Homeland Security 2.0

Recent Notices of Federal Rule Making have caused some concern among chemical facility owner / operators that have elected to have their affected personnel (personnel requiring access to restricted areas) apply for and maintain a TWIC card.  Some made this decision based upon their operating of MTSA facilities while others elected to use it as it apparently met all of the standards of RBPS 12, Personnel Surety which include:

• Validate the Affected persons Identity
• Validate the Citizenship / Right to Work in the US
• Certify Criminal History
• Check for Terrorist Ties
• Have some sort of Audit System

As most TWIC owners already know, this security token not only validates the status as a low risk person, it also has the electronics to activate access control measures via the use of accepted TWIC readers.  These readers can be used to open vehicles gates, pedestrian turnstyles and even interior doors.  With these capabilities, the TWIC seemed to be a panacea for chemical companies, some of which that are just now growing comfortable with MTSA.So why will DHS not accept the TWIC as a solution to RBPS 12?In the 13 April Request for Comments, DHS provides the following bureaucratic answer:Response: TWIC’s authorizing statute, the Maritime Transportation Security Act of 2002 (MTSA), as amended, 46 U.S.C. 70101 et seq., explicitly applies ‘‘transportation security card’’ requirements only to: ‘‘individual[s] allowed unescorted access to secure area[s] designated in * * * [maritime] vessel or [maritime] facility security plan[s]’’ (§ 70105(b)(2)(A)); certain MTSA license and permit holders (§ 70105(b)(2)(B)); maritime vessel pilots (§ 70105(b)(2)(C)); maritime towing vessel personnel (§ 70105(b)(2)(D)); individuals with access to certain protected maritime security information (§ 70105(b)(2)(E)); and ‘‘other individuals engaged in port security activities’’ (§ 70105(b)(2)(F)). Furthermore, individuals are only eligible to receive TWICs if they have not committed certain ‘‘disqualifying criminal offense[s],’’ or if they do not meet certain ‘‘immigration status requirements’’ 49 CFR 1572.5(a)(1)–(2). However, the CFATS authorizing statute applies to ‘‘chemical facilities that * * * present high levels of security risk’’ Department of Homeland Security Appropriations Act of 2007, Public Law 109–295, section 550 (Oct. 4, 2006), as amended. CFATS Personnel Surety Program requirements apply only to high-risk chemical facilities’ ‘‘personnel, and as appropriate * * * unescorted visitors with access to restricted areas or critical assets’’ 6 CFR 27.230(a)(12). Moreover, facilities regulated under MTSA are exempt from CFATS. Accordingly, the CFATS Personnel Surety Program is not duplicative of the TWIC program. In short, CFATS personnel surety is not TWIC, so therefore they are not duplicative.  Having worked with DHS in the past on the CFATS effort, they have stated that they were very critical of MTSA and are hesitant to make it seem that they are mirroring the existing program.  We do have to give credit to the chemical folks for agreeing to  revisit the issue of honoring the TSDB vettings already performed for TWIC and other TSDB dependent credentials.So how do we incorporate all of these new TWIC cards into our CFATS program?  take a look…. In short, your SSP has to do several things to meet the RBPS, these include:1. conducting a background check on existing and new employees which should include:

• Validate the Affected persons Identity
• Validate the Citizenship / Right to Work in the US
• Cerify Criminal History

NOTE: The TWIC Program meets these requirements2. The next requirement is to develop a schedule for renewing / performing checks for existing employees and new employees ( or others recently requiring access to restricted areas).We recommend starting this now!3. Develop an Audit program whereby the personnel surety is audited to ensure it continues to meet the RBPS and is being applied in accordance with the approved SSP.  This should also include checks to make sure updates are being performed on a regularily scheduled basis ( We 3 recommend 3-7 years, depending upon Tier rating).NOTE: TWIC’s are valid for 5 years, with an established program for updating, lost credentials etc.4. Finally, we see the requirement for checks against the TSA Terrorist Screening database (TSDB).  This is simply a method by which you collect personal information on affected persons and submit this information to DHS who will in turn vette this information against the TSA TSDB.  The schedule for submission is found in the request for comments on page 18853. Ideally, DHS would like to collect the following information to support their PI collection for vetting against the TSA TSDB, however a less detailed collection of information will probably be accepted:

