This Act, divided into 10 titles, expands law enforcement powers of the government and law enforcement authorities.1 These titles are listed in Figure 7.2. A summary of the titles is shown in the sidebar, “Summary of USA PATRIOT Act Titles.”

Summary of USA PATRIOT Act Titles

Title I – Enhancing Domestic Security Against Terrorism

Increased funding for the technical support center at the Federal Bureau of Investigation, allowed military assistance to enforce prohibition in certain emergencies, and expanded National Electronic Crime Task Force Initiative.

Title II – Enhanced Surveillance Procedures

Authorized to intercept wire, oral, and electronic communications relating to terrorism, computer fraud and abuse offenses, to share criminal investigative information. It allowed seizure of voicemail messages pursuant to warrants and subpoenas for records of electronic communications. It provided delaying notice of the execution of a warrant, pen register and trap and trace authority under the Foreign Intelligence Surveillance Act, access to records and other items under FISA, interception of computer trespasser communications, and nationwide service of search warrants for electronic evidence.

Title III – International Money-laundering Abatement and Antiterrorist Financing Act of 2001

Special measures relating to the following three subtitles were created:

A. International Counter Money Laundering and Related Measures

B. Bank Secrecy Act Amendments and Related Improvements

C. Currency Crimes and Protection

Title IV – Protecting the Border

Special measures relating to the following three subtitles were created:

A. Protecting the Northern Border

B. Enhanced Immigration Provisions

C. Preservation of Immigration Benefits for Victims of Terrorism

Title V – Removing Obstacles to Investigating Terrorism

Attorney General and Secretary of State are authorized to pay rewards to combat terrorism. It allowed DNA identification of terrorists and other violent offenders, and allowed disclosure of information from National Center for Education Statistics (NCES) surveys.

Title VI – Providing for Victims of Terrorism, Public Safety Officers, and their Families

Special measures relating to the following subtitles were created:

A. Aid to Families of Public Safety Officers

B. Amendments to the Victims of Crime Act of 1984

Title VII – Increased Information Sharing for Critical Infrastructure Protection

Expansion of regional information sharing systems to facilitate federal, state, and local law enforcement response related to terrorist attacks.

Title VIII – Strengthening the Criminal Laws against Terrorism

Strengthened laws against terrorist attacks and other acts of violence against mass transportation systems and crimes committed at U.S. facilities abroad.

Provided for the development and support of cyber security forensic capabilities and expanded the biological weapons statute.

Title IX – Improved Intelligence

Responsibilities of Director of Central Intelligence regarding foreign intelligence collected under the Foreign Intelligence Surveillance Act of 1978.

Inclusion of international terrorist activities within scope of foreign intelligence under National Security Act of 1947.

Disclosure to Director of Central Intelligence of foreign intelligence-related information with respect to criminal investigations.

Foreign terrorist asset tracking center.

Title X – Miscellaneous

Review of the Department of Justice.

A. Definition of electronic surveillance.

B. Venue in money-laundering cases.

C. Automated fingerprint identification system at overseas consular posts and points of entry to the United States.

D. Critical infrastructures protection.

image

Figure 7.2 USA PATRIOT Act titles.

The Aviation and Transportation Security Act of 2001 (PL 107-71)

The series of September 11 attacks, perpetrated by 19 hijackers, killed 3000 people and brought commercial aviation to a standstill. It became obvious that enhanced laws and strong measures were needed to tighten aviation security. The Aviation and Transportation Security Act of 2001 transfers authority over civil aviation security from the Federal Aviation Administration (FAA) to the Transportation Security Administration (TSA).2 With the passage of the Homeland Security Act of 2002, the TSA was later transferred to the Department of Homeland Security.

Key features of the act include the creation of an Undersecretary of Transportation for Security; federalization of airport security screeners; and the assignment of Federal Security Managers to each airport. Also included in the act are these provisions: airports provide for the screening of all checked baggage by explosive detection devices; allowing pilots to carry firearms; requiring the electronic transmission of passenger manifests on international flights prior to landing in the U.S.; requiring background checks, including national security checks, of persons who have access to secure areas at airports; and requiring that all federal security screeners be U.S. citizens.3 These key features are highlighted in the Figure 7.3.

image

Figure 7.3 Key features of the Aviation and Transportation Security Act of 2001.

Enhanced Border Security and Visa Entry Reform Act of 2002 (PL 107–173)

This Act, divided into six titles, represents the most comprehensive immigration-related response to the terrorist threat.4 The titles are listed in Figure 7.4. A summary of these titles is shown in the sidebar, “Summary of the Border Security and Visa Entry Reform Act of 2002.”

Summary of the Border Security and Visa Entry Reform Act of 2002

Title I – Funding

The Act provides for additional staff and training to increase security on both the northern and southern borders.

Title II – Interagency Information Sharing

The Act requires the President to develop and implement an interoperable electronic data system to provide current and immediate access to information contained in the databases of federal law enforcement agencies and the intelligence community that is relevant to visa issuance determinations and determinations of an alien’s admissibility or deportability.

Title III – Visa Issuance

This requires consular officers issuing a visa to an alien to transmit an electronic version of the alien’s visa file to the INS so that the file is available to immigration inspectors at U.S. ports of entry before the alien’s arrival.

This Act requires the Attorney General and the Secretary of State to begin issuing machine-readable, tamper-resistant travel documents with biometric identifiers.

Title IV – Inspection and Admission of Aliens

It requires the President to submit to Congress a report discussing the feasibility of establishing a North American National Security Program to enhance the mutual security and safety of the U.S., Canada, and Mexico.

It also requires that all commercial flights and vessels coming to the U.S. from any place outside the country must provide to manifest information about each passenger, crew member, and other occupant prior to arrival in the U.S. In addition, each vessel or aircraft departing from the U.S. for any destination outside the U.S. must provide manifest information before departure.