• Full name
• Date of birth
• Place of birth

Gender

• Citizenship
• Passport information
• Visa information
• Alien registration number
• DHS Redress Number (if available)
• Work phone number(s)
• Work e-mail address(es)

Upon  receipt of new personnel, deleted personnel or changes to personal information, DHS states they will issue a receipt of submission of your personal information.  e recommend waiting 3 days after you receive this acknowledgement from DHS before granting unescorted access to new personnel or contractors.In Summary, for those of you that have already acquired or plan to acquire TWIC’s in support of your personnel surety program, here is what you need to do to meet the RBPS:1. Have all affected personnel obtain and maintain valid TWIC’s in accordance with the appropriate NVIC.2. Establish internal procedures and schedules for having new hires obtain TWIC’s as well as an audit procedure.3. Prepare to submit your personal information to DHS for vetting against the TSA TSDB in accordance with the established schedule. 

NOTE:  These requirements apply to vendors and contractors that require unescorted access within restricted areas as well.  Consider adding a process for validating their background checks! You are still required to submitt their personal information to dDHS if they need unescorted access to your facility.

The current trend in managing risk at the local through regional level includes determining the resiliency of certain industries, CI/KR and even individual assets or facilities.  This analysis provides assistance in preparing our assets in question to recover from exposure to a peril ( a threat or hazard) as well as direct executive leadership as to what entities will require more assistance than others to recover if an incident does occur. As such, we have been asked to conduct resiliency analysis for numerous clients and I have decided to share some insight as to how this may be accomplished.Analyzing resiliency provides us with information that allows us to extend our analysis from “who dies today” to a truly strategic level by assisting us in determining “who will be effected tomorrow”. It is a process that allows us to determine overall target hardness as well as how long and how efficiently a strategic function, CI/KR or individual asset or facility may take to recover from an incident. We see resiliency as meaning the ability to recover readily from illness, depression, adversity, or the like.  In our analysis, we must determine / consider several factors and provide each assessed entity with a numeric score for each factor.  This overall factor is used in determining both strategic consequence and strategic vulnerability.  Our methodology for measuring resiliency is a derivation of the Institute of Earthquake Recovery (IEQR).  This methodology includes the following factors.  To further define resiliency in a regional or metropolitan environment, we have also added Dependency to the analysis.

Robustness.  Robustness discusses the relative hardness of the targets within this function to various levels or types of incidents or attack.  This is based upon the general overall construction of targets within the asset and the type of incident most likely to be experienced from the All Perils (Threat) Assessment. Develop a description for the average facility in this function and look at construction, critical equipment, and the most likely threat to attack the assets within the function.  An example shows a rural highway segment as more robust to earthquakes as opposed to an a segment with overpasses, bridges and tunnels.

Redundancy.  This factor addresses the redundancy of similar assets within this function as well as the ability to replace the service provided by the entity by other means.  For example, consider materials transportation and what is needed to offload containers.  What other facilities can provide this service vs. what other facilities can receive passenger ferries or cruise ships? How else may we move light rail passengers? How could we offload oil from tankers?  Consider size, weight and volume capacities and the need for special equipment. Resourcefulness.  This factor discusses both the fiscal and operational capability of the assets within the assessed entity to recover from an incident or attack.  Areas to consider are capitol resources and availability of funding to rebuild and effectiveness of continuity of operations plans.Rapidity. This is merely the speed with which the strategic function can recover.  This speed of recovery may be considered in phases.  After an incident, an assessed entity may be able to very quickly implement its COOP and use alternative means of providing their respective services however, it may take years to rebuild an oil refinery vs. months to repair a ferry terminal. It can be measured in days, weeks, months or years.

Dependency. Dependency tells us the degree to which a strategic function is dependent upon other strategic functions to operate.  An example may show that other functions are highly dependant upon petroleum and passenger transportation to provide fuel for equipment and to get employees to work while most of the functions can operate efficiently without the recreation function.

Now that we have a general understanding of what we want to measure, we must design a method for conducting this analysis for each entity within our assessment.

Start by developing a set of 4 definitions or standards for each factor that describe a range for the effectiveness of each entity’s ability to achieve that standard and assign a point value for each standard with one being the most efficient and 4 being the least efficient.  This is best achieved by establishing Book Ends or determining the least efficient entity in your assessment and describing it as the least efficient (highest score and the the most efficient and describing that as the best (lowest) score.  An example for Resourcefulness is provided below.

Resourcefulness

STEP TWO:  Discuss and develop a description of the typical facility for each entity or function within your assessment.  Discuss locations relative to the region, construction, critical personnel or equipment required to provide their service, design features that support the function or service they provide.  It is also possible to assess each individual asset (facility, company etc) assigned to the strategic or regional function.  While this technique requires a more exhaustive effort, it will provide a more accurate assessment.  A third possibility is to select the top five to ten ten facilities with the highest risk scores, as these are the most likely to be attacked or suffer degradation from a hazard.

STEP THREE: Assign values to each assessed entity or asset based upon step two using the  the definitions you developed. This will take some round table discussion of the risk management members of the AMSC and should not be done in a vacuum.  In the event all of the functions receive the same score or receive very similar scores (i.e. 3 functions receive a score of 2 and 1 a score of 3) consider refining the definitions to add more sensitivity to the tool. Ideally, one strategic function should receive the highest score and one should receive the lowest for each factor.

STEP FOUR:  Add the resiliency scores each of the four factors and divide by 20 ( or the total possible score, based upon your definitions).  This number is the resiliency factor and can be used in future analysis of strategic consequence and vulnerability.  If you elect to assess each facility within each strategic function, take the average score for each resiliency factor within each strategic function and then add the averaged scores for each factor prior to dividing by 20.  See the table below for an example.

NOTE: Table does not represent any actual analysis for any regionl or area. 

Resiliency analysis provides us with valuable information when conducting assessments throughout the Risk Management Continuum.  It allows us to better understand more than just the traditional “Who Dies Today” analysis of consequence by providing insight into the “Who does not get paid next month” aspect of an incident It also aids us in refining vulnerability scores based on the threats total capability to impose their will on the targeted asset.  Resiliency analysis also allows executives and their staffs to determine which assessed entities will require more assistance for budgeting purposes as well as when they may expect those entities to be able to begin providing their services again and to what degree of efficiency.

As always, please feel free to call or visit us at www.executive-interface.com

fast eddie sends

The current administration would have us think that the guns that fuel the savage drug trafficking organizations (DTO’s) operating throughout Mexico all come from gun shows and from straw man purchases with the intent of selling these guns South of the Border.  Their statement is true that most guns that fuel these groups do come from the United States.  What they do not say is that most of these guns come from botched military sales to LATAM countries, from deserters or via compliant armorers that facilitate the theft of these weapons.

The US State Department has an office called The Office of Defense Trade Controls which operates a program called Operation Blue Lantern.  This program is designed to ensure that military arms and technology are properly delivered to the buyer and that they are being used for their intended purpose. Neither Operation Blue Lantern nor The Office of Defense Trade Controls have published an annual report since 2007.  A case study from the 2007 report shows an unfavorable finding whereby the receiving company was a front company and the owner was a known criminal. The purchase was for small arms and ammunition and the company owner was a known arms salesman of small arms to third world criminals.  No reports have been published since 2007 despite the rising trend of unfavorable reports.  Why is that?