Title VI – Foreign Students and Exchange Visitors

It requires the Attorney General, in consultation with the Secretary of State, to establish an electronic means to monitor and verify the various steps involved in the admittance to the U.S. of foreign students, such as: the issuance of documentation of acceptance of a foreign student by an educational institution or exchange visitor program.

Title VII – Miscellaneous

The Act requires the Comptroller General to conduct a study to determine the feasibility of requiring every nonimmigrant alien in the U.S. to provide the INS, on an annual basis, with a current address, and where applicable, the name and address of an employer.

It requires the Secretary of State and the INS Commissioner, in consultation with the Director of the Office of Homeland Security, to conduct a study on the procedures necessary for encouraging or requiring countries participating in the Visa Waiver Program to develop an intergovernmental network of interoperable electronic data systems.

image

Figure 7.4 Border Security and Visa Entry Reform Act of 2002.

Public Health Security, Bioterrorism Preparedness & Response Act of 2002 (PL 107–188)

The Act authorizes funding for a wide range of public health initiatives.5 Title I of the Act addresses the national need to combat threats to public health, and to provide grants to state and local governments to help them prepare for public health emergencies, including emergencies resulting from acts of bioterrorism. The Act establishes opportunities for grants and cooperative agreements for states and local governments to conduct evaluations of public health emergency preparedness, and enhance public health infrastructure and the capacity to prepare for and respond to those emergencies. Other grants support efforts to combat antimicrobial resistance, improve public health laboratory capacity, and support collaborative efforts to detect, diagnose, and respond to acts of bioterrorism. The Act also addresses other related public health security issues. Some of these provisions include:

• New controls on biological agents and toxins

• Additional safety and security measures affecting the nation’s food and drug supply

• Additional safety and security measures affecting the nation’s drinking water

• Measures affecting the Strategic National Stockpile and development of priority countermeasures to bioterrorism

Homeland Security Act of 2002 (PL 107-296)

This landmark Act establishes a new Executive Branch agency, the U.S. Department of Homeland Security (DHS), and consolidates the operations of 22 existing federal agencies.6 The primary mission of the DHS is given in Figure 7.5. As a part of this act, a directorate (see checklist, “An Agenda For Action For Implementing The Directorate Of Information Analysis And Infrastructure Protection”) of information analysis and infrastructure protection was set up.

An Agenda for Action for Implementing the Directorate of Information Analysis and Infrastructure Protection

The primary role of this directorate is to7 (Check All Tasks Completed):

_____1. Access, receive, and analyze law enforcement information, intelligence information, and other information from agencies of the federal government, state and local government agencies (including law enforcement agencies), and private sector entities, and to integrate such information in order to :

_____a. Identify and assess the nature and scope of terrorist threats to the homeland.

_____b. Detect and identify threats of terrorism against the United States.

_____c. Understand such threats in light of actual and potential vulnerabilities of the homeland.

_____2. Carry out comprehensive assessments of the vulnerabilities of the key resources and critical infrastructure of the United States, including the performance of risk assessments to determine the risks posed by particular types of terrorist attacks within the United States (including an assessment of the probability of success of such attacks and the feasibility and potential efficacy of various countermeasures to such attacks).

_____3. Integrate relevant information, analyses, and vulnerability assessments (whether such information, analyses, or assessments are provided or produced by the Department or others) in order to identify priorities for protective and support measures by the Department, other agencies of the federal government, state and local government agencies and authorities, the private sector, and other entities.

_____4. Ensure, pursuant to section 202, the timely and efficient access by the Department to all information necessary to discharge the responsibilities under this section, including obtaining such information from other agencies of the federal government.

_____5. Develop a comprehensive national plan for securing the key resources and critical infrastructure of the United States, including power production, generation, and distribution systems, information technology and telecommunications systems (including satellites), electronic financial and property record storage and transmission systems, emergency preparedness communications systems, and the physical and technological assets that support such systems

_____6. Recommend measures necessary to protect the key resources and critical infrastructure of the United States in coordination with other agencies of the federal government and in cooperation with state and local government agencies and authorities, the private sector, and other entities.

_____7. Administer the Homeland Security Advisory System, including:

_____a. Exercising primary responsibility for public advisories related to threats to homeland security.

_____b. In coordination with other agencies of the federal government, providing specific warning information, and advice about appropriate protective measures and countermeasures, to state and local government agencies and authorities, the private sector, other entities, and the public.

_____8. Review, analyze, and make recommendations for improvements in the policies and procedures governing the sharing of law enforcement information, intelligence information, intelligence-related information, and other information relating to homeland security within the federal government and between the federal government and state and local government agencies and authorities.

_____9. Disseminate, as appropriate, information analyzed by the Department within the Department, to other agencies of the federal government with responsibilities relating to homeland security, and to agencies of state and local governments and private sector entities with such responsibilities in order to assist in the deterrence, prevention, preemption of, or response to, terrorist attacks against the United States.

_____10. Consult with the Director of Central Intelligence and other appropriate intelligence, law enforcement, or other elements of the federal government to establish collection priorities and strategies for information, including law enforcement-related information, relating to threats of terrorism against the United States through such means as the representation of the Department in discussions regarding requirements and priorities in the collection of such information.

_____11. Consult with state and local governments and private sector entities to ensure appropriate exchanges of information, including law enforcement-related information, relating to threats of terrorism against the United States.

_____12. Ensure that:

_____a. Any material received pursuant to this Act is protected from unauthorized disclosure and handled and used only for the performance of official duties.

_____b. Any intelligence information under this Act is shared, retained, and disseminated consistent with the authority of the Director of Central Intelligence to protect intelligence sources and methods under the National Security Act of 1947 (50 U.S.C. 401 et seq.) and related procedures and, as appropriate, similar authorities of the Attorney General concerning sensitive law enforcement information.

_____13. Request additional information from other agencies of the federal government, state and local government agencies, and the private sector relating to threats of terrorism in the United States, or relating to other areas of responsibility assigned by the Secretary, including the entry into cooperative agreements through the Secretary to obtain such information.

_____14. Establish and utilize, in conjunction with the chief information officer of the Department, a secure communications and information technology infrastructure, including data mining and other advanced analytical tools, in order to access, receive, and analyze data and information in furtherance of the responsibilities under this section, and to disseminate information acquired and analyzed by the Department, as appropriate.

_____15. Ensure, in conjunction with the chief information officer of the Department, any information databases and analytical tools developed or utilized by the Department:

_____a. Are compatible with one another and with relevant information databases of other agencies of the federal government.

_____b. Treat information in such databases in a manner that complies with applicable federal law on privacy.

_____16. Coordinate training and other support to the elements and personnel of the Department, other agencies of the federal government, and state and local governments that provide information to the Department, or are consumers of information provided by the Department, in order to facilitate the identification and sharing of information revealed in their ordinary duties and the optimal utilization of information received from the Department.

_____17. Coordinate with elements of the intelligence community and with federal, state, and local law enforcement agencies, and the private sector, as appropriate.

_____18. Provide intelligence and information analysis and support to other elements of the Department.

_____19. Perform such other duties relating to such responsibilities as the Secretary may provide.

image

Figure 7.5 DHS mission.

E-Government Act of 2002 (PL 107–347)

The E-Government Act of 2002 establishes a Federal Chief Information Officers Council to oversee government information and services, and creation of a new Office of Electronic Government within the Office of Management and Budget.8 The purposes of the Act are:

• To provide effective leadership of federal government efforts to develop and promote electronic government services and processes by establishing an Administrator of a new Office of Electronic Government within the Office of Management and Budget.

• To promote use of the Internet and other information technologies to provide increased opportunities for citizen participation in government.

• To promote interagency collaboration in providing electronic government services, where this collaboration would improve the service to citizens by integrating related functions, and in the use of internal electronic government processes, where this collaboration would improve the efficiency and effectiveness of the processes.

• To improve the ability of the government to achieve agency missions and program performance goals.

• To promote the use of the Internet and emerging technologies within and across government agencies to provide citizen-centric government information and services.

• To reduce costs and burdens for businesses and other government entities.

• To promote better informed decision-making by policy makers.

• To promote access to high quality government information and services across multiple channels.

• To make the federal government more transparent and accountable.

• To transform agency operations by utilizing, where appropriate, best practices from public and private sector organizations.

• To provide enhanced access to government information and services in a manner consistent with laws regarding protection of personal privacy, national security, records retention, access for persons with disabilities, and other relevant laws.

Title III of the Act is known as the Federal Information Security Management Act of 2002. This act applies to the national security systems, that include any information systems used by an agency or a contractor of an agency involved in intelligence activities; cryptology activities related to the nation’s security; command and control of military equipment that is an integral part of a weapon or weapons system or is critical to the direct fulfillment of military or intelligence missions. Nevertheless, this definition does not apply to a system that is used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). The purposes of this Title are to:

• Provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets.

• Recognize the highly networked nature of the current federal computing environment and provide effective government-wide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law-enforcement communities.

• Provide for development and maintenance of minimum controls required to protect federal information and information systems.

• Provide a mechanism for improved oversight of federal agency information security programs.

• Acknowledge that commercially developed information security products offer advanced, dynamic, robust, and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built, and operated by the private sector.

• Recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.

2 Homeland Security Presidential Directives

Presidential directives are issued by the National Security Council and are signed or authorized by the President. A series of Homeland Security Presidential Directives (HSPDs) were issued by President George W. Bush on matters pertaining to Homeland Security9:

• HSPD 1: Organization and Operation of the Homeland Security Council. Ensures coordination of all homeland security-related activities among executive departments and agencies and promotes the effective development and implementation of all homeland security policies.

• HSPD 2: Combating Terrorism Through Immigration Policies. Provides for the creation of a task force which will work aggressively to prevent aliens who engage in or support terrorist activity from entering the United States and to detain, prosecute, or deport any such aliens who are within the United States.

• HSPD 3: Homeland Security Advisory System. Establishes a comprehensive and effective means to disseminate information regarding the risk of terrorist acts to federal, state, and local authorities and to the American people.

• HSPD 4: National Strategy to Combat Weapons of Mass Destruction. Applies new technologies, increased emphasis on intelligence collection and analysis, strengthens alliance relationships, and establishes new partnerships with former adversaries to counter this threat in all of its dimensions.

• HSPD 5: Management of Domestic Incidents. Enhances the ability of the United States to manage domestic incidents by establishing a single, comprehensive national incident management system.

• HSPD 6: Integration and Use of Screening Information. Provides for the establishment of the Terrorist Threat Integration Center.

• HSPD 7: Critical Infrastructure Identification, Prioritization, and Protection. Establishes a national policy for federal departments and agencies to identify and prioritize United States critical infrastructure and key resources and to protect them from terrorist attacks.

• HSPD 8: National Preparedness. Identifies steps for improved coordination in response to incidents. This directive describes the way federal departments and agencies will prepare for such a response, including prevention activities during the early stages of a terrorism incident. This directive is a companion to HSPD-5.

• HSPD 8 Annex 1: National Planning. Further enhances the preparedness of the United States by formally establishing a standard and comprehensive approach to national planning.

• HSPD 9: Defense of United States Agriculture and Food. Establishes a national policy to defend the agriculture and food system against terrorist attacks, major disasters, and other emergencies.

• HSPD 10: Biodefense for the 21st Century. Provides a comprehensive framework for our nation’s Biodefense.

• HSPD 11: Comprehensive Terrorist-Related Screening Procedures. Implements a coordinated and comprehensive approach to terrorist-related screening that supports homeland security, at home and abroad. This directive builds upon HSPD 6.