If you search for Mexican drug busts, you will see glorious photos of the successful seizures of the Mexican military.  While I applaud their success, the photos always have a common theme, Money, Drugs and Guns.  Many of these guns are clearly civilian in origin but many are clearly not.  These include:  Hand grenades, 40mm grenades for use in an M203 and the M203’s themselves.  See the photo below. These types of military weapons attest to the fact that a portion of the weapons used by Cartels are stolen from the military or come from botched military sales.  This situation is exacerbated by the fact that President Calderon blames the US for the guns, yet he refuses to provide all of the guns seized for tracing by the ATF.  This allows him to skew the facts to provide The Obama Administration with a false claim of 90% of the guns used by Mexican Cartels coming from the US.  Fox News reported that the number was closer to 17% while factcheck.org states that the number is unknown due to the large numbers of guns never submitted to the US for tracing.  I believe that this is because they come from flaws in the Mexican military, be it theft, desertion or deceitful purchases and lack of effort on the part of the Department of State.

This photo is used to show that there are weapons seized that cannot be purchased at gun shows or by civilians conducting straw man purchases.  Note the Hand Grenades, Lower Left, the M203’s lower center and the short barrel rifles.

The problem is not US guns as much as it is Mexico’s inability to prevent the guns from entering the country.  Even if we could stop the flow of guns from the North, are we that naive that these ultra rich DTS’s will not seek Soviet Block weapons from other sources?

So what do we do? 

First, we must demand that if Calderon intends to persecute the US for arming his cartels, then he must provide ALL confiscated weapons, filed serial numbers or not, for ATF tracing and not allow them to cherry pick piles of US guns that they know came from the US to skew the facts in their favor.  We need ground truth to solve these problems.

Second, we need to add resources to The Office of Defense Trade Controls  and reinvigorate Operation Blue Lantern to keep track of weapons sold to various governments around the world and make these reports public.

Third, we must mandate that the Mexican government looks at ALL points of entry into the country to include air and sea to check for illegal arms and not just a dog and pony show at the border.

In closing, I applaud President Calderon for his dedication and success to date over the DTO’s.  His moral courage stands as an example to the International Community. We cannot however allow him to distort the facts on guns in Mexico to leverage the current administration’s liberal view on guns providing them with a matter of fact reason for gun control in this country.  This saga continues and we will continue to opine as required.

Folks, here is a file based upon a webinar I have done on preparing for and developing a CFATS SSP.Developing an SSP for CFATS-compliant facilitiesDeveloping an SSP for CFATS-compliant facilities

Since 9/11 there have been hundreds of large and small security companies pop up to provide a variety of services from personal protection in the CENTCOM AOR to risk management consulting to compliance assistance with federal security requirements.  Many states have little or no oversight on Security Firms unless you are a guard company or offer private investigation and while there are some industry certifications, they focus more using tools and templates than professing the art and science of security analysis and risk management.  This situation is compounded by the fact that many companies have been ”pulled into” the security business by their clients.  These companies provide a service at which they are competent but now jump into the security and risk management business.  Last and by no means least, you have the large government contracting firms reaching out to private industry with their ability to hire “brand names” in the industry to make proposals more attractive but who unfortunately don’t do much of the actual work on the actual project.  Many of these situations result in some very well formatted templates that scratch the surface of the clients true risk picture while making a handsome profit for the new security company.  Add to this thousands of police, military and legal entrepreneurs who are asked by colleagues or friends if “You can help me with this security….”

So what are critical infrastructure providers to do?  How do you know if you are hiring a credible security consultant?   Many companies and local governments are using their traditional contracting of send us your experience and resumes and we will the best company for the price.  This is a pattern we have seen become prevalent and produce some bad results for our clients. Let’s take a look at a medical example; If I am a surgeon and perform 20 operations but all of my patients die, does that make me an experienced surgeon? 

Here is an example of what I am talking about…..