• HSPD 12: Policy for a Common Identification Standard for Federal Employees and Contractors. Establishes a mandatory, government-wide standard for secure and reliable forms of identification issued by the federal government to its employees and contractors (including contractor employees).

• HSPD 13: Maritime Security Policy. Establishes policy guidelines to enhance national and homeland security by protecting U.S. maritime interests.

• HSPD 15: U.S. Strategy and Policy in the War on Terror.

• HSPD 16: Aviation Strategy. Details a strategic vision for aviation security while recognizing ongoing efforts, and directs the production of a National Strategy for Aviation Security and supporting plans.

• HSPD 17: Nuclear Materials Information Program.

• HSPD 18: Medical Countermeasures against Weapons of Mass Destruction. Establishes policy guidelines to draw upon the considerable potential of the scientific community in the public and private sectors to address medical countermeasure requirements relating to CBRN threats.

• HSPD 19: Combating Terrorist Use of Explosives in the United States. Establishes a national policy, and calls for the development of a national strategy and implementation plan, on the prevention and detection of, protection against, and response to terrorist use of explosives in the United States.

• HSPD 20: National Continuity Policy. Establishes a comprehensive national policy on the continuity of federal government structures and operations and a single National Continuity Coordinator responsible for coordinating the development and implementation of federal continuity policies.

• HSPD 20 Annex A: Continuity Planning. Assigns executive departments and agencies to a category commensurate with their COOP/COG/ECG responsibilities during an emergency.

• HSPD 21: Public Health and Medical Preparedness. Establishes a national strategy that will enable a level of public health and medical preparedness sufficient to address a range of possible disasters.

• HSPD 23: National Cyber Security Initiative.

• HSPD 24: Biometrics for Identification and Screening to Enhance National Security. Establishes a framework to ensure that federal executive departments use mutually compatible methods and procedures regarding biometric information of individuals, while respecting their information privacy and other legal rights.

3 Organizational Actions

These laws and homeland security presidential directives called for deep and fundamental organizational changes to the executive branch of the government. The Homeland Security Act of 2002 established a new Executive Branch agency, the U.S. Department of Homeland Security (DHS), and consolidated the operations of 22 existing federal agencies.10 This Department’s overriding and urgent missions are (1) to lead the unified national effort to secure the country and preserve our freedoms, and (2) to prepare for and respond to all hazards and disasters. The citizens of the United States must have the utmost confidence that the Department can execute both of these missions.

Faced with the challenge of strengthening the components to function as a unified Department, DHS must coordinate centralized, integrated activities across components that are distinct in their missions and operations. Thus, sound and cohesive management is the key to department-wide and component-level strategic goals. We seek to harmonize our efforts as we work diligently to accomplish our mission each and every day.

The Department of Homeland Security is headed by the Secretary of Homeland Security. It has various departments, including management, science and technology, health affairs, intelligence and analysis, citizenship and immigration services, and national cyber security center.

Department of Homeland Security Subcomponents

There are various subcomponents of The Department of Homeland Security that are involved with Information Technology Security.11 These include the following:

• The Office of Intelligence and Analysis is responsible for using information and intelligence from multiple sources to identify and assess current and future threats to the United States.

• The National Protection and Programs Directorate houses offices of the Cyber Security and Communications Department.

• The Directorate of Science and Technology is responsible for research and development of various technologies, including information technology.

• The Directorate for Management is responsible for department budgets and appropriations, expenditure of funds, accounting and finance, procurement, human resources, information technology systems, facilities and equipment, and the identification and tracking of performance measurements.

• The Office of Operations Coordination works to deter, detect, and prevent terrorist acts by coordinating the work of federal, state, territorial, tribal, local, and private-sector parties and by collecting and turning information from a variety of sources. It oversees the Homeland Security Operations Center (HSOC), which collects and fuses information from more than 35 federal, state, local, tribal, territorial, and private-sector agencies.

State and Federal Organizations

There are various organizations that support information sharing at the state and the federal levels. The Department of Homeland Security through the Office of Intelligence and Analysis provides personnel with operational and intelligence skills. The support to the state agencies is tailored to the unique needs of the locality and serves to:

• Help the classified and unclassified information flow

• Provide expertise

• Coordinate with local law enforcement and other agencies

• Provide local awareness and access

As of March 2008, there were 58 fusion centers around the country. The Department has provided more than $254 million from FY 2004–2007 to state and local governments to support the centers.

The Homeland Security Data Network (HSDN), which allows the federal government to move information and intelligence to the states at the Secret level, is deployed at 19 fusion centers. Through HSDN, fusion center staff can access the National Counterterrorism Center (NCTC), a classified portal of the most current terrorism-related information.

There are various organizations at the state levels that support the homeland security initiatives. These organizations vary in their size and budget from very large independently run departments to a department that is a part of a larger related department. As an example, California has the Office of Management Services that is responsible for any emergencies in the state of California. The Governor’s Office of Homeland Security is responsible for the coordination among different departments to secure the state against potential terrorist threats. Very specific to IT security, the California Office of Information Security and Privacy Protection is functional.

The Governor’s Office of Homeland Security

The Governor’s Office of Homeland Security (OHS) acts as the Cabinet-level state office for the prevention of and preparation for a potential terrorist event.12 OHS serves a diverse set of federal, state, local, private sector, and tribal entities by taking an “all-hazards” approach to reducing risk and increasing responder capabilities.

Because California is prone to floods, fires, and earthquakes in addition to the potential for an attack using manmade weapons of mass destruction, OHS is committed to contributing to a comprehensive, well-planned all-hazards strategy to prevent, prepare for, respond to, and recover from any possible emergency. OHS is responsible for several key state functions, including13:

• Analysis and dissemination of threat-related information

• Protection of California’s critical infrastructure

• Management of the state’s homeland security grants

• S/B training and exercising of first responders for terrorism events

California Office of Information Security and Privacy Protection

The California Office of Information Security and Privacy Protection (OISPP) unites consumer privacy protection with the oversight of government’s responsible management of information. OISPP provides services to consumers, recommends practices to business, and provides policy direction, guidance, and compliance monitoring to state government.14

OISPP was established within the State and Consumer Services Agency by Chapter 183 of the Statutes of 2007 (Senate Bill 90), effective January 1, 2008. This legislation merged the Office of Privacy Protection, which opened in 2001 in the Department of Consumer Affairs with a mission of identifying consumer problems in the privacy area and encouraging the development of fair information practices, and the State Information Security Office, established within the Department of Finance with a mission of overseeing information security, risk management, and operational recovery planning within state government.15

Private Sector Organizations for Information Sharing

Intelligence sharing and analysis groups have been set up in many private infrastructure industries. As an example, National Electric Reliability Council has such a group, Electricity Sector Information Sharing and Analysis Center (ESISAC), which serves the electricity sector by facilitating communications between sector participants, federal governments, and other critical infrastructure organizations. It is the job of the ESISAC to promptly disseminate threat indications, analyses, and warnings, together with interpretations, to assist electricity sector participants take protective actions. Similarly, many other organizations in other infrastructure sectors are also members of an ISAC.

There are other organizations that share information among the member companies on issues related to incident response (see sidebar, “National Commission on Terrorist Attacks Upon the United States [The 9-11 Commission]”). These organizations include FIRST, the Forum of Incident Response and Security Teams,16 which has as its members major corporations from all over the world. The FBI encourages organizations from the private sector to become members of InfraGard to encourage exchange of information among the members.17

National Commission on Terrorist Attacks Upon the United States (The 9-11 Commission)

Congress charted the National Commission on Terrorist Attacks Upon the United States (known as the 9-11 Commission) by Public Law 107-306, signed by the President on November 27, 2002, to provide a “full and complete accounting” of the attacks of September 11, 2001 and recommendations as to how to prevent such attacks in the future.18 On July 22, 2004, the 9-11 Commission issued its final report, which included 41 wide-ranging recommendations to help prevent future terrorist attacks.19 Many of these recommendations were put in place with the passage of the Intelligence Reform and Terrorism Prevention Act of 2004 (PL 108-458), which brought about significant reorganization of the intelligence community. Soon after the Democratic Party came into the majority in the House of Representatives, the 110th Congress passed another act, Implementing Recommendations of the 9-11 Commission Act of 2007 (PL 110-53). This section is subdivided into the following four subsections:

1. Creation of the National Commission on Terrorist Attacks Upon the United States (the 9-11 Commission)

2. Final Report of the National Commission on Terrorist Attacks Upon the United States (the 9-11 Commission Report)

3. Intelligence Reform and Terrorism Prevention Act of 2004 (PL 108-458)

4. Implementing Recommendations of the 9-11 Commission Act of 2007 (PL 110-53)

Creation of the National Commission on Terrorist Attacks Upon the United States (The 9-11 Commission)

Congress created the National Commission on Terrorist Attacks Upon the United States (known as the 9-11 Commission) to provide a “full and complete accounting” of the terrorist attacks and recommendations as to how to prevent such attacks in the future.20 Specifically, the Commission was required to investigate “facts and circumstances relating to the terrorist attacks of September 11, 2001,” including those relating to intelligence agencies; law-enforcement agencies; diplomacy; immigration, nonimmigrant visas, and border control; the flow of assets to terrorist organizations; commercial aviation; the role of congressional oversight and resource allocation; and other areas determined relevant by the Commission for its inquiry.

The Commission was composed of 10 members, of whom not more than five members of the Commission were from the same political party.

In response to the requirements under law, the Commission organized work teams to address each of the following eight topics21:

1. Al Qaeda and the organization of the 9-11 attack

2. Intelligence collection, analysis, and management (including oversight and resource allocation)

3. International counterterrorism policy, including states that harbor or harbored terrorists, or offer or offered terrorists safe havens

4. Terrorist financing

5. Border security and foreign visitors

6. Law enforcement and intelligence collection inside the United States

7. Commercial aviation and transportation security, including an Investigation into the circumstances of the four hijackings

8. The immediate response to the attacks at the national, state, and local levels, including issues of continuity of government.

Final Report of the National Commission on Terrorist Attacks Upon the United States (The 9-11 Commission Report)

The 9-11 Commission interviewed more than 1000 individuals in 10 countries and held at least 10 days of public hearings, receiving testimony from more than 110 federal, state, and local officials and experts from the private sector. The Commission issued three subpoenas to government agencies: the Federal Aviation Administration (FAA), the Department of Defense, and the City of New York. On July 22, 2004, the 9-11 Commission issued its final report, which included 41 wide-ranging recommendations to help prevent future terrorist attacks. This report covers both general and specific findings. Here is the summary of their general findings:

Since the plotters were flexible and resourceful, we cannot know whether any single step or series of steps would have defeated them. What we can say with confidence is that none of the measures adopted by the U.S. government from 1998 to 2001 disturbed or even delayed the progress of the al Qaeda plot. Across the government, there were failures of imagination, policy, capabilities, and management.22

Imagination

The most important failure was one of imagination. We do not believe leaders understood the gravity of the threat. The terrorist danger from Bin Laden and al Qaeda was not a major topic for policy debate among the public, the media, or in Congress. Indeed, it barely came up during the 2000 presidential campaign.

Al Qaeda’s new brand of terrorism presented challenges to U.S. governmental institutions that they were not well-designed to meet. Though top officials all told us that they understood the danger, we believe there was uncertainty among them as to whether this was just a new and especially venomous version of the ordinary terrorist threat the United States had lived with for decades, or it was indeed radically new, posing a threat beyond any yet experienced.