While delivering a seminar on Campus Security, I was approached by a participant who was an administrator for a very prominent, private school district in New England.  He told me that their consultant told them to “Shelter in Place” in a high place for a chemical attack and shelter in place LOW for a biological attack and wanted to know if that was correct. Well, there is so much wrong with that guidance it was hard to pick a starting place.  After asking him if he could tell me the difference between a chem attack or a bio attack as they were occurring, he stated, “Probably Not”.  I then asked him if these threats / hazards were on the All Perils list prepared by the consultant.  He stated he never received such a list.  We then went on to discuss Shelter in Place and coordinating for decontamination services in the event of a hazardous atmosphere situation.

Unfortunately, these days many companies that are regulated by federal security programs simply hire the lowest hourly rate.  We have seen this to be a less than acceptable solution as we are now receiving business from disgruntled chemical facility owners that hired cheaper consultants and are now having their CFATS SSP’s rejected by DHS.  Let’s take a look at some somethings you may not have considered.

Unlike medicine, construction or even car washing, bad security or risk management consulting is very difficult to identify and unless the recipients are regulated, there are few litmus tests to tell if the consultant you are about to hire will deliver a quality product that will actually help protect your assets.  So how do we determine if we are getting a quality product?

Some questions to ask:

1. What was the company doing prior to 9/11? Lots of environmental and technical  companies jumped on the bandwagon and do a lot of work in the security industry because they have a “theory”, despite their lack of actual security experience
2. How long have they been doing critical infrastructure protection?
3. What philosophy do they follow and do they / can they adapt their process to meet your exact requirements?  These should include the following three areas of analysis:         a. A means of characterizing the entire asset or system and identifying the  critically of each component    b. A method for identifying the threat that poses risk to your assets and developing realistic scenarios they could use to attack your assets.  These threats should be described based upon capability and motivation They should also be able to tell you the likelihood that these threats will attack.         c. A means by which they consider the environment in which your assets operate and how the environment can aid or hinder in protecting your assets.
4. Do they use a well rounded team to conduct their analysis.  (NOTE:  This includes You!).  The team should have industry SME, assault planners, law enforcement as well as representatives from your company when doing the analysis?  A team of all LEO’s, or  Special Operations, or academics does not make for a well-rounded team.  DHS makes this recommendation yet many people ( and security companies)fail to follow it. 
5. Do they sell security or risk mitigation equipment?  If they do, you can expect to see them in the list of recommendations.  Make them explain how and why they selected security measures or mitigation strategies to reduce your risk. Also ask about cost of ownership etc.
6. Do they have examples of their work?  Take the sample and see if it answers the questions you have that resulted in your posting an RFP.

Some other things to consider include having a due diligence review from another company, especially for larger projects that require a great deal of capitol investment.

 Please feel free to post your questions and experiences on this subject.

Thanks for stopping by

fast eddie sends

In the last few months we have seen TSA officers use training aids to make a pass at attractive travelers, disclosure of sensitive information on the Internet and an attempt to cure this lack of leadership by appointing a Director whose selection was made for his views on organized labor (Not to mention his indiscretion with the privacy of US Citizens).  As a young TSA officer, if that doesn’t send a very good message.  Couple that with the controversy with the FAM service and the obvious lack of leadership there in dealing with their employees.

Now move ahead to the push to use full body scanners. The United States is the King of Fighting the last war.  Shoe bombers lead to us checking your shores, Underwear bombers lead us to more invasive searches. We need to remember that security is a journey and not a destination.  That said, we need to take greater strides to get ahead of the threat and not just stay one step behind. While I no longer have access to the proper intelligence, any accepted  risk management protocol states that we have to base our mitigation on the current capability and motivation on our threat.   This means a fluid, dynamic process of adapting to the threat (Yea, I know easier said than done)  This brings us to behavior recognition.  No matter what device, explosive, tactic or means of delivery, anyone preparing to conduct a heinous act of terror will display traits that are identifiable to the trained observer, emphasis on trained.