As late as September 4, 2001, Richard Clarke, the White House staffer long responsible for counterterrorism policy coordination, asserted that the government had not yet made up its mind how to answer the question: “Is al Qaeda a big deal?”

A week later came the answer.

Terrorism was not the overriding national security concern for the U.S. government under either the Clinton or the pre-9/11 Bush administration.

The policy challenges were linked to this failure of imagination. Officials in both the Clinton and Bush administrations regarded a full U.S. invasion of Afghanistan as practically inconceivable before 9/11.

Capabilities

Before 9/11, the United States tried to solve the al Qaeda problem with the capabilities it had used in the last stages of the Cold War and its immediate aftermath. These capabilities were insufficient. Little was done to expand or reform them.

The CIA had minimal capacity to conduct paramilitary operations with its own personnel, and it did not seek a large-scale expansion of these capabilities before 9/11. The CIA also needed to improve its capability to collect intelligence from human agents.

At no point before 9/11 was the Department of Defense fully engaged in the mission of countering al Qaeda, even though this was perhaps the most dangerous foreign enemy threatening the United States.

America’s homeland defenders faced outward. North American Aerospace Defense Command (NORAD) itself was barely able to retain any alert bases at all. Its planning scenarios occasionally considered the danger of hijacked aircraft being guided to American targets, but only aircraft that were coming from overseas.

The most serious weaknesses in agency capabilities were in the domestic arena. The FBI did not have the capability to link the collective knowledge of agents in the field to national priorities. Other domestic agencies deferred to the FBI.

FAA capabilities were weak. Any serious examination of the possibility of a suicide hijacking could have suggested changes to fix glaring vulnerabilities—expanding no-fly lists, searching passengers identified by the Computer Assisted Passenger Prescreening System (CAPPS) screening system, deploying federal air marshals domestically, hardening cockpit doors, alerting air crews to a different kind of hijacking possibility than they had been trained to expect. Yet the FAA did not adjust either its own training or training with NORAD to take account of threats other than those experienced in the past.

Management

The missed opportunities to thwart the 9/11 plot were also symptoms of a broader inability to adapt the way government manages problems to the new challenges of the twenty-first century. Action officers should have been able to draw on all available knowledge about al Qaeda in the government. Management should have ensured that information was shared and duties were clearly assigned across agencies, and across the foreign-domestic divide.

There were also broader management issues with respect to how top leaders set priorities and allocated resources.

For instance, on December 4, 1998, Director of Central Intelligence (DCI), Tenet issued a directive to several CIA officials and the Deputy Director of Central Intelligence (DDCI) for Community Management, stating: “We are at war. I want no resources or people spared in this effort, either inside CIA or the Community.” The memorandum had little overall effect on mobilizing the CIA or the intelligence community. This episode indicates the limitations of the DCI’s authority over the direction of the intelligence community, including agencies within the Department of Defense.

The U.S. government did not find a way of pooling intelligence and using it to guide the planning and assignment of responsibilities for joint operations involving entities as disparate as the CIA, the FBI, the State Department, the military, and the agencies involved in homeland security.

Intelligence Reform and Terrorism Prevention Act of 2004 (PL 108-458)

Many of the recommendations of the Final Report of the National Commission on Terrorist Attacks Upon the United States (The 9-11 Commission Report) were put into the Intelligence Reform and Terrorism Prevention Act of 2004. This Act, divided into 10 titles, brought about significant reorganization of intelligence community and critical infrastructures protection.23

Title I—Reform of the Intelligence Community

Special measures relating to the following subtitles were created:

A. Establishment of Director of National Intelligence

B. National Counterterrorism Center, National Counter Proliferation Center, and National Intelligence Centers

C. Joint Intelligence Community Council

D. Improvement of education for the intelligence community

E. Additional improvements of intelligence activities

F. Privacy and civil liberties

G. Conforming and other amendments

H. Transfer, termination, transition, and other provisions

I. Other matters

Title ll—Federal Bureau of Investigation

Improvement of intelligence capabilities of the Federal Bureau of Investigation

Title III—Security Clearances

Special measures relating to the security clearances have been created.

Title IV—Transportation Security

Special measures relating to the following subtitles were created:

A. National strategy for transportation security

B. Aviation security

C. Air cargo security

D. Maritime security

E. General provisions

Title V—Border Protection, Immigration, and Visa Matters

Special measures relating to the following subtitles were created:

A. Advanced Technology Northern Border Security Pilot Program

B. Border and immigration enforcement

C. Visa requirements

D. Immigration reform

E. Treatment of aliens who commit acts of torture, extrajudicial killings, or other atrocities abroad

Title VI—Terrorism Prevention

Special measures relating to the following subtitles were created:

A. Individual terrorists as agents of foreign powers

B. Money laundering and terrorist financing

C. Money laundering abatement and financial antiterrorism technical corrections

D. Additional enforcement tools

E. Criminal history background checks

F. Grand jury information sharing

G. Providing material support to terrorism

H. Stop Terrorist and Military Hoaxes Act of 2004

I. Weapons of Mass Destruction Prohibition Improvement Act of 2004

J. Prevention of Terrorist Access to Destructive Weapons K. Pretrial detention of terrorists

Title VII—Implementation of 9-11 Commission Recommendations

Special measures relating to the following subtitles were created:

A. Diplomacy, foreign aid, and the military in the war on terrorism

B. Terrorist travel and effective screening

C. National preparedness

D. Homeland security

E. Public safety spectrum

F. Presidential transition

G. Improving international standards and cooperation to fight terrorist financing

H. Emergency financial preparedness

Title VIII—Other Matters

Special measures relating to the following subtitles were created:

A. Intelligence matters

B. Department of homeland security matters

C. Homeland security civil rights and civil liberties protection

Implementing Recommendations of the 9-11 Commission Act of 2007 (PL 110-53)