Enter the issue with the federal government, a bureaucratic entity tied to numbers and statistics of biblical proportions actually trying to implement a skill based program that holds humans accountable at all levels based upon a standard that will never be black and white, only shades of grey.  Rstablishing standards must be quantity and quality based to have a positive effect and to make sure that the product or service is provided to an acceptable level at an affordable price.

A dynamic security posture that is nimble enough to adapt to the ever evolving threat can only be maintained through good leadership.  You heard it here first.

I have recently received some telephone calls from reporters to discuss the need to decontaminate patients that have been involved in a suspected terrorist incident.  I did some operational vulnerability work for the USAF a few years back that involved this concept and have seen the protocol mirrored all over the country in both public and private domains.

The scenario shows some sort of violent incident, n explosion of some sort that leaves a multitude of injured personnel in the blast area which we will call the Hot Zone.  It should be noted that not all injured personnel can be considered victims.  First responders work to identify the cause and location of the blast and begin to define a Hot Zone. Level A suits are donned prior to entering the Hot Zone and retrieving injured personnel.

Once out of the Hot Zone, patients receive gross decontamination in the Warm Zone and are then triaged and if necessary, stabilized in the Cold Zone.  Patients are them monitored prior to transport to definitive care. Upon arrival at the hospital, the staff then decontaminates them again prior to admission to the Hospital.

In the case of the Underwear Bomber, this process would not have done much in the decomposition of the explosive PETN, although it would hamper its explosive traits to a degree or even physically broken the charge into pieces.

In other cases such as in radiological incidents, decontamination is crucial.  A more likely scenario, a chemical event ( be it intentional or accidental) also poses a great need for decontamination prior to admittance to definitive care.  Here is a good link to a discussion on the Metro Medical Response System. http://bit.ly/bezmUg 

The question begging to be asked is who is responsible?  is it the first responders?  I have heard many arguments such as stabilizing blunt trauma and penetrating thoracic cavity wounds after an explosion is hard enough without having to soak the patient in water, soap and sometimes bleach.  The hospital on the other hand has more resources than does the paramedic in the field. 

IMHO, the need for gross decon remains in the field, in the Warm Zone, prior to being triaged.  This protects the emergency medical personnel, helps prevent ambulances from becoming “slimed”.  Definitive care also has a dog in this fight as they must also ensure that no additional contaminant is brought into the emergency room on clothing or equipment and therefore should further decontaminate prior to removing the patient from the ambulance stretcher.  While this exposure to decontamination processes can easily place an already medicaly fragile patient at further risk, the alternative is not a good decision.

OK, let me know what you think.

Homeland Security news articles continue to address new programs designed to mitigate the risk to our Nation’s Critical Infrastructure and Key Resources.  While the federal government sees these as accomplishments in its ongoing effort to prevent further acts of terrorism, the owners and operators of these facilities see them as a never ending list of plans, inspection, ambiguous regulations and even potential sources of fines.  One of my all time heroes in the fight against terrorism calls this phenomenon “Fed Fatigue”. An appropriate term for an industrial facility that has totally separate risk management pans for EPS environmental incidents, maritime security plans, chemical security plans, cyber security plans and pipeline security plans all on the same facility and all managed by a different set of rules.

While the federal government may think this architecture allows them to concentrate on specific areas of consequence, to the facility owner it is a huge expense to manage just one program, but to have to manage numerous plans is becoming cost prohibitive.  Imagine an industrial facility owner that is told in June he must build a fence by the dock on his facility to support a security plan that has been operating and functional for the last 5 years.  Then in November, he has to build another fence around a chlorine tank and three months later another around a pump station.  Sound familiar? This facility manager has to pay to have these crews come and install security measures three separate times, not to mention the growing distrust in the federal government as to why they cannot get it right the first time and the lack of confidence in his HSSE staff.  Additional costs include the cot of managing all of these programs, training the HSSE staff to comply with program regulations as the risk of being fined is often much higher than the risk of being attacked.  The truly sad part is that some risk goes unmitigated.  The grey areas between the government regulated areas of consequence are left under protected because the government does not have an agency that regulates “grey industrial area” and the facility simply does not have the time or the resources to spend these additional funds.

So what’s the Solution?

The  Office of Infrastructure Protection needs to develop a common doctrine or set of standards for determining risk to CI/KR which includes a template for developing a Critical Infrastructure Security Plan.  This plan must mitigate the risk to all areas of consequence on a facility based upon the consequence, the threat and the current vulnerabilities.  The terrorist doesn’t see five separately managed areas of consequence, it sees a lucrative target for its next attack.  Just as the military builds a defensive position that is a solid, well planned defensive stronghold that protects the things inside based upon their importance to the fight, not based upon which branch manages that commodity.

That said, Federal LEA’s do an excellent job at forming federal task forces to make arrests.  DHS must form the same types of Joint Task Forces to implement a unified critical infrastructure plan.  This may make it more difficult on the federal govt, but ultimately it makes it easier, less expensive and more efficient for the facility to implement and secure their facility.  After all, are they not the ones ultimately tasked with protecting these critical assets?  It took the US Military over 20 years to perfect Joint Military Operations after Desert One.  Let’s hope  we can take some some lessons learned as we move forward with this difficult but necessary task.

I was recently asked to develop a seminar on Datamining for Homeland Security and Defense missions.  As I have a modicum of experience in this area and being the part time geek that I am, I have come to some fairly simple conclusions as to why the technology works for Wal-mart but not DHS.  I ahve also developed a model that seems to be fairly simple as well, but had it been followed, would have saved a bunch of tax dollars.  Take a peek at it if you have time.

Here are a few definitions of Data Mining that I used to develop my own definition.  Here are a few from Wikipedia.

NOTE:  In this case, Nontrivial means not obvious by human observation.

 “The nontrivial extraction of implicit, previously unknown, and potentially useful information from data“

or
“The science of extracting useful information from large data sets or databases”

The GAO (These are the guys that cry foul when a data mining project doesnt work) defines it as:

“The application of database technology and techniques such as statistical analysis and modeling to uncover hidden patterns and subtle relationships in data and to infer rules that allow for the prediction of future results.”

So basically, what we are saying is that we have a bunch of data that can be analyzed for useful patterns or other information that can direct our actions or help us make decisions.  As a result, here is our (my) definition of data mining as it pertains to the defense of our Nation.

“The analysis of large sets of data in order to identify nontrivial facts or relationships within that data to assist us in formulating theories for continued research, developing actionable information or substantiating decisions in the defense of our Nation, both in the Homeland and Abroad.”

This seems pretty simple and straight forward and it works for Wal-mart and many other retail giants, why have the feds not enjoyed the same success?  They need to use a different model.  Let’s look at the model used by corporate America and why it doesnt work for the feds.

When Wal-mart mines its sales data, it analyzes millions if not billions of transactions to identify patterns in customer buying.  This is how they get you to spend $100 on each trip when you only planned to spend $15.  Let’ say that they find a pattern where men between the ages of 35-50 who buy diapers, also buy peanut butter and beer.  Now that all you good MBA’s are churning out the advertising and marketing campaigns with that information, let’s dig (no pun intended, its a sickness I have!) a little bit deeper into the dynamics of this marketing revelation.  A simple way of taking advantage of this phenomenon is to make sure that anyone buying diapers will also go buy a display of peanut butter and beer.  For those men 35-50, there is a good chance that they will also buy the peanut butter and beer on the way to the diapers and that means good things for Wal-mart.  But what about us 35-50 year dolds who do not drink or eat peanut butter?  We are the false positives who walk harmlessly past the marketing efforts of Wal-mart (only to succomb to another of their many data mining plots!).  But what of these false positives?  What if the pattern is not 100% accurate?  In marketing, we, the false positives, may end up with junk mail that we throw away or even some spam that we easily delete (often after saying a bad word) and go on about our business.  We have no moral, legal or logical reason to buy the product.  Now let’s look at the defense and homeland security applications.