Soon after the Democratic Party came into the majority in the House of Representatives, the 110th Congress passed another act, “Implementing Recommendations of the 9-11 Commission Act of 2007 (PL 110-53, August 3, 2007).”24 Approximately a year after the passing of this law, the Majority Staffs of the Committees on Homeland and Foreign Affairs put its attention on the extent to which the law was indeed implemented and issued a report on “Wasted Lessons of 9/11: How The Bush Administration Ignored the Law and Squandered Its Opportunities to Make Our Country Safer.”25

This comprehensive Homeland Security legislation included provisions to strengthen the nation’s security against terrorism by requiring screening of all cargo placed on passenger aircraft; securing mass transit, rail and bus systems; assuring the scanning of all U.S.-bound maritime cargo; distributing Homeland Security grants based on risk; creating a dedicated grant program to improve interoperable radio communications; creating a coordinator for U.S. nonproliferation programs and improving international cooperation for interdiction of weapons of mass destruction; developing better mechanisms for modernizing education in Muslim communities and Muslim-majority countries, and creating a new forum for reform-minded members of those countries; formulating coherent strategies for key countries; establishing a common coalition approach on the treatment of detainees; and putting resources into making democratic reform an international effort, rather than a unilaterally U.S. one. When President George W. Bush signed H.R. 1 into law on August 3, 2007 without any limiting statement, it seemed that the unfulfilled security recommendations of the 9-11 Commission would finally be implemented. To ensure that they were, over the past year the Majority staffs of the Committees on Homeland Security and Foreign Affairs have conducted extensive oversight to answer the question, How is the Bush Administration doing on fulfilling the requirements of the “Implementing Recommendations of the 9-11 Commission Act of 2007 (P.L. 110-53)? The Majority staffs of the two Committees prepared this report to summarize their findings. While the Majority staffs of the Committees found that the Bush Administration has taken some steps to carry out the provisions of the Act, this report focuses on the Administration’s performance with respect to key statutory requirements in the following areas: (1) aviation security; (2) rail and public transportation security; (3) port security; (4) border security; (5) information sharing; (6) privacy and civil liberties; (7) emergency response; (8) biosurveillance; (9) private sector preparedness; and (10) national security. In each of the 25 individual assessments in this report, a status update is provided on the Bush Administration’s performance on these key provisions. The status of the key provisions identified in the report, help explain why the report is entitled “Wasted Lessons of 9/11: How the Bush Administration Has Ignored the Law and Squandered Its Opportunities to Make Our Country Safer.”26

Based on this report, it is clear that the Bush Administration did not deliver on myriad critical homeland and national security mandates set forth in the “Implementing the Recommendations of 9-11 Commission Act of 2007.” Members of the Committees were alarmed that the Bush Administration did not make more progress on implementing these key provisions.,

18“National Commission on Terrorist Attacks upon the United States Act of 2002,” www.9-11commission.gov/about/107-306.pdf (downloaded 10/20/2008).

19“The 9-11 Commission Report,” National Commission on Terrorist Attacks upon the United States, http://govinfo.library.unt.edu/911/report/911Report.pdf (downloaded 10/20/2008).

20“National Commission on Terrorist Attacks upon the United States Act of 2002,” www.9-11commission.gov/about/107-306.pdf (downloaded 10/20/2008).

21“National Commission on Terrorist Attacks upon the United States Act of 2002,” http://www.9-11commission.gov/about/107-306.pdf (downloaded 10/20/2008).

22“The 9-11 Commission Report,” National Commission on Terrorist Attacks upon the United States, http://govinfo.library.unt.edu/911/report/911Report.pdf (downloaded 10/20/2008).

23“Intelligence Reform and Terrorism Prevention Act of 2004,” U.S. Senate Select Committee on Intelligence http://intelligence.senate.gov/laws/pl108-458.pdf (downloaded 10/20/2008).

24“Implementing Recommendations of the 9-11 Commission Act of 2007,” The White House, www.whitehouse.gov/news/releases/2007/08/20070803-1.html (downloaded 10/24/2008).

25“Wasted lessons of 9/11: How the bush administration ignored the law and squandered its opportunities to make our country safer,” The Gavel, http://speaker.house.gov/blog/?p=1501 (downloaded 10/24/2008).

26“Wasted lessons of 9/11: How the bush administration ignored the law and squandered its opportunities to make our country safer,” The Gavel, http://speaker.house.gov/blog/?p=1501 (downloaded 10/24/2008)

4 Summary

Within about a year after the terrorist attacks, Congress passed various new laws, such as The USA PATRIOT Act, Aviation and Transportation Security Act, Enhanced Border Security and Visa Entry Reform Act, Public Health Security, Bioterrorism Preparedness & Response Act, Homeland Security Act, and E-Government Act, and introduced sweeping changes to homeland security provisions and to the existing security organizations. The executive branch of the government also issued a series of Homeland Security Presidential Directives (HSPDs) to maintain domestic security. These laws and directives are comprehensive and contain detailed provisions to make the United States secure. For example, HSPD 5 enhances the ability of the United States to manage domestic incidents by establishing a single, comprehensive national incident management system.

These laws and homeland security presidential directives call for deep and fundamental organizational changes to the executive branch of the government. For example, the Homeland Security Act of 2002 established a new Executive Branch agency, the U.S. Department of Homeland Security (DHS), and consolidated the operations of 22 existing federal agencies. Intelligence-sharing and analysis groups have been set up in many private infrastructure industries as well. For example, the National Electric Reliability Council has such a group, the Electricity Sector Information Sharing and Analysis Center (ESISAC), which serves the electricity sector by facilitating communications between sector participants, federal governments, and other critical infrastructure organizations.