Now let’s assume that the Terrorism Screening Center (The guys that run the National Terrorism Database) has developed a profile they believe will identify terrorists or potential terrorists and seek the data sources to identify these potential threats.  They run their analysis and have identified , oh let’s say 1,000 people who they feel meet their profile, based upon their data mining results.  Just like the diaper buyers, there is a good chance that these folks have some type of nefarious intent and should not be allowed to fly, or board a plane or obtain a TWIC etc.  Mission complete right?  As these unsuspecting malintents attempt to fly, gain access to sensitive information or open a bank account, they are found as a result of the ingenious data mining model developed by a three letter government agency.  But what about those diaper buyers who do not want peanut butter or beer?  How do we know for sure if someone intends to threaten public safety or if their inclusion in this list is happenstance or just a false positive?  Now instead of deleting spam and putting a quarter in the cuss word jar or tossing a piece of junk mail, you have an honest American who is now deemed to be an enemy of the state and cannot fly without great difficulty and is determined to be a threat.  Not really the success story we expected based upon the success of Wal-mart.  So we we see is that our model is going to require some type of human intervention to manage the false positives.  While the TSC may not be able to pick only those with terrorist thoughts, they can mitigate the false positives with human intervention.

 I receive a great deal of telephone calls from reporters wanting to know what I think about various situations in the Homeland Security Industry.  Although I haven’t done any work on the border, I cannot help but think that my Rubic’s Cube philosophy hold’s true for this situation as it does for most everything in life.  Yea, I am getting to the point….

 We constantly hear how one political party wants a fence, another wants technology and another wants to use human assets.  As sad as it may sound there is no one single decision or tactic that will close the border to illegal immigrants.  Much like an effort to make all the colors on the sides of a Rubic’s Cube match, the solution to securing the border lies in many different strategic moves that will require some sides to be inconvenienced with rogue squares while the rest of the sides are shifted towards the end goal.   Just like the blue side has to have orange  squares for a while and the green, red and so on, the solution to the border is a combination of guest workers programs, fences to deny the easiest access points, technology to cover the these areas too difficult to fence and of course more brave Border Patrol Agents to pursue those not deterred by these measures.  A guest worker program may help to manage those who want to work here legally.  So why do politicians feel we can only use one tactic?  Do we have to choose between surgery or chemotherapy to treat cancer? Do we only use one ingredient to make a cake?  Than why do we have to decide on one tactic?  Ask that question to your presidential hopeful. 

 While we are talking about the border, here are some of my thoughts on some interesting myths.  For you amnesty fans, here is something to think about.  Many folks say that by giving illegals amnesty, we can collect taxes from people that do jobs most Americans do not want to do.  While the it is true many illegals do jobs many Americans do not like, if allowed to stay here legally, most will quickly migrate to more sophisticated jobs in the city as they no longer have to hide in factories or food processing plants to evade the law.  They will seek jobs in retail stores, as mechanics, accountants and other venues because they no longer have to fear being detained by immigration.  Not that I have an issue with anyone making a better life for themselves, but now who will do those other jobs?  Who will work the Arkansan slaughter houses? and vegetable fields in California? I believe that it will be more illegal immigrants that now have support systems on both sides of the border as opposed to just one.  And for you tax collectors,  do you really think that someone that makes $6.00 an hour with a wife and kid will really pay any taxes?

So what is the solution?  Whatever it is, it won’t be the result of some political panacea.  It will be the result of the entire Nation pulling together and tolerating some different squares on our side until we can set all of the sides straight.

You heard it here first…

fe sends