Congress charted the “National Commission on Terrorist Attacks Upon the United States (The 9-11 Commission)” on November 27, 2002, to provide a “full and complete accounting” of the attacks of September 11, 2001, and recommendations as to how to prevent such attacks in the future. On July 22, 2004, the 9-11 Commission issued its final report, which included 41 wide-ranging recommendations to help prevent future terrorist attacks. Many of these recommendations were put in place with the passage of the “Intelligence Reform and Terrorism Prevention Act” and “Implementing Recommendations of the 9-11 Commission Act of 2007.”

About a year after the passing of this law, the Majority Staffs of the Committees on Homeland and Foreign Affairs drew its attention on the extent to which the law was indeed implemented and issued a report on “Wasted Lessons of 9/11: How the Bush Administration Ignored the Law and Squandered Its Opportunities to Make Our Country Safer.” This report demonstrates that it is clear that the Bush Administration did not deliver on myriad critical homeland and national security mandates set forth in the “Implementing the 9-11 Commission Recommendations Act of 2007.” Fulfilling the unfinished business of the 9-11 Commission will most certainly be a major focus of President Obama, as many of the statutory requirements are to be met in stages.

Finally, let’s move on to the real interactive part of this Chapter: review questions/exercises, hands-on projects, case projects and optional team case project. The answers and/or solutions by chapter can be found in the Online Instructor’s Solutions Manual.

Chapter Review Questions/Exercises

True/False

1. True or False? The Public Health Security, Bioterrorism Preparedness & Response Act of 2002, authorizes funding for a wide range of public health initiatives.

2. True or False? The Homeland Security Act of 2002 establishes a new Executive Branch agency, the U.S. Department of Homeland Security (DHS), and consolidates the operations of 33 existing federal agencies.

3. True or False? The E-Government Act of 2012 establishes a Federal Chief Information Officers Council to oversee government information and services, and creation of a new Office of Electronic Government within the Office of Management and Budget.

4. True or False? Presidential directives are issued by the National Security Council and are signed or authorized by the Vice President.

5. True or False? The homeland security presidential directives called for deep and fundamental organizational changes to the executive branch of the government.

Multiple Choice

1. Faced with the challenge of strengthening the components to function as a unified Department, ________________ must coordinate centralized, integrated activities across components that are distinct in their missions and operations.

A. Qualitative analysis

B. Vulnerabilities

C. Data storage

D. Malformed request DoS

E. DHS

2. There are various ____________ of The Department of Homeland Security that are involved with Information Technology Security.

A. Network attached storage (NAS)

B. Risk assessment

C. Valid

D. Subcomponents

E. Bait

3. There are various ___________that support information sharing at the state and the federal levels.

A. Organizations

B. Fabric

C. Disasters

D. Risk communication

E. Security

4. The Governor’s Office of Homeland Security (OHS) acts as the ___________ for the prevention of and preparation for a potential terrorist event.

A. Cabinet-level state office

B. Greedy strategy

C. Infrastructure failure

D. SAN protocol

E. Taps

5. The California Office of Information Security and Privacy Protection (OISPP) unites _________ with the oversight of government’s responsible management of information.

A. Irrelevant

B. Consumer privacy protection

C. IP storage access

D. Configuration file

E. Unusable

Exercise

Problem

How does the new National Terrorism Advisory System (NTAS) work?

Hands-on Projects

Project

How will one find out that an NTAS Alert has been announced?

Case Projects

Problem

What should Americans do when an NTAS Alert is announced?

Optional Team Case Project

Problem

How should one report suspicious activity?

1“USA PATRIOT Act of 2001” U.S. Government Printing Office, http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ056.107.pdf (downloaded 10/20/2008).

2“Aviation and Transportation Security Act of 2001,” National Transportation Library, http://ntl.bts.gov/faq/avtsa.html (downloaded 10/20/2008).

3“Aviation and Transportation Security Act of 2001,” National Transportation Library, http://ntl.bts.gov/faq/avtsa.html (downloaded 10/20/2008).

4“Enhanced Border Security and Visa Entry Reform Act of 2002 (PL 107-173),” Center for Immigration Studies, www.cis.org/articles/2002/back502.html (downloaded 10/20/2008).

5“Public Health Security, Bioterrorism Preparedness & Response Act of 2002,” U.S. Government Printing Office, http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publl88.107 (downloaded 10/20/2008).

6“Homeland Security Act of 2002,” Homeland Security, www.dhs.gov/xabout/laws/law_regulation_rule_0011.shtm (downloaded 10/20/2008).

7“Homeland Security Act of 2002,” Homeland Security, www.dhs.gov/xabout/laws/law_regulation_rule_0011.shtm (downloaded 10/20/2008).

8“E-Government Act of 2002,” U.S. Government Printing Office, http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ347.107.pdf (downloaded 10/20/2008).

9“Homeland Security presidential directives,” Homeland Security, https://www.drii.org/professional_prac/profprac_appendix.html#BUSINESS_CONTINUITY_PLANNING_INFORMATION, 2008 (downloaded 10/24/2008).

10“Public Health Security, Bioterrorism Preparedness & Response Act of 2002,” U.S. Government Printing Office, http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ188.107 (downloaded 10/20/2008).

11“Public Health Security, Bioterrorism Preparedness & Response Act of 2002,” U.S. Government Printing Office, http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ188.107 (downloaded 10/20/2008).

12“The Governor’s Office of Homeland Security (OHS),” www.homeland.ca.gov/(downloaded 10/24/2008).

13“The Governor’s Office of Homeland Security (OHS),” www.homeland.ca.gov/ (downloaded 10/24/2008).

14“California Office of Information Security and Privacy Protection,” www.oispp.ca.gov/ (downloaded 10/20/2008).

15“California Office of Information Security and Privacy Protection,” www.oispp.ca.gov/ (downloaded 10/20/2008).

16“Forum of incident response and security teams,” www.first.org/ downloaded 10/20/2008).

17InfraGard, www.infragard.net/ (downloaded 10/20/2008).

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.143.17.